1. 包列表
  2. 类列表
  3. com.amazonaws.services.kms.model.KeyUsageType

Java 类com.amazonaws.services.kms.model.KeyUsageType 实例源码

项目:aws-encryption-sdk-java    文件:MockKMSClient.java    
@Override
public CreateKeyResult createKey(CreateKeyRequest req) throws AmazonServiceException, AmazonClientException {
    String keyId = UUID.randomUUID().toString();
    String arn = "arn:aws:kms:" + region_.getName() + ":" + ACCOUNT_ID + ":key/" + keyId;
    idToArnMap.put(keyId, arn);
    activeKeys.add(arn);
    CreateKeyResult result = new CreateKeyResult();
    result.setKeyMetadata(new KeyMetadata().withAWSAccountId(ACCOUNT_ID).withCreationDate(new Date())
            .withDescription(req.getDescription()).withEnabled(true).withKeyId(keyId)
            .withKeyUsage(KeyUsageType.ENCRYPT_DECRYPT).withArn(arn));
    return result;
}
项目:aws-dynamodb-encryption-java    文件:FakeKMS.java    
@Override
public CreateKeyResult createKey(CreateKeyRequest req) throws AmazonServiceException,
        AmazonClientException {
    String keyId = UUID.randomUUID().toString();
    String arn = "arn:aws:testing:kms:" + ACCOUNT_ID + ":key/" + keyId;
    CreateKeyResult result = new CreateKeyResult();
    result.setKeyMetadata(new KeyMetadata().withAWSAccountId(ACCOUNT_ID)
            .withCreationDate(new Date()).withDescription(req.getDescription())
            .withEnabled(true).withKeyId(keyId).withKeyUsage(KeyUsageType.ENCRYPT_DECRYPT)
            .withArn(arn));
    return result;
}
项目:cerberus-management-service    文件:KmsService.java    
/**
 * Provisions a new KMS CMK in the specified region to be used by the specified role.
 *
 * @param iamRoleId        The IAM role that this CMK will be associated with
 * @param iamPrincipalArn  The AWS IAM principal ARN
 * @param awsRegion        The region to provision the key in
 * @param user             The user requesting it
 * @param dateTime         The date of creation
 * @return The AWS Key ID ARN
 */
@Transactional
public String provisionKmsKey(final String iamRoleId,
                              final String iamPrincipalArn,
                              final String awsRegion,
                              final String user,
                              final OffsetDateTime dateTime) {
    final AWSKMSClient kmsClient = kmsClientFactory.getClient(awsRegion);

    final String awsIamPrincipalKmsKeyId = uuidSupplier.get();

    final CreateKeyRequest request = new CreateKeyRequest();
    request.setKeyUsage(KeyUsageType.ENCRYPT_DECRYPT);
    request.setDescription("Key used by Cerberus for IAM role authentication.");
    String policy = kmsPolicyService.generateStandardKmsPolicy(iamPrincipalArn);
    request.setPolicy(policy);

    CreateKeyResult result;
    try {
        result = kmsClient.createKey(request);
    } catch (Throwable t) {
        logger.error("Failed to provision KMS key using policy: {}", policy, t);
        throw t;
    }

    final CreateAliasRequest aliasRequest = new CreateAliasRequest();
    aliasRequest.setAliasName(getAliasName(awsIamPrincipalKmsKeyId));
    KeyMetadata keyMetadata = result.getKeyMetadata();
    String arn = keyMetadata.getArn();
    aliasRequest.setTargetKeyId(arn);
    kmsClient.createAlias(aliasRequest);

    final AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord();
    awsIamRoleKmsKeyRecord.setId(awsIamPrincipalKmsKeyId);
    awsIamRoleKmsKeyRecord.setAwsIamRoleId(iamRoleId);
    awsIamRoleKmsKeyRecord.setAwsKmsKeyId(result.getKeyMetadata().getArn());
    awsIamRoleKmsKeyRecord.setAwsRegion(awsRegion);
    awsIamRoleKmsKeyRecord.setCreatedBy(user);
    awsIamRoleKmsKeyRecord.setLastUpdatedBy(user);
    awsIamRoleKmsKeyRecord.setCreatedTs(dateTime);
    awsIamRoleKmsKeyRecord.setLastUpdatedTs(dateTime);
    awsIamRoleKmsKeyRecord.setLastValidatedTs(dateTime);

    awsIamRoleDao.createIamRoleKmsKey(awsIamRoleKmsKeyRecord);

    return result.getKeyMetadata().getArn();
}
项目:cerberus-management-service    文件:KmsServiceTest.java    
@Test
public void test_provisionKmsKey() {

    String iamRoleId = "role-id";
    String awsRegion = "aws-region";
    String user = "user";
    OffsetDateTime dateTime = OffsetDateTime.now();

    String policy = "policy";
    String arn = "arn";

    String awsIamRoleKmsKeyId = "awsIamRoleKmsKeyId";

    when(uuidSupplier.get()).thenReturn(awsIamRoleKmsKeyId);
    when(kmsPolicyService.generateStandardKmsPolicy(arn)).thenReturn(policy);

    AWSKMSClient client = mock(AWSKMSClient.class);
    when(kmsClientFactory.getClient(awsRegion)).thenReturn(client);

    CreateKeyRequest request = new CreateKeyRequest();
    request.setKeyUsage(KeyUsageType.ENCRYPT_DECRYPT);
    request.setDescription("Key used by Cerberus for IAM role authentication.");
    request.setPolicy(policy);

    CreateKeyResult createKeyResult = mock(CreateKeyResult.class);
    KeyMetadata metadata = mock(KeyMetadata.class);
    when(metadata.getArn()).thenReturn(arn);
    when(createKeyResult.getKeyMetadata()).thenReturn(metadata);
    when(client.createKey(request)).thenReturn(createKeyResult);

    // invoke method under test
    String actualResult = kmsService.provisionKmsKey(iamRoleId, arn, awsRegion, user, dateTime);

    assertEquals(arn, actualResult);

    CreateAliasRequest aliasRequest = new CreateAliasRequest();
    aliasRequest.setAliasName(kmsService.getAliasName(awsIamRoleKmsKeyId));
    aliasRequest.setTargetKeyId(arn);
    verify(client).createAlias(aliasRequest);

    AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord();
    awsIamRoleKmsKeyRecord.setId(awsIamRoleKmsKeyId);
    awsIamRoleKmsKeyRecord.setAwsIamRoleId(iamRoleId);
    awsIamRoleKmsKeyRecord.setAwsKmsKeyId(arn);
    awsIamRoleKmsKeyRecord.setAwsRegion(awsRegion);
    awsIamRoleKmsKeyRecord.setCreatedBy(user);
    awsIamRoleKmsKeyRecord.setLastUpdatedBy(user);
    awsIamRoleKmsKeyRecord.setCreatedTs(dateTime);
    awsIamRoleKmsKeyRecord.setLastUpdatedTs(dateTime);
    awsIamRoleKmsKeyRecord.setLastValidatedTs(dateTime);
    verify(awsIamRoleDao).createIamRoleKmsKey(awsIamRoleKmsKeyRecord);
}