1 files changed, 18 insertions, 2 deletions

diff --git a/src/api/s3/copy.rs b/src/api/s3/copy.rs
index 880ce5f4..b370b709 100644
--- a/src/api/s3/copy.rs
+++ b/src/api/s3/copy.rs
@@ -24,6 +24,7 @@ use garage_model::s3::version_table::*;
 
 use crate::helpers::*;
 use crate::s3::api_server::{ReqBody, ResBody};
+use crate::s3::encryption::EncryptionParams;
 use crate::s3::error::*;
 use crate::s3::multipart;
 use crate::s3::put::get_headers;
@@ -43,6 +44,13 @@ pub async fn handle_copy(
 	let (source_version, source_version_data, source_version_meta) =
 		extract_source_info(&source_object)?;
 
+	let (source_encryption, _source_object_headers) =
+		EncryptionParams::check_decrypt_for_copy_source(
+			&garage,
+			req,
+			&source_version_meta.encryption,
+		)?;
+
 	// Check precondition, e.g. x-amz-copy-source-if-match
 	copy_precondition.check(source_version, &source_version_meta.etag)?;
 
@@ -50,10 +58,18 @@ pub async fn handle_copy(
 	let new_uuid = gen_uuid();
 	let new_timestamp = now_msec();
 
+	let new_encryption = EncryptionParams::new_from_req(&garage, &req)?;
+	if source_encryption.is_encrypted() || new_encryption.is_encrypted() {
+		// TODO
+		unimplemented!("encryption for copyobject");
+	}
+
 	// Implement x-amz-metadata-directive: REPLACE
 	let new_meta = match req.headers().get("x-amz-metadata-directive") {
 		Some(v) if v == hyper::header::HeaderValue::from_static("REPLACE") => ObjectVersionMeta {
-			headers: get_headers(req.headers())?,
+			encryption: ObjectVersionEncryption::Plaintext {
+				headers: get_headers(req.headers())?,
+			},
 			size: source_version_meta.size,
 			etag: source_version_meta.etag.clone(),
 		},
@@ -96,7 +112,7 @@ pub async fn handle_copy(
 				uuid: new_uuid,
 				timestamp: new_timestamp,
 				state: ObjectVersionState::Uploading {
-					headers: new_meta.headers.clone(),
+					encryption: new_meta.encryption.clone(),
 					multipart: false,
 				},
 			};