public class KeyStoreProvider extends MasterKeyProvider<JceMasterKey>
MasterKeyProvider provides keys backed by a JCE KeyStore. Please see decryptDataKey(CryptoAlgorithm, Collection, Map) for an of how decryption is managed and see
getMasterKeysForEncryption(MasterKeyRequest) for an explanation of how encryption is
managed.| Constructor and Description |
|---|
KeyStoreProvider(KeyStore keystore,
KeyStore.ProtectionParameter protection,
String providerName,
String wrappingAlgorithm)
Creates an instance of this class using
wrappingAlgorithm which will work for
decrypt only. |
KeyStoreProvider(KeyStore keystore,
KeyStore.ProtectionParameter protection,
String providerName,
String wrappingAlgorithm,
String... aliasNames)
Creates an instance of this class using
wrappingAlgorithm which will encrypt data to
the keys specified by aliasNames. |
| Modifier and Type | Method and Description |
|---|---|
DataKey<JceMasterKey> |
decryptDataKey(CryptoAlgorithm algorithm,
Collection<? extends EncryptedDataKey> encryptedDataKeys,
Map<String,String> encryptionContext)
Attempts to decrypts the
encryptedDataKeys by first iterating through all aliasNames specified in the constructor and then over all other compatible keys in
the KeyStore. |
String |
getDefaultProviderId()
Returns "JavaKeyStore".
|
JceMasterKey |
getMasterKey(String provider,
String keyId)
Returns a
JceMasterKey corresponding to the entry in the KeyStore with the
specified alias and compatible algorithm. |
List<JceMasterKey> |
getMasterKeysForEncryption(MasterKeyRequest request)
Returns
JceMasterKeys corresponding to the aliasNames passed into the
constructor. |
buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKeypublic KeyStoreProvider(KeyStore keystore, KeyStore.ProtectionParameter protection, String providerName, String wrappingAlgorithm)
wrappingAlgorithm which will work for
decrypt only.public KeyStoreProvider(KeyStore keystore, KeyStore.ProtectionParameter protection, String providerName, String wrappingAlgorithm, String... aliasNames)
wrappingAlgorithm which will encrypt data to
the keys specified by aliasNames.public JceMasterKey getMasterKey(String provider, String keyId) throws UnsupportedProviderException, NoSuchMasterKeyException
JceMasterKey corresponding to the entry in the KeyStore with the
specified alias and compatible algorithm.getMasterKey in class MasterKeyProvider<JceMasterKey>UnsupportedProviderException - if this object cannot return MasterKeys associated
with the given providerNoSuchMasterKeyException - if this object cannot find (and thus construct) the MasterKey associated with keyIdpublic String getDefaultProviderId()
getDefaultProviderId in class MasterKeyProvider<JceMasterKey>public List<JceMasterKey> getMasterKeysForEncryption(MasterKeyRequest request)
JceMasterKeys corresponding to the aliasNames passed into the
constructor.getMasterKeysForEncryption in class MasterKeyProvider<JceMasterKey>public DataKey<JceMasterKey> decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) throws UnsupportedProviderException, AwsCryptoException
encryptedDataKeys by first iterating through all aliasNames specified in the constructor and then over all other compatible keys in
the KeyStore. This includes TrustedCertificates as well as standard key
entries.decryptDataKey in class MasterKeyProvider<JceMasterKey>nullUnsupportedProviderException - if the encryptedDataKey is associated with an
unsupported providerCannotUnwrapDataKeyException - if the encryptedDataKey cannot be decryptedAwsCryptoExceptionCopyright © 2023. All rights reserved.