public class KeyStoreProvider extends MasterKeyProvider<JceMasterKey>
MasterKeyProvider provides keys backed by a JCE KeyStore. Please see
decryptDataKey(CryptoAlgorithm, Collection, Map) for an of how decryption is managed and
see getMasterKeysForEncryption(MasterKeyRequest) for an explanation of how encryption is
managed.| Constructor and Description |
|---|
KeyStoreProvider(KeyStore keystore,
KeyStore.ProtectionParameter protection,
String providerName,
String wrappingAlgorithm)
Creates an instance of this class using
wrappingAlgorithm which will work
for decrypt only. |
KeyStoreProvider(KeyStore keystore,
KeyStore.ProtectionParameter protection,
String providerName,
String wrappingAlgorithm,
String... aliasNames)
Creates an instance of this class using
wrappingAlgorithm which will encrypt data to
the keys specified by aliasNames. |
| Modifier and Type | Method and Description |
|---|---|
DataKey<JceMasterKey> |
decryptDataKey(CryptoAlgorithm algorithm,
Collection<? extends EncryptedDataKey> encryptedDataKeys,
Map<String,String> encryptionContext)
Attempts to decrypts the
encryptedDataKeys by first iterating through all
aliasNames specified in the constructor and then over
all other compatible keys in the KeyStore. |
String |
getDefaultProviderId()
Returns "JavaKeyStore".
|
JceMasterKey |
getMasterKey(String provider,
String keyId)
Returns a
JceMasterKey corresponding to the entry in the KeyStore with the
specified alias and compatible algorithm. |
List<JceMasterKey> |
getMasterKeysForEncryption(MasterKeyRequest request)
Returns
JceMasterKeys corresponding to the aliasNames passed into the
constructor. |
buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKeypublic KeyStoreProvider(KeyStore keystore, KeyStore.ProtectionParameter protection, String providerName, String wrappingAlgorithm)
wrappingAlgorithm which will work
for decrypt only.public KeyStoreProvider(KeyStore keystore, KeyStore.ProtectionParameter protection, String providerName, String wrappingAlgorithm, String... aliasNames)
wrappingAlgorithm which will encrypt data to
the keys specified by aliasNames.public JceMasterKey getMasterKey(String provider, String keyId) throws UnsupportedProviderException, NoSuchMasterKeyException
JceMasterKey corresponding to the entry in the KeyStore with the
specified alias and compatible algorithm.getMasterKey in class MasterKeyProvider<JceMasterKey>UnsupportedProviderException - if this object cannot return MasterKeys associated with the given
providerNoSuchMasterKeyException - if this object cannot find (and thus construct) the MasterKey associated
with keyIdpublic String getDefaultProviderId()
getDefaultProviderId in class MasterKeyProvider<JceMasterKey>public List<JceMasterKey> getMasterKeysForEncryption(MasterKeyRequest request)
JceMasterKeys corresponding to the aliasNames passed into the
constructor.getMasterKeysForEncryption in class MasterKeyProvider<JceMasterKey>public DataKey<JceMasterKey> decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) throws UnsupportedProviderException, AwsCryptoException
encryptedDataKeys by first iterating through all
aliasNames specified in the constructor and then over
all other compatible keys in the KeyStore. This includes
TrustedCertificates as well as standard key entries.decryptDataKey in class MasterKeyProvider<JceMasterKey>nullUnsupportedProviderException - if the encryptedDataKey is associated with an unsupported providerCannotUnwrapDataKeyException - if the encryptedDataKey cannot be decryptedAwsCryptoExceptionCopyright © 2018. All rights reserved.