[#217] Consider Copy-Source-SSE-* headers during copy

Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>

api/handler/copy.go

@@ -107,23 +107,36 @@ func (h *handler) CopyObjectHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	srcObjInfo := extendedSrcObjInfo.ObjectInfo
 
-	encryptionParams, err := formEncryptionParams(r)
+	srcEncryptionParams, err := formCopySourceEncryptionParams(r)
+	if err != nil {
+		h.logAndSendError(w, "invalid sse headers", reqInfo, err)
+		return
+	}
+	dstEncryptionParams, err := formEncryptionParams(r)
 	if err != nil {
 		h.logAndSendError(w, "invalid sse headers", reqInfo, err)
 		return
 	}
 
-	if err = encryptionParams.MatchObjectEncryption(layer.FormEncryptionInfo(srcObjInfo.Headers)); err != nil {
+	if err = srcEncryptionParams.MatchObjectEncryption(layer.FormEncryptionInfo(srcObjInfo.Headers)); err != nil {
+		if errors.IsS3Error(err, errors.ErrInvalidEncryptionParameters) || errors.IsS3Error(err, errors.ErrSSEEncryptedObject) ||
+			errors.IsS3Error(err, errors.ErrInvalidSSECustomerParameters) {
+			h.logAndSendError(w, "encryption doesn't match object", reqInfo, err, zap.Error(err))
+			return
+		}
 		h.logAndSendError(w, "encryption doesn't match object", reqInfo, errors.GetAPIError(errors.ErrBadRequest), zap.Error(err))
 		return
 	}
 
+	var dstSize uint64
 	if srcSize, err := layer.GetObjectSize(srcObjInfo); err != nil {
 		h.logAndSendError(w, "failed to get source object size", reqInfo, err)
 		return
 	} else if srcSize > layer.UploadMaxSize { //https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
 		h.logAndSendError(w, "too bid object to copy with single copy operation, use multipart upload copy instead", reqInfo, errors.GetAPIError(errors.ErrInvalidRequestLargeCopy))
 		return
+	} else {
+		dstSize = srcSize
 	}
 
 	args, err := parseCopyObjectArgs(r.Header)
@@ -174,20 +187,21 @@ func (h *handler) CopyObjectHandler(w http.ResponseWriter, r *http.Request) {
 			srcObjInfo.Headers[api.ContentType] = srcObjInfo.ContentType
 		}
 		metadata = makeCopyMap(srcObjInfo.Headers)
-		delete(metadata, layer.MultipartObjectSize) // object payload will be real one rather than list of compound parts
+		filterMetadataMap(metadata)
 	} else if contentType := r.Header.Get(api.ContentType); len(contentType) > 0 {
 		metadata[api.ContentType] = contentType
 	}
 
 	params := &layer.CopyObjectParams{
-		SrcVersioned: srcObjPrm.Versioned(),
-		SrcObject:    srcObjInfo,
-		ScrBktInfo:   srcObjPrm.BktInfo,
-		DstBktInfo:   dstBktInfo,
-		DstObject:    reqInfo.ObjectName,
-		SrcSize:      srcObjInfo.Size,
-		Header:       metadata,
-		Encryption:   encryptionParams,
+		SrcVersioned:  srcObjPrm.Versioned(),
+		SrcObject:     srcObjInfo,
+		ScrBktInfo:    srcObjPrm.BktInfo,
+		DstBktInfo:    dstBktInfo,
+		DstObject:     reqInfo.ObjectName,
+		DstSize:       dstSize,
+		Header:        metadata,
+		SrcEncryption: srcEncryptionParams,
+		DstEncryption: dstEncryptionParams,
 	}
 
 	params.CopiesNumbers, err = h.pickCopiesNumbers(metadata, dstBktInfo.LocationConstraint)
@@ -262,7 +276,7 @@ func (h *handler) CopyObjectHandler(w http.ResponseWriter, r *http.Request) {
 		h.reqLogger(ctx).Error(logs.CouldntSendNotification, zap.Error(err))
 	}
 
-	if encryptionParams.Enabled() {
+	if dstEncryptionParams.Enabled() {
 		addSSECHeaders(w.Header(), r.Header)
 	}
 }
@@ -275,6 +289,13 @@ func makeCopyMap(headers map[string]string) map[string]string {
 	return res
 }
 
+func filterMetadataMap(metadata map[string]string) {
+	delete(metadata, layer.MultipartObjectSize) // object payload will be real one rather than list of compound parts
+	for key := range layer.EncryptionMetadata {
+		delete(metadata, key)
+	}
+}
+
 func isCopyingToItselfForbidden(reqInfo *middleware.ReqInfo, srcBucket string, srcObject string, settings *data.BucketSettings, args *copyObjectArgs) bool {
 	if reqInfo.BucketName != srcBucket || reqInfo.ObjectName != srcObject {
 		return false