本文整理汇总了Java中com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider类的典型用法代码示例。如果您正苦于以下问题:Java KmsMasterKeyProvider类的具体用法?Java KmsMasterKeyProvider怎么用?Java KmsMasterKeyProvider使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
KmsMasterKeyProvider类属于com.amazonaws.encryptionsdk.kms包,在下文中一共展示了KmsMasterKeyProvider类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: setUp
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
@BeforeMethod
public void setUp() throws Exception {
AWSCredentialsProvider mockCredentials = mock(AWSCredentialsProvider.class);
ClientConfiguration mockConfig = mock(ClientConfiguration.class);
SecretsGroupIdentifier group = new SecretsGroupIdentifier(Region.US_WEST_1, "test.group");
this.mockAwsCrypto = mock(AwsCrypto.class);
this.mockKmsManager = mock(KMSManager.class);
KMSEncryptor encryptor = new KMSEncryptor(mockKmsManager, mockCredentials, mockConfig, group, mockAwsCrypto, EncryptionStrength.AES_256);
this.kmsEncryptor = spy(encryptor);
this.mockProvider = mock(KmsMasterKeyProvider.class);
doReturn(mockProvider).when(kmsEncryptor).getProvider();
// Verify the expected encryption algorithm was set.
verify(mockAwsCrypto, times(1)).setEncryptionAlgorithm(
CryptoAlgorithm.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384);
}
示例2: whenConstructedWithoutArguments_canUseMultipleRegions
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
@Test
public void whenConstructedWithoutArguments_canUseMultipleRegions() throws Exception {
KmsMasterKeyProvider mkp = KmsMasterKeyProvider.builder().build();
for (String key : KMSTestFixtures.TEST_KEY_IDS) {
byte[] ciphertext =
new AwsCrypto().encryptData(
KmsMasterKeyProvider.builder()
.withKeysForEncryption(key)
.build(),
new byte[1]
).getResult();
new AwsCrypto().decryptData(mkp, ciphertext);
}
}
示例3: whenLegacyConstructorsUsed_multiRegionDecryptIsNotSupported
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
@SuppressWarnings("deprecation") @Test(expected = CannotUnwrapDataKeyException.class)
public void whenLegacyConstructorsUsed_multiRegionDecryptIsNotSupported() throws Exception {
KmsMasterKeyProvider mkp = new KmsMasterKeyProvider();
for (String key : KMSTestFixtures.TEST_KEY_IDS) {
byte[] ciphertext =
new AwsCrypto().encryptData(
KmsMasterKeyProvider.builder()
.withKeysForEncryption(key)
.build(),
new byte[1]
).getResult();
new AwsCrypto().decryptData(mkp, ciphertext);
}
}
示例4: whenHandlerConfigured_handlerIsInvoked
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
@Test
public void whenHandlerConfigured_handlerIsInvoked() throws Exception {
RequestHandler2 handler = spy(new RequestHandler2() {});
KmsMasterKeyProvider mkp =
KmsMasterKeyProvider.builder()
.withClientBuilder(
AWSKMSClientBuilder.standard()
.withRequestHandlers(handler)
)
.withKeysForEncryption(KMSTestFixtures.TEST_KEY_IDS[0])
.build();
new AwsCrypto().encryptData(mkp, new byte[1]);
verify(handler).beforeRequest(any());
}
示例5: whenCustomCredentialsSet_theyAreUsed
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
@Test
public void whenCustomCredentialsSet_theyAreUsed() throws Exception {
AWSCredentialsProvider customProvider = spy(new DefaultAWSCredentialsProviderChain());
KmsMasterKeyProvider mkp = KmsMasterKeyProvider.builder()
.withCredentials(customProvider)
.withKeysForEncryption(KMSTestFixtures.TEST_KEY_IDS[0])
.build();
new AwsCrypto().encryptData(mkp, new byte[1]);
verify(customProvider, atLeastOnce()).getCredentials();
AWSCredentials customCredentials = spy(customProvider.getCredentials());
mkp = KmsMasterKeyProvider.builder()
.withCredentials(customCredentials)
.withKeysForEncryption(KMSTestFixtures.TEST_KEY_IDS[0])
.build();
new AwsCrypto().encryptData(mkp, new byte[1]);
verify(customCredentials, atLeastOnce()).getAWSSecretKey();
}
示例6: testLegacyGrantTokenPassthrough
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
@Test
public void testLegacyGrantTokenPassthrough() throws Exception {
MockKMSClient client = spy(new MockKMSClient());
String key1 = client.createKey().getKeyMetadata().getArn();
KmsMasterKeyProvider mkp = new KmsMasterKeyProvider(client, getRegion(fromName("us-west-2")), singletonList(key1));
mkp.addGrantToken("x");
mkp.setGrantTokens(new ArrayList<>(Arrays.asList("y")));
mkp.setGrantTokens(new ArrayList<>(Arrays.asList("a", "b")));
mkp.addGrantToken("c");
byte[] ciphertext = new AwsCrypto().encryptData(mkp, new byte[0]).getResult();
ArgumentCaptor<GenerateDataKeyRequest> gdkr = ArgumentCaptor.forClass(GenerateDataKeyRequest.class);
verify(client, times(1)).generateDataKey(gdkr.capture());
List<String> grantTokens = gdkr.getValue().getGrantTokens();
assertTrue(grantTokens.contains("a"));
assertTrue(grantTokens.contains("b"));
assertTrue(grantTokens.contains("c"));
assertFalse(grantTokens.contains("x"));
assertFalse(grantTokens.contains("z"));
}
示例7: decryptFile
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
/**
* {@inheritDoc }
*/
@Override
public void decryptFile(
final String encryptedFilename,
final String decryptedFilename) {
final KmsMasterKeyProvider provider
= new KmsMasterKeyProvider(
new DefaultAWSCredentialsProviderChain());
final AwsCrypto awsCrypto
= new AwsCrypto();
try (final FileInputStream fileInputStream
= new FileInputStream(
encryptedFilename);
final FileOutputStream fileOutputStream
= new FileOutputStream(
decryptedFilename);
final CryptoInputStream<?> decryptingStream
= awsCrypto
.createDecryptingStream(
provider,
fileInputStream)) {
IOUtils.copy(
decryptingStream,
fileOutputStream);
} catch (IOException exception) {
throw new DecryptionException(exception);
}
}
示例8: masterKeyProvider
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
private MasterKeyProvider<?> masterKeyProvider() {
final AWSCredentialsProvider credentials
= new DefaultAWSCredentialsProviderChain();
List<KmsMasterKey> masterKeys
= new LinkedList<>();
for (String region : this.regions) {
KmsMasterKeyProvider provider
= new KmsMasterKeyProvider(
credentials,
Region.getRegion(
Regions.fromName(
region)),
new ClientConfiguration(),
this.keyId);
masterKeys.add(
provider.getMasterKey(
this.keyId));
}
return MultipleProviderFactory
.buildMultiProvider(
masterKeys);
}
示例9: getProvider
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
protected KmsMasterKeyProvider getProvider() {
if (!prov.isPresent()) {
Region region = RegionUtils.getRegion(groupIdentifier.region.getName());
prov = Optional.of(new KmsMasterKeyProvider(awsCredentials, region, transformAndVerifyOrThrow(clientConfiguration), getKeyArn()));
}
return prov.get();
}
示例10: standardEncrypt
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
private static void standardEncrypt(final String kmsArn, final String fileName) throws Exception {
// Encrypt with the KMS CMK and the escrowed public key
// 1. Instantiate the SDK
final AwsCrypto crypto = new AwsCrypto();
// 2. Instantiate a KMS master key provider
final KmsMasterKeyProvider kms = new KmsMasterKeyProvider(kmsArn);
// 3. Instantiate a JCE master key provider
// Because the user does not have access to the private escrow key,
// they pass in "null" for the private key parameter.
final JceMasterKey escrowPub = JceMasterKey.getInstance(publicEscrowKey, null, "Escrow", "Escrow",
"RSA/ECB/OAEPWithSHA-512AndMGF1Padding");
// 4. Combine the providers into a single master key provider
final MasterKeyProvider<?> provider = MultipleProviderFactory.buildMultiProvider(kms, escrowPub);
// 5. Encrypt the file
// To simplify the code, we omit the encryption context. Production code should always
// use an encryption context. For an example, see the other SDK samples.
final FileInputStream in = new FileInputStream(fileName);
final FileOutputStream out = new FileOutputStream(fileName + ".encrypted");
final CryptoOutputStream<?> encryptingStream = crypto.createEncryptingStream(provider, out);
IOUtils.copy(in, encryptingStream);
in.close();
encryptingStream.close();
}
示例11: standardDecrypt
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
private static void standardDecrypt(final String kmsArn, final String fileName) throws Exception {
// Decrypt with the KMS CMK and the escrow public key. You can use a combined provider,
// as shown here, or just the KMS master key provider.
// 1. Instantiate the SDK
final AwsCrypto crypto = new AwsCrypto();
// 2. Instantiate a KMS master key provider
final KmsMasterKeyProvider kms = new KmsMasterKeyProvider(kmsArn);
// 3. Instantiate a JCE master key provider
// Because the user does not have access to the private
// escrow key, they pass in "null" for the private key parameter.
final JceMasterKey escrowPub = JceMasterKey.getInstance(publicEscrowKey, null, "Escrow", "Escrow",
"RSA/ECB/OAEPWithSHA-512AndMGF1Padding");
// 4. Combine the providers into a single master key provider
final MasterKeyProvider<?> provider = MultipleProviderFactory.buildMultiProvider(kms, escrowPub);
// 5. Decrypt the file
// To simplify the code, we omit the encryption context. Production code should always
// use an encryption context. For an example, see the other SDK samples.
final FileInputStream in = new FileInputStream(fileName + ".encrypted");
final FileOutputStream out = new FileOutputStream(fileName + ".decrypted");
final CryptoOutputStream<?> decryptingStream = crypto.createDecryptingStream(provider, out);
IOUtils.copy(in, decryptingStream);
in.close();
decryptingStream.close();
}
示例12: testMultipleRegionKmsKeys
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
@Test
public void testMultipleRegionKmsKeys() {
final MockKMSClient us_east_1 = new MockKMSClient();
us_east_1.setRegion(Region.getRegion(Regions.US_EAST_1));
final MockKMSClient eu_west_1 = new MockKMSClient();
eu_west_1.setRegion(Region.getRegion(Regions.EU_WEST_1));
final String arn1 = us_east_1.createKey().getKeyMetadata().getArn();
final String arn2 = eu_west_1.createKey().getKeyMetadata().getArn();
KmsMasterKeyProvider provE = legacyConstruct(us_east_1, Region.getRegion(Regions.US_EAST_1));
KmsMasterKeyProvider provW = legacyConstruct(eu_west_1, Region.getRegion(Regions.EU_WEST_1));
KmsMasterKey mk1 = provE.getMasterKey(arn1);
KmsMasterKey mk2 = provW.getMasterKey(arn2);
final MasterKeyProvider<KmsMasterKey> mkp = MultipleProviderFactory.buildMultiProvider(KmsMasterKey.class,
mk1, mk2);
AwsCrypto crypto = new AwsCrypto();
CryptoResult<byte[], KmsMasterKey> ct = crypto.encryptData(mkp, PLAINTEXT);
assertEquals(2, ct.getMasterKeyIds().size());
CryptoResult<byte[], KmsMasterKey> result = crypto.decryptData(mk1, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk1, result.getMasterKeys().get(0));
result = crypto.decryptData(mk2, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
assertMultiReturnsKeys(mkp, mk1, mk2);
// Delete one of the two keys and ensure it's still decryptable
us_east_1.deleteKey(arn1);
result = crypto.decryptData(mkp, ct.getResult());
assertArrayEquals(PLAINTEXT, result.getResult());
// Only the first found key should be used
assertEquals(1, result.getMasterKeys().size());
assertEquals(mk2, result.getMasterKeys().get(0));
}
示例13: whenShortTimeoutSet_timesOut
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
@Test
public void whenShortTimeoutSet_timesOut() throws Exception {
// By setting a timeout of 1ms, it's not physically possible to complete both the us-west-2 and eu-central-1
// requests due to speed of light limits.
KmsMasterKeyProvider mkp = KmsMasterKeyProvider.builder()
.withClientBuilder(
AWSKMSClientBuilder.standard()
.withClientConfiguration(
new ClientConfiguration()
.withRequestTimeout(1)
)
)
.withKeysForEncryption(Arrays.asList(KMSTestFixtures.TEST_KEY_IDS))
.build();
try {
new AwsCrypto().encryptData(mkp, new byte[1]);
fail("Expected exception");
} catch (Exception e) {
if (e instanceof AbortedException) {
// ok - one manifestation of a timeout
} else if (e.getCause() instanceof HttpRequestTimeoutException) {
// ok - another kind of timeout
} else {
throw e;
}
}
}
示例14: whenBuilderCloned_credentialsAndConfigurationAreRetained
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
@Test
public void whenBuilderCloned_credentialsAndConfigurationAreRetained() throws Exception {
AWSCredentialsProvider customProvider1 = spy(new DefaultAWSCredentialsProviderChain());
AWSCredentialsProvider customProvider2 = spy(new DefaultAWSCredentialsProviderChain());
KmsMasterKeyProvider.Builder builder = KmsMasterKeyProvider.builder()
.withCredentials(customProvider1)
.withKeysForEncryption(KMSTestFixtures.TEST_KEY_IDS[0]);
KmsMasterKeyProvider.Builder builder2 = builder.clone();
// This will mutate the first builder to add the new key and change the creds, but leave the clone unchanged.
MasterKeyProvider<?> mkp2 = builder.withKeysForEncryption(KMSTestFixtures.TEST_KEY_IDS[1]).withCredentials(customProvider2).build();
MasterKeyProvider<?> mkp1 = builder2.build();
CryptoResult<byte[], ?> result = new AwsCrypto().encryptData(mkp1, new byte[0]);
assertEquals(KMSTestFixtures.TEST_KEY_IDS[0], result.getMasterKeyIds().get(0));
assertEquals(1, result.getMasterKeyIds().size());
verify(customProvider1, atLeastOnce()).getCredentials();
verify(customProvider2, never()).getCredentials();
reset(customProvider1, customProvider2);
result = new AwsCrypto().encryptData(mkp2, new byte[0]);
assertTrue(result.getMasterKeyIds().contains(KMSTestFixtures.TEST_KEY_IDS[0]));
assertTrue(result.getMasterKeyIds().contains(KMSTestFixtures.TEST_KEY_IDS[1]));
assertEquals(2, result.getMasterKeyIds().size());
verify(customProvider1, never()).getCredentials();
verify(customProvider2, atLeastOnce()).getCredentials();
}
示例15: whenBuilderCloned_clientBuilderCustomizationIsRetained
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider; //导入依赖的package包/类
@Test
public void whenBuilderCloned_clientBuilderCustomizationIsRetained() throws Exception {
RequestHandler2 handler = spy(new RequestHandler2() {});
KmsMasterKeyProvider mkp = KmsMasterKeyProvider.builder()
.withClientBuilder(
AWSKMSClientBuilder.standard().withRequestHandlers(handler)
)
.withKeysForEncryption(KMSTestFixtures.TEST_KEY_IDS[0])
.clone().build();
new AwsCrypto().encryptData(mkp, new byte[0]);
verify(handler, atLeastOnce()).beforeRequest(any());
}