AwsKmsMrkAwareMasterKey (aws-encryption-sdk-java 2.4.1 API)

java.lang.Object
- com.amazonaws.encryptionsdk.MasterKeyProvider<K>
- - com.amazonaws.encryptionsdk.MasterKey<AwsKmsMrkAwareMasterKey>
  - - com.amazonaws.encryptionsdk.kms.AwsKmsMrkAwareMasterKey

All Implemented Interfaces:

KmsMethods
```
public final class AwsKmsMrkAwareMasterKey
extends MasterKey<AwsKmsMrkAwareMasterKey>
implements KmsMethods
```
Represents a single Aws KMS key and is used to encrypt/decrypt data with AwsCrypto. This key may be a multi region key, in which case this component is able to recognize different regional replicas of this multi region key as the same.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`addGrantToken(String grantToken)` Adds `grantToken` to the list of grantTokens sent to KMS when this class calls it.
`DataKey<AwsKmsMrkAwareMasterKey>`	`decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)` Will attempt to decrypt if awsKmsArnMatchForDecrypt returns true in `AwsKmsMrkAwareMasterKey#filterEncryptedDataKeys(String, AwsKmsCmkArnInfo, EncryptedDataKey)`.
`DataKey<AwsKmsMrkAwareMasterKey>`	`encryptDataKey(CryptoAlgorithm algorithm, Map<String,String> encryptionContext, DataKey<?> dataKey)` Returns a new copy of the provided `dataKey` which is protected by this `MasterKey` for use with `algorithm` and associated with the provided `encryptionContext`.
`DataKey<AwsKmsMrkAwareMasterKey>`	`generateDataKey(CryptoAlgorithm algorithm, Map<String,String> encryptionContext)` This is identical behavior to
`List<String>`	`getGrantTokens()` Returns the grantTokens which this object sends to KMS when calling it.
`String`	`getKeyId()`
`String`	`getProviderId()`
`void`	`setGrantTokens(List<String> grantTokens)` Clears and sets all grant tokens on this instance.

Methods inherited from class com.amazonaws.encryptionsdk.MasterKey
canProvide, equals, getDefaultProviderId, getMasterKey, getMasterKeysForEncryption, hashCode, toString

Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider
buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, getMasterKey

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

- Method Detail
  - getProviderId
```
public String getProviderId()
```
    Specified by:
    
    getProviderId in class MasterKey<AwsKmsMrkAwareMasterKey>
  - getKeyId
```
public String getKeyId()
```
    Specified by:
    
    getKeyId in class MasterKey<AwsKmsMrkAwareMasterKey>
  - setGrantTokens
```
public void setGrantTokens(List<String> grantTokens)
```
    Clears and sets all grant tokens on this instance. This is not thread safe.
    
    Specified by:
    
    setGrantTokens in interface KmsMethods
  - getGrantTokens
```
public List<String> getGrantTokens()
```
    Description copied from interface: KmsMethods
    
    Returns the grantTokens which this object sends to KMS when calling it.
    
    Specified by:
    
    getGrantTokens in interface KmsMethods
  - addGrantToken
```
public void addGrantToken(String grantToken)
```
    Description copied from interface: KmsMethods
    
    Adds grantToken to the list of grantTokens sent to KMS when this class calls it.
    
    Specified by:
    
    addGrantToken in interface KmsMethods
  - generateDataKey
```
public DataKey<AwsKmsMrkAwareMasterKey> generateDataKey(CryptoAlgorithm algorithm,
                                                        Map<String,String> encryptionContext)
```
    This is identical behavior to
    
    Specified by:
    
    generateDataKey in class MasterKey<AwsKmsMrkAwareMasterKey>
    
    See Also:
    
    KmsMasterKey.generateDataKey(CryptoAlgorithm, Map)
  - encryptDataKey
```
public DataKey<AwsKmsMrkAwareMasterKey> encryptDataKey(CryptoAlgorithm algorithm,
                                                       Map<String,String> encryptionContext,
                                                       DataKey<?> dataKey)
```
    Description copied from class: MasterKey
    
    Returns a new copy of the provided dataKey which is protected by this MasterKey for use with algorithm and associated with the provided encryptionContext.
    
    Specified by:
    
    encryptDataKey in class MasterKey<AwsKmsMrkAwareMasterKey>
    
    See Also:
    
    KmsMasterKey.encryptDataKey(CryptoAlgorithm, Map, DataKey)
  - decryptDataKey
```
public DataKey<AwsKmsMrkAwareMasterKey> decryptDataKey(CryptoAlgorithm algorithm,
                                                       Collection<? extends EncryptedDataKey> encryptedDataKeys,
                                                       Map<String,String> encryptionContext)
                                                throws AwsCryptoException
```
    Will attempt to decrypt if awsKmsArnMatchForDecrypt returns true in AwsKmsMrkAwareMasterKey#filterEncryptedDataKeys(String, AwsKmsCmkArnInfo, EncryptedDataKey). An extension of KmsMasterKey.decryptDataKey(CryptoAlgorithm, Collection, Map) but with an awareness of the properties of multi-Region keys.
    
    Specified by:
    
    decryptDataKey in class MasterKeyProvider<AwsKmsMrkAwareMasterKey>
    
    Returns:
    
    a DataKey if one can be decrypted, otherwise returns null
    
    Throws:
    
    UnsupportedProviderException - if the encryptedDataKey is associated with an unsupported provider
    
    CannotUnwrapDataKeyException - if the encryptedDataKey cannot be decrypted
    
    AwsCryptoException

Class AwsKmsMrkAwareMasterKey

Method Summary

Methods inherited from class com.amazonaws.encryptionsdk.MasterKey

Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider

Methods inherited from class java.lang.Object

Method Detail

getProviderId

getKeyId

setGrantTokens

getGrantTokens

addGrantToken

generateDataKey

encryptDataKey

decryptDataKey