Package com.amazonaws.encryptionsdk.kms
Class KmsMasterKeyProvider
- java.lang.Object
-
- com.amazonaws.encryptionsdk.MasterKeyProvider<KmsMasterKey>
-
- com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider
-
- All Implemented Interfaces:
KmsMethods
public class KmsMasterKeyProvider extends MasterKeyProvider<KmsMasterKey> implements KmsMethods
ProvidesMasterKeys backed by the AWS Key Management Service. This object is regional and if you want to use keys from multiple regions, you'll need multiple copies of this object.This component is not multi-Region key aware, and will treat every AWS KMS identifier as regionally isolated.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classKmsMasterKeyProvider.Builderstatic interfaceKmsMasterKeyProvider.RegionalClientSupplier
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description voidaddGrantToken(String grantToken)Deprecated.This method is inherently not thread safe.static KmsMasterKeyProvider.Builderbuilder()DataKey<KmsMasterKey>decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)Iterates throughencryptedDataKeysand returns the first one which can be successfully decrypted.StringgetDefaultProviderId()Returns "aws-kms"List<String>getGrantTokens()Returns the grantTokens which this object sends to KMS when calling it.KmsMasterKeygetMasterKey(String provider, String keyId)Returns the specifiedMasterKeyif possible.List<KmsMasterKey>getMasterKeysForEncryption(MasterKeyRequest request)Returns all CMKs provided to the constructor of this object.voidsetGrantTokens(List<String> grantTokens)Deprecated.This method is inherently not thread safe.KmsMasterKeyProviderwithGrantTokens(String... grantTokens)Returns a newKmsMasterKeyProviderthat is configured identically to this one, except with the given list of grant tokens.KmsMasterKeyProviderwithGrantTokens(List<String> grantTokens)Returns a newKmsMasterKeyProviderthat is configured identically to this one, except with the given list of grant tokens.-
Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider
buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKey
-
-
-
-
Method Detail
-
builder
public static KmsMasterKeyProvider.Builder builder()
-
getDefaultProviderId
public String getDefaultProviderId()
Returns "aws-kms"- Specified by:
getDefaultProviderIdin classMasterKeyProvider<KmsMasterKey>
-
getMasterKey
public KmsMasterKey getMasterKey(String provider, String keyId) throws UnsupportedProviderException, NoSuchMasterKeyException
Description copied from class:MasterKeyProviderReturns the specifiedMasterKeyif possible.- Specified by:
getMasterKeyin classMasterKeyProvider<KmsMasterKey>- Returns:
- Throws:
UnsupportedProviderException- if this object cannot returnMasterKeys associated with the given providerNoSuchMasterKeyException- if this object cannot find (and thus construct) theMasterKeyassociated withkeyId
-
getMasterKeysForEncryption
public List<KmsMasterKey> getMasterKeysForEncryption(MasterKeyRequest request)
Returns all CMKs provided to the constructor of this object.- Specified by:
getMasterKeysForEncryptionin classMasterKeyProvider<KmsMasterKey>
-
decryptDataKey
public DataKey<KmsMasterKey> decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) throws AwsCryptoException
Description copied from class:MasterKeyProviderIterates throughencryptedDataKeysand returns the first one which can be successfully decrypted.- Specified by:
decryptDataKeyin classMasterKeyProvider<KmsMasterKey>- Returns:
- a DataKey if one can be decrypted, otherwise returns
null - Throws:
UnsupportedProviderException- if theencryptedDataKeyis associated with an unsupported providerCannotUnwrapDataKeyException- if theencryptedDataKeycannot be decryptedAwsCryptoException
-
setGrantTokens
@Deprecated public void setGrantTokens(List<String> grantTokens)
Deprecated.This method is inherently not thread safe. UseKmsMasterKey.setGrantTokens(List)instead.KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.Description copied from interface:KmsMethodsSets thegrantTokenswhich should be submitted to KMS when calling it.- Specified by:
setGrantTokensin interfaceKmsMethods
-
getGrantTokens
public List<String> getGrantTokens()
Description copied from interface:KmsMethodsReturns the grantTokens which this object sends to KMS when calling it.- Specified by:
getGrantTokensin interfaceKmsMethods
-
addGrantToken
@Deprecated public void addGrantToken(String grantToken)
Deprecated.This method is inherently not thread safe. UsewithGrantTokens(List)orKmsMasterKey.setGrantTokens(List)instead.KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.Description copied from interface:KmsMethodsAddsgrantTokento the list of grantTokens sent to KMS when this class calls it.- Specified by:
addGrantTokenin interfaceKmsMethods
-
withGrantTokens
public KmsMasterKeyProvider withGrantTokens(List<String> grantTokens)
Returns a newKmsMasterKeyProviderthat is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).- Parameters:
grantTokens-- Returns:
-
withGrantTokens
public KmsMasterKeyProvider withGrantTokens(String... grantTokens)
Returns a newKmsMasterKeyProviderthat is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).- Parameters:
grantTokens-- Returns:
-
-