Package com.amazonaws.encryptionsdk
Class MasterKeyProvider<K extends MasterKey<K>>
java.lang.Object
com.amazonaws.encryptionsdk.MasterKeyProvider<K>
- Type Parameters:
K- the type ofMasterKeyreturned by this provider
- Direct Known Subclasses:
AwsKmsMrkAwareMasterKeyProvider,KeyStoreProvider,KmsMasterKeyProvider,MasterKey
Represents the logic necessary to select and construct
MasterKeys for encrypting and
decrypting messages. This is an abstract class.-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected AwsCryptoExceptionprotected AwsCryptoExceptionprotected AwsCryptoExceptionbuildCannotDecryptDksException(List<? extends Throwable> t)booleancanProvide(String provider)Returns true if this MasterKeyProvider can provide keys from the specified @{code provider}.decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)Iterates throughencryptedDataKeysand returns the first one which can be successfully decrypted.abstract StringProviderId used by this instance when no other is specified.getMasterKey(String keyId)Equivalent to callinggetMasterKey(String, String)usinggetDefaultProviderId()as the provider.abstract KgetMasterKey(String provider, String keyId)Returns the specifiedMasterKeyif possible.getMasterKeysForEncryption(MasterKeyRequest request)Returns allMasterKeys which should be used to protect the plaintext described byrequest.
-
Constructor Details
-
MasterKeyProvider
public MasterKeyProvider()
-
-
Method Details
-
getDefaultProviderId
ProviderId used by this instance when no other is specified. -
canProvide
Returns true if this MasterKeyProvider can provide keys from the specified @{code provider}.- Parameters:
provider-- Returns:
-
getMasterKey
Equivalent to callinggetMasterKey(String, String)usinggetDefaultProviderId()as the provider. -
getMasterKey
public abstract K getMasterKey(String provider, String keyId) throws UnsupportedProviderException, NoSuchMasterKeyExceptionReturns the specifiedMasterKeyif possible.- Parameters:
provider-keyId-- Returns:
- Throws:
UnsupportedProviderException- if this object cannot returnMasterKeys associated with the given providerNoSuchMasterKeyException- if this object cannot find (and thus construct) theMasterKeyassociated withkeyId
-
getMasterKeysForEncryption
Returns allMasterKeys which should be used to protect the plaintext described byrequest. -
decryptDataKey
public abstract DataKey<K> decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) throws UnsupportedProviderException, AwsCryptoExceptionIterates throughencryptedDataKeysand returns the first one which can be successfully decrypted.- Returns:
- a DataKey if one can be decrypted, otherwise returns
null - Throws:
UnsupportedProviderException- if theencryptedDataKeyis associated with an unsupported providerCannotUnwrapDataKeyException- if theencryptedDataKeycannot be decryptedAwsCryptoException
-
buildCannotDecryptDksException
-
buildCannotDecryptDksException
-
buildCannotDecryptDksException
-