Package software.amazon.encryption.s3.materials

Class RawKeyring<T>

java.lang.Object

software.amazon.encryption.s3.materials.S3Keyring

software.amazon.encryption.s3.materials.RawKeyring<T>

Type Parameters:

T - the type of key material used by this keyring

All Implemented Interfaces:

Keyring

Direct Known Subclasses:

AesKeyring, RsaKeyring

public abstract class RawKeyring<T>
extends S3Keyring

This is an abstract base class for keyrings that use raw cryptographic keys (AES + RSA)

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	RawKeyring.Builder<KeyringT extends RawKeyring<T>,BuilderT extends RawKeyring.Builder<KeyringT,BuilderT,T>,T>	Abstract builder for RawKeyring implementations.

Field Summary

Fields

Modifier and Type	Field	Description
protected Map<MaterialsDescription,RawKeyMaterial<T>>	_additionalDecryptionKeyMaterial
protected MaterialsDescription	_materialsDescription

Fields inherited from class software.amazon.encryption.s3.materials.S3Keyring

_dataKeyGenerator, KEY_PROVIDER_ID

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	RawKeyring(RawKeyring.Builder<?,?,T> builder)

Method Summary

Modifier and Type	Method	Description
protected T	findKeyMaterialForDecryption(DecryptionMaterials materials, T defaultKeyMaterial)	Finds the appropriate key material to use for decryption based on the materials description.
EncryptionMaterials	modifyMaterialsForRawKeyring(EncryptionMaterials materials)	Modifies encryption materials with the keyring's materials description if present.
void	warnIfEncryptionContextIsPresent(EncryptionMaterials materials)	Checks if an encryption context is present in the EncryptionMaterials and issues a warning if an encryption context is found.

Methods inherited from class software.amazon.encryption.s3.materials.S3Keyring

areLegacyWrappingAlgorithmsEnabled, decryptDataKeyStrategies, defaultGenerateDataKey, encryptDataKeyStrategy, generateDataKeyStrategy, onDecrypt, onEncrypt

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

_materialsDescription

protected final MaterialsDescription _materialsDescription

_additionalDecryptionKeyMaterial

protected final Map<MaterialsDescription,RawKeyMaterial<T>> _additionalDecryptionKeyMaterial

Constructor Detail

RawKeyring

protected RawKeyring(RawKeyring.Builder<?,?,T> builder)

Method Detail

findKeyMaterialForDecryption

protected T findKeyMaterialForDecryption(DecryptionMaterials materials,
                                         T defaultKeyMaterial)

Finds the appropriate key material to use for decryption based on the materials description. If a matching key material is found in the additionalDecryptionKeyMaterial map, it is returned. Otherwise, the default key material is returned.

Parameters:

materials - the decryption materials containing the materials description

defaultKeyMaterial - the default key material to use if no matching key material is found

Returns:

the key material to use for decryption

modifyMaterialsForRawKeyring

public EncryptionMaterials modifyMaterialsForRawKeyring(EncryptionMaterials materials)

Modifies encryption materials with the keyring's materials description if present. Issues a warning if encryption context is found, as it provides no security benefit for raw keyrings.

Parameters:

materials - the encryption materials to modify

Returns:

modified encryption materials with the keyring's materials description or original encryption materials if no materials description is set

warnIfEncryptionContextIsPresent

public void warnIfEncryptionContextIsPresent(EncryptionMaterials materials)

Checks if an encryption context is present in the EncryptionMaterials and issues a warning if an encryption context is found.

Encryption context is not recommended for use with non-KMS keyrings as it does not provide additional security benefits and is not stored.

Parameters:

materials - EncryptionMaterials