public class DecryptionHandler<K extends MasterKey<K>> extends Object implements MessageCryptoHandler
EncryptionHandler.
This class reads and parses the values in the ciphertext headers and
delegates the decryption of the ciphertext to the
BlockDecryptionHandler or FrameDecryptionHandler based on the
content type parsed in the ciphertext headers.
| Modifier and Type | Method and Description |
|---|---|
static DecryptionHandler<?> |
create(CryptoMaterialsManager materialsManager)
Create a decryption handler using the provided materials manager.
|
static DecryptionHandler<?> |
create(CryptoMaterialsManager materialsManager,
CiphertextHeaders headers)
Create a decryption handler using the provided materials manager and already parsed
headers. |
static <K extends MasterKey<K>> |
create(MasterKeyProvider<K> customerMasterKeyProvider)
Create a decryption handler using the provided master key.
|
static <K extends MasterKey<K>> |
create(MasterKeyProvider<K> customerMasterKeyProvider,
CiphertextHeaders headers)
Create a decryption handler using the provided master key and already parsed
headers. |
int |
doFinal(byte[] out,
int outOff)
Finish processing of the bytes.
|
int |
estimateFinalOutputSize()
Return the size of the output buffer required for a call to
CryptoHandler.doFinal(byte[], int). |
int |
estimateOutputSize(int inLen)
Return the size of the output buffer required for a
processBytes plus a doFinal with an input of
inLen bytes. |
int |
estimatePartialOutputSize(int inLen)
Return the size of the output buffer required for a call to
CryptoHandler.processBytes(byte[], int, int, byte[], int). |
Map<String,String> |
getEncryptionContext()
Return the encryption context.
|
CiphertextHeaders |
getHeaders() |
List<K> |
getMasterKeys()
All used
MasterKeys. |
boolean |
isComplete()
For decrypt and parsing flows returns
true when this has handled as many bytes as it
can. |
ProcessingSummary |
processBytes(byte[] in,
int off,
int len,
byte[] out,
int outOff)
Decrypt the ciphertext bytes provided in
in and copy the plaintext bytes to
out. |
void |
setMaxInputLength(long size)
Informs this handler of an upper bound on the input data size.
|
public static <K extends MasterKey<K>> DecryptionHandler<K> create(MasterKeyProvider<K> customerMasterKeyProvider) throws AwsCryptoException
Note the methods in the provided master key are used in decrypting the encrypted data key parsed from the ciphertext headers.
customerMasterKeyProvider - the master key provider to use in picking a master key from
the key blobs encoded in the provided ciphertext.AwsCryptoException - if the master key is null.public static <K extends MasterKey<K>> DecryptionHandler<K> create(MasterKeyProvider<K> customerMasterKeyProvider, CiphertextHeaders headers) throws AwsCryptoException
headers.
Note the methods in the provided master key are used in decrypting the encrypted data key parsed from the ciphertext headers.
customerMasterKeyProvider - the master key provider to use in picking a master key from the key blobs encoded
in the provided ciphertext.headers - already parsed headers which will not be passed into
processBytes(byte[], int, int, byte[], int)AwsCryptoException - if the master key is null.public static DecryptionHandler<?> create(CryptoMaterialsManager materialsManager) throws AwsCryptoException
Note the methods in the provided materials manager are used in decrypting the encrypted data key parsed from the ciphertext headers.
materialsManager - the materials manager to use in decrypting the data key from the key blobs encoded
in the provided ciphertext.AwsCryptoException - if the master key is null.public static DecryptionHandler<?> create(CryptoMaterialsManager materialsManager, CiphertextHeaders headers) throws AwsCryptoException
headers.
Note the methods in the provided materials manager are used in decrypting the encrypted data key parsed from the ciphertext headers.
materialsManager - the materials manager to use in decrypting the data key from the key blobs encoded
in the provided ciphertext.headers - already parsed headers which will not be passed into
processBytes(byte[], int, int, byte[], int)AwsCryptoException - if the master key is null.public ProcessingSummary processBytes(byte[] in, int off, int len, byte[] out, int outOff) throws BadCiphertextException, AwsCryptoException
in and copy the plaintext bytes to
out.
This method consumes and parses the ciphertext headers. The decryption of the actual content
is delegated to BlockDecryptionHandler or FrameDecryptionHandler based on the
content type parsed in the ciphertext header.
processBytes in interface CryptoHandlerin - the input byte array.off - the offset into the in array where the data to be decrypted starts.len - the number of bytes to be decrypted.out - the output buffer the decrypted plaintext bytes go into.outOff - the offset into the output byte array the decrypted data starts at.out and processed.BadCiphertextException - if the ciphertext header contains invalid entries or if the header integrity
check fails.AwsCryptoException - if any of the offset or length arguments are negative or if the total bytes to
decrypt exceeds the maximum allowed value.public int doFinal(byte[] out,
int outOff)
throws BadCiphertextException
doFinal in interface CryptoHandlerout - space for any resulting output data.outOff - offset into out to start copying the data at.out.BadCiphertextException - if the bytes do not decrypt correctly.public int estimateOutputSize(int inLen)
processBytes plus a doFinal with an input of
inLen bytes.estimateOutputSize in interface CryptoHandlerinLen - the length of the input.inLen bytes.public int estimatePartialOutputSize(int inLen)
CryptoHandlerCryptoHandler.processBytes(byte[], int, int, byte[], int).
Note this method is allowed to return an estimation of the output size that is greater than the actual size of the output. Returning an estimate that is lesser than the actual size of the output will result in underflow exceptions.
estimatePartialOutputSize in interface CryptoHandlerinLen - the length of the input.CryptoHandler.processBytes(byte[], int, int, byte[], int) with an input of size
inLen bytes.public int estimateFinalOutputSize()
CryptoHandlerCryptoHandler.doFinal(byte[], int).
Note this method is allowed to return an estimation of the output size that is greater than the actual size of the output. Returning an estimate that is lesser than the actual size of the output will result in underflow exceptions.
estimateFinalOutputSize in interface CryptoHandlerCryptoHandler.doFinal(byte[], int)public Map<String,String> getEncryptionContext()
getEncryptionContext in interface MessageCryptoHandlerpublic void setMaxInputLength(long size)
MessageCryptoHandlersetMaxInputLength in interface MessageCryptoHandlersize - An upper bound on the input data size.public CiphertextHeaders getHeaders()
getHeaders in interface MessageCryptoHandlerpublic List<K> getMasterKeys()
MessageCryptoHandlerMasterKeys. For encryption flows, these are all the
MasterKeys used to protect the data. In the decryption flow, it is the single
MasterKey actually used to decrypt the data.getMasterKeys in interface MessageCryptoHandlerpublic boolean isComplete()
CryptoHandlertrue when this has handled as many bytes as it
can. This usually means that it has reached the end of an object, file, or other delimited
stream.isComplete in interface CryptoHandlerCopyright © 2018. All rights reserved.