com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption

Class DynamoDBEncryptor

java.lang.Object

com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.DynamoDBEncryptor

All Implemented Interfaces:

ILegacyDynamoDbEncryptor

public class DynamoDBEncryptor
extends java.lang.Object
implements ILegacyDynamoDbEncryptor

The low-level API for performing crypto operations on the record attributes.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	DynamoDBEncryptor(EncryptionMaterialsProvider provider, java.lang.String descriptionBase)

Method Summary

Modifier and Type	Method and Description
java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>>	allDecryptionFlagsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes, java.util.Collection<java.lang.String> doNotDecrypt) Returns the decryption flags for all item attributes except for those explicitly specified to be excluded.
java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>>	allDecryptionFlagsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes, java.lang.String... doNotDecrypt) Returns the decryption flags for all item attributes except for those explicitly specified to be excluded.
java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>>	allEncryptionFlagsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes, java.util.Collection<java.lang.String> doNotEncrypt) Returns the encryption flags for all item attributes except for those explicitly specified to be excluded.
java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>>	allEncryptionFlagsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes, java.lang.String... doNotEncrypt) Returns the encryption flags for all item attributes except for those explicitly specified to be excluded.
java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue>	decryptAllFieldsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes, EncryptionContext context, java.util.Collection<java.lang.String> doNotDecrypt)
java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue>	decryptAllFieldsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes, EncryptionContext context, java.lang.String... doNotDecrypt) Returns a decrypted version of the provided DynamoDb record.
java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue>	decryptRecord(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes, java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>> attributeFlags, EncryptionContext context)
java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue>	encryptAllFieldsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes, EncryptionContext context, java.util.Collection<java.lang.String> doNotEncrypt)
java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue>	encryptAllFieldsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes, EncryptionContext context, java.lang.String... doNotEncrypt) Returns an encrypted version of the provided DynamoDb record.
java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue>	encryptRecord(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes, java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>> attributeFlags, EncryptionContext context)
static DynamoDBEncryptor	getInstance(EncryptionMaterialsProvider provider)
static DynamoDBEncryptor	getInstance(EncryptionMaterialsProvider provider, java.lang.String descriptionbase)
java.lang.String	getMaterialDescriptionFieldName() Get the name of the DynamoDB field used to store metadata used by the DynamoDBEncryptedMapper.
java.lang.String	getSignatureFieldName() Get the name of the DynamoDB field used to store the signature.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DynamoDBEncryptor

protected DynamoDBEncryptor(EncryptionMaterialsProvider provider,
                            java.lang.String descriptionBase)

Method Detail

getInstance

public static DynamoDBEncryptor getInstance(EncryptionMaterialsProvider provider,
                                            java.lang.String descriptionbase)

getInstance

public static DynamoDBEncryptor getInstance(EncryptionMaterialsProvider provider)

decryptAllFieldsExcept

public java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> decryptAllFieldsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes,
                                                                                                                            EncryptionContext context,
                                                                                                                            java.lang.String... doNotDecrypt)
                                                                                                                     throws java.security.GeneralSecurityException

Returns a decrypted version of the provided DynamoDb record. The signature is verified across all provided fields. All fields (except those listed in doNotEncrypt are decrypted.

Parameters:

itemAttributes - the DynamoDbRecord

context - additional information used to successfully select the encryption materials and decrypt the data. This should include (at least) the tableName and the materialDescription.

doNotDecrypt - those fields which should not be encrypted

Returns:

a plaintext version of the DynamoDb record

Throws:

java.security.SignatureException - if the signature is invalid or cannot be verified

java.security.GeneralSecurityException

decryptAllFieldsExcept

public java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> decryptAllFieldsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes,
                                                                                                                            EncryptionContext context,
                                                                                                                            java.util.Collection<java.lang.String> doNotDecrypt)
                                                                                                                     throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

See Also:

decryptAllFieldsExcept(Map, EncryptionContext, String...)

allDecryptionFlagsExcept

public java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>> allDecryptionFlagsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes,
                                                                                               java.lang.String... doNotDecrypt)

Returns the decryption flags for all item attributes except for those explicitly specified to be excluded.

Parameters:

doNotDecrypt - fields to be excluded

allDecryptionFlagsExcept

public java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>> allDecryptionFlagsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes,
                                                                                               java.util.Collection<java.lang.String> doNotDecrypt)

Returns the decryption flags for all item attributes except for those explicitly specified to be excluded.

Parameters:

doNotDecrypt - fields to be excluded

encryptAllFieldsExcept

public java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> encryptAllFieldsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes,
                                                                                                                            EncryptionContext context,
                                                                                                                            java.lang.String... doNotEncrypt)
                                                                                                                     throws java.security.GeneralSecurityException

Returns an encrypted version of the provided DynamoDb record. All fields are signed. All fields (except those listed in doNotEncrypt) are encrypted.

Parameters:

itemAttributes - a DynamoDb Record

context - additional information used to successfully select the encryption materials and encrypt the data. This should include (at least) the tableName.

doNotEncrypt - those fields which should not be encrypted

Returns:

a ciphertext version of the DynamoDb record

Throws:

java.security.GeneralSecurityException

encryptAllFieldsExcept

public java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> encryptAllFieldsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes,
                                                                                                                            EncryptionContext context,
                                                                                                                            java.util.Collection<java.lang.String> doNotEncrypt)
                                                                                                                     throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

allEncryptionFlagsExcept

public java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>> allEncryptionFlagsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes,
                                                                                               java.lang.String... doNotEncrypt)

Returns the encryption flags for all item attributes except for those explicitly specified to be excluded.

Parameters:

doNotEncrypt - fields to be excluded

allEncryptionFlagsExcept

public java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>> allEncryptionFlagsExcept(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes,
                                                                                               java.util.Collection<java.lang.String> doNotEncrypt)

Returns the encryption flags for all item attributes except for those explicitly specified to be excluded.

Parameters:

doNotEncrypt - fields to be excluded

decryptRecord

public java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> decryptRecord(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes,
                                                                                                                   java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>> attributeFlags,
                                                                                                                   EncryptionContext context)
                                                                                                            throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

encryptRecord

public java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> encryptRecord(java.util.Map<java.lang.String,software.amazon.awssdk.services.dynamodb.model.AttributeValue> itemAttributes,
                                                                                                                   java.util.Map<java.lang.String,java.util.Set<EncryptionFlags>> attributeFlags,
                                                                                                                   EncryptionContext context)

getSignatureFieldName

public java.lang.String getSignatureFieldName()

Get the name of the DynamoDB field used to store the signature. Defaults to DEFAULT_SIGNATURE_FIELD.

Returns:

the name of the DynamoDB field used to store the signature

getMaterialDescriptionFieldName

public java.lang.String getMaterialDescriptionFieldName()

Get the name of the DynamoDB field used to store metadata used by the DynamoDBEncryptedMapper. Defaults to DEFAULT_METADATA_FIELD.

Returns:

the name of the DynamoDB field used to store metadata used by the DynamoDBEncryptedMapper