Package com.amazonaws.encryptionsdk.jce
Class KeyStoreProvider
java.lang.Object
com.amazonaws.encryptionsdk.MasterKeyProvider<JceMasterKey>
com.amazonaws.encryptionsdk.jce.KeyStoreProvider
This
MasterKeyProvider provides keys backed by a JCE KeyStore. Please see decryptDataKey(CryptoAlgorithm, Collection, Map) for an of how decryption is managed and see
getMasterKeysForEncryption(MasterKeyRequest) for an explanation of how encryption is
managed.-
Constructor Summary
ConstructorsConstructorDescriptionKeyStoreProvider(KeyStore keystore, KeyStore.ProtectionParameter protection, String providerName, String wrappingAlgorithm)Creates an instance of this class usingwrappingAlgorithmwhich will work for decrypt only.KeyStoreProvider(KeyStore keystore, KeyStore.ProtectionParameter protection, String providerName, String wrappingAlgorithm, String... aliasNames)Creates an instance of this class usingwrappingAlgorithmwhich will encrypt data to the keys specified byaliasNames. -
Method Summary
Modifier and TypeMethodDescriptiondecryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)Attempts to decrypts theencryptedDataKeysby first iterating through allaliasNamesspecified in the constructor and then over all other compatible keys in theKeyStore.Returns "JavaKeyStore".getMasterKey(String provider, String keyId)Returns aJceMasterKeycorresponding to the entry in theKeyStorewith the specified alias and compatible algorithm.getMasterKeysForEncryption(MasterKeyRequest request)ReturnsJceMasterKeys corresponding to thealiasNamespassed into the constructor.Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider
buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKey
-
Constructor Details
-
KeyStoreProvider
public KeyStoreProvider(KeyStore keystore, KeyStore.ProtectionParameter protection, String providerName, String wrappingAlgorithm)Creates an instance of this class usingwrappingAlgorithmwhich will work for decrypt only. -
KeyStoreProvider
public KeyStoreProvider(KeyStore keystore, KeyStore.ProtectionParameter protection, String providerName, String wrappingAlgorithm, String... aliasNames)Creates an instance of this class usingwrappingAlgorithmwhich will encrypt data to the keys specified byaliasNames.
-
-
Method Details
-
getMasterKey
public JceMasterKey getMasterKey(String provider, String keyId) throws UnsupportedProviderException, NoSuchMasterKeyExceptionReturns aJceMasterKeycorresponding to the entry in theKeyStorewith the specified alias and compatible algorithm.- Specified by:
getMasterKeyin classMasterKeyProvider<JceMasterKey>- Returns:
- Throws:
UnsupportedProviderException- if this object cannot returnMasterKeys associated with the given providerNoSuchMasterKeyException- if this object cannot find (and thus construct) theMasterKeyassociated withkeyId
-
getDefaultProviderId
Returns "JavaKeyStore".- Specified by:
getDefaultProviderIdin classMasterKeyProvider<JceMasterKey>
-
getMasterKeysForEncryption
ReturnsJceMasterKeys corresponding to thealiasNamespassed into the constructor.- Specified by:
getMasterKeysForEncryptionin classMasterKeyProvider<JceMasterKey>
-
decryptDataKey
public DataKey<JceMasterKey> decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) throws UnsupportedProviderException, AwsCryptoExceptionAttempts to decrypts theencryptedDataKeysby first iterating through allaliasNamesspecified in the constructor and then over all other compatible keys in theKeyStore. This includesTrustedCertificatesas well as standard key entries.- Specified by:
decryptDataKeyin classMasterKeyProvider<JceMasterKey>- Returns:
- a DataKey if one can be decrypted, otherwise returns
null - Throws:
UnsupportedProviderException- if theencryptedDataKeyis associated with an unsupported providerCannotUnwrapDataKeyException- if theencryptedDataKeycannot be decryptedAwsCryptoException
-