Re: [PR] GH-43535: [C++] support the AWS S3 SSE-C encryption [arrow]

Wed, 09 Oct 2024 05:52:01 -0700 


ripplehang commented on code in PR #43601:
URL: https://github.com/apache/arrow/pull/43601#discussion_r1793469824


##########
cpp/src/arrow/filesystem/s3_test_util.cc:
##########
@@ -69,6 +77,40 @@ std::string MinioTestServer::access_key() const { return 
impl_->access_key_; }
 
 std::string MinioTestServer::secret_key() const { return impl_->secret_key_; }
 
+std::string MinioTestServer::ca_path() const {
+  return impl_->temp_dir_ca_->path().ToString();
+}
+
+std::string MinioTestServer::scheme() const { return impl_->scheme_; }
+
+Status MinioTestServer::GenerateCertificateFile() {
+  // create the dedicated folder for certificate file, rather than reuse the 
data
+  // folder, since there is test case to check whether the folder is empty.
+  ARROW_ASSIGN_OR_RAISE(impl_->temp_dir_ca_, 
TemporaryDir::Make("s3fs-test-ca-"));
+
+  ARROW_ASSIGN_OR_RAISE(auto public_crt_file,
+                        PlatformFilename::FromString(ca_path() + 
"/public.crt"));
+  ARROW_ASSIGN_OR_RAISE(auto public_cert_fd, 
FileOpenWritable(public_crt_file));
+  ARROW_RETURN_NOT_OK(FileWrite(public_cert_fd.fd(),
+                                reinterpret_cast<const uint8_t*>(kMinioCert),
+                                strlen(kMinioCert)));
+  ARROW_RETURN_NOT_OK(public_cert_fd.Close());
+
+  ARROW_ASSIGN_OR_RAISE(auto private_key_file,
+                        PlatformFilename::FromString(ca_path() + 
"/private.key"));
+  ARROW_ASSIGN_OR_RAISE(auto private_key_fd, 
FileOpenWritable(private_key_file));
+  ARROW_RETURN_NOT_OK(FileWrite(private_key_fd.fd(),
+                                reinterpret_cast<const 
uint8_t*>(kMinioPrivateKey),
+                                strlen(kMinioPrivateKey)));
+  ARROW_RETURN_NOT_OK(private_key_fd.Close());
+
+  arrow::fs::FileSystemGlobalOptions global_options;
+  global_options.tls_verify_certificates = false;

Review Comment:
   @pitrou I used to set the capth, however, the Linux ci would still fail, and 
I guess the reason is that the folder would require the special file symlinks, 
according to 
https://docs.aws.amazon.com/sdk-for-cpp/v1/developer-guide/client-config.html, 
it would suggest to use the `c_rehash ` to generate the trust store folder. 
then it would introduce more dependency(install the c_rehash binary). 
   this is just test code,  suppose set the verifyssl to false should also be 
acceptable?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to