com.amazonaws.services.kms.model.DescribeKeyRequest Java Examples

The following examples show how to use com.amazonaws.services.kms.model.DescribeKeyRequest. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: IntegrationTestHelper.java    From strongbox with Apache License 2.0 6 votes vote down vote up 
private static void cleanUpKMSKeys(Regions testRegion, String testResourcePrefix, Date createdBeforeThreshold,
                                   AWSCredentialsProvider awsCredentials) {
    LOG.info("Cleaning KMS...");

    AWSKMS kmsClient = AWSKMSClientBuilder.standard()
            .withCredentials(awsCredentials)
            .withRegion(testRegion)
            .build();

    List<AliasListEntry> keys = kmsClient.listAliases().getAliases();
    for (AliasListEntry entry: keys) {
        if (!entry.getAliasName().startsWith("alias/" + testResourcePrefix)) {
            continue;
        }

        DescribeKeyRequest request = new DescribeKeyRequest().withKeyId(entry.getTargetKeyId());
        KeyMetadata metadata = kmsClient.describeKey(request).getKeyMetadata();

        if (KMSKeyState.fromString(metadata.getKeyState()) != KMSKeyState.PENDING_DELETION &&
                metadata.getCreationDate().before(createdBeforeThreshold)) {
            LOG.info("Scheduling KMS key for deletion:" + entry.getAliasName());
            scheduleKeyDeletion(kmsClient, entry);
        }
    }
}
Example #2
Source File: IAMPolicyManagerTest.java    From strongbox with Apache License 2.0 6 votes vote down vote up 
@Test
public void testCreateAdminPolicy() throws Exception {
    String policyDocument = new String(Files.readAllBytes(Paths.get(TEST_DATA_DIR, "test_admin_policy")));
    CreatePolicyRequest request = constructCreatePolicyRequest("admin", policyDocument);
    CreatePolicyResult result = new CreatePolicyResult().withPolicy(new Policy().withArn(ADMIN_POLICY_ARN));
    when(mockClient.createPolicy(request)).thenReturn(result);

    // When constructing policy statement for KMS, the KMSManager checks that the key exists with a
    // DescribeKeyRequest. So we need to mock this result as well.
    DescribeKeyRequest keyRequest = new DescribeKeyRequest().withKeyId(KMS_ALIAS_ARN);
    when(mockKMSClient.describeKey(keyRequest)).thenReturn(constructDescribeKeyResult());

    // Create the policy and verify the policy is as expected and expected calls to AWS were made.
    String policyArn = partiallyMockedPolicyManager.createAdminPolicy(group, kmsEncryptor, partiallyMockedStore);

    verify(mockClient, times(1)).createPolicy(request);
    verify(mockKMSClient, times(1)).describeKey(keyRequest);
    assertEquals(policyArn, ADMIN_POLICY_ARN);
}
Example #3
Source File: IAMPolicyManagerTest.java    From strongbox with Apache License 2.0 6 votes vote down vote up 
@Test
public void testCreateReadOnlyPolicy() throws Exception {
    String policyDocument = new String(Files.readAllBytes(Paths.get(TEST_DATA_DIR, "test_readonly_policy")));
    CreatePolicyRequest request = constructCreatePolicyRequest("readonly", policyDocument);
    CreatePolicyResult result = new CreatePolicyResult().withPolicy(new Policy().withArn(READONLY_POLICY_ARN));
    when(mockClient.createPolicy(request)).thenReturn(result);

    // When constructing policy statement for KMS, the KMSManager checks that the key exists with a
    // DescribeKeyRequest. So we need to mock this result as well.
    DescribeKeyRequest keyRequest = new DescribeKeyRequest().withKeyId(KMS_ALIAS_ARN);
    when(mockKMSClient.describeKey(keyRequest)).thenReturn(constructDescribeKeyResult());

    // Create the policy and verify the policy is as expected and expected calls to AWS were made.
    String policyArn = partiallyMockedPolicyManager.createReadOnlyPolicy(group, kmsEncryptor, partiallyMockedStore);
    verify(mockClient, times(1)).createPolicy(request);
    verify(mockKMSClient, times(1)).describeKey(keyRequest);
    assertEquals(policyArn, READONLY_POLICY_ARN);
}
Example #4
Source File: ViewCustomerMasterKey.java    From aws-doc-sdk-examples with Apache License 2.0 5 votes vote down vote up 
public static void main(String[] args) {
    final String USAGE =
        "To run this example, supply a key id or ARN\n" +
        "Usage: ViewCustomerMasterKey <key-id>\n" +
        "Example: ViewCustomerMasterKey 1234abcd-12ab-34cd-56ef-1234567890ab\n";

    if (args.length != 1) {
        System.out.println(USAGE);
        System.exit(1);
    }

    String keyId = args[0];

    AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();

    // Describe a CMK

    DescribeKeyRequest req = new DescribeKeyRequest().withKeyId(keyId);
    DescribeKeyResult result = kmsClient.describeKey(req);

    KeyMetadata metadata = result.getKeyMetadata();

    System.out.printf("%-15s %s%n", "KeyId:", keyId);
    System.out.printf("%-15s %s%n", "Arn:", metadata.getArn());
    System.out.printf("%-15s %s%n", "CreationDate:", metadata.getCreationDate());
    System.out.printf("%-15s %s%n", "Description:", metadata.getDescription());
    System.out.printf("%-15s %s%n", "KeyUsage:", metadata.getKeyUsage());
    System.out.printf("%-15s %s%n", "KeyState:", metadata.getKeyState());
    System.out.printf("%-15s %s%n", "Origin:", metadata.getOrigin());
    System.out.printf("%-15s %s%n", "KeyManager:", metadata.getKeyManager());

}
Example #5
Source File: MockKMSClient.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up 
@Override
public DescribeKeyResult describeKey(DescribeKeyRequest arg0) throws AmazonServiceException, AmazonClientException {
    final String arn = retrieveArn(arg0.getKeyId());

    final KeyMetadata keyMetadata = new KeyMetadata().withArn(arn).withKeyId(arn);
    final DescribeKeyResult describeKeyResult = new DescribeKeyResult().withKeyMetadata(keyMetadata);

    return describeKeyResult;
}
Example #6
Source File: AwsPlatformResourcesTest.java    From cloudbreak with Apache License 2.0 5 votes vote down vote up 
@Test
public void collectEncryptionKeysWhenWeGetBackInfoThenItShouldReturnListWithElements() {
    ListKeysResult listKeysResult = new ListKeysResult();

    Set<KeyListEntry> listEntries = new HashSet<>();
    listEntries.add(keyListEntry(1));
    listEntries.add(keyListEntry(2));
    listEntries.add(keyListEntry(3));
    listEntries.add(keyListEntry(4));

    listKeysResult.setKeys(listEntries);

    DescribeKeyResult describeKeyResult = new DescribeKeyResult();
    describeKeyResult.setKeyMetadata(new KeyMetadata());

    ListAliasesResult describeAliasResult = new ListAliasesResult();

    Set<AliasListEntry> aliasListEntries = new HashSet<>();
    aliasListEntries.add(aliasListEntry(1));
    aliasListEntries.add(aliasListEntry(2));
    aliasListEntries.add(aliasListEntry(3));
    aliasListEntries.add(aliasListEntry(4));

    describeAliasResult.setAliases(aliasListEntries);

    when(awsClient.createAWSKMS(any(AwsCredentialView.class), anyString())).thenReturn(awskmsClient);
    when(awskmsClient.listKeys(any(ListKeysRequest.class))).thenReturn(listKeysResult);
    when(awskmsClient.describeKey(any(DescribeKeyRequest.class))).thenReturn(describeKeyResult);
    when(awskmsClient.listAliases(any(ListAliasesRequest.class))).thenReturn(describeAliasResult);

    CloudEncryptionKeys cloudEncryptionKeys =
            underTest.encryptionKeys(new CloudCredential("crn", "aws-credential"), region("London"), new HashMap<>());

    Assert.assertEquals(4L, cloudEncryptionKeys.getCloudEncryptionKeys().size());
}