/** * Non-authenticated encryption schemes can do range GETs without an issue. */ public void encryptionOnly_RangeGet_CustomerManagedKey() throws NoSuchAlgorithmException { SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder .standard() .withRegion(Regions.US_WEST_2) .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly)) .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))) .build(); s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents"); System.out.println(s3Encryption.getObject(new GetObjectRequest(BUCKET_NAME, ENCRYPTED_KEY) .withRange(0, 2))); }
/** * @return Create new instance of builder with all defaults set. */ public static AmazonS3EncryptionClientBuilder standard() { return new AmazonS3EncryptionClientBuilder(); }
/** * Sets the crypto configuration whose parameters will be used to encrypt and decrypt data. * @param cryptoConfig crypto configuration * @return this object for method chaining */ public AmazonS3EncryptionClientBuilder withCryptoConfiguration(CryptoConfiguration cryptoConfig) { setCryptoConfiguration(cryptoConfig); return this; }
configuration.getEncryptionMaterials()); encClientBuilder = AmazonS3EncryptionClientBuilder .standard() .withClientConfiguration(clientConfiguration) .withEncryptionMaterials(encryptionMaterialsProvider) .withCredentials(new InstanceProfileCredentialsProvider(false)); } else { clientBuilder = AmazonS3ClientBuilder } else { if (ObjectHelper.isNotEmpty(configuration.getRegion())) { encClientBuilder = encClientBuilder.withRegion(Regions.valueOf(configuration.getRegion())); encClientBuilder = encClientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess()); client = encClientBuilder.build();
.withCredentials(credentialsProvider) .withEncryptionMaterials(encryptionMaterialsProvider.get()) .withClientConfiguration(clientConfig) .withMetricsCollector(METRIC_COLLECTOR);
public static AmazonS3EncryptionClientBuilder encryptionBuilder() { return AmazonS3EncryptionClientBuilder.standard(); }
/** * Sets the encryption materials to be used to encrypt and decrypt data * @param encryptionMaterials A provider for the encryption materials to be used to encrypt and decrypt data. * @return this object for method chaining */ public AmazonS3EncryptionClientBuilder withEncryptionMaterials(EncryptionMaterialsProvider encryptionMaterials) { setEncryptionMaterials(encryptionMaterials); return this; }
/** * Sets the KMS implementation to be used throughout the crypto process * @param kms an {@link AWSKMS} implementation (e.g. {@link com.amazonaws.services.kms.AWSKMSClient}) * @return this object for method chaining */ public AmazonS3EncryptionClientBuilder withKmsClient(AWSKMS kms) { setKms(kms); return this; }
/** * Construct a synchronous implementation of AmazonS3Encryption using the current builder configuration. * * @return Fully configured implementation of AmazonS3Encryption. */ @Override protected AmazonS3Encryption build(AwsSyncClientParams clientParams) { return new AmazonS3EncryptionClient( new AmazonS3EncryptionClientParamsWrapper(clientParams, resolveS3ClientOptions(), encryptionMaterials, cryptoConfig != null ? cryptoConfig : new CryptoConfiguration(), kms)); } }
= new StaticEncryptionMaterialsProvider(configuration.getEncryptionMaterials()); encClientBuilder = AmazonS3EncryptionClientBuilder .standard() .withClientConfiguration(clientConfiguration) .withCredentials(credentialsProvider) .withEncryptionMaterials(encryptionMaterialsProvider); } else { clientBuilder = AmazonS3ClientBuilder } else { if (ObjectHelper.isNotEmpty(configuration.getRegion())) { encClientBuilder = encClientBuilder.withRegion(Regions.valueOf(configuration.getRegion())); encClientBuilder = encClientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess()); client = encClientBuilder.build(); = new StaticEncryptionMaterialsProvider(configuration.getEncryptionMaterials()); encClientBuilder = AmazonS3EncryptionClientBuilder .standard() .withClientConfiguration(clientConfiguration) .withEncryptionMaterials(encryptionMaterialsProvider); } else { clientBuilder = AmazonS3ClientBuilder } else { if (ObjectHelper.isNotEmpty(configuration.getRegion())) { encClientBuilder = encClientBuilder.withRegion(Regions.valueOf(configuration.getRegion())); encClientBuilder = encClientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess());
.withCredentials(credentialsProvider) .withEncryptionMaterials(encryptionMaterialsProvider.get()) .withClientConfiguration(clientConfig) .withMetricsCollector(METRIC_COLLECTOR);
public static AmazonS3EncryptionClientBuilder encryptionBuilder() { return AmazonS3EncryptionClientBuilder.standard(); }
/** * Sets the encryption materials to be used to encrypt and decrypt data * @param encryptionMaterials A provider for the encryption materials to be used to encrypt and decrypt data. * @return this object for method chaining */ public AmazonS3EncryptionClientBuilder withEncryptionMaterials(EncryptionMaterialsProvider encryptionMaterials) { setEncryptionMaterials(encryptionMaterials); return this; }
/** * Sets the KMS implementation to be used throughout the crypto process * @param kms an {@link AWSKMS} implementation (e.g. {@link com.amazonaws.services.kms.AWSKMSClient}) * @return this object for method chaining */ public AmazonS3EncryptionClientBuilder withKmsClient(AWSKMS kms) { setKms(kms); return this; }
/** * Construct a synchronous implementation of AmazonS3Encryption using the current builder configuration. * * @return Fully configured implementation of AmazonS3Encryption. */ @Override protected AmazonS3Encryption build(AwsSyncClientParams clientParams) { return new AmazonS3EncryptionClient( new AmazonS3EncryptionClientParamsWrapper(clientParams, resolveS3ClientOptions(), encryptionMaterials, cryptoConfig != null ? cryptoConfig : new CryptoConfiguration(), kms)); } }
/** * Uses AES/CBC algorithm, no key wrapping. */ public void encryptionOnly_CustomerManagedKey() throws NoSuchAlgorithmException { SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder .standard() .withRegion(Regions.US_WEST_2) .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly)) .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))) .build(); AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient(); s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents"); s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents"); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY)); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY)); }
/** * Sets the crypto configuration whose parameters will be used to encrypt and decrypt data. * @param cryptoConfig crypto configuration * @return this object for method chaining */ public AmazonS3EncryptionClientBuilder withCryptoConfiguration(CryptoConfiguration cryptoConfig) { setCryptoConfiguration(cryptoConfig); return this; }
/** * @return Create new instance of builder with all defaults set. */ public static AmazonS3EncryptionClientBuilder standard() { return new AmazonS3EncryptionClientBuilder(); }