Class S3AsyncEncryptionClient.Builder

  • All Implemented Interfaces:
    software.amazon.awssdk.awscore.client.builder.AwsAsyncClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>, software.amazon.awssdk.awscore.client.builder.AwsClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>, software.amazon.awssdk.core.client.builder.SdkAsyncClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>, software.amazon.awssdk.core.client.builder.SdkClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>, software.amazon.awssdk.services.s3.S3AsyncClientBuilder, software.amazon.awssdk.services.s3.S3BaseClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>, software.amazon.awssdk.utils.builder.Buildable, software.amazon.awssdk.utils.builder.SdkBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
    Enclosing class:
    S3AsyncEncryptionClient

    public static class S3AsyncEncryptionClient.Builder
    extends Object
    implements software.amazon.awssdk.services.s3.S3AsyncClientBuilder
    • Method Detail

      • wrappedClient

        public S3AsyncEncryptionClient.Builder wrappedClient​(software.amazon.awssdk.services.s3.S3AsyncClient wrappedClient)
        Specifies the wrapped client to use for the actual S3 request. This client will be used for all async operations. You can pass any S3AsyncClient implementation (e.g. the CRT client), but you cannot pass an S3AsyncEncryptionClient.
        Parameters:
        wrappedClient - the client to use for S3 operations.
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • keyring

        public S3AsyncEncryptionClient.Builder keyring​(Keyring keyring)
        Specifies the Keyring to use for key wrapping and unwrapping.
        Parameters:
        keyring - the Keyring instance to use
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • aesKey

        public S3AsyncEncryptionClient.Builder aesKey​(SecretKey aesKey)
        Specifies a "raw" AES key to use for key wrapping/unwrapping.
        Parameters:
        aesKey - the AES key as a SecretKey instance
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • rsaKeyPair

        public S3AsyncEncryptionClient.Builder rsaKeyPair​(KeyPair rsaKeyPair)
        Specifies a "raw" RSA key pair to use for key wrapping/unwrapping.
        Parameters:
        rsaKeyPair - the RSA key pair as a KeyPair instance
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • rsaKeyPair

        public S3AsyncEncryptionClient.Builder rsaKeyPair​(PartialRsaKeyPair partialRsaKeyPair)
        Specifies a "raw" RSA key pair to use for key wrapping/unwrapping. This option takes a PartialRsaKeyPair instance, which allows either a public key (decryption only) or private key (encryption only) rather than requiring both parts.
        Parameters:
        partialRsaKeyPair - the RSA key pair as a PartialRsaKeyPair instance
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • kmsKeyId

        public S3AsyncEncryptionClient.Builder kmsKeyId​(String kmsKeyId)
        Specifies a KMS key to use for key wrapping/unwrapping. Any valid KMS key identifier (including the full ARN or an alias ARN) is permitted. When decrypting objects, the key referred to by this KMS key identifier is always used.
        Parameters:
        kmsKeyId - the KMS key identifier as a String instance
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • enableLegacyWrappingAlgorithms

        public S3AsyncEncryptionClient.Builder enableLegacyWrappingAlgorithms​(boolean shouldEnableLegacyWrappingAlgorithms)
        When set to true, decryption of objects using legacy key wrapping modes is enabled.
        Parameters:
        shouldEnableLegacyWrappingAlgorithms - true to enable legacy wrapping algorithms
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • enableLegacyUnauthenticatedModes

        public S3AsyncEncryptionClient.Builder enableLegacyUnauthenticatedModes​(boolean shouldEnableLegacyUnauthenticatedModes)
        When set to true, decryption of content using legacy encryption algorithms is enabled. This includes use of GetObject requests with a range, as this mode is not authenticated.
        Parameters:
        shouldEnableLegacyUnauthenticatedModes - true to enable legacy content algorithms
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • enableDelayedAuthenticationMode

        public S3AsyncEncryptionClient.Builder enableDelayedAuthenticationMode​(boolean shouldEnableDelayedAuthenticationMode)
        When set to true, authentication of streamed objects is delayed until the entire object is read from the stream. When this mode is enabled, the consuming application must support a way to invalidate any data read from the stream as the tag will not be validated until the stream is read to completion, as the integrity of the data cannot be ensured. See the AWS Documentation for more information.
        Parameters:
        shouldEnableDelayedAuthenticationMode - true to enable delayed authentication
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • enableMultipartPutObject

        public S3AsyncEncryptionClient.Builder enableMultipartPutObject​(boolean _enableMultipartPutObject)
        When set to true, the putObject method will use multipart upload to perform the upload. Disabled by default.
        Parameters:
        _enableMultipartPutObject - true enables the multipart upload implementation of putObject
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • setBufferSize

        public S3AsyncEncryptionClient.Builder setBufferSize​(long bufferSize)
        Sets the buffer size for safe authentication used when delayed authentication mode is disabled. If buffer size is not given during client configuration, default buffer size is set to 64MiB.
        Parameters:
        bufferSize - the desired buffer size in Bytes.
        Returns:
        Returns a reference to this object so that method calls can be chained together.
        Throws:
        S3EncryptionClientException - if the specified buffer size is outside the allowed bounds
      • cryptoProvider

        public S3AsyncEncryptionClient.Builder cryptoProvider​(Provider cryptoProvider)
        Allows the user to pass an instance of Provider to be used for cryptographic operations. By default, the S3 Encryption Client will use the first compatible Provider in the chain. When this option is used, the given provider will be used for all cryptographic operations. If the provider is missing a required algorithm suite, e.g. AES-GCM, then operations may fail. Advanced option. Users who configure a Provider are responsible for the security and correctness of the provider.
        Parameters:
        cryptoProvider - the to always use
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • secureRandom

        public S3AsyncEncryptionClient.Builder secureRandom​(SecureRandom secureRandom)
        Allows the user to pass an instance of SecureRandom to be used for generating keys and IVs. Advanced option. Users who provide a SecureRandom are responsible for the security and correctness of the SecureRandom implementation.
        Parameters:
        secureRandom - the SecureRandom instance to use
        Returns:
        Returns a reference to this object so that method calls can be chained together.
      • instructionFileConfig

        public S3AsyncEncryptionClient.Builder instructionFileConfig​(InstructionFileConfig instructionFileConfig)
        Sets the Instruction File configuration for the S3 Encryption Client. The InstructionFileConfig can be used to specify an S3 client to use for retrieval of Instruction files, or to disable GetObject requests for the instruction file.
        Parameters:
        instructionFileConfig -
        Returns:
      • credentialsProvider

        public S3AsyncEncryptionClient.Builder credentialsProvider​(software.amazon.awssdk.auth.credentials.AwsCredentialsProvider awsCredentialsProvider)
        The credentials provider to use for all inner clients, including KMS, if a KMS key ID is provided. Note that if a wrapped client is configured, the wrapped client will take precedence over this option.
        Specified by:
        credentialsProvider in interface software.amazon.awssdk.awscore.client.builder.AwsClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Parameters:
        awsCredentialsProvider -
        Returns:
      • region

        public S3AsyncEncryptionClient.Builder region​(software.amazon.awssdk.regions.Region region)
        The AWS region to use for all inner clients, including KMS, if a KMS key ID is provided. Note that if a wrapped client is configured, the wrapped client will take precedence over this option.
        Specified by:
        region in interface software.amazon.awssdk.awscore.client.builder.AwsClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Parameters:
        region -
        Returns:
      • dualstackEnabled

        public S3AsyncEncryptionClient.Builder dualstackEnabled​(Boolean isDualStackEnabled)
        Configure whether the SDK should use the AWS dualstack endpoint.

        If this is not specified, the SDK will attempt to determine whether the dualstack endpoint should be used automatically using the following logic:

        1. Check the 'aws.useDualstackEndpoint' system property for 'true' or 'false'.
        2. Check the 'AWS_USE_DUALSTACK_ENDPOINT' environment variable for 'true' or 'false'.
        3. Check the {user.home}/.aws/credentials and {user.home}/.aws/config files for the 'use_dualstack_endpoint' property set to 'true' or 'false'.

        If the setting is not found in any of the locations above, 'false' will be used.

        Specified by:
        dualstackEnabled in interface software.amazon.awssdk.awscore.client.builder.AwsClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
      • fipsEnabled

        public S3AsyncEncryptionClient.Builder fipsEnabled​(Boolean isFipsEnabled)
        Configure whether the wrapped SDK clients should use the AWS FIPS endpoints. Note that this option only enables FIPS for the service endpoints which the SDK clients use, it does not enable FIPS for the S3EC itself. Use a FIPS-enabled CryptoProvider for full FIPS support.

        If this is not specified, the SDK will attempt to determine whether the FIPS endpoint should be used automatically using the following logic:

        1. Check the 'aws.useFipsEndpoint' system property for 'true' or 'false'.
        2. Check the 'AWS_USE_FIPS_ENDPOINT' environment variable for 'true' or 'false'.
        3. Check the {user.home}/.aws/credentials and {user.home}/.aws/config files for the 'use_fips_endpoint' property set to 'true' or 'false'.

        If the setting is not found in any of the locations above, 'false' will be used.

        Specified by:
        fipsEnabled in interface software.amazon.awssdk.awscore.client.builder.AwsClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
      • overrideConfiguration

        public S3AsyncEncryptionClient.Builder overrideConfiguration​(software.amazon.awssdk.core.client.config.ClientOverrideConfiguration overrideConfiguration)
        Specify overrides to the default SDK configuration that should be used for wrapped clients.
        Specified by:
        overrideConfiguration in interface software.amazon.awssdk.core.client.builder.SdkClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
      • overrideConfiguration

        public software.amazon.awssdk.core.client.config.ClientOverrideConfiguration overrideConfiguration()
        Retrieve the current override configuration. This allows further overrides across calls. Can be modified by first converting to a builder with ClientOverrideConfiguration.toBuilder().
        Specified by:
        overrideConfiguration in interface software.amazon.awssdk.core.client.builder.SdkClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Returns:
        The existing override configuration for the builder.
      • endpointOverride

        public S3AsyncEncryptionClient.Builder endpointOverride​(URI endpointOverride)
        Configure the endpoint with which the SDK should communicate. NOTE: For the S3EncryptionClient, this ONLY overrides the endpoint for S3 clients. To set the endpointOverride for a KMS client, explicitly configure it and create a KmsKeyring instance for the encryption client to use.

        It is important to know that EndpointProviders and the endpoint override on the client are not mutually exclusive. In all existing cases, the endpoint override is passed as a parameter to the provider and the provider *may* modify it. For example, the S3 provider may add the bucket name as a prefix to the endpoint override for virtual bucket addressing.

        Specified by:
        endpointOverride in interface software.amazon.awssdk.core.client.builder.SdkClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Parameters:
        endpointOverride -
      • asyncConfiguration

        public S3AsyncEncryptionClient.Builder asyncConfiguration​(software.amazon.awssdk.core.client.config.ClientAsyncConfiguration clientAsyncConfiguration)
        Specify overrides to the default SDK async configuration that should be used for clients created by this builder.
        Specified by:
        asyncConfiguration in interface software.amazon.awssdk.core.client.builder.SdkAsyncClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Parameters:
        clientAsyncConfiguration -
      • httpClient

        public S3AsyncEncryptionClient.Builder httpClient​(software.amazon.awssdk.http.async.SdkAsyncHttpClient httpClient)
        Sets the SdkAsyncHttpClient that the SDK service client will use to make HTTP calls. This HTTP client may be shared between multiple SDK service clients to share a common connection pool. To create a client you must use an implementation specific builder. Note that this method is only recommended when you wish to share an HTTP client across multiple SDK service clients. If you do not wish to share HTTP clients, it is recommended to use httpClientBuilder(SdkAsyncHttpClient.Builder) so that service specific default configuration may be applied.

        This client must be closed by the caller when it is ready to be disposed. The SDK will not close the HTTP client when the service client is closed.

        Specified by:
        httpClient in interface software.amazon.awssdk.core.client.builder.SdkAsyncClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Parameters:
        httpClient -
        Returns:
        This builder for method chaining.
      • httpClientBuilder

        public S3AsyncEncryptionClient.Builder httpClientBuilder​(software.amazon.awssdk.http.async.SdkAsyncHttpClient.Builder httpClientBuilder)
        Sets a custom HTTP client builder that will be used to obtain a configured instance of SdkAsyncHttpClient. Any service specific HTTP configuration will be merged with the builder's configuration prior to creating the client. When there is no desire to share HTTP clients across multiple service clients, the client builder is the preferred way to customize the HTTP client as it benefits from service specific defaults.

        Clients created by the builder are managed by the SDK and will be closed when the service client is closed.

        Specified by:
        httpClientBuilder in interface software.amazon.awssdk.core.client.builder.SdkAsyncClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Parameters:
        httpClientBuilder -
        Returns:
        This builder for method chaining.
      • serviceConfiguration

        public S3AsyncEncryptionClient.Builder serviceConfiguration​(software.amazon.awssdk.services.s3.S3Configuration serviceConfiguration)
        Specified by:
        serviceConfiguration in interface software.amazon.awssdk.services.s3.S3BaseClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
      • accelerate

        public S3AsyncEncryptionClient.Builder accelerate​(Boolean accelerate)
        Enables this client to use S3 Transfer Acceleration endpoints.
        Specified by:
        accelerate in interface software.amazon.awssdk.services.s3.S3BaseClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Parameters:
        accelerate -
      • disableMultiRegionAccessPoints

        public S3AsyncEncryptionClient.Builder disableMultiRegionAccessPoints​(Boolean disableMultiRegionAccessPoints)
        Disables this client's usage of Multi-Region Access Points.
        Specified by:
        disableMultiRegionAccessPoints in interface software.amazon.awssdk.services.s3.S3BaseClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Parameters:
        disableMultiRegionAccessPoints -
      • disableS3ExpressSessionAuth

        public S3AsyncEncryptionClient.Builder disableS3ExpressSessionAuth​(Boolean disableS3ExpressSessionAuth)
        Disables this client's usage of Session Auth for S3Express buckets and reverts to using conventional SigV4 for those.
        Specified by:
        disableS3ExpressSessionAuth in interface software.amazon.awssdk.services.s3.S3BaseClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
      • forcePathStyle

        public S3AsyncEncryptionClient.Builder forcePathStyle​(Boolean forcePathStyle)
        Forces this client to use path-style addressing for buckets.
        Specified by:
        forcePathStyle in interface software.amazon.awssdk.services.s3.S3BaseClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Parameters:
        forcePathStyle -
      • useArnRegion

        public S3AsyncEncryptionClient.Builder useArnRegion​(Boolean useArnRegion)
        Enables this client to use an ARN's region when constructing an endpoint instead of the client's configured region.
        Specified by:
        useArnRegion in interface software.amazon.awssdk.services.s3.S3BaseClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Parameters:
        useArnRegion -
      • multipartEnabled

        public S3AsyncEncryptionClient.Builder multipartEnabled​(Boolean enabled)
        Multipart via the wrapped client is currently NOT supported by the S3 Encryption Client. Use the enableMultipartPutObject(boolean) option instead for high-level multipart uploads. Multipart downloads are currently NOT supported.
        Specified by:
        multipartEnabled in interface software.amazon.awssdk.services.s3.S3AsyncClientBuilder
      • multipartConfiguration

        public S3AsyncEncryptionClient.Builder multipartConfiguration​(software.amazon.awssdk.services.s3.multipart.MultipartConfiguration multipartConfiguration)
        Multipart via the wrapped client is currently NOT supported by the S3 Encryption Client. Use the enableMultipartPutObject(boolean) option instead for high-level multipart uploads. Multipart downloads are currently NOT supported.
        Specified by:
        multipartConfiguration in interface software.amazon.awssdk.services.s3.S3AsyncClientBuilder
      • crossRegionAccessEnabled

        public S3AsyncEncryptionClient.Builder crossRegionAccessEnabled​(Boolean crossRegionAccessEnabled)
        Enables cross-region bucket access for this client
        Specified by:
        crossRegionAccessEnabled in interface software.amazon.awssdk.services.s3.S3BaseClientBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
      • build

        public S3AsyncEncryptionClient build()
        Validates and builds the S3AsyncEncryptionClient according to the configuration options passed to the Builder object.
        Specified by:
        build in interface software.amazon.awssdk.utils.builder.Buildable
        Specified by:
        build in interface software.amazon.awssdk.utils.builder.SdkBuilder<software.amazon.awssdk.services.s3.S3AsyncClientBuilder,​software.amazon.awssdk.services.s3.S3AsyncClient>
        Returns:
        an instance of the S3AsyncEncryptionClient