Java Code Examples for com.amazonaws.encryptionsdk.AwsCrypto#decryptData()
The following examples show how to use
com.amazonaws.encryptionsdk.AwsCrypto#decryptData() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: KeyStoreProviderTest.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
|
@Test
public void multipleKeys() throws Exception {
addEntry("key1");
addEntry("key2");
final KeyStoreProvider mkp = new KeyStoreProvider(ks, PP, "KeyStore", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding",
"key1",
"key2");
@SuppressWarnings("unused")
final JceMasterKey mk1 = mkp.getMasterKey("key1");
final JceMasterKey mk2 = mkp.getMasterKey("key2");
final AwsCrypto crypto = new AwsCrypto();
final CryptoResult<byte[], JceMasterKey> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], JceMasterKey> result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Order is non-deterministic
assertEquals(1, result.getMasterKeys().size());
// Delete the first key and see if it works
ks.deleteEntry("key1");
result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
}
Example 2
| Source File: MultipleMasterKeyTest.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
|
@Test
public void testMixedKeysSingleDecrypt() {
final SecretKeySpec k1 = new SecretKeySpec(generate(32), "AES");
final JceMasterKey mk1 = JceMasterKey.getInstance(k1, "jce", "1", WRAPPING_ALG);
StaticMasterKey mk2 = new StaticMasterKey("mock1");
final MasterKeyProvider<?> mkp = MultipleProviderFactory.buildMultiProvider(mk1, mk2);
AwsCrypto crypto = new AwsCrypto();
CryptoResult<byte[], ?> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], ?> result = crypto.decryptData(mk1, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
result = crypto.decryptData(mk2, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
}
Example 3
| Source File: MultipleMasterKeyTest.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
|
@Test
public void testMixedKeys() {
final SecretKeySpec k1 = new SecretKeySpec(generate(32), "AES");
final JceMasterKey mk1 = JceMasterKey.getInstance(k1, "jce", "1", WRAPPING_ALG);
StaticMasterKey mk2 = new StaticMasterKey("mock1");
final MasterKeyProvider<?> mkp = MultipleProviderFactory.buildMultiProvider(mk1, mk2);
AwsCrypto crypto = new AwsCrypto();
CryptoResult<byte[], ?> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], ?> result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
assertMultiReturnsKeys(mkp, mk1, mk2);
}
Example 4
| Source File: MultipleMasterKeyTest.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
|
@Test
public void testMultipleJceKeysSingleDecrypt() {
final SecretKeySpec k1 = new SecretKeySpec(generate(32), "AES");
final JceMasterKey mk1 = JceMasterKey.getInstance(k1, "jce", "1", WRAPPING_ALG);
final SecretKeySpec k2 = new SecretKeySpec(generate(32), "AES");
final JceMasterKey mk2 = JceMasterKey.getInstance(k2, "jce", "2", WRAPPING_ALG);
final MasterKeyProvider<JceMasterKey> mkp = MultipleProviderFactory.buildMultiProvider(JceMasterKey.class,
mk1, mk2);
AwsCrypto crypto = new AwsCrypto();
CryptoResult<byte[], JceMasterKey> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], JceMasterKey> result = crypto.decryptData(mk1, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
result = crypto.decryptData(mk2, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
}
Example 5
| Source File: MultipleMasterKeyTest.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
|
@Test
public void testMultipleJceKeys() {
final SecretKeySpec k1 = new SecretKeySpec(generate(32), "AES");
final JceMasterKey mk1 = JceMasterKey.getInstance(k1, "jce", "1", WRAPPING_ALG);
final SecretKeySpec k2 = new SecretKeySpec(generate(32), "AES");
final JceMasterKey mk2 = JceMasterKey.getInstance(k2, "jce", "2", WRAPPING_ALG);
final MasterKeyProvider<JceMasterKey> mkp = MultipleProviderFactory.buildMultiProvider(JceMasterKey.class,
mk1, mk2);
AwsCrypto crypto = new AwsCrypto();
CryptoResult<byte[], JceMasterKey> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], JceMasterKey> result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
assertMultiReturnsKeys(mkp, mk1, mk2);
}
Example 6
| Source File: KeyStoreProviderTest.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
|
@Test
public void keystoreAndRawProvider() throws GeneralSecurityException, IOException {
addEntry("key1");
final SecretKeySpec k1 = new SecretKeySpec(generate(32), "AES");
final JceMasterKey jcep = JceMasterKey.getInstance(k1, "jce", "1", "AES/GCM/NoPadding");
final KeyStoreProvider ksp = new KeyStoreProvider(ks, PP, "KeyStore", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding",
"key1");
MasterKeyProvider<JceMasterKey> multiProvider = MultipleProviderFactory.buildMultiProvider(JceMasterKey.class,
jcep, ksp);
assertEquals(jcep, multiProvider.getMasterKey("jce", "1"));
final AwsCrypto crypto = new AwsCrypto();
final CryptoResult<byte[], JceMasterKey> ct = crypto.encryptData(multiProvider, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], JceMasterKey> result = crypto.decryptData(multiProvider, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
assertEquals(jcep, result.getMasterKeys().get(0));
// Decrypt just using each individually
assertArrayEquals(PLAINTEXT, crypto.decryptData(jcep, ct.getResult()).getResult());
assertArrayEquals(PLAINTEXT, crypto.decryptData(ksp, ct.getResult()).getResult());
}
Example 7
| Source File: KeyStoreProviderTest.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
|
@Test
public void escrowAndSymmetricSecondProvider() throws GeneralSecurityException, IOException {
addPublicEntry("key1");
addEntry("key2");
final KeyStoreProvider mkp = new KeyStoreProvider(ks, PP, "KeyStore", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding",
"key1",
"key2");
@SuppressWarnings("unused")
final JceMasterKey mk1 = mkp.getMasterKey("key1");
final JceMasterKey mk2 = mkp.getMasterKey("key2");
final AwsCrypto crypto = new AwsCrypto();
final CryptoResult<byte[], JceMasterKey> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
final KeyStoreProvider mkp2 = new KeyStoreProvider(ks, PP, "KeyStore", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding",
"key1");
CryptoResult<byte[], JceMasterKey> result = crypto.decryptData(mkp2, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only could have decrypted with the keypair
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
}
Example 8
| Source File: LegacyKMSMasterKeyProviderTests.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
|
@Test
public void testMultipleKmsKeys() {
final MockKMSClient kms = new MockKMSClient();
final String arn1 = kms.createKey().getKeyMetadata().getArn();
final String arn2 = kms.createKey().getKeyMetadata().getArn();
MasterKeyProvider<KmsMasterKey> prov = legacyConstruct(kms, arn1, arn2);
KmsMasterKey mk1 = prov.getMasterKey(arn1);
AwsCrypto crypto = new AwsCrypto();
CryptoResult<byte[], KmsMasterKey> ct = crypto.encryptData(prov, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], KmsMasterKey> result = crypto.decryptData(prov, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
}
Example 9
| Source File: LegacyKMSMasterKeyProviderTests.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
|
@Test
public void testMixedKeysSingleDecrypt() {
final SecretKeySpec k1 = new SecretKeySpec(generate(32), "AES");
final JceMasterKey mk1 = JceMasterKey.getInstance(k1, "jce", "1", WRAPPING_ALG);
final MockKMSClient kms = new MockKMSClient();
final String arn2 = kms.createKey().getKeyMetadata().getArn();
MasterKeyProvider<KmsMasterKey> prov = legacyConstruct(kms);
KmsMasterKey mk2 = prov.getMasterKey(arn2);
final MasterKeyProvider<?> mkp = MultipleProviderFactory.buildMultiProvider(mk1, mk2);
AwsCrypto crypto = new AwsCrypto();
CryptoResult<byte[], ?> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], ?> result = crypto.decryptData(mk1, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
result = crypto.decryptData(mk2, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
}
Example 10
| Source File: LegacyKMSMasterKeyProviderTests.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
|
@Test
public void testMixedKeys() {
final SecretKeySpec k1 = new SecretKeySpec(generate(32), "AES");
final JceMasterKey mk1 = JceMasterKey.getInstance(k1, "jce", "1", WRAPPING_ALG);
final MockKMSClient kms = new MockKMSClient();
final String arn2 = kms.createKey().getKeyMetadata().getArn();
MasterKeyProvider<KmsMasterKey> prov = legacyConstruct(kms);
KmsMasterKey mk2 = prov.getMasterKey(arn2);
final MasterKeyProvider<?> mkp = MultipleProviderFactory.buildMultiProvider(mk1, mk2);
AwsCrypto crypto = new AwsCrypto();
CryptoResult<byte[], ?> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], ?> result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
assertMultiReturnsKeys(mkp, mk1, mk2);
}
Example 11
| Source File: KeyStoreProviderTest.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
|
@Test
public void singleKeyOaepSha256() throws Exception {
addEntry("key1");
final KeyStoreProvider mkp = new KeyStoreProvider(ks, PP, "KeyStore", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding",
"key1");
final JceMasterKey mk1 = mkp.getMasterKey("key1");
final AwsCrypto crypto = new AwsCrypto();
final CryptoResult<byte[], JceMasterKey> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(1, ct.getMasterKeyIds().size());
final CryptoResult<byte[], JceMasterKey> result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
}
Example 12
| Source File: KeyStoreProviderTest.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
|
@Test
public void singleKeyOaepSha1() throws Exception {
addEntry("key1");
final KeyStoreProvider mkp = new KeyStoreProvider(ks, PP, "KeyStore", "RSA/ECB/OAEPWithSHA-1AndMGF1Padding",
"key1");
final JceMasterKey mk1 = mkp.getMasterKey("key1");
final AwsCrypto crypto = new AwsCrypto();
final CryptoResult<byte[], JceMasterKey> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(1, ct.getMasterKeyIds().size());
final CryptoResult<byte[], JceMasterKey> result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
}
Example 13
| Source File: KeyStoreProviderTest.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
|
@Test(expected = CannotUnwrapDataKeyException.class)
public void encryptOnly() throws Exception {
addPublicEntry("key1");
final KeyStoreProvider mkp = new KeyStoreProvider(ks, PP, "KeyStore", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding",
"key1");
final AwsCrypto crypto = new AwsCrypto();
final CryptoResult<byte[], JceMasterKey> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(1, ct.getMasterKeyIds().size());
crypto.decryptData(mkp, ct.getResult());
}
Example 14
| Source File: KeyStoreProviderTest.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
|
@Test
public void escrowAndSymmetric() throws Exception {
addPublicEntry("key1");
addEntry("key2");
final KeyStoreProvider mkp = new KeyStoreProvider(ks, PP, "KeyStore", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding",
"key1",
"key2");
@SuppressWarnings("unused")
final JceMasterKey mk1 = mkp.getMasterKey("key1");
final JceMasterKey mk2 = mkp.getMasterKey("key2");
final AwsCrypto crypto = new AwsCrypto();
final CryptoResult<byte[], JceMasterKey> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], JceMasterKey> result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only could have decrypted with the keypair
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
// Delete the first key and see if it works
ks.deleteEntry("key1");
result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
}
Example 15
| Source File: KeyStoreProviderTest.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
|
@Test
public void singleKeyPkcs1() throws Exception {
addEntry("key1");
final KeyStoreProvider mkp = new KeyStoreProvider(ks, PP, "KeyStore", "RSA/ECB/PKCS1Padding", "key1");
final JceMasterKey mk1 = mkp.getMasterKey("key1");
final AwsCrypto crypto = new AwsCrypto();
final CryptoResult<byte[], JceMasterKey> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(1, ct.getMasterKeyIds().size());
final CryptoResult<byte[], JceMasterKey> result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
}
Example 16
| Source File: KeyStoreProviderTest.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
|
@Test
public void escrowCase() throws GeneralSecurityException, IOException {
addEntry("escrowKey");
KeyStore ks2 = KeyStore.getInstance(KeyStore.getDefaultType());
ks2.load(null, PASSWORD);
copyPublicPart(ks, ks2, "escrowKey");
final KeyStoreProvider mkp = new KeyStoreProvider(ks, PP, "KeyStore", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding",
"escrowKey");
final KeyStoreProvider escrowProvider = new KeyStoreProvider(ks2, PP, "KeyStore",
"RSA/ECB/OAEPWithSHA-256AndMGF1Padding",
"escrowKey");
final JceMasterKey mk1 = escrowProvider.getMasterKey("escrowKey");
final AwsCrypto crypto = new AwsCrypto();
final CryptoResult<byte[], JceMasterKey> ct = crypto.encryptData(escrowProvider, PLAINTEXT);
assertEquals(1, ct.getMasterKeyIds().size());
try {
crypto.decryptData(escrowProvider, ct.getResult());
fail("Expected CannotUnwrapDataKeyException");
} catch (final CannotUnwrapDataKeyException ex) {
// expected
}
CryptoResult<byte[], JceMasterKey> result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only could have decrypted with the keypair
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
}
Example 17
| Source File: XCompatKmsDecryptTest.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
|
@Test
public void testDecryptFromFile() throws Exception {
AwsCrypto crypto = new AwsCrypto();
final KmsMasterKeyProvider masterKeyProvider = new KmsMasterKeyProvider(kmsKeyId);
byte ciphertextBytes[] = Files.readAllBytes(Paths.get(ciphertextFileName));
byte plaintextBytes[] = Files.readAllBytes(Paths.get(plaintextFileName));
final CryptoResult decryptResult = crypto.decryptData(
masterKeyProvider,
ciphertextBytes
);
assertArrayEquals(plaintextBytes, (byte[])decryptResult.getResult());
}
Example 18
| Source File: LegacyKMSMasterKeyProviderTests.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
|
@Test
public void testMultipleRegionKmsKeys() {
final MockKMSClient us_east_1 = new MockKMSClient();
us_east_1.setRegion(Region.getRegion(Regions.US_EAST_1));
final MockKMSClient eu_west_1 = new MockKMSClient();
eu_west_1.setRegion(Region.getRegion(Regions.EU_WEST_1));
final String arn1 = us_east_1.createKey().getKeyMetadata().getArn();
final String arn2 = eu_west_1.createKey().getKeyMetadata().getArn();
KmsMasterKeyProvider provE = legacyConstruct(us_east_1, Region.getRegion(Regions.US_EAST_1));
KmsMasterKeyProvider provW = legacyConstruct(eu_west_1, Region.getRegion(Regions.EU_WEST_1));
KmsMasterKey mk1 = provE.getMasterKey(arn1);
KmsMasterKey mk2 = provW.getMasterKey(arn2);
final MasterKeyProvider<KmsMasterKey> mkp = MultipleProviderFactory.buildMultiProvider(KmsMasterKey.class,
mk1, mk2);
AwsCrypto crypto = new AwsCrypto();
CryptoResult<byte[], KmsMasterKey> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], KmsMasterKey> result = crypto.decryptData(mk1, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
result = crypto.decryptData(mk2, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
assertMultiReturnsKeys(mkp, mk1, mk2);
// Delete one of the two keys and ensure it's still decryptable
us_east_1.deleteKey(arn1);
result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
}
Example 19
| Source File: LegacyKMSMasterKeyProviderTests.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
|
@Test
public void testMultipleKmsKeysSingleDecrypt() {
final MockKMSClient kms = new MockKMSClient();
final String arn1 = kms.createKey().getKeyMetadata().getArn();
final String arn2 = kms.createKey().getKeyMetadata().getArn();
MasterKeyProvider<KmsMasterKey> prov = legacyConstruct(kms, arn1, arn2);
KmsMasterKey mk1 = prov.getMasterKey(arn1);
KmsMasterKey mk2 = prov.getMasterKey(arn2);
AwsCrypto crypto = new AwsCrypto();
CryptoResult<byte[], KmsMasterKey> ct = crypto.encryptData(prov, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], KmsMasterKey> result = crypto.decryptData(mk1, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
result = crypto.decryptData(mk2, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
// Delete one of the two keys and ensure it's still decryptable
kms.deleteKey(arn1);
result = crypto.decryptData(prov, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
}
