Package com.amazonaws.encryptionsdk.kms

Class KmsMasterKeyProvider

java.lang.Object

com.amazonaws.encryptionsdk.MasterKeyProvider<KmsMasterKey>

com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider

All Implemented Interfaces:

KmsMethods

public class KmsMasterKeyProvider
extends MasterKeyProvider<KmsMasterKey>
implements KmsMethods

Provides MasterKeys backed by the AWS Key Management Service. This object is regional and if you want to use keys from multiple regions, you'll need multiple copies of this object.

This component is not multi-Region key aware, and will treat every AWS KMS identifier as regionally isolated.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	KmsMasterKeyProvider.Builder
static interface	KmsMasterKeyProvider.RegionalClientSupplier

Method Summary

Modifier and Type	Method	Description
void	addGrantToken(String grantToken)	Deprecated. This method is inherently not thread safe.
static KmsMasterKeyProvider.Builder	builder()
DataKey<KmsMasterKey>	decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)	Iterates through encryptedDataKeys and returns the first one which can be successfully decrypted.
String	getDefaultProviderId()	Returns "aws-kms"
List<String>	getGrantTokens()	Returns the grantTokens which this object sends to KMS when calling it.
KmsMasterKey	getMasterKey(String provider, String keyId)	Returns the specified MasterKey if possible.
List<KmsMasterKey>	getMasterKeysForEncryption(MasterKeyRequest request)	Returns all CMKs provided to the constructor of this object.
void	setGrantTokens(List<String> grantTokens)	Deprecated. This method is inherently not thread safe.
KmsMasterKeyProvider	withGrantTokens(String... grantTokens)	Returns a new KmsMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens.
KmsMasterKeyProvider	withGrantTokens(List<String> grantTokens)	Returns a new KmsMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens.

Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider

buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKey

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

builder

public static KmsMasterKeyProvider.Builder builder()

getDefaultProviderId

public String getDefaultProviderId()

Returns "aws-kms"

Specified by:

getDefaultProviderId in class MasterKeyProvider<KmsMasterKey>

getMasterKey

public KmsMasterKey getMasterKey(String provider,
 String keyId)
                          throws UnsupportedProviderException,
NoSuchMasterKeyException

Description copied from class: MasterKeyProvider

Returns the specified MasterKey if possible.

Specified by:

getMasterKey in class MasterKeyProvider<KmsMasterKey>

Returns:

Throws:

UnsupportedProviderException - if this object cannot return MasterKeys associated with the given provider

NoSuchMasterKeyException - if this object cannot find (and thus construct) the MasterKey associated with keyId

getMasterKeysForEncryption

public List<KmsMasterKey> getMasterKeysForEncryption(MasterKeyRequest request)

Returns all CMKs provided to the constructor of this object.

Specified by:

getMasterKeysForEncryption in class MasterKeyProvider<KmsMasterKey>

decryptDataKey

public DataKey<KmsMasterKey> decryptDataKey(CryptoAlgorithm algorithm,
 Collection<? extends EncryptedDataKey> encryptedDataKeys,
 Map<String,String> encryptionContext)
                                     throws AwsCryptoException

Description copied from class: MasterKeyProvider

Iterates through encryptedDataKeys and returns the first one which can be successfully decrypted.

Specified by:

decryptDataKey in class MasterKeyProvider<KmsMasterKey>

Returns:

a DataKey if one can be decrypted, otherwise returns null

Throws:

UnsupportedProviderException - if the encryptedDataKey is associated with an unsupported provider

CannotUnwrapDataKeyException - if the encryptedDataKey cannot be decrypted

AwsCryptoException

setGrantTokens

@Deprecated
public void setGrantTokens(List<String> grantTokens)

Deprecated.

This method is inherently not thread safe. Use KmsMasterKey.setGrantTokens(List) instead. KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.

Description copied from interface: KmsMethods

Sets the grantTokens which should be submitted to KMS when calling it.

Specified by:

setGrantTokens in interface KmsMethods

getGrantTokens

public List<String> getGrantTokens()

Description copied from interface: KmsMethods

Returns the grantTokens which this object sends to KMS when calling it.

Specified by:

getGrantTokens in interface KmsMethods

addGrantToken

@Deprecated
public void addGrantToken(String grantToken)

Deprecated.

This method is inherently not thread safe. Use withGrantTokens(List) or KmsMasterKey.setGrantTokens(List) instead. KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.

Description copied from interface: KmsMethods

Adds grantToken to the list of grantTokens sent to KMS when this class calls it.

Specified by:

addGrantToken in interface KmsMethods

withGrantTokens

public KmsMasterKeyProvider withGrantTokens(List<String> grantTokens)

Returns a new KmsMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).

Parameters:

grantTokens -

Returns:

withGrantTokens

public KmsMasterKeyProvider withGrantTokens(String... grantTokens)

Returns a new KmsMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).

Parameters:

grantTokens -

Returns: