com.amazonaws.encryptionsdk.CryptoMaterialsManager Java Examples

The following examples show how to use com.amazonaws.encryptionsdk.CryptoMaterialsManager. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ApplicationConfiguration.java    From cerberus with Apache License 2.0 5 votes vote down vote up 
@Bean("encryptCryptoMaterialsManager")
public CryptoMaterialsManager encryptCryptoMaterialsManager(
    @Value("${cerberus.encryption.cmk.arns}") String cmkArns,
    @Value("${cerberus.encryption.cache.enabled:false}") boolean cacheEnabled,
    @Value("${cerberus.encryption.cache.encrypt.maxSize:100}") int encryptMaxSize,
    @Value("${cerberus.encryption.cache.encrypt.maxAgeInSeconds:60}") int encryptMaxAge,
    @Value("${cerberus.encryption.cache.encrypt.messageUseLimit:100}") int encryptMessageUseLimit,
    Region currentRegion,
    MetricsService metricsService) {
  MasterKeyProvider<KmsMasterKey> keyProvider = initializeKeyProvider(cmkArns, currentRegion);
  if (cacheEnabled) {
    log.info(
        "Initializing caching encryptCryptoMaterialsManager with CMK: {}, maxSize: {}, maxAge: {}, "
            + "messageUseLimit: {}",
        cmkArns,
        encryptMaxSize,
        encryptMaxAge,
        encryptMessageUseLimit);
    CryptoMaterialsCache cache =
        new MetricReportingCryptoMaterialsCache(encryptMaxSize, metricsService);
    CryptoMaterialsManager cachingCmm =
        CachingCryptoMaterialsManager.newBuilder()
            .withMasterKeyProvider(keyProvider)
            .withCache(cache)
            .withMaxAge(encryptMaxAge, TimeUnit.SECONDS)
            .withMessageUseLimit(encryptMessageUseLimit)
            .build();
    return cachingCmm;
  } else {
    log.info("Initializing encryptCryptoMaterialsManager with CMK: {}", cmkArns);
    return new DefaultCryptoMaterialsManager(keyProvider);
  }
}
Example #2
Source File: ApplicationConfiguration.java    From cerberus with Apache License 2.0 5 votes vote down vote up 
@Bean("decryptCryptoMaterialsManager")
public CryptoMaterialsManager decryptCryptoMaterialsManager(
    @Value("${cerberus.encryption.cmk.arns}") String cmkArns,
    @Value("${cerberus.encryption.cache.enabled:#{false}}") boolean cacheEnabled,
    @Value("${cerberus.encryption.cache.decrypt.maxSize:1000}") int decryptMaxSize,
    @Value("${cerberus.encryption.cache.decrypt.maxAgeInSeconds:60}") int decryptMaxAge,
    Region currentRegion,
    MetricsService metricsService) {
  MasterKeyProvider<KmsMasterKey> keyProvider = initializeKeyProvider(cmkArns, currentRegion);
  if (cacheEnabled) {
    log.info(
        "Initializing caching decryptCryptoMaterialsManager with CMK: {}, maxSize: {}, maxAge: {}",
        cmkArns,
        decryptMaxSize,
        decryptMaxAge);
    CryptoMaterialsCache cache =
        new MetricReportingCryptoMaterialsCache(decryptMaxAge, metricsService);
    CryptoMaterialsManager cachingCmm =
        CachingCryptoMaterialsManager.newBuilder()
            .withMasterKeyProvider(keyProvider)
            .withCache(cache)
            .withMaxAge(decryptMaxAge, TimeUnit.SECONDS)
            .build();
    return cachingCmm;
  } else {
    log.info("Initializing decryptCryptoMaterialsManager with CMK: {}", cmkArns);
    return new DefaultCryptoMaterialsManager(keyProvider);
  }
}
Example #3
Source File: DecryptionHandler.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up 
private DecryptionHandler(final CryptoMaterialsManager materialsManager) {
    Utils.assertNonNull(materialsManager, "materialsManager");

    this.materialsManager_ = materialsManager;
    ciphertextHeaders_ = new CiphertextHeaders();
    ciphertextFooters_ = new CiphertextFooters();
}
Example #4
Source File: DecryptionHandler.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up 
private DecryptionHandler(final CryptoMaterialsManager materialsManager, final CiphertextHeaders headers)
        throws AwsCryptoException
{
    Utils.assertNonNull(materialsManager, "materialsManager");

    materialsManager_ = materialsManager;
    ciphertextHeaders_ = headers;
    ciphertextFooters_ = new CiphertextFooters();
    readHeaderFields(headers);
    updateTrailingSignature(headers);
}
Example #5
Source File: CachingCryptoMaterialsManagerTest.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up 
@Test
public void whenMKPPassed_itIsUsed() throws Exception {
    JceMasterKey key = spy(JceMasterKey.getInstance(new SecretKeySpec(new byte[16], "AES"),
                                                     "provider",
                                                     "keyId",
                                                     "AES/GCM/NoPadding"));
    CryptoMaterialsManager cmm = CachingCryptoMaterialsManager.newBuilder()
                                                              .withCache(cache)
                                                              .withMasterKeyProvider(key)
                                                              .withMaxAge(5, TimeUnit.DAYS)
                                                              .build();

    cmm.getMaterialsForEncrypt(CacheTestFixtures.createMaterialsRequest(0));
    verify(key).generateDataKey(any(), any());
}
Example #6
Source File: CacheIdentifierTests.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up 
private CachingCryptoMaterialsManager getCMM(final String partitionName) {
    return CachingCryptoMaterialsManager.newBuilder()
                                        .withCache(mock(CryptoMaterialsCache.class))
                                        .withBackingMaterialsManager(mock(CryptoMaterialsManager.class))
                                        .withMaxAge(1, TimeUnit.MILLISECONDS)
                                        .withPartitionId(partitionName)
                                        .build();
}
Example #7
Source File: FieldEncrypter.java    From datacollector with Apache License 2.0 5 votes vote down vote up 
private EncryptionProvider createProvider(List<ConfigIssue> issues) {
  CryptoMaterialsManager cmManager = createCryptoMaterialsManager(issues);

  if (!issues.isEmpty()) {
    return null;
  }

  AwsCrypto crypto = new AwsCrypto();
  crypto.setEncryptionAlgorithm(conf.getCipher());
  crypto.setEncryptionFrameSize(conf.getFrameSize());

  return AWSEncryptionProvider.builder().withMode(mode).withCrypto(crypto).withCmManager(cmManager).build();
}
Example #8
Source File: AWSEncryptionProvider.java    From datacollector with Apache License 2.0 4 votes vote down vote up 
public Builder withCmManager(CryptoMaterialsManager cmManager) {
  this.cmManager = cmManager;
  return this;
}
Example #9
Source File: AWSEncryptionProvider.java    From datacollector with Apache License 2.0 4 votes vote down vote up 
private AWSEncryptionProvider(EncryptionMode mode, AwsCrypto crypto, CryptoMaterialsManager cmManager) {
  this.mode = mode;
  this.crypto = crypto;
  this.cmManager = cmManager;
}
Example #10
Source File: CachingCryptoMaterialsManager.java    From aws-encryption-sdk-java with Apache License 2.0 2 votes vote down vote up 
/**
 * Sets the {@link CryptoMaterialsManager} that should be queried when the {@link CachingCryptoMaterialsManager}
 * incurs a cache miss.
 *
 * You can set either a MasterKeyProvider or a CryptoMaterialsManager to back the CCMM - the last value set will
 * be used.
 *
 * @param backingCMM The CryptoMaterialsManager to invoke on cache misses
 * @return this builder
 */
public Builder withBackingMaterialsManager(CryptoMaterialsManager backingCMM) {
    this.backingCMM = backingCMM;
    return this;
}
Example #11
Source File: DecryptionHandler.java    From aws-encryption-sdk-java with Apache License 2.0 2 votes vote down vote up 
/**
 * Create a decryption handler using the provided materials manager.
 *
 * <p>
 * Note the methods in the provided materials manager are used in decrypting the encrypted data key
 * parsed from the ciphertext headers.
 *
 * @param materialsManager
 *            the materials manager to use in decrypting the data key from the key blobs encoded
 *            in the provided ciphertext.
 * @throws AwsCryptoException
 *             if the master key is null.
 */
public static DecryptionHandler<?> create(
        final CryptoMaterialsManager materialsManager
) throws AwsCryptoException {
    return new DecryptionHandler(materialsManager);
}
Example #12
Source File: DecryptionHandler.java    From aws-encryption-sdk-java with Apache License 2.0 2 votes vote down vote up 
/**
 * Create a decryption handler using the provided materials manager and already parsed {@code headers}.
 *
 * <p>
 * Note the methods in the provided materials manager are used in decrypting the encrypted data key
 * parsed from the ciphertext headers.
 *
 * @param materialsManager
 *            the materials manager to use in decrypting the data key from the key blobs encoded
 *            in the provided ciphertext.
 * @param headers
 *            already parsed headers which will not be passed into
 *            {@link #processBytes(byte[], int, int, byte[], int)}
 * @throws AwsCryptoException
 *             if the master key is null.
 */
public static DecryptionHandler<?> create(
        final CryptoMaterialsManager materialsManager, final CiphertextHeaders headers
) throws AwsCryptoException {
    return new DecryptionHandler(materialsManager, headers);
}