Package com.amazonaws.encryptionsdk.internal

Class AwsKmsCmkArnInfo

java.lang.Object

com.amazonaws.encryptionsdk.internal.AwsKmsCmkArnInfo

public final class AwsKmsCmkArnInfo
extends Object

A class to parse and handle AWS KMS identifiers. Mostly AWS KMS ARNs but raw resources are also used in the AWS Encryption SDK.

Method Summary

Modifier and Type	Method	Description
static boolean	awsKmsArnMatchForDecrypt(String configuredKeyIdentifier, String providerInfoKeyIdentifier)	Tell if two different AWS KMS ARNs match.
String	getAccountId()
String	getPartition()
String	getRegion()
String	getResource()
String	getResourceType()
static boolean	isMRK(AwsKmsCmkArnInfo arn)	Identifies Multi Region AWS KMS keys.
static boolean	isMRK(String resource)	Identifies Multi Region AWS KMS keys.
static AwsKmsCmkArnInfo	parseInfoFromKeyArn(String keyArn)	Takes an AWS KMS identifier that may or may not be an ARN and attempts to parse the identifier as an ARN.
String	toString()	Returns the well-formed ARN this object describes.
String	toString(String mrkRegion)	AWS KMS multi-Region keys can have replicas in other region.
static void	validAwsKmsIdentifier(String identifier)	Takes a string an will throw if this identifier is invalid Raw resources like a key ID or alias `mrk-edb7fe6942894d32ac46dbb1c922d574`, `alias/my-alias` or ARNs like arn:aws:kms:us-west-2:111122223333:key/mrk-edb7fe6942894d32ac46dbb1c922d574 arn:aws:kms:us-west-2:111122223333:alias/my-alias

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Details

parseInfoFromKeyArn

public static AwsKmsCmkArnInfo parseInfoFromKeyArn(String keyArn)

Takes an AWS KMS identifier that may or may not be an ARN and attempts to parse the identifier as an ARN. If the identifier is not an ARN, it returns null. This is an expected condition, not an error.

Parameters:

keyArn - The string to parse

validAwsKmsIdentifier

public static void validAwsKmsIdentifier(String identifier)

Takes a string an will throw if this identifier is invalid Raw resources like a key ID or alias `mrk-edb7fe6942894d32ac46dbb1c922d574`, `alias/my-alias` or ARNs like arn:aws:kms:us-west-2:111122223333:key/mrk-edb7fe6942894d32ac46dbb1c922d574 arn:aws:kms:us-west-2:111122223333:alias/my-alias

Parameters:

identifier - an identifier that is an ARN or raw resource

isMRK

public static boolean isMRK(String resource)

Identifies Multi Region AWS KMS keys. This can misidentify an alias that starts with "mrk-".

isMRK

public static boolean isMRK(AwsKmsCmkArnInfo arn)

Identifies Multi Region AWS KMS keys. The resource type check is to protect against the edge case where an alias starts with `mrk-` * e.g. arn:aws:kms:us-west-2:111122223333:alias/mrk-someOtherName

awsKmsArnMatchForDecrypt

public static boolean awsKmsArnMatchForDecrypt(String configuredKeyIdentifier,
 String providerInfoKeyIdentifier)

Tell if two different AWS KMS ARNs match. For identical keys this is trivial, but multi-Region keys can match across regions.

getPartition

public String getPartition()

getAccountId

public String getAccountId()

getRegion

public String getRegion()

getResourceType

public String getResourceType()

getResource

public String getResource()

toString

public String toString()

Returns the well-formed ARN this object describes.

Overrides:

toString in class Object

toString

public String toString(String mrkRegion)

AWS KMS multi-Region keys can have replicas in other region. A compatible ARN in a different Region may be required.

Parameters:

mrkRegion - The region to use instead of the region in the ARN