com.amazonaws.encryptionsdk.kms

Class KmsMasterKeyProvider

java.lang.Object

com.amazonaws.encryptionsdk.MasterKeyProvider<KmsMasterKey>

com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider

All Implemented Interfaces:

KmsMethods

public class KmsMasterKeyProvider
extends MasterKeyProvider<KmsMasterKey>
implements KmsMethods

Provides MasterKeys backed by the AWS Key Management Service. This object is regional and if you want to use keys from multiple regions, you'll need multiple copies of this object.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	KmsMasterKeyProvider.Builder
static interface	KmsMasterKeyProvider.RegionalClientSupplier

Constructor Summary

Constructors

Constructor and Description
KmsMasterKeyProvider() Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.
KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentials creds) Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.
KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentialsProvider creds) Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.
KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentialsProvider creds, com.amazonaws.regions.Region region, com.amazonaws.ClientConfiguration clientConfiguration, List<String> keyIds) Returns an instance of this object with the supplied configuration and credentials.
KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentialsProvider creds, com.amazonaws.regions.Region region, com.amazonaws.ClientConfiguration clientConfiguration, String keyId) Returns an instance of this object with the supplied configuration and credentials.
KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentialsProvider creds, String keyId) Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.
KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentials creds, String keyId) Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.
KmsMasterKeyProvider(com.amazonaws.services.kms.AWSKMS kms, com.amazonaws.regions.Region region, List<String> keyIds) Deprecated. This constructor modifies the passed-in KMS client by setting its region. This functionality may be removed in future releases. Use the builder to construct instances of this class instead.
KmsMasterKeyProvider(String keyId) Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.

Method Summary

Modifier and Type	Method and Description
void	addGrantToken(String grantToken) Deprecated. This method is inherently not thread safe. Use withGrantTokens(List) or KmsMasterKey.setGrantTokens(List) instead. KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.
static KmsMasterKeyProvider.Builder	builder()
DataKey<KmsMasterKey>	decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) Iterates through encryptedDataKeys and returns the first one which can be successfully decrypted.
String	getDefaultProviderId() Returns "aws-kms"
List<String>	getGrantTokens() Returns the grantTokens which this object sends to KMS when calling it.
KmsMasterKey	getMasterKey(String provider, String keyId) Returns the specified MasterKey if possible.
List<KmsMasterKey>	getMasterKeysForEncryption(MasterKeyRequest request) Returns all CMKs provided to the constructor of this object.
void	setGrantTokens(List<String> grantTokens) Deprecated. This method is inherently not thread safe. Use KmsMasterKey.setGrantTokens(List) instead. KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.
KmsMasterKeyProvider	withGrantTokens(List<String> grantTokens) Returns a new KmsMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens.
KmsMasterKeyProvider	withGrantTokens(String... grantTokens) Returns a new KmsMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens.

Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider

buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKey

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KmsMasterKeyProvider

@Deprecated
public KmsMasterKeyProvider()

Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.

Returns an instance of this object with default settings, default credentials, and configured to talk to the Regions.DEFAULT_REGION.

KmsMasterKeyProvider

@Deprecated
public KmsMasterKeyProvider(String keyId)

Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.

Returns an instance of this object with default settings and credentials configured to speak to the region specified by keyId (if specified). Data will be protected with keyId as appropriate. The default region will be set to that of the given key ID, or to the AWS SDK default region if a bare key ID or alias is passed.

KmsMasterKeyProvider

@Deprecated
public KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentials creds,
                                        String keyId)

Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.

Returns an instance of this object with default settings configured to speak to the region specified by keyId (if specified). Data will be protected with keyId as appropriate.

KmsMasterKeyProvider

@Deprecated
public KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentialsProvider creds,
                                        String keyId)

Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.

Returns an instance of this object with default settings configured to speak to the region specified by keyId (if specified). Data will be protected with keyId as appropriate. The default region will be set to that of the given key ID, or to the AWS SDK default region if a bare key ID or alias is passed.

KmsMasterKeyProvider

@Deprecated
public KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentials creds)

Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.

Returns an instance of this object with default settings and configured to talk to the Regions.DEFAULT_REGION.

KmsMasterKeyProvider

@Deprecated
public KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentialsProvider creds)

Deprecated. The default region set by this constructor is subject to change. Use the builder method to construct instances of this class for better control.

Returns an instance of this object with default settings and configured to talk to the Regions.DEFAULT_REGION.

KmsMasterKeyProvider

public KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentialsProvider creds,
                            com.amazonaws.regions.Region region,
                            com.amazonaws.ClientConfiguration clientConfiguration,
                            String keyId)

Returns an instance of this object with the supplied configuration and credentials. keyId will be used to protect data.

KmsMasterKeyProvider

public KmsMasterKeyProvider(com.amazonaws.auth.AWSCredentialsProvider creds,
                            com.amazonaws.regions.Region region,
                            com.amazonaws.ClientConfiguration clientConfiguration,
                            List<String> keyIds)

Returns an instance of this object with the supplied configuration and credentials. all keys listed in keyIds will be used to protect data.

KmsMasterKeyProvider

@Deprecated
public KmsMasterKeyProvider(com.amazonaws.services.kms.AWSKMS kms,
                                        com.amazonaws.regions.Region region,
                                        List<String> keyIds)

Deprecated. This constructor modifies the passed-in KMS client by setting its region. This functionality may be removed in future releases. Use the builder to construct instances of this class instead.

Returns an instance of this object with the supplied client and region; the client will be configured to use the provided region. All keys listed in keyIds will be used to protect data.

Method Detail

builder

public static KmsMasterKeyProvider.Builder builder()

getDefaultProviderId

public String getDefaultProviderId()

Returns "aws-kms"

Specified by:

getDefaultProviderId in class MasterKeyProvider<KmsMasterKey>

getMasterKey

public KmsMasterKey getMasterKey(String provider,
                                 String keyId)
                          throws UnsupportedProviderException,
                                 NoSuchMasterKeyException

Description copied from class: MasterKeyProvider

Returns the specified MasterKey if possible.

Specified by:

getMasterKey in class MasterKeyProvider<KmsMasterKey>

Returns:

Throws:

UnsupportedProviderException - if this object cannot return MasterKeys associated with the given provider

NoSuchMasterKeyException - if this object cannot find (and thus construct) the MasterKey associated with keyId

getMasterKeysForEncryption

public List<KmsMasterKey> getMasterKeysForEncryption(MasterKeyRequest request)

Returns all CMKs provided to the constructor of this object.

Specified by:

getMasterKeysForEncryption in class MasterKeyProvider<KmsMasterKey>

decryptDataKey

public DataKey<KmsMasterKey> decryptDataKey(CryptoAlgorithm algorithm,
                                            Collection<? extends EncryptedDataKey> encryptedDataKeys,
                                            Map<String,String> encryptionContext)
                                     throws AwsCryptoException

Description copied from class: MasterKeyProvider

Iterates through encryptedDataKeys and returns the first one which can be successfully decrypted.

Specified by:

decryptDataKey in class MasterKeyProvider<KmsMasterKey>

Returns:

a DataKey if one can be decrypted, otherwise returns null

Throws:

UnsupportedProviderException - if the encryptedDataKey is associated with an unsupported provider

CannotUnwrapDataKeyException - if the encryptedDataKey cannot be decrypted

AwsCryptoException

setGrantTokens

@Deprecated
public void setGrantTokens(List<String> grantTokens)

Deprecated. This method is inherently not thread safe. Use KmsMasterKey.setGrantTokens(List) instead. KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.

Description copied from interface: KmsMethods

Sets the grantTokens which should be submitted to KMS when calling it.

Specified by:

setGrantTokens in interface KmsMethods

getGrantTokens

public List<String> getGrantTokens()

Description copied from interface: KmsMethods

Returns the grantTokens which this object sends to KMS when calling it.

Specified by:

getGrantTokens in interface KmsMethods

addGrantToken

@Deprecated
public void addGrantToken(String grantToken)

Deprecated. This method is inherently not thread safe. Use withGrantTokens(List) or KmsMasterKey.setGrantTokens(List) instead. KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.

Description copied from interface: KmsMethods

Adds grantToken to the list of grantTokens sent to KMS when this class calls it.

Specified by:

addGrantToken in interface KmsMethods

withGrantTokens

public KmsMasterKeyProvider withGrantTokens(List<String> grantTokens)

Returns a new KmsMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).

Parameters:

grantTokens -

Returns:

withGrantTokens

public KmsMasterKeyProvider withGrantTokens(String... grantTokens)

Returns a new KmsMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).

Parameters:

grantTokens -

Returns: