software.amazon.awssdk.services.kms.KmsClient Java Examples
The following examples show how to use
software.amazon.awssdk.services.kms.KmsClient.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: DirectKmsMaterialsProvider.java From aws-dynamodb-encryption-java with Apache License 2.0 | 6 votes |
|
public DirectKmsMaterialsProvider(KmsClient kms, String encryptionKeyId, Map<String, String> materialDescription) {
this.kms = kms;
this.encryptionKeyId = encryptionKeyId;
this.description = materialDescription != null ?
Collections.unmodifiableMap(new HashMap<>(materialDescription)) :
Collections.emptyMap();
dataKeyDesc = description.getOrDefault(WrappedRawMaterials.CONTENT_KEY_ALGORITHM, DEFAULT_ENC_ALG);
String[] parts = dataKeyDesc.split("/", 2);
this.dataKeyAlg = parts[0];
this.dataKeyLength = parts.length == 2 ? Integer.parseInt(parts[1]) : 256;
sigKeyDesc = description.getOrDefault(SIGNING_KEY_ALGORITHM, DEFAULT_SIG_ALG);
parts = sigKeyDesc.split("/", 2);
this.sigKeyAlg = parts[0];
this.sigKeyLength = parts.length == 2 ? Integer.parseInt(parts[1]) : 256;
}
Example #2
| Source File: PaginationTokenSerializer.java From realworld-serverless-application with Apache License 2.0 | 5 votes |
|
/**
* Construct PaginationTokenSerializer from KmsClient and ConfigProvider.
*
* @param kms KmsClient for token encryption and decryption.
* @param configProvider ConfigProvider to provide configuration values.
*/
@Inject
public PaginationTokenSerializer(final KmsClient kms, final ConfigProvider configProvider) {
this.dynamoDbStartKeySerializer = new DynamoDbStartKeySerializer();
this.timeBasedTokenSerializer = new TimeBasedTokenSerializer(
configProvider.getPaginationTokenTtl());
this.encryptedTokenSerializer = new EncryptedTokenSerializer(
kms, configProvider.getKmsKeyId());
}
Example #3
| Source File: ApiLambdaHandler.java From realworld-serverless-application with Apache License 2.0 | 5 votes |
|
@Override
protected void configure() {
bindFactory(DynamoDbClientFactory.class)
.to(DynamoDbClient.class).in(Singleton.class);
bindFactory(SsmConfigProviderFactory.class)
.to(ConfigProvider.class).in(Singleton.class);
bindFactory(KmsClientFactory.class)
.to(KmsClient.class).in(Singleton.class);
bind(PaginationTokenSerializer.class)
.to(new TypeLiteral<TokenSerializer<Map<String, AttributeValue>>>() {
})
.in(Singleton.class);
}
Example #4
| Source File: DirectKmsMaterialsProviderTest.java From aws-dynamodb-encryption-java with Apache License 2.0 | 5 votes |
|
@Test
public void generateDataKeyIsCalledWith256NumberOfBits() {
final AtomicBoolean gdkCalled = new AtomicBoolean(false);
KmsClient kmsSpy = new FakeKMS() {
@Override public GenerateDataKeyResponse generateDataKey(GenerateDataKeyRequest r) {
gdkCalled.set(true);
assertEquals((Integer) 32, r.numberOfBytes());
assertNull(r.keySpec());
return super.generateDataKey(r);
}
};
assertFalse(gdkCalled.get());
new DirectKmsMaterialsProvider(kmsSpy, keyId).getEncryptionMaterials(ctx);
assertTrue(gdkCalled.get());
}
Example #5
| Source File: KmsResource.java From quarkus-quickstarts with Apache License 2.0 | 5 votes |
|
@Override
public Map<String, String> start() {
DockerClientFactory.instance().client();
String masterKeyId;
try {
services = new KmsContainer();
services.start();
StaticCredentialsProvider staticCredentials = StaticCredentialsProvider
.create(AwsBasicCredentials.create("accesskey", "secretKey"));
client = KmsClient.builder()
.endpointOverride(new URI(endpoint()))
.credentialsProvider(staticCredentials)
.httpClientBuilder(UrlConnectionHttpClient.builder())
.region(Region.US_EAST_1).build();
masterKeyId = client.createKey().keyMetadata().keyId();
client.generateDataKey(r -> r.keyId(masterKeyId).keySpec(DataKeySpec.AES_256));
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException("Could not start localstack server", e);
}
Map<String, String> properties = new HashMap<>();
properties.put("quarkus.kms.endpoint-override", endpoint());
properties.put("quarkus.kms.aws.region", "us-east-1");
properties.put("quarkus.kms.aws.credentials.type", "static");
properties.put("quarkus.kms.aws.credentials.static-provider.access-key-id", "accessKey");
properties.put("quarkus.kms.aws.credentials.static-provider.secret-access-key", "secretKey");
properties.put("key.arn", masterKeyId);
return properties;
}
Example #6
| Source File: KmsRecorder.java From quarkus with Apache License 2.0 | 5 votes |
|
public RuntimeValue<AwsClientBuilder> createSyncBuilder(KmsConfig config, RuntimeValue<SdkHttpClient.Builder> transport) {
KmsClientBuilder builder = KmsClient.builder();
if (transport != null) {
builder.httpClientBuilder(transport.getValue());
}
return new RuntimeValue<>(builder);
}
Example #7
| Source File: KmsRecorder.java From quarkus with Apache License 2.0 | 5 votes |
|
public RuntimeValue<KmsClient> buildClient(RuntimeValue<? extends AwsClientBuilder> builder,
BeanContainer beanContainer,
ShutdownContext shutdown) {
KmsClientProducer producer = beanContainer.instance(KmsClientProducer.class);
producer.setSyncConfiguredBuilder((KmsClientBuilder) builder.getValue());
shutdown.addShutdownTask(producer::destroy);
return new RuntimeValue<>(producer.client());
}
Example #8
| Source File: FakeKMS.java From aws-dynamodb-encryption-java with Apache License 2.0 | 4 votes |
|
@Override
public String serviceName() {
return KmsClient.SERVICE_NAME;
}
Example #9
| Source File: AwsKmsScanner.java From clouditor with Apache License 2.0 | 4 votes |
|
public AwsKmsScanner() {
// TODO: name from tags?
super(KmsClient::builder, KeyMetadata::arn, KeyMetadata::keyId);
}
Example #10
| Source File: DirectKmsMaterialsProviderTest.java From aws-dynamodb-encryption-java with Apache License 2.0 | 4 votes |
|
public ExtendedKmsMaterialProvider(KmsClient kms, String encryptionKeyId, String encryptionKeyIdAttributeName) {
super(kms, encryptionKeyId);
this.encryptionKeyIdAttributeName = encryptionKeyIdAttributeName;
}
Example #11
| Source File: DirectKmsMaterialsProvider.java From aws-dynamodb-encryption-java with Apache License 2.0 | 4 votes |
|
public DirectKmsMaterialsProvider(KmsClient kms, String encryptionKeyId) {
this(kms, encryptionKeyId, Collections.emptyMap());
}
Example #12
| Source File: DirectKmsMaterialsProvider.java From aws-dynamodb-encryption-java with Apache License 2.0 | 4 votes |
|
public DirectKmsMaterialsProvider(KmsClient kms) {
this(kms, null);
}
Example #13
| Source File: KmsClientProducer.java From quarkus with Apache License 2.0 | 4 votes |
|
@Produces
@ApplicationScoped
public KmsClient client() {
client = syncConfiguredBuilder.build();
return client;
}
Example #14
| Source File: KmsProcessor.java From quarkus with Apache License 2.0 | 4 votes |
|
@Override
protected DotName syncClientName() {
return DotName.createSimple(KmsClient.class.getName());
}
Example #15
| Source File: KmsClientFactory.java From realworld-serverless-application with Apache License 2.0 | 4 votes |
|
@Override
public KmsClient provide() {
return kmsClient;
}
Example #16
| Source File: AwsKmsScannerTest.java From clouditor with Apache License 2.0 | 4 votes |
|
@BeforeAll
static void setUpOnce() throws IOException {
discoverAssets(
KmsClient.class,
AwsKmsScanner::new,
api -> {
when(api.listKeys())
.thenReturn(
ListKeysResponse.builder()
.keys(
KeyListEntry.builder().keyArn("key1").keyId("key1").build(),
KeyListEntry.builder().keyArn("key2").keyId("key2").build(),
KeyListEntry.builder().keyArn("key3").keyId("key3").build())
.build());
when(api.describeKey(DescribeKeyRequest.builder().keyId("key1").build()))
.thenReturn(
DescribeKeyResponse.builder()
.keyMetadata(
KeyMetadata.builder()
.keyId("key1")
.arn("key1")
.origin(OriginType.EXTERNAL)
.build())
.build());
when(api.getKeyRotationStatus(
GetKeyRotationStatusRequest.builder().keyId("key1").build()))
.thenReturn(GetKeyRotationStatusResponse.builder().keyRotationEnabled(true).build());
when(api.describeKey(DescribeKeyRequest.builder().keyId("key2").build()))
.thenReturn(
DescribeKeyResponse.builder()
.keyMetadata(
KeyMetadata.builder()
.keyId("key2")
.arn("key2")
.origin(OriginType.AWS_KMS)
.build())
.build());
when(api.getKeyRotationStatus(
GetKeyRotationStatusRequest.builder().keyId("key2").build()))
.thenReturn(GetKeyRotationStatusResponse.builder().keyRotationEnabled(false).build());
when(api.describeKey(DescribeKeyRequest.builder().keyId("key3").build()))
.thenReturn(
DescribeKeyResponse.builder()
.keyMetadata(
KeyMetadata.builder()
.keyId("key3")
.arn("key3")
.origin(OriginType.AWS_KMS)
.keyManager(KeyManagerType.AWS)
.build())
.build());
when(api.getKeyRotationStatus(
GetKeyRotationStatusRequest.builder().keyId("key3").build()))
.thenReturn(GetKeyRotationStatusResponse.builder().keyRotationEnabled(false).build());
when(api.getKeyPolicy(ArgumentMatchers.any(GetKeyPolicyRequest.class)))
.thenReturn(GetKeyPolicyResponse.builder().policy("my-policy").build());
});
}
Example #17
| Source File: KmsClientFactory.java From realworld-serverless-application with Apache License 2.0 | 2 votes |
|
@Override
public void dispose(KmsClient kmsClient) {
}
