Package com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.store

Class MetaStore

java.lang.Object
com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.store.ProviderStore
com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.store.MetaStore
public class MetaStore extends ProviderStore
Provides a simple collection of EncryptionMaterialProviders backed by an encrypted DynamoDB table. This can be used to build key hierarchies or meta providers.

Currently, this only supports AES-256 in AESWrap mode and HmacSHA256 for the providers persisted in the table.

Author:
rubin

  • Constructor Details

    • MetaStore

      public MetaStore(com.amazonaws.services.dynamodbv2.AmazonDynamoDB ddb, String tableName, DynamoDBEncryptor encryptor)
      Create a new MetaStore with specified table name.
      Parameters:
      ddb - Interface for accessing DynamoDB.
      tableName - DynamoDB table name for this MetaStore.
      encryptor - used to perform crypto operations on the record attributes.

    • MetaStore

      public MetaStore(com.amazonaws.services.dynamodbv2.AmazonDynamoDB ddb, String tableName, DynamoDBEncryptor encryptor, MetaStore.ExtraDataSupplier extraDataSupplier)
      Create a new MetaStore with specified table name and extra data supplier.
      Parameters:
      ddb - Interface for accessing DynamoDB.
      tableName - DynamoDB table name for this MetaStore.
      encryptor - used to perform crypto operations on the record attributes
      extraDataSupplier - provides extra data that should be stored along with the material.

  • Method Details

    • getProvider

      public EncryptionMaterialsProvider getProvider(String materialName, long version)
      Description copied from class: ProviderStore
      Returns the provider with the specified name and version.
      Specified by:
      getProvider in class ProviderStore

    • getOrCreate

      public EncryptionMaterialsProvider getOrCreate(String materialName, long nextId)
      Description copied from class: ProviderStore
      Returns the provider with the specified name and version and creates it if it doesn't exist.
      Overrides:
      getOrCreate in class ProviderStore

    • getMaxVersion

      public long getMaxVersion(String materialName)
      Description copied from class: ProviderStore
      Returns the maximum version number associated with materialName. If there are no versions, returns -1.
      Specified by:
      getMaxVersion in class ProviderStore

    • getVersionFromMaterialDescription

      public long getVersionFromMaterialDescription(Map<String,String> description)
      Description copied from class: ProviderStore
      Extracts the material version from description.
      Specified by:
      getVersionFromMaterialDescription in class ProviderStore

    • replicate

      public void replicate(String materialName, long version, MetaStore targetMetaStore)
      This API retrieves the intermediate keys from the source region and replicates it in the target region.
      Parameters:
      materialName - material name of the encryption material.
      version - version of the encryption material.
      targetMetaStore - target MetaStore where the encryption material to be stored.

    • createTable

      public static com.amazonaws.services.dynamodbv2.model.CreateTableResult createTable(com.amazonaws.services.dynamodbv2.AmazonDynamoDB ddb, String tableName, com.amazonaws.services.dynamodbv2.model.ProvisionedThroughput provisionedThroughput)
      Creates a DynamoDB Table with the correct properties to be used with a ProviderStore.
      Parameters:
      ddb - interface for accessing DynamoDB
      tableName - name of table that stores the meta data of the material.
      provisionedThroughput - required provisioned throughput of the this table.
      Returns:
      result of create table request.