Package com.amazonaws.encryptionsdk.kms
Class AwsKmsMrkAwareMasterKeyProvider
java.lang.Object
com.amazonaws.encryptionsdk.MasterKeyProvider<AwsKmsMrkAwareMasterKey>
com.amazonaws.encryptionsdk.kms.AwsKmsMrkAwareMasterKeyProvider
public final class AwsKmsMrkAwareMasterKeyProvider
extends MasterKeyProvider<AwsKmsMrkAwareMasterKey>
Represents a list Aws KMS keys and is used to encrypt/decrypt data with
AwsCrypto. Some
of these keys may be multi region keys, in which case this component is able to recognize
different regional replicas of this multi region key as the same.-
Nested Class Summary
Nested Classes -
Method Summary
Modifier and TypeMethodDescriptionbuilder()decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)Iterates throughencryptedDataKeysand returns the first one which can be successfully decrypted.Returns "aws-kms"getMasterKey(String providerId, String requestedKeyArn)Added flexibility in matching multi-Region keys from different regions.getMasterKeysForEncryption(MasterKeyRequest request)Returns all CMKs provided to the constructor of this object.withGrantTokens(String... grantTokens)Returns a newAwsKmsMrkAwareMasterKeyProviderthat is configured identically to this one, except with the given list of grant tokens.withGrantTokens(List<String> grantTokens)Returns a newAwsKmsMrkAwareMasterKeyProviderthat is configured identically to this one, except with the given list of grant tokens.Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider
buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKey
-
Method Details
-
builder
-
getDefaultProviderId
Returns "aws-kms"- Specified by:
getDefaultProviderIdin classMasterKeyProvider<AwsKmsMrkAwareMasterKey>
-
getMasterKey
public AwsKmsMrkAwareMasterKey getMasterKey(String providerId, String requestedKeyArn) throws UnsupportedProviderException, NoSuchMasterKeyExceptionAdded flexibility in matching multi-Region keys from different regions.- Specified by:
getMasterKeyin classMasterKeyProvider<AwsKmsMrkAwareMasterKey>- Returns:
- Throws:
UnsupportedProviderException- if this object cannot returnMasterKeys associated with the given providerNoSuchMasterKeyException- if this object cannot find (and thus construct) theMasterKeyassociated withkeyId- See Also:
MasterKey.getMasterKey(String, String)
-
getMasterKeysForEncryption
Returns all CMKs provided to the constructor of this object.- Specified by:
getMasterKeysForEncryptionin classMasterKeyProvider<AwsKmsMrkAwareMasterKey>- See Also:
MasterKey.getMasterKeysForEncryption(MasterKeyRequest)
-
decryptDataKey
public DataKey<AwsKmsMrkAwareMasterKey> decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) throws AwsCryptoExceptionDescription copied from class:MasterKeyProviderIterates throughencryptedDataKeysand returns the first one which can be successfully decrypted.- Specified by:
decryptDataKeyin classMasterKeyProvider<AwsKmsMrkAwareMasterKey>- Returns:
- a DataKey if one can be decrypted, otherwise returns
null - Throws:
AwsCryptoExceptionUnsupportedProviderException- if theencryptedDataKeyis associated with an unsupported providerCannotUnwrapDataKeyException- if theencryptedDataKeycannot be decrypted- See Also:
KmsMasterKey.decryptDataKey(CryptoAlgorithm, Collection, Map)
-
getGrantTokens
-
withGrantTokens
Returns a newAwsKmsMrkAwareMasterKeyProviderthat is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again). -
withGrantTokens
Returns a newAwsKmsMrkAwareMasterKeyProviderthat is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).
-