com.amazonaws.encryptionsdk.DefaultCryptoMaterialsManager Java Examples
The following examples show how to use
com.amazonaws.encryptionsdk.DefaultCryptoMaterialsManager.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: DecryptionHandlerTest.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
|
private byte[] getTestHeaders() {
final CryptoAlgorithm cryptoAlgorithm_ = AwsCrypto.getDefaultCryptoAlgorithm();
final int frameSize_ = AwsCrypto.getDefaultFrameSize();
final Map<String, String> encryptionContext = Collections.<String, String> emptyMap();
final EncryptionMaterialsRequest encryptionMaterialsRequest = EncryptionMaterialsRequest.newBuilder()
.setContext(encryptionContext)
.setRequestedAlgorithm(cryptoAlgorithm_)
.build();
final EncryptionMaterials encryptionMaterials = new DefaultCryptoMaterialsManager(masterKeyProvider_)
.getMaterialsForEncrypt(encryptionMaterialsRequest);
final EncryptionHandler encryptionHandler = new EncryptionHandler(frameSize_, encryptionMaterials);
// create the ciphertext headers by calling encryption handler.
final byte[] in = new byte[0];
final int ciphertextLen = encryptionHandler.estimateOutputSize(in.length);
final byte[] ciphertext = new byte[ciphertextLen];
encryptionHandler.processBytes(in, 0, in.length, ciphertext, 0);
return ciphertext;
}
Example #2
| Source File: ApplicationConfiguration.java From cerberus with Apache License 2.0 | 5 votes |
|
@Bean("encryptCryptoMaterialsManager")
public CryptoMaterialsManager encryptCryptoMaterialsManager(
@Value("${cerberus.encryption.cmk.arns}") String cmkArns,
@Value("${cerberus.encryption.cache.enabled:false}") boolean cacheEnabled,
@Value("${cerberus.encryption.cache.encrypt.maxSize:100}") int encryptMaxSize,
@Value("${cerberus.encryption.cache.encrypt.maxAgeInSeconds:60}") int encryptMaxAge,
@Value("${cerberus.encryption.cache.encrypt.messageUseLimit:100}") int encryptMessageUseLimit,
Region currentRegion,
MetricsService metricsService) {
MasterKeyProvider<KmsMasterKey> keyProvider = initializeKeyProvider(cmkArns, currentRegion);
if (cacheEnabled) {
log.info(
"Initializing caching encryptCryptoMaterialsManager with CMK: {}, maxSize: {}, maxAge: {}, "
+ "messageUseLimit: {}",
cmkArns,
encryptMaxSize,
encryptMaxAge,
encryptMessageUseLimit);
CryptoMaterialsCache cache =
new MetricReportingCryptoMaterialsCache(encryptMaxSize, metricsService);
CryptoMaterialsManager cachingCmm =
CachingCryptoMaterialsManager.newBuilder()
.withMasterKeyProvider(keyProvider)
.withCache(cache)
.withMaxAge(encryptMaxAge, TimeUnit.SECONDS)
.withMessageUseLimit(encryptMessageUseLimit)
.build();
return cachingCmm;
} else {
log.info("Initializing encryptCryptoMaterialsManager with CMK: {}", cmkArns);
return new DefaultCryptoMaterialsManager(keyProvider);
}
}
Example #3
| Source File: ApplicationConfiguration.java From cerberus with Apache License 2.0 | 5 votes |
|
@Bean("decryptCryptoMaterialsManager")
public CryptoMaterialsManager decryptCryptoMaterialsManager(
@Value("${cerberus.encryption.cmk.arns}") String cmkArns,
@Value("${cerberus.encryption.cache.enabled:#{false}}") boolean cacheEnabled,
@Value("${cerberus.encryption.cache.decrypt.maxSize:1000}") int decryptMaxSize,
@Value("${cerberus.encryption.cache.decrypt.maxAgeInSeconds:60}") int decryptMaxAge,
Region currentRegion,
MetricsService metricsService) {
MasterKeyProvider<KmsMasterKey> keyProvider = initializeKeyProvider(cmkArns, currentRegion);
if (cacheEnabled) {
log.info(
"Initializing caching decryptCryptoMaterialsManager with CMK: {}, maxSize: {}, maxAge: {}",
cmkArns,
decryptMaxSize,
decryptMaxAge);
CryptoMaterialsCache cache =
new MetricReportingCryptoMaterialsCache(decryptMaxAge, metricsService);
CryptoMaterialsManager cachingCmm =
CachingCryptoMaterialsManager.newBuilder()
.withMasterKeyProvider(keyProvider)
.withCache(cache)
.withMaxAge(decryptMaxAge, TimeUnit.SECONDS)
.build();
return cachingCmm;
} else {
log.info("Initializing decryptCryptoMaterialsManager with CMK: {}", cmkArns);
return new DefaultCryptoMaterialsManager(keyProvider);
}
}
Example #4
| Source File: CacheTestFixtures.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
|
public static DecryptionMaterials createDecryptResult(DecryptionMaterialsRequest request) {
DecryptionMaterials realResult = new DefaultCryptoMaterialsManager(FIXED_KEY).decryptMaterials(request);
return realResult
.toBuilder()
.setDataKey(new DataKey(new SentinelKey(),
realResult.getDataKey().getEncryptedDataKey(),
realResult.getDataKey().getProviderInformation(),
realResult.getDataKey().getMasterKey()))
.build();
}
Example #5
| Source File: CacheTestFixtures.java From aws-encryption-sdk-java with Apache License 2.0 | 4 votes |
|
public static EncryptionMaterials createMaterialsResult(EncryptionMaterialsRequest request) {
return new DefaultCryptoMaterialsManager(FIXED_KEY).getMaterialsForEncrypt(request)
.toBuilder()
.setCleartextDataKey(new SentinelKey())
.build();
}
Example #6
| Source File: DecryptionHandler.java From aws-encryption-sdk-java with Apache License 2.0 | 3 votes |
|
/**
* Create a decryption handler using the provided master key.
*
* <p>
* Note the methods in the provided master key are used in decrypting the
* encrypted data key parsed from the ciphertext headers.
*
* @param customerMasterKeyProvider
* the master key provider to use in picking a master key from
* the key blobs encoded in the provided ciphertext.
* @throws AwsCryptoException
* if the master key is null.
*/
@SuppressWarnings("unchecked")
public static <K extends MasterKey<K>> DecryptionHandler<K> create(
final MasterKeyProvider<K> customerMasterKeyProvider
) throws AwsCryptoException {
Utils.assertNonNull(customerMasterKeyProvider, "customerMasterKeyProvider");
return (DecryptionHandler<K>)create(new DefaultCryptoMaterialsManager(customerMasterKeyProvider));
}
Example #7
| Source File: DecryptionHandler.java From aws-encryption-sdk-java with Apache License 2.0 | 3 votes |
|
/**
* Create a decryption handler using the provided master key and already parsed {@code headers}.
*
* <p>
* Note the methods in the provided master key are used in decrypting the encrypted data key
* parsed from the ciphertext headers.
*
* @param customerMasterKeyProvider
* the master key provider to use in picking a master key from the key blobs encoded
* in the provided ciphertext.
* @param headers
* already parsed headers which will not be passed into
* {@link #processBytes(byte[], int, int, byte[], int)}
* @throws AwsCryptoException
* if the master key is null.
*/
@SuppressWarnings("unchecked")
public static <K extends MasterKey<K>> DecryptionHandler<K> create(
final MasterKeyProvider<K> customerMasterKeyProvider, final CiphertextHeaders headers
) throws AwsCryptoException {
Utils.assertNonNull(customerMasterKeyProvider, "customerMasterKeyProvider");
return (DecryptionHandler<K>) create(new DefaultCryptoMaterialsManager(customerMasterKeyProvider), headers);
}
Example #8
| Source File: CachingCryptoMaterialsManager.java From aws-encryption-sdk-java with Apache License 2.0 | 2 votes |
|
/**
* Sets the {@link MasterKeyProvider} that should be queried when the {@link CachingCryptoMaterialsManager}
* incurs a cache miss.
*
* You can set either a MasterKeyProvider or a CryptoMaterialsManager to back the CCMM - the last value set will
* be used.
*
* This method is equivalent to calling {@link #withBackingMaterialsManager(CryptoMaterialsManager)} passing a
* {@link DefaultCryptoMaterialsManager} constructed using your {@link MasterKeyProvider}.
*
* @param mkp The MasterKeyProvider to invoke on cache misses
* @return this builder
*/
public Builder withMasterKeyProvider(MasterKeyProvider mkp) {
return withBackingMaterialsManager(new DefaultCryptoMaterialsManager(mkp));
}
