本文整理汇总了Java中com.amazonaws.services.s3.AmazonS3Encryption类的典型用法代码示例。如果您正苦于以下问题:Java AmazonS3Encryption类的具体用法?Java AmazonS3Encryption怎么用?Java AmazonS3Encryption使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
AmazonS3Encryption类属于com.amazonaws.services.s3包,在下文中一共展示了AmazonS3Encryption类的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: authenticatedEncryption_CustomerManagedKey
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* Uses AES/GCM with AESWrap key wrapping to encrypt the key. Uses v2 metadata schema. Note that authenticated
* encryption requires the bouncy castle provider to be on the classpath. Also, for authenticated encryption the size
* of the data can be no longer than 64 GB.
*/
public void authenticatedEncryption_CustomerManagedKey() throws NoSuchAlgorithmException {
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
.withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
.build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
示例2: authenticatedEncryption_RangeGet_CustomerManagedKey
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* For ranged GET we do not use authenticated encryption since we aren't reading the entire message and can't produce the
* MAC. Instead we use AES/CTR, an unauthenticated encryption algorithm. If {@link CryptoMode#StrictAuthenticatedEncryption}
* is enabled, ranged GETs will not be allowed since they do not use authenticated encryption..
*/
public void authenticatedEncryption_RangeGet_CustomerManagedKey() throws NoSuchAlgorithmException {
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
.withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
.build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
示例3: authenticatedEncryption_CustomerManagedAsymmetricKey
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* Same as {@link #authenticatedEncryption_CustomerManagedKey()} except uses an asymmetric key pair and
* RSA/ECB/OAEPWithSHA-256AndMGF1Padding as the key wrapping algorithm.
*/
public void authenticatedEncryption_CustomerManagedAsymmetricKey() throws NoSuchAlgorithmException {
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
.withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(keyPair)))
.build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
示例4: strictAuthenticatedEncryption_CustomerManagedKey
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* Uses AES/GCM with AESWrap key wrapping to encrypt the key. Uses v2 metadata schema. The only difference between this and
* {@link #authenticatedEncryption_CustomerManagedKey()} is that attempting to retrieve an object non
* encrypted with AES/GCM will thrown an exception instead of falling back to encryption only or plaintext GET.
*/
public void strictAuthenticatedEncryption_CustomerManagedKey() throws NoSuchAlgorithmException {
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.StrictAuthenticatedEncryption))
.withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
.build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
try {
s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY);
} catch (SecurityException e) {
// Strict authenticated encryption will throw an exception if an object is not encrypted with AES/GCM
System.err.println(NON_ENCRYPTED_KEY + " was not encrypted with AES/GCM");
}
}
示例5: strictAuthenticatedEncryption_RangeGet_CustomerManagedKey
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* Strict authenticated encryption mode does not support ranged GETs. This is because we must use AES/CTR for ranged
* GETs which is not an authenticated encryption algorithm. To do a partial get using authenticated encryption you have to
* get the whole object and filter to the data you want.
*/
public void strictAuthenticatedEncryption_RangeGet_CustomerManagedKey() throws NoSuchAlgorithmException {
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.StrictAuthenticatedEncryption))
.withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
.build();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
try {
s3Encryption.getObject(new GetObjectRequest(BUCKET_NAME, ENCRYPTED_KEY).withRange(0, 2));
} catch (SecurityException e) {
System.err.println("Range GET is not supported with authenticated encryption");
}
}
示例6: encryptionOnly_CustomerManagedKey
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* Uses AES/CBC algorithm, no key wrapping.
*/
public void encryptionOnly_CustomerManagedKey() throws NoSuchAlgorithmException {
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly))
.withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
.build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
示例7: encryptionOnly_CustomerManagedAsymetricKey
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* Uses an asymmetric key pair instead of a symmetric key. Note this does not change the algorithm used to encrypt
* the content, that will still be a symmetric key algorithm (AES/CBC in this case) using the derived CEK. It does impact
* the algorithm used to encrypt the CEK, in this case we use RSA/ECB/OAEPWithSHA-256AndMGF1Padding.
*/
public void encryptionOnly_CustomerManagedAsymetricKey() throws NoSuchAlgorithmException {
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly))
.withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(keyPair)))
.build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
示例8: encryptionOnly_KmsManagedKey
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* This uses the V2 metadata schema with a key wrap algorithm of 'kms' and a CEK algorithm of AES/CBC/PKCS5Padding.
*/
public void encryptionOnly_KmsManagedKey() throws NoSuchAlgorithmException {
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly))
// Can either be Key ID or alias (prefixed with 'alias/')
.withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key"))
.build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
示例9: authenticatedEncryption_KmsManagedKey
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* This uses the V2 metadata schema with a key wrap algorithm of 'kms' and a CEK algorithm of AES/GCM/NoPadding.
*/
public void authenticatedEncryption_KmsManagedKey() throws NoSuchAlgorithmException {
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
// Can either be Key ID or alias (prefixed with 'alias/')
.withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key"))
.build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
示例10: strictAuthenticatedEncryption_KmsManagedKey
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* Same as authenticatedEncryption_KmsManagedKey except throws an exception when trying to get objects not encrypted with
* AES/GCM.
*/
public void strictAuthenticatedEncryption_KmsManagedKey() throws NoSuchAlgorithmException {
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
// Can either be Key ID or alias (prefixed with 'alias/')
.withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key"))
.build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
try {
s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY);
} catch (SecurityException e) {
// Strict authenticated encryption will throw an exception if an object is not encrypted with AES/GCM
System.err.println(NON_ENCRYPTED_KEY + " was not encrypted with AES/GCM");
}
}
示例11: getEncryptedStoreServiceForRegion
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
private S3StoreService getEncryptedStoreServiceForRegion(String region) {
Optional<BackupRegionInfo> backupRegionInfo = configStore.getBackupInfoForRegion(region);
if (! backupRegionInfo.isPresent()) {
String kmsCmkId = provisionKmsCmkForBackupRegion(region);
String backupBucket = provisionBackupBucketForRegion(region);
configStore.storeBackupInfoForRegion(region, backupBucket, kmsCmkId);
backupRegionInfo = Optional.of(new BackupRegionInfo(backupBucket, kmsCmkId));
}
KMSEncryptionMaterialsProvider materialProvider =
new KMSEncryptionMaterialsProvider(backupRegionInfo.get().getKmsCmkId());
AmazonS3Encryption encryptionClient =
AmazonS3EncryptionClientBuilder.standard()
.withCredentials(getAWSCredentialsProviderChain())
.withEncryptionMaterials(materialProvider)
.withCryptoConfiguration(new CryptoConfiguration()
.withAwsKmsRegion(Region.getRegion(Regions.fromName(region))))
.withRegion(region)
.build();
S3StoreService storeService = new S3StoreService(encryptionClient, backupRegionInfo.get().getS3Bucket(), "");
regionToEncryptedStoreServiceMap.put(region, storeService);
return storeService;
}
示例12: encryptionOnly_RangeGet_CustomerManagedKey
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* Non-authenticated encryption schemes can do range GETs without an issue.
*/
public void encryptionOnly_RangeGet_CustomerManagedKey() throws NoSuchAlgorithmException {
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
.standard()
.withRegion(Regions.US_WEST_2)
.withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly))
.withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
.build();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
System.out.println(s3Encryption.getObject(new GetObjectRequest(BUCKET_NAME, ENCRYPTED_KEY)
.withRange(0, 2)));
}
示例13: needIntegrityCheck
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
@Override
public boolean needIntegrityCheck() {
// Don't perform the integrity check if the checksum won't matchup.
return !(s3 instanceof AmazonS3Encryption) && !skipMd5CheckStrategy.skipClientSideValidationPerRequest(getObjectRequest);
}
示例14: isDownloadParallelizable
import com.amazonaws.services.s3.AmazonS3Encryption; //导入依赖的package包/类
/**
* Returns true if the specified download request can use parallel part
* downloads for increased performance.
*
* @param getObjectRequest
* The request to check.
*
* @param s3
* The Amazon s3 client.
*
* @return True if this request can use parallel part downloads.
*/
public static boolean isDownloadParallelizable(final AmazonS3 s3, final GetObjectRequest getObjectRequest,
Integer partCount) {
ValidationUtils.assertNotNull(s3, "S3 client");
ValidationUtils.assertNotNull(getObjectRequest, "GetObjectRequest");
if (s3 instanceof AmazonS3Encryption || getObjectRequest.getRange() != null
|| getObjectRequest.getPartNumber() != null || partCount == null) {
return false;
}
return true;
}