Package com.amazonaws.encryptionsdk.kms
Class KmsMasterKeyProvider
- java.lang.Object
-
- com.amazonaws.encryptionsdk.MasterKeyProvider<KmsMasterKey>
-
- com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider
-
- All Implemented Interfaces:
KmsMethods
public class KmsMasterKeyProvider extends MasterKeyProvider<KmsMasterKey> implements KmsMethods
ProvidesMasterKey
s backed by the AWS Key Management Service. This object is regional and if you want to use keys from multiple regions, you'll need multiple copies of this object.This component is not multi-Region key aware, and will treat every AWS KMS identifier as regionally isolated.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
KmsMasterKeyProvider.Builder
static interface
KmsMasterKeyProvider.RegionalClientSupplier
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
addGrantToken(String grantToken)
Deprecated.This method is inherently not thread safe.static KmsMasterKeyProvider.Builder
builder()
DataKey<KmsMasterKey>
decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)
Iterates throughencryptedDataKeys
and returns the first one which can be successfully decrypted.String
getDefaultProviderId()
Returns "aws-kms"List<String>
getGrantTokens()
Returns the grantTokens which this object sends to KMS when calling it.KmsMasterKey
getMasterKey(String provider, String keyId)
Returns the specifiedMasterKey
if possible.List<KmsMasterKey>
getMasterKeysForEncryption(MasterKeyRequest request)
Returns all CMKs provided to the constructor of this object.void
setGrantTokens(List<String> grantTokens)
Deprecated.This method is inherently not thread safe.KmsMasterKeyProvider
withGrantTokens(String... grantTokens)
Returns a newKmsMasterKeyProvider
that is configured identically to this one, except with the given list of grant tokens.KmsMasterKeyProvider
withGrantTokens(List<String> grantTokens)
Returns a newKmsMasterKeyProvider
that is configured identically to this one, except with the given list of grant tokens.-
Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider
buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKey
-
-
-
-
Method Detail
-
builder
public static KmsMasterKeyProvider.Builder builder()
-
getDefaultProviderId
public String getDefaultProviderId()
Returns "aws-kms"- Specified by:
getDefaultProviderId
in classMasterKeyProvider<KmsMasterKey>
-
getMasterKey
public KmsMasterKey getMasterKey(String provider, String keyId) throws UnsupportedProviderException, NoSuchMasterKeyException
Description copied from class:MasterKeyProvider
Returns the specifiedMasterKey
if possible.- Specified by:
getMasterKey
in classMasterKeyProvider<KmsMasterKey>
- Returns:
- Throws:
UnsupportedProviderException
- if this object cannot returnMasterKey
s associated with the given providerNoSuchMasterKeyException
- if this object cannot find (and thus construct) theMasterKey
associated withkeyId
-
getMasterKeysForEncryption
public List<KmsMasterKey> getMasterKeysForEncryption(MasterKeyRequest request)
Returns all CMKs provided to the constructor of this object.- Specified by:
getMasterKeysForEncryption
in classMasterKeyProvider<KmsMasterKey>
-
decryptDataKey
public DataKey<KmsMasterKey> decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) throws AwsCryptoException
Description copied from class:MasterKeyProvider
Iterates throughencryptedDataKeys
and returns the first one which can be successfully decrypted.- Specified by:
decryptDataKey
in classMasterKeyProvider<KmsMasterKey>
- Returns:
- a DataKey if one can be decrypted, otherwise returns
null
- Throws:
UnsupportedProviderException
- if theencryptedDataKey
is associated with an unsupported providerCannotUnwrapDataKeyException
- if theencryptedDataKey
cannot be decryptedAwsCryptoException
-
setGrantTokens
@Deprecated public void setGrantTokens(List<String> grantTokens)
Deprecated.This method is inherently not thread safe. UseKmsMasterKey.setGrantTokens(List)
instead.KmsMasterKeyProvider
s constructed using the builder will throw an exception on attempts to modify the list of grant tokens.Description copied from interface:KmsMethods
Sets thegrantTokens
which should be submitted to KMS when calling it.- Specified by:
setGrantTokens
in interfaceKmsMethods
-
getGrantTokens
public List<String> getGrantTokens()
Description copied from interface:KmsMethods
Returns the grantTokens which this object sends to KMS when calling it.- Specified by:
getGrantTokens
in interfaceKmsMethods
-
addGrantToken
@Deprecated public void addGrantToken(String grantToken)
Deprecated.This method is inherently not thread safe. UsewithGrantTokens(List)
orKmsMasterKey.setGrantTokens(List)
instead.KmsMasterKeyProvider
s constructed using the builder will throw an exception on attempts to modify the list of grant tokens.Description copied from interface:KmsMethods
AddsgrantToken
to the list of grantTokens sent to KMS when this class calls it.- Specified by:
addGrantToken
in interfaceKmsMethods
-
withGrantTokens
public KmsMasterKeyProvider withGrantTokens(List<String> grantTokens)
Returns a newKmsMasterKeyProvider
that is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).- Parameters:
grantTokens
-- Returns:
-
withGrantTokens
public KmsMasterKeyProvider withGrantTokens(String... grantTokens)
Returns a newKmsMasterKeyProvider
that is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).- Parameters:
grantTokens
-- Returns:
-
-