Closed neetikasinghal closed 7 months ago
Hello,
Thank you for raising this issue. You are correct that the AWS Encryption SDK does not currently support mark/reset in its CryptoInputStream
implementation. Unfortunately, there are some challenges around implementing this functionality in a secure way, and it is unlikely that we will be able to support this in the current version of the AWS Encryption SDK.
Problem:
CryptoInputStream for encryption doesn't support mark. When Amazon S3 client tries to reset the mark on failures such as throttling as it expects the stream to have mark supported, there is an exception thrown as the mark is not supported by the CryptoInputStream. Ref: https://github.com/aws/aws-sdk-java/blob/master/aws-java-sdk-core/src/main/java/com/amazonaws/http/AmazonHttpClient.java#L1284
Background: When uploading objects to Amazon S3 using streams (either through S3 client or Transfer manager ), it is possible to run into network connectivity or timeout issues. The AWS Java SDK by default attempts to retry these failed transfers. The input stream is marked before the start of transfer and reset before retrying. The SDK recommends customers to use resettable streams (streams that support mark and reset operations). If the stream does not support mark and reset, then the SDK throws ResetException when there are any transient failures and retries are enabled.
Sample Stack trace:
Solution:
Proving mark support with the CryptoInputStream would highly be useful for our application and provide out-of the box support to support S3 retries.