本文整理汇总了Java中com.amazonaws.services.kms.AWSKMSClient类的典型用法代码示例。如果您正苦于以下问题:Java AWSKMSClient类的具体用法?Java AWSKMSClient怎么用?Java AWSKMSClient使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
AWSKMSClient类属于com.amazonaws.services.kms包,在下文中一共展示了AWSKMSClient类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: AmazonS3EncryptionClient
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
/**
* @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)} and
* {@link AmazonS3EncryptionClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AmazonS3EncryptionClientBuilder#withCryptoConfiguration(CryptoConfiguration)} and
* {@link AmazonS3EncryptionClientBuilder#withClientConfiguration(ClientConfiguration)} and
* {@link AmazonS3EncryptionClientBuilder#withMetricsCollector(RequestMetricCollector)} and
* {@link AmazonS3EncryptionClientBuilder#withKmsClient(AWSKMS)}
*/
@Deprecated
public AmazonS3EncryptionClient(AWSKMSClient kms,
AWSCredentialsProvider credentialsProvider,
EncryptionMaterialsProvider kekMaterialsProvider,
ClientConfiguration clientConfig,
CryptoConfiguration cryptoConfig,
RequestMetricCollector requestMetricCollector) {
super(credentialsProvider, clientConfig, requestMetricCollector);
assertParameterNotNull(kekMaterialsProvider,
"EncryptionMaterialsProvider parameter must not be null.");
assertParameterNotNull(cryptoConfig,
"CryptoConfiguration parameter must not be null.");
this.isKMSClientInternal = kms == null;
this.kms = isKMSClientInternal
? newAWSKMSClient(credentialsProvider, clientConfig, cryptoConfig,
requestMetricCollector)
: kms;
this.crypto = new CryptoModuleDispatcher(this.kms, new S3DirectImpl(),
credentialsProvider, kekMaterialsProvider, cryptoConfig);
}
示例2: test_getKmsKeyState_happy
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@Test
public void test_getKmsKeyState_happy() {
String awsRegion = "aws region";
String kmsKeyId = "kms key id";
String state = "state";
AWSKMSClient kmsClient = mock(AWSKMSClient.class);
when(kmsClientFactory.getClient(awsRegion)).thenReturn(kmsClient);
when(kmsClient.describeKey(anyObject())).thenReturn(
new DescribeKeyResult()
.withKeyMetadata(
new KeyMetadata()
.withKeyState(state)));
String result = kmsService.getKmsKeyState(kmsKeyId, awsRegion);
assertEquals(state, result);
}
示例3: test_validateKmsKeyIsUsable_returns_true_when_state_is_pending_deletion
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@Test
public void test_validateKmsKeyIsUsable_returns_true_when_state_is_pending_deletion() {
String keyId = "key id";
String awsRegion = "aws region";
AWSKMSClient kmsClient = mock(AWSKMSClient.class);
when(kmsClientFactory.getClient(awsRegion)).thenReturn(kmsClient);
when(kmsClient.describeKey(anyObject())).thenReturn(
new DescribeKeyResult()
.withKeyMetadata(
new KeyMetadata()
.withKeyState(KeyState.PendingDeletion)));
boolean result = kmsService.kmsKeyIsDisabledOrScheduledForDeletion(keyId, awsRegion);
assertTrue(result);
}
示例4: test_validateKmsKeyIsUsable_return_true_when_state_is_disabled
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@Test
public void test_validateKmsKeyIsUsable_return_true_when_state_is_disabled() {
String keyId = "key id";
String awsRegion = "aws region";
AWSKMSClient kmsClient = mock(AWSKMSClient.class);
when(kmsClientFactory.getClient(awsRegion)).thenReturn(kmsClient);
when(kmsClient.describeKey(anyObject())).thenReturn(
new DescribeKeyResult()
.withKeyMetadata(
new KeyMetadata()
.withKeyState(KeyState.Disabled)));
boolean result = kmsService.kmsKeyIsDisabledOrScheduledForDeletion(keyId, awsRegion);
assertTrue(result);
}
示例5: test_validateKmsKeyIsUsable_returns_false_when_state_is_not_deletion_or_disabled
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@Test
public void test_validateKmsKeyIsUsable_returns_false_when_state_is_not_deletion_or_disabled() {
String keyId = "key id";
String awsRegion = "aws region";
AWSKMSClient kmsClient = mock(AWSKMSClient.class);
when(kmsClientFactory.getClient(awsRegion)).thenReturn(kmsClient);
when(kmsClient.describeKey(anyObject())).thenReturn(
new DescribeKeyResult()
.withKeyMetadata(
new KeyMetadata()
.withKeyState(KeyState.Enabled)));
boolean result = kmsService.kmsKeyIsDisabledOrScheduledForDeletion(keyId, awsRegion);
assertFalse(result);
}
示例6: test_validateKmsKeyIsUsable_deletes_kms_key_when_not_usable
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@Test(expected = ApiException.class)
public void test_validateKmsKeyIsUsable_deletes_kms_key_when_not_usable() {
String id = "id";
String awsKmsKeyArn = "aws kms key arn";
String iamPrincipalArn = "arn";
String awsRegion = "aws region";
AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
when(kmsKey.getId()).thenReturn(id);
when(kmsKey.getAwsKmsKeyId()).thenReturn(awsKmsKeyArn);
when(kmsKey.getAwsRegion()).thenReturn(awsRegion);
AWSKMSClient kmsClient = mock(AWSKMSClient.class);
when(kmsClientFactory.getClient(awsRegion)).thenReturn(kmsClient);
when(kmsClient.describeKey(anyObject())).thenReturn(
new DescribeKeyResult()
.withKeyMetadata(
new KeyMetadata()
.withKeyState(KeyState.PendingDeletion)));
kmsService.validateKmsKeyIsUsable(kmsKey, iamPrincipalArn);
}
示例7: test_validateKmsKeyIsUsable_does_not_delete_kms_key_when_usable
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@Test
public void test_validateKmsKeyIsUsable_does_not_delete_kms_key_when_usable() {
String id = "id";
String awsKmsKeyArn = "aws kms key arn";
String iamPrincipalArn = "arn";
String awsRegion = "aws region";
AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class);
when(kmsKey.getId()).thenReturn(id);
when(kmsKey.getAwsKmsKeyId()).thenReturn(awsKmsKeyArn);
when(kmsKey.getAwsRegion()).thenReturn(awsRegion);
AWSKMSClient kmsClient = mock(AWSKMSClient.class);
when(kmsClientFactory.getClient(awsRegion)).thenReturn(kmsClient);
when(kmsClient.describeKey(anyObject())).thenReturn(
new DescribeKeyResult()
.withKeyMetadata(
new KeyMetadata()
.withKeyState(KeyState.Enabled)));
kmsService.validateKmsKeyIsUsable(kmsKey, iamPrincipalArn);
verify(awsIamRoleDao, never()).deleteKmsKeyById(id);
}
示例8: cloneClientBuilder
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
private AWSKMSClientBuilder cloneClientBuilder(final AWSKMSClientBuilder builder) {
// We need to copy all arguments out of the builder in case it's mutated later on.
// Unfortunately AWSKMSClientBuilder doesn't support .clone() so we'll have to do it by hand.
if (builder.getEndpoint() != null) {
// We won't be able to set the region later if a custom endpoint is set.
throw new IllegalArgumentException("Setting endpoint configuration is not compatible with passing a " +
"builder to the KmsMasterKeyProvider. Use withCustomClientFactory" +
" instead.");
}
final AWSKMSClientBuilder newBuilder = AWSKMSClient.builder();
newBuilder.setClientConfiguration(builder.getClientConfiguration());
newBuilder.setCredentials(builder.getCredentials());
newBuilder.setEndpointConfiguration(builder.getEndpoint());
newBuilder.setMetricsCollector(builder.getMetricsCollector());
if (builder.getRequestHandlers() != null) {
newBuilder.setRequestHandlers(builder.getRequestHandlers().toArray(new RequestHandler2[0]));
}
return newBuilder;
}
示例9: build
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@Override
public KeyProvider build() {
if ( null == key || 0 == key.length ) {
return new KeyProviderImpl(null);
} else if ( 16 == key.length ) {
return new KeyProviderImpl(new SecretKeySpec(key, "AES"));
}
AWSKMS kms = _amazonWebServiceClients.withEndpoint(
new AWSKMSClient(
_credProviderFactory.create(credProvider),
_clientConfigurations.withProxy(new ClientConfiguration(), proxy)),
endpoint);
key = kms.decrypt(new DecryptRequest()
.withCiphertextBlob(ByteBuffer.wrap(key)))
.getPlaintext().array();
if ( 16 != key.length ) {
LOG.warn("Expected decrypted key to be exactly 16 bytes, got "+key.length+" bytes. Please "+
"verify the key was not base64 encoded before encrypting with KMS");
return new KeyProviderImpl(null);
}
return new KeyProviderImpl(new SecretKeySpec(key, "AES"));
}
示例10: setup
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@Before
public void setup() throws Exception {
kmsClient = mock(AWSKMSClient.class);
urlResolver = mock(UrlResolver.class);
lambdaClient = mock(AWSLambdaClient.class);
mockWebServer = new MockWebServer();
mockWebServer.start();
vaultUrl = "http://localhost:" + mockWebServer.getPort();
when(urlResolver.resolve()).thenReturn(vaultUrl);
mockStatic(Regions.class);
when(Regions.getCurrentRegion()).thenReturn(RegionUtils.getRegion("us-west-2"));
whenNew(AWSLambdaClient.class).withNoArguments().thenReturn(lambdaClient);
whenNew(AWSKMSClient.class).withAnyArguments().thenReturn(kmsClient);
}
示例11: validate
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@Override
public void validate(String name, Configured configuration,
PluginExceptionConditionAccumulator accumulator, LocalizationContext localizationContext) {
AmazonEC2Client ec2Client = provider.getClient();
AWSKMSClient kmsClient = provider.getKmsClient();
checkImage(ec2Client, configuration, accumulator, localizationContext);
Map<String, String> vpcSubnetMap = checkSubnetId(ec2Client, configuration, accumulator, localizationContext);
Map<String, Set<String>> vpcSecurityGroupMap = checkSecurityGroupIds(ec2Client, configuration, accumulator, localizationContext);
checkVpc(vpcSubnetMap, vpcSecurityGroupMap, accumulator, localizationContext);
checkAvailabilityZone(ec2Client, configuration, accumulator, localizationContext);
checkPlacementGroup(ec2Client, configuration, accumulator, localizationContext);
checkTenancy(configuration, accumulator, localizationContext);
checkIamProfileName(configuration, accumulator, localizationContext);
checkRootVolumeSize(configuration, accumulator, localizationContext);
checkRootVolumeType(configuration, accumulator, localizationContext);
checkEbsVolumes(kmsClient, configuration, accumulator, localizationContext);
checkKeyName(ec2Client, configuration, accumulator, localizationContext);
checkSpotParameters(configuration, accumulator, localizationContext);
}
示例12: decrypt
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@Override
public String decrypt(AwsParamsDto awsParamsDto, String base64ciphertextBlob)
{
// Construct a new AWS KMS service client using the specified client configuration.
// A credentials provider chain will be used that searches for credentials in this order:
// - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
// - Java System Properties - aws.accessKeyId and aws.secretKey
// - Instance Profile Credentials - delivered through the Amazon EC2 metadata service
AWSKMSClient awsKmsClient = new AWSKMSClient(awsHelper.getClientConfiguration(awsParamsDto));
// Decode the base64 encoded ciphertext.
ByteBuffer ciphertextBlob = ByteBuffer.wrap(Base64.decodeBase64(base64ciphertextBlob));
// Create the decrypt request.
DecryptRequest decryptRequest = new DecryptRequest().withCiphertextBlob(ciphertextBlob);
// Call AWS KMS decrypt service method.
DecryptResult decryptResult = kmsOperations.decrypt(awsKmsClient, decryptRequest);
// Get decrypted plaintext data.
ByteBuffer plainText = decryptResult.getPlaintext();
// Return the plain text as a string.
return new String(plainText.array(), StandardCharsets.UTF_8);
}
示例13: decrypt
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@Override
public DecryptResult decrypt(AWSKMSClient awsKmsClient, DecryptRequest decryptRequest)
{
// Check the cipher text.
if (decryptRequest.getCiphertextBlob().equals(ByteBuffer.wrap(Base64.decodeBase64(MOCK_CIPHER_TEXT_INVALID))))
{
throw new InvalidCiphertextException("(Service: AWSKMS; Status Code: 400; Error Code: InvalidCiphertextException; Request ID: NONE)");
}
DecryptResult decryptResult = new DecryptResult();
// Convert the test plain text to byte buffer and set the plain text return value.
decryptResult.setPlaintext(ByteBuffer.wrap(MOCK_PLAIN_TEXT.getBytes()));
return decryptResult;
}
示例14: run
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
private TaskResult run(String tag, AmazonElasticMapReduce emr, AWSKMSClient kms, Filer filer)
throws IOException
{
ParameterCompiler parameterCompiler = new ParameterCompiler(kms, context);
// Set up step compiler
List<Config> steps = params.getListOrEmpty("steps", Config.class);
StepCompiler stepCompiler = new StepCompiler(tag, steps, filer, parameterCompiler, objectMapper, defaultActionOnFailure);
// Set up job submitter
Submitter submitter;
Config cluster = null;
try {
cluster = params.parseNestedOrGetEmpty("cluster");
}
catch (ConfigException ignore) {
}
if (cluster != null) {
// Create a new cluster
submitter = newClusterSubmitter(emr, tag, stepCompiler, cluster, filer, parameterCompiler);
}
else {
// Cluster ID? Use existing cluster.
String clusterId = params.get("cluster", String.class);
submitter = existingClusterSubmitter(emr, tag, stepCompiler, clusterId, filer);
}
// Submit EMR job
SubmissionResult submission = submitter.submit();
// Wait for the steps to finish running
if (!steps.isEmpty()) {
waitForSteps(emr, submission);
}
return result(submission);
}
示例15: setUp
import com.amazonaws.services.kms.AWSKMSClient; //导入依赖的package包/类
@BeforeMethod
public void setUp() {
mockCredentials = mock(AWSCredentialsProvider.class);
mockClient = mock(AmazonIdentityManagementClient.class);
ClientConfiguration mockConfig = mock(ClientConfiguration.class);
IAMPolicyManager policyManager = new IAMPolicyManager(mockClient, mockCredentials, mockConfig);
// The mockito spy acts like original object but mocks out the getAccount() method. As the getAccount() calls
// directly rather than via a client that we can pass in we need to mock this out using a spy.
partiallyMockedPolicyManager = spy(policyManager);
doReturn(ACCOUNT).when(partiallyMockedPolicyManager).getAccount();
// Set up KMSEncryptor for testing the policy creation methods. This gets a bit complicated but we need to
// mock all the AWS dependencies from the KMSManager before using it to create the KMSEncryptor. The getAliasArn
// needs to be mocked out with a spy to stop the call to getAccount.
mockKMSClient = mock(AWSKMSClient.class);
KMSManager kmsManager = new KMSManager(mockKMSClient, mockCredentials, mockConfig, group);
KMSManager partiallyMockedKMSManager = spy(kmsManager);
doReturn(KMS_ALIAS_ARN).when(partiallyMockedKMSManager).getAliasArn();
kmsEncryptor = new KMSEncryptor(partiallyMockedKMSManager, mockCredentials, mockConfig, group, mock(AwsCrypto.class), EncryptionStrength.AES_256);
// Set up store for testing the policy creation methods. Mock out the getArn method with a spy to stop the
// call to getAccount().
mockDynamoDBClient = mock(AmazonDynamoDBClient.class);
DynamoDB store = new DynamoDB(mockDynamoDBClient, mockCredentials, mockConfig, group, new ReentrantReadWriteLock());
partiallyMockedStore = spy(store);
doReturn(DYNAMODB_ARN).when(partiallyMockedStore).getArn();
}