java.lang.Object
com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.store.ProviderStore
com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.store.MetaStore

public class MetaStore extends ProviderStore
Provides a simple collection of EncryptionMaterialProviders backed by an encrypted DynamoDB table. This can be used to build key hierarchies or meta providers.

Currently, this only supports AES-256 in AESWrap mode and HmacSHA256 for the providers persisted in the table.

Author:
rubin
  • Constructor Details

    • MetaStore

      public MetaStore(com.amazonaws.services.dynamodbv2.AmazonDynamoDB ddb, String tableName, DynamoDBEncryptor encryptor)
      Create a new MetaStore with specified table name.
      Parameters:
      ddb - Interface for accessing DynamoDB.
      tableName - DynamoDB table name for this MetaStore.
      encryptor - used to perform crypto operations on the record attributes.
    • MetaStore

      public MetaStore(com.amazonaws.services.dynamodbv2.AmazonDynamoDB ddb, String tableName, DynamoDBEncryptor encryptor, MetaStore.ExtraDataSupplier extraDataSupplier)
      Create a new MetaStore with specified table name and extra data supplier.
      Parameters:
      ddb - Interface for accessing DynamoDB.
      tableName - DynamoDB table name for this MetaStore.
      encryptor - used to perform crypto operations on the record attributes
      extraDataSupplier - provides extra data that should be stored along with the material.
  • Method Details

    • getProvider

      public EncryptionMaterialsProvider getProvider(String materialName, long version)
      Description copied from class: ProviderStore
      Returns the provider with the specified name and version.
      Specified by:
      getProvider in class ProviderStore
    • getOrCreate

      public EncryptionMaterialsProvider getOrCreate(String materialName, long nextId)
      Description copied from class: ProviderStore
      Returns the provider with the specified name and version and creates it if it doesn't exist.
      Overrides:
      getOrCreate in class ProviderStore
    • getMaxVersion

      public long getMaxVersion(String materialName)
      Description copied from class: ProviderStore
      Returns the maximum version number associated with materialName. If there are no versions, returns -1.
      Specified by:
      getMaxVersion in class ProviderStore
    • getVersionFromMaterialDescription

      public long getVersionFromMaterialDescription(Map<String,String> description)
      Description copied from class: ProviderStore
      Extracts the material version from description.
      Specified by:
      getVersionFromMaterialDescription in class ProviderStore
    • replicate

      public void replicate(String materialName, long version, MetaStore targetMetaStore)
      This API retrieves the intermediate keys from the source region and replicates it in the target region.
      Parameters:
      materialName - material name of the encryption material.
      version - version of the encryption material.
      targetMetaStore - target MetaStore where the encryption material to be stored.
    • createTable

      public static com.amazonaws.services.dynamodbv2.model.CreateTableResult createTable(com.amazonaws.services.dynamodbv2.AmazonDynamoDB ddb, String tableName, com.amazonaws.services.dynamodbv2.model.ProvisionedThroughput provisionedThroughput)
      Creates a DynamoDB Table with the correct properties to be used with a ProviderStore.
      Parameters:
      ddb - interface for accessing DynamoDB
      tableName - name of table that stores the meta data of the material.
      provisionedThroughput - required provisioned throughput of the this table.
      Returns:
      result of create table request.