本文整理汇总了Java中com.amazonaws.services.kms.AWSKMS类的典型用法代码示例。如果您正苦于以下问题:Java AWSKMS类的具体用法?Java AWSKMS怎么用?Java AWSKMS使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
AWSKMS类属于com.amazonaws.services.kms包,在下文中一共展示了AWSKMS类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: decrypt
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
public static String decrypt(String str, Region region) throws UnsupportedEncodingException {
if (isJUnitTest()) {
return str;
}
AWSKMS kms = AWSKMSClientBuilder.standard().withRegion(region.getName()).build();
/*
* The KMS ciphertext is base64 encoded and must be decoded before the request is made
*/
String cipherString = str;
byte[] cipherBytes = Base64.decode(cipherString);
/*
* Create decode request and decode
*/
ByteBuffer cipherBuffer = ByteBuffer.wrap(cipherBytes);
DecryptRequest req = new DecryptRequest().withCiphertextBlob(cipherBuffer);
DecryptResult resp = kms.decrypt(req);
/*
* Convert the response plaintext bytes to a string
*/
return new String(resp.getPlaintext().array(), Charset.forName("UTF-8"));
}
示例2: cleanUpKMSKeys
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
private static void cleanUpKMSKeys(Regions testRegion, String testResourcePrefix, Date createdBeforeThreshold,
AWSCredentialsProvider awsCredentials) {
LOG.info("Cleaning KMS...");
AWSKMS kmsClient = AWSKMSClientBuilder.standard()
.withCredentials(awsCredentials)
.withRegion(testRegion)
.build();
List<AliasListEntry> keys = kmsClient.listAliases().getAliases();
for (AliasListEntry entry: keys) {
if (!entry.getAliasName().startsWith("alias/" + testResourcePrefix)) {
continue;
}
DescribeKeyRequest request = new DescribeKeyRequest().withKeyId(entry.getTargetKeyId());
KeyMetadata metadata = kmsClient.describeKey(request).getKeyMetadata();
if (KMSKeyState.fromString(metadata.getKeyState()) != KMSKeyState.PENDING_DELETION &&
metadata.getCreationDate().before(createdBeforeThreshold)) {
LOG.info("Scheduling KMS key for deletion:" + entry.getAliasName());
scheduleKeyDeletion(kmsClient, entry);
}
}
}
示例3: LinkGeneratorLambdaHandler
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
LinkGeneratorLambdaHandler(String region, String jwtEncryptKeyArn, String pageStorageBucket, String authVerifyEndpointURL,
AWSCredentialsProvider awsCredential, String introPageTemplateName) throws IOException, TemplateException {
AWSKMS kmsClient = AWSKMSClientBuilder.standard()
.withCredentials(awsCredential)
.withRegion(region)
.build();
AmazonS3 s3client = AmazonS3ClientBuilder
.standard()
.withCredentials(awsCredential)
.withRegion(region)
.build();
kmsEncrypt = new KMSEncrypt(kmsClient, jwtEncryptKeyArn);
this.pageStorageBucket = pageStorageBucket;
this.authVerifyEndpointURL = authVerifyEndpointURL;
this.pageUploader = new PageUploader(s3client, pageStorageBucket);
this.introPageTemplate = new IntroPageTemplate(introPageTemplateName);
}
示例4: setUp
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
@Before
public void setUp() throws Exception {
context = mock(Context.class);
when(context.getLogger()).thenReturn(System.out::println);
handler = new AuthLambdaHandler(TEST_AWS_REGION, TEST_JWT_KEY_ARN, TEST_VIDEO_STORAGE_BUCKET,
TEST_USER_ACCESS_KEY_ID, TEST_USER_SECRET_ACCESS_KEY);
AWSKMS kmsClient = AWSKMSClientBuilder.standard()
.withRegion(TEST_AWS_REGION)
.withCredentials(new AWSStaticCredentialsProvider(
new BasicAWSCredentials(TEST_USER_ACCESS_KEY_ID, TEST_USER_SECRET_ACCESS_KEY))
)
.build();
kmsEncrypt = new KMSEncrypt(kmsClient, TEST_JWT_KEY_ARN);
}
示例5: setUp
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
@Before
public void setUp() {
dynamoDBClient = Mockito.mock(AmazonDynamoDB.class);
GenerateDataKeyResult generateDatakeyResult = new GenerateDataKeyResult();
generateDatakeyResult.setCiphertextBlob(Mockito.mock(ByteBuffer.class));
generateDatakeyResult.setPlaintext(Mockito.mock(ByteBuffer.class));
DecryptResult decryptResult = new DecryptResult();
decryptResult.setKeyId("alias/foo");
decryptResult.setPlaintext(Mockito.mock(ByteBuffer.class));
awskmsClient = Mockito.mock(AWSKMS.class);
Mockito.when(awskmsClient.generateDataKey(Mockito.any(GenerateDataKeyRequest.class))).thenReturn(generateDatakeyResult);
Mockito.when(awskmsClient.decrypt(Mockito.any(DecryptRequest.class))).thenReturn(decryptResult);
}
示例6: clientFactory
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
private RegionalClientSupplier clientFactory() {
if (regionalClientSupplier_ != null) {
return regionalClientSupplier_;
}
// Clone again; this MKP builder might be reused to build a second MKP with different creds.
AWSKMSClientBuilder builder = templateBuilder_ != null ? cloneClientBuilder(templateBuilder_)
: AWSKMSClientBuilder.standard();
ConcurrentHashMap<String, AWSKMS> clientCache = new ConcurrentHashMap<>();
return region -> clientCache.computeIfAbsent(region, region2 -> {
// Clone yet again as we're going to change the region field.
return cloneClientBuilder(builder).withRegion(region2).build();
});
}
示例7: getMasterKey
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
@Override
public KmsMasterKey getMasterKey(final String provider, final String keyId) throws UnsupportedProviderException,
NoSuchMasterKeyException {
if (!canProvide(provider)) {
throw new UnsupportedProviderException();
}
String regionName = parseRegionfromKeyArn(keyId);
AWSKMS kms = regionalClientSupplier_.getClient(regionName);
if (kms == null) {
throw new AwsCryptoException("Can't use keys from region " + regionName);
}
final KmsMasterKey result = KmsMasterKey.getInstance(kms, keyId, this);
result.setGrantTokens(grantTokens_);
return result;
}
示例8: build
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
@Override
public KeyProvider build() {
if ( null == key || 0 == key.length ) {
return new KeyProviderImpl(null);
} else if ( 16 == key.length ) {
return new KeyProviderImpl(new SecretKeySpec(key, "AES"));
}
AWSKMS kms = _amazonWebServiceClients.withEndpoint(
new AWSKMSClient(
_credProviderFactory.create(credProvider),
_clientConfigurations.withProxy(new ClientConfiguration(), proxy)),
endpoint);
key = kms.decrypt(new DecryptRequest()
.withCiphertextBlob(ByteBuffer.wrap(key)))
.getPlaintext().array();
if ( 16 != key.length ) {
LOG.warn("Expected decrypted key to be exactly 16 bytes, got "+key.length+" bytes. Please "+
"verify the key was not base64 encoded before encrypting with KMS");
return new KeyProviderImpl(null);
}
return new KeyProviderImpl(new SecretKeySpec(key, "AES"));
}
示例9: decryptToken
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
/**
* Decodes the encrypted token and attempts to decrypt it using AWS KMS. If
* successful, the token is returned.
*
* @param kmsClient KMS client
* @param encryptedToken Token to decode and decrypt
* @return Decrypted token
*/
protected VaultAuthResponse decryptToken(AWSKMS kmsClient, String encryptedToken) {
byte[] decodedToken;
try {
decodedToken = Base64.decode(encryptedToken);
} catch (IllegalArgumentException iae) {
throw new VaultClientException("Encrypted token not Base64 encoded", iae);
}
final DecryptRequest request = new DecryptRequest().withCiphertextBlob(ByteBuffer.wrap(decodedToken));
final DecryptResult result = kmsClient.decrypt(request);
final String decryptedAuthData = new String(result.getPlaintext().array(), Charset.forName("UTF-8"));
return gson.fromJson(decryptedAuthData, VaultAuthResponse.class);
}
示例10: testAwsPrivateKeyStore
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
@Test
public void testAwsPrivateKeyStore() throws Exception {
String bucketName = "my_bucket";
String keyName = "my_key";
String expected = "my_value";
AmazonS3 s3 = Mockito.mock(AmazonS3.class);
AWSKMS kms = Mockito.mock(AWSKMS.class);
S3Object s3Object = Mockito.mock(S3Object.class);
Mockito.when(s3.getObject(bucketName, keyName)).thenReturn(s3Object);
InputStream is = new ByteArrayInputStream( expected.getBytes() );
S3ObjectInputStream s3ObjectInputStream = new S3ObjectInputStream(is, null);
Mockito.when(s3Object.getObjectContent()).thenReturn(s3ObjectInputStream);
String result = expected;
ByteBuffer buffer = ByteBuffer.wrap(result.getBytes());
DecryptResult decryptResult = Mockito.mock(DecryptResult.class);
Mockito.when(kms.decrypt(Mockito.any(DecryptRequest.class))).thenReturn(decryptResult);
Mockito.when(decryptResult.getPlaintext()).thenReturn(buffer);
AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
String actual = awsPrivateKeyStore.getApplicationSecret(bucketName, keyName);
Assert.assertEquals(actual, expected);
}
示例11: setUp
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
@Before
public void setUp() throws Exception {
mockKms = mock(AWSKMS.class);
textEncryptor = new KmsTextEncryptor(mockKms, KMS_KEY_ID);
expectedEncryptRequest = new EncryptRequest();
expectedEncryptRequest.setKeyId(KMS_KEY_ID);
expectedEncryptRequest.setPlaintext(wrap(PLAINTEXT.getBytes()));
encryptResult = new EncryptResult();
encryptResult.setCiphertextBlob(wrap(CIPHER_TEXT.getBytes()));
when(mockKms.encrypt(any(EncryptRequest.class))).thenReturn(encryptResult);
expectedDecryptRequest = new DecryptRequest();
expectedDecryptRequest.setCiphertextBlob(wrap(CIPHER_TEXT.getBytes()));
decryptResult = new DecryptResult();
decryptResult.setPlaintext(wrap(PLAINTEXT.getBytes()));
when(mockKms.decrypt(any(DecryptRequest.class))).thenReturn(decryptResult);
}
示例12: DirectKmsMaterialProvider
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
public DirectKmsMaterialProvider(AWSKMS kms, String encryptionKeyId, Map<String, String> materialDescription) {
this.kms = kms;
this.encryptionKeyId = encryptionKeyId;
this.description = materialDescription != null ?
Collections.unmodifiableMap(new HashMap<>(materialDescription)) :
Collections.<String, String> emptyMap();
dataKeyDesc = description
.containsKey(WrappedRawMaterials.CONTENT_KEY_ALGORITHM) ? description
.get(WrappedRawMaterials.CONTENT_KEY_ALGORITHM) : DEFAULT_ENC_ALG;
String[] parts = dataKeyDesc.split("/", 2);
this.dataKeyAlg = parts[0];
this.dataKeyLength = parts.length == 2 ? Integer.parseInt(parts[1]) : 256;
sigKeyDesc = description
.containsKey(SIGNING_KEY_ALGORITHM) ? description
.get(SIGNING_KEY_ALGORITHM) : DEFAULT_SIG_ALG;
parts = sigKeyDesc.split("/", 2);
this.sigKeyAlg = parts[0];
this.sigKeyLength = parts.length == 2 ? Integer.parseInt(parts[1]) : 256;
}
示例13: awsKms
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
/**
* Creates the KMS client {@link Bean}.
*
* Uses the default client, but if a region is unspecified, uses {@code us-east-1}.
*
* @return The KMS client.
*/
@Bean
public AWSKMS awsKms() {
AWSKMS client = null;
try {
client = AWSKMSClientBuilder.defaultClient();
} catch (SdkClientException exception) {
API_LOG.info("Default KMS client failed to build, trying again with region us-east-1", exception);
client = planB();
}
return client;
}
示例14: testDefaultClient
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
@Test
public void testDefaultClient() {
mockStatic(AWSKMSClientBuilder.class);
when(AWSKMSClientBuilder.defaultClient()).thenReturn(Mockito.mock(AWSKMS.class));
Assert.assertNotNull(underTest.awsKms());
verify(underTest, times(0)).planB();
}
示例15: KMSManager
import com.amazonaws.services.kms.AWSKMS; //导入依赖的package包/类
public KMSManager(AWSKMS client, AWSCredentialsProvider awsCredentials, ClientConfiguration clientConfiguration, SecretsGroupIdentifier groupIdentifier) {
this.kms = client;
this.awsCredentials = awsCredentials;
this.clientConfiguration = clientConfiguration;
this.group = groupIdentifier;
RegionLocalResourceName resourceName = new RegionLocalResourceName(groupIdentifier);
this.aliasKeyName = ALIAS_PREFIX + resourceName.toString();
}