Package com.amazonaws.encryptionsdk.internal

Class EncryptionHandler

java.lang.Object
com.amazonaws.encryptionsdk.internal.EncryptionHandler
All Implemented Interfaces:
CryptoHandler, MessageCryptoHandler
public class EncryptionHandler extends Object implements MessageCryptoHandler
This class implements the CryptoHandler interface by providing methods for the encryption of plaintext data.

This class creates the ciphertext headers and delegates the encryption of the plaintext to the BlockEncryptionHandler or FrameEncryptionHandler based on the content type.

  • Constructor Details

    • EncryptionHandler

      public EncryptionHandler(int frameSize, EncryptionMaterials result, CommitmentPolicy commitmentPolicy) throws AwsCryptoException
      Create an encryption handler using the provided master key and encryption context.
      Parameters:
      frameSize - The encryption frame size, or zero for a one-shot encryption task
      result - The EncryptionMaterials with the crypto materials for this encryption job
      Throws:
      AwsCryptoException - if the encryption context or master key is null.

  • Method Details

    • processBytes

      public ProcessingSummary processBytes(byte[] in, int off, int len, byte[] out, int outOff) throws AwsCryptoException, BadCiphertextException
      Encrypt a block of bytes from in putting the plaintext result into out.

      It encrypts by performing the following operations:

      1. if this is the first call to encrypt, write the ciphertext headers to the output being returned.
      2. else, pass off the input data to underlying content cryptohandler.
      Specified by:
      processBytes in interface CryptoHandler
      Parameters:
      in - the input byte array.
      off - the offset into the in array where the data to be encrypted starts.
      len - the number of bytes to be encrypted.
      out - the output buffer the encrypted bytes go into.
      outOff - the offset into the output byte array the encrypted data starts at.
      Returns:
      the number of bytes written to out and processed
      Throws:
      AwsCryptoException - if len or offset values are negative.
      BadCiphertextException - thrown by the underlying cipher handler.

    • doFinal

      public int doFinal(byte[] out, int outOff) throws BadCiphertextException
      Finish encryption of the plaintext bytes.
      Specified by:
      doFinal in interface CryptoHandler
      Parameters:
      out - space for any resulting output data.
      outOff - offset into out to start copying the data at.
      Returns:
      number of bytes written into out.
      Throws:
      BadCiphertextException - thrown by the underlying cipher handler.

    • estimateOutputSize

      public int estimateOutputSize(int inLen)
      Return the size of the output buffer required for a processBytes plus a doFinal with an input of inLen bytes.
      Specified by:
      estimateOutputSize in interface CryptoHandler
      Parameters:
      inLen - the length of the input.
      Returns:
      the space required to accommodate a call to processBytes and doFinal with len bytes of input.

    • estimatePartialOutputSize

      public int estimatePartialOutputSize(int inLen)
      Description copied from interface: CryptoHandler
      Return the size of the output buffer required for a call to CryptoHandler.processBytes(byte[], int, int, byte[], int).

      Note this method is allowed to return an estimation of the output size that is greater than the actual size of the output. Returning an estimate that is lesser than the actual size of the output will result in underflow exceptions.

      Specified by:
      estimatePartialOutputSize in interface CryptoHandler
      Parameters:
      inLen - the length of the input.
      Returns:
      the space required to accommodate a call to CryptoHandler.processBytes(byte[], int, int, byte[], int) with an input of size inLen bytes.

    • estimateFinalOutputSize

      public int estimateFinalOutputSize()
      Description copied from interface: CryptoHandler
      Return the size of the output buffer required for a call to CryptoHandler.doFinal(byte[], int).

      Note this method is allowed to return an estimation of the output size that is greater than the actual size of the output. Returning an estimate that is lesser than the actual size of the output will result in underflow exceptions.

      Specified by:
      estimateFinalOutputSize in interface CryptoHandler
      Returns:
      the space required to accomodate a call to CryptoHandler.doFinal(byte[], int)

    • getEncryptionContext

      public Map<String,​String> getEncryptionContext()
      Return the encryption context.
      Specified by:
      getEncryptionContext in interface MessageCryptoHandler
      Returns:
      the key-value map containing encryption context.

    • getHeaders

      public CiphertextHeaders getHeaders()
      Specified by:
      getHeaders in interface MessageCryptoHandler

    • setMaxInputLength

      public void setMaxInputLength(long size)
      Description copied from interface: MessageCryptoHandler
      Informs this handler of an upper bound on the input data size. The handler will throw an exception if this bound is exceeded, and may use it to perform performance optimizations as well.

      If this method is called multiple times, the smallest bound will be used.

      Specified by:
      setMaxInputLength in interface MessageCryptoHandler
      Parameters:
      size - An upper bound on the input data size.

    • getMasterKeys

      public List<? extends MasterKey<?>> getMasterKeys()
      Description copied from interface: MessageCryptoHandler
      All used MasterKeys. For encryption flows, these are all the MasterKeys used to protect the data. In the decryption flow, it is the single MasterKey actually used to decrypt the data.
      Specified by:
      getMasterKeys in interface MessageCryptoHandler

    • isComplete

      public boolean isComplete()
      Description copied from interface: CryptoHandler
      For decrypt and parsing flows returns true when this has handled as many bytes as it can. This usually means that it has reached the end of an object, file, or other delimited stream.
      Specified by:
      isComplete in interface CryptoHandler