java.lang.Object
com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.CachingMostRecentProvider
All Implemented Interfaces:
EncryptionMaterialsProvider

public class CachingMostRecentProvider extends Object implements EncryptionMaterialsProvider
This meta-Provider encrypts data with the most recent version of keying materials from a ProviderStore and decrypts using whichever version is appropriate. It also caches the results from the ProviderStore to avoid excessive load on the backing systems.
  • Field Details

    • defaultMaterialName

      protected final String defaultMaterialName
  • Constructor Details

    • CachingMostRecentProvider

      public CachingMostRecentProvider(ProviderStore keystore, String materialName, long ttlInMillis)
      Parameters:
      keystore - The key store that this provider will use to determine which material and which version of material to use
      materialName - The name of the materials associated with this provider
      ttlInMillis - The length of time in milliseconds to cache the most recent provider
    • CachingMostRecentProvider

      public CachingMostRecentProvider(ProviderStore keystore, String materialName, long ttlInMillis, int maxCacheSize)
      Parameters:
      keystore - The key store that this provider will use to determine which material and which version of material to use
      materialName - The name of the materials associated with this provider
      ttlInMillis - The length of time in milliseconds to cache the most recent provider
      maxCacheSize - The maximum size of the underlying caches this provider uses. Entries will be evicted from the cache once this size is exceeded.
  • Method Details

    • getEncryptionMaterials

      public EncryptionMaterials getEncryptionMaterials(EncryptionContext context)
      Description copied from interface: EncryptionMaterialsProvider
      Returns EncryptionMaterials which the caller can use for encryption. Each implementation of EncryptionMaterialsProvider can choose its own strategy for loading encryption material. For example, an implementation might load encryption material from an existing key management system, or load new encryption material when keys are rotated.
      Specified by:
      getEncryptionMaterials in interface EncryptionMaterialsProvider
      Parameters:
      context - Information to assist in selecting a the proper return value. The implementation is free to determine the minimum necessary for successful processing.
      Returns:
      EncryptionMaterials which the caller can use to encrypt or decrypt data.
    • getDecryptionMaterials

      public DecryptionMaterials getDecryptionMaterials(EncryptionContext context)
      Description copied from interface: EncryptionMaterialsProvider
      Retrieves encryption materials matching the specified description from some source.
      Specified by:
      getDecryptionMaterials in interface EncryptionMaterialsProvider
      Parameters:
      context - Information to assist in selecting a the proper return value. The implementation is free to determine the minimum necessary for successful processing.
      Returns:
      The encryption materials that match the description, or null if no matching encryption materials found.
    • refresh

      public void refresh()
      Completely empties the cache of both the current and old versions.
      Specified by:
      refresh in interface EncryptionMaterialsProvider
    • getMaterialName

      public String getMaterialName()
    • getTtlInMills

      public long getTtlInMills()
    • getCurrentVersion

      public long getCurrentVersion()
      The current version of the materials being used for encryption. Returns -1 if we do not currently have a current version.
    • getLastUpdated

      public long getLastUpdated()
      The last time the current version was updated. Returns 0 if we do not currently have a current version.
    • getMaterialName

      protected String getMaterialName(EncryptionContext context)