5. Store And Retrieve Files securely from Amazon S3

Let us first look at how a typical app is created using AWSS3 SDK and then look at the components of the S3 app that get affected using Bayun AWSS3 wrapper classes.

5.1 TransferUtility S3 app code snippets using standard AWSS3 SDK:

  • Add the following to the import statements:
    import com.amazonaws.services.s3.AmazonS3Client; import com.amazonaws.mobileconnectors.s3.transferutility.TransferObserver; import com.amazonaws.mobileconnectors.s3.transferutility.TransferUtility;

Create a credentials provider so you can easily integrate AWS S3 with your Android application. You pass the credentials provider object to the constructor of the AWS client you are using. The credentials provider looks like this:

AWSCredentials credentialsProvider = new AWSCredentials() { @Override public String getAWSAccessKeyId() { return AWS_ACCESS_KEY; } @Override public String getAWSSecretKey() { return AWS_SECRET_KEY; } };
5.1.1 Initialize the S3 TransferUtility

First, pass your Amazon credentials provider to the AmazonS3Client constructor. Then, pass the client to the TransferUtility constructor along with the application context:

AmazonS3Client s3 = new AmazonS3Client(credentialsProvider, appContext); TransferUtility transferUtility = new TransferUtility(s3, appContext);
5.1.2 Upload a File to Amazon S3

To upload a file to S3, instantiate a TransferObserver object. Call upload() on your TransferUtility object and assign it to the observer, passing the following parameters:

  • bucket_name – Name of the S3 bucket to store the file
  • key – Name of the file, once stored in S3
  • file – java.io.File object to upload
TransferObserver transferObserver = transferUtility.upload( MY_BUCKET, /* The bucket to upload to */ OBJECT_KEY, /* The key for the uploaded object */ MY_FILE /* The file where the data to upload exists */ );

Uploads automatically use S3’s multi-part upload functionality on large files to enhance throughput.

5.1.3 Download a File from Amazon S3

To download a file from S3, instantiate a TransferObserver object. Call download() on your TransferUtility object and assign it to the observer, passing the following parameters:

  • bucket_name – A string representing the name of the S3 bucket where the file is stored
  • key – A string representing the name of the S3 object (a file in this case) to download
  • file – the java.io.File object where the downloaded file will be written
TransferObserver transferObserver = transferUtility.download( MY_BUCKET, /* The bucket to download from */ OBJECT_KEY, /* The key for the object to download */ MY_FILE /* The file to download the object to */ );
5.1.4 Tracking S3 Transfer Progress

With the TransferUtility, the download() and upload() methods return a TransferObserver object. This object gives access to:

  • The state (now specified as an enum)
  • The total bytes transferred thus far
  • The total bytes to transfer (for easily calculating progress bars)
  • A unique ID that you can use to keep track of distinct transfers

Given the transfer ID, this TransferObserver object can be retrieved from anywhere in your app, including if the app is killed. It also lets you create a TransferListener, which will be updated on state or progress change, as well as when an error occurs.

To get the progress of a download or upload, call setTransferListener() on your TransferObserver. This requires you to implement onStateChanged, onProgressChanged, and onError. For example:

TransferListener listener = new TransferListener(){ @Override public void onStateChanged(int id, TransferState state) { // do something } @Override public void onProgressChanged(int id, long bytesCurrent, long bytesTotal) { int percentage = (int) (bytesCurrent/bytesTotal * 100); //Display percentage transffered to user } @Override public void onError(int id, Exception ex) { // do something } }; TransferObserver transferObserver = transferUtility.download(MY_BUCKET, OBJECT_KEY, MY_FILE, listener);

5.2 SecureTransferUtility S3 app code snippets:

Now in order to use Bayun’s S3Wrapper instead of the standard AWS S3 SDK classes, these code snippets above change to using “Secure” versions of the corresponding classes, as below:

  • As you can see from the code snippets below, in general it should be possible to simply query-replace the following type-names appropriately to their secure versions, and in most situations that should be sufficient.

    • AmazonS3Client --> SecureAmazonS3Client
    • TransferUtility --> SecureTransferUtility

  • Add the following to the import statements:

import com.bayun.S3wrapper.SecureAmazonS3Client; import com.bayun.S3wrapper.SecureTransferUtility;
5.2.1 Initialize the SecureTransferUtility
SecureAmazonS3Client s3 = new SecureAmazonS3Client(credentialsProvider, appContext); SecureTransferUtility transferUtility = new SecureTransferUtility(s3, appContext);
5.2.2 Upload a File to Amazon S3 using SecureTransferUtility
TransferObserver transferObserver = secureTransferUtility.secureUpload( MY_BUCKET, /* The bucket to upload to */ OBJECT_KEY, /* The key for the uploaded object */ MY_FILE, /* The file where the data to upload exists */ null /* The transferListener to track progress */ );
5.2.3 Download a File from Amazon S3 using SecureTransferUtility
TransferObserver transferObserver = secureTransferUtility.secureDownload( MY_BUCKET, /* The bucket to download from */ OBJECT_KEY, /* The key for the object to download */ MY_FILE, /* The file to download the object to */ null /* The transferListener to track progress */ );
5.2.4 Tracking S3 Transfer Progress using TransferObserver
TransferObserver transferObserver = secureTransferUtility.download(MY_BUCKET, OBJECT_KEY, MY_FILE, new TransferListener(){ @Override public void onStateChanged(int id, TransferState state) { // do something } @Override public void onProgressChanged(int id, long bytesCurrent, long bytesTotal) { int percentage = (int) (bytesCurrent/bytesTotal * 100); //Display percentage transfered to user } @Override public void onError(int id, Exception ex) { // do something } });
By doing the above, all data written to S3 is automatically locked before upload and unlocked after download in such a manner that nobody other than the customer (and especially the developer) has access to any of the encryption keys or the data itself.

results matching ""

    No results matching ""