1. 包列表
  2. 类列表
  3. com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider

Java 类com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider 实例源码

项目:aws-doc-sdk-examples    文件:S3Encrypt.java    
/**
 * This uses the V2 metadata schema with a key wrap algorithm of 'kms' and a CEK algorithm of AES/CBC/PKCS5Padding.
 */
public void encryptionOnly_KmsManagedKey() throws NoSuchAlgorithmException {
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly))
            // Can either be Key ID or alias (prefixed with 'alias/')
            .withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key"))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java    
/**
 * This uses the V2 metadata schema with a key wrap algorithm of 'kms' and a CEK algorithm of AES/GCM/NoPadding.
 */
public void authenticatedEncryption_KmsManagedKey() throws NoSuchAlgorithmException {
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
            // Can either be Key ID or alias (prefixed with 'alias/')
            .withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key"))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java    
/**
 * Same as authenticatedEncryption_KmsManagedKey except throws an exception when trying to get objects not encrypted with
 * AES/GCM.
 */
public void strictAuthenticatedEncryption_KmsManagedKey() throws NoSuchAlgorithmException {
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
            // Can either be Key ID or alias (prefixed with 'alias/')
            .withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key"))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    try {
        s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY);
    } catch (SecurityException e) {
        // Strict authenticated encryption will throw an exception if an object is not encrypted with AES/GCM
        System.err.println(NON_ENCRYPTED_KEY + " was not encrypted with AES/GCM");
    }
}
项目:cerberus-lifecycle-cli    文件:CreateCerberusBackupOperation.java    
private S3StoreService getEncryptedStoreServiceForRegion(String region) {
    Optional<BackupRegionInfo> backupRegionInfo = configStore.getBackupInfoForRegion(region);

    if (! backupRegionInfo.isPresent()) {
        String kmsCmkId = provisionKmsCmkForBackupRegion(region);
        String backupBucket = provisionBackupBucketForRegion(region);
        configStore.storeBackupInfoForRegion(region, backupBucket, kmsCmkId);
        backupRegionInfo = Optional.of(new BackupRegionInfo(backupBucket, kmsCmkId));
    }

    KMSEncryptionMaterialsProvider materialProvider =
            new KMSEncryptionMaterialsProvider(backupRegionInfo.get().getKmsCmkId());

    AmazonS3Encryption encryptionClient =
            AmazonS3EncryptionClientBuilder.standard()
                    .withCredentials(getAWSCredentialsProviderChain())
                    .withEncryptionMaterials(materialProvider)
                    .withCryptoConfiguration(new CryptoConfiguration()
                            .withAwsKmsRegion(Region.getRegion(Regions.fromName(region))))
                    .withRegion(region)
                    .build();

    S3StoreService storeService = new S3StoreService(encryptionClient, backupRegionInfo.get().getS3Bucket(), "");
    regionToEncryptedStoreServiceMap.put(region, storeService);
    return storeService;
}
项目:cerberus-lifecycle-cli    文件:ConfigStore.java    
private void initEncryptedConfigStoreService() {
    if (encryptedConfigStoreService == null) {
        final Environment environment = getEnvironmentData();

        KMSEncryptionMaterialsProvider materialProvider =
                new KMSEncryptionMaterialsProvider(environment.getConfigKeyId());

        AmazonS3EncryptionClient encryptionClient =
                new AmazonS3EncryptionClient(
                        new DefaultAWSCredentialsProviderChain(),
                        materialProvider,
                        new CryptoConfiguration()
                                .withAwsKmsRegion(Region.getRegion(environmentMetadata.getRegions())))
                        .withRegion(Region.getRegion(environmentMetadata.getRegions()));

        encryptedConfigStoreService = new S3StoreService(encryptionClient, environmentMetadata.getBucketName(), "");
    }
}
项目:cerberus-management-service    文件:CmsEnvPropertiesLoader.java    
public CmsEnvPropertiesLoader(final String bucketName, final String region, final String kmsKeyId) {
    final KMSEncryptionMaterialsProvider materialProvider =
            new KMSEncryptionMaterialsProvider(kmsKeyId);

    this.s3Client =
            new AmazonS3EncryptionClient(
                    new DefaultAWSCredentialsProviderChain(),
                    materialProvider,
                    new CryptoConfiguration()
                            .withAwsKmsRegion(Region.getRegion(
                                    Regions.fromName(region))))
                    .withRegion(Region.getRegion(Regions.fromName(region)));

    this.bucketName = bucketName;
}
项目:cerberus-lifecycle-cli    文件:RestoreCerberusBackupOperation.java    
private S3StoreService getS3EncryptionStoreService(String cmkId,
                                                   RestoreCerberusBackupCommand command) {

    Region region = Region.getRegion(Regions.fromName(command.getS3Region()));
    KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(cmkId);
    AmazonS3EncryptionClient encryptionClient =
            new AmazonS3EncryptionClient(
                    new DefaultAWSCredentialsProviderChain(),
                    materialProvider,
                    new CryptoConfiguration()
                            .withAwsKmsRegion(region))
                    .withRegion(region);

    return new S3StoreService(encryptionClient, command.getS3Bucket(), command.getS3Prefix());
}