KmsMasterKeyProvider (aws-encryption-sdk-java 2.4.1 API)

java.lang.Object
- com.amazonaws.encryptionsdk.MasterKeyProvider<KmsMasterKey>
- - com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider

All Implemented Interfaces:

KmsMethods
```
public class KmsMasterKeyProvider
extends MasterKeyProvider<KmsMasterKey>
implements KmsMethods
```
Provides MasterKeys backed by the AWS Key Management Service. This object is regional and if you want to use keys from multiple regions, you'll need multiple copies of this object.
This component is not multi-Region key aware, and will treat every AWS KMS identifier as regionally isolated.

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class KmsMasterKeyProvider.Builder

static interface KmsMasterKeyProvider.RegionalClientSupplier

Nested Classes
Modifier and Type	Class and Description
`static class`	`KmsMasterKeyProvider.Builder`
`static interface`	`KmsMasterKeyProvider.RegionalClientSupplier`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`void`	`addGrantToken(String grantToken)` Deprecated. This method is inherently not thread safe. Use `withGrantTokens(List)` or `KmsMasterKey.setGrantTokens(List)` instead. `KmsMasterKeyProvider`s constructed using the builder will throw an exception on attempts to modify the list of grant tokens.
`static KmsMasterKeyProvider.Builder`	`builder()`
`DataKey<KmsMasterKey>`	`decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)` Iterates through `encryptedDataKeys` and returns the first one which can be successfully decrypted.
`String`	`getDefaultProviderId()` Returns "aws-kms"
`List<String>`	`getGrantTokens()` Returns the grantTokens which this object sends to KMS when calling it.
`KmsMasterKey`	`getMasterKey(String provider, String keyId)` Returns the specified `MasterKey` if possible.
`List<KmsMasterKey>`	`getMasterKeysForEncryption(MasterKeyRequest request)` Returns all CMKs provided to the constructor of this object.
`void`	`setGrantTokens(List<String> grantTokens)` Deprecated. This method is inherently not thread safe. Use `KmsMasterKey.setGrantTokens(List)` instead. `KmsMasterKeyProvider`s constructed using the builder will throw an exception on attempts to modify the list of grant tokens.
`KmsMasterKeyProvider`	`withGrantTokens(List<String> grantTokens)` Returns a new `KmsMasterKeyProvider` that is configured identically to this one, except with the given list of grant tokens.
`KmsMasterKeyProvider`	`withGrantTokens(String... grantTokens)` Returns a new `KmsMasterKeyProvider` that is configured identically to this one, except with the given list of grant tokens.

Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider
buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKey

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - builder
```
public static KmsMasterKeyProvider.Builder builder()
```
  - getDefaultProviderId
```
public String getDefaultProviderId()
```
    Returns "aws-kms"
    
    Specified by:
    
    getDefaultProviderId in class MasterKeyProvider<KmsMasterKey>
  - getMasterKey
```
public KmsMasterKey getMasterKey(String provider,
                                 String keyId)
                          throws UnsupportedProviderException,
                                 NoSuchMasterKeyException
```
    Description copied from class: MasterKeyProvider
    
    Returns the specified MasterKey if possible.
    
    Specified by:
    
    getMasterKey in class MasterKeyProvider<KmsMasterKey>
    
    Returns:
    
    Throws:
    
    UnsupportedProviderException - if this object cannot return MasterKeys associated with the given provider
    
    NoSuchMasterKeyException - if this object cannot find (and thus construct) the MasterKey associated with keyId
  - getMasterKeysForEncryption
```
public List<KmsMasterKey> getMasterKeysForEncryption(MasterKeyRequest request)
```
    Returns all CMKs provided to the constructor of this object.
    
    Specified by:
    
    getMasterKeysForEncryption in class MasterKeyProvider<KmsMasterKey>
  - decryptDataKey
```
public DataKey<KmsMasterKey> decryptDataKey(CryptoAlgorithm algorithm,
                                            Collection<? extends EncryptedDataKey> encryptedDataKeys,
                                            Map<String,String> encryptionContext)
                                     throws AwsCryptoException
```
    Description copied from class: MasterKeyProvider
    
    Iterates through encryptedDataKeys and returns the first one which can be successfully decrypted.
    
    Specified by:
    
    decryptDataKey in class MasterKeyProvider<KmsMasterKey>
    
    Returns:
    
    a DataKey if one can be decrypted, otherwise returns null
    
    Throws:
    
    UnsupportedProviderException - if the encryptedDataKey is associated with an unsupported provider
    
    CannotUnwrapDataKeyException - if the encryptedDataKey cannot be decrypted
    
    AwsCryptoException
  - setGrantTokens
```
@Deprecated
public void setGrantTokens(List<String> grantTokens)
```
    Deprecated. This method is inherently not thread safe. Use KmsMasterKey.setGrantTokens(List) instead. KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.
    
    Description copied from interface: KmsMethods
    
    Sets the grantTokens which should be submitted to KMS when calling it.
    
    Specified by:
    
    setGrantTokens in interface KmsMethods
  - getGrantTokens
```
public List<String> getGrantTokens()
```
    Description copied from interface: KmsMethods
    
    Returns the grantTokens which this object sends to KMS when calling it.
    
    Specified by:
    
    getGrantTokens in interface KmsMethods
  - addGrantToken
```
@Deprecated
public void addGrantToken(String grantToken)
```
    Deprecated. This method is inherently not thread safe. Use withGrantTokens(List) or KmsMasterKey.setGrantTokens(List) instead. KmsMasterKeyProviders constructed using the builder will throw an exception on attempts to modify the list of grant tokens.
    
    Description copied from interface: KmsMethods
    
    Adds grantToken to the list of grantTokens sent to KMS when this class calls it.
    
    Specified by:
    
    addGrantToken in interface KmsMethods
  - withGrantTokens
```
public KmsMasterKeyProvider withGrantTokens(List<String> grantTokens)
```
    Returns a new KmsMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).
    
    Parameters:
    
    grantTokens -
    
    Returns:
  - withGrantTokens
```
public KmsMasterKeyProvider withGrantTokens(String... grantTokens)
```
    Returns a new KmsMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).
    
    Parameters:
    
    grantTokens -
    
    Returns:

Class KmsMasterKeyProvider

Nested Class Summary

Method Summary

Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider

Methods inherited from class java.lang.Object

Method Detail

builder

getDefaultProviderId

getMasterKey

getMasterKeysForEncryption

decryptDataKey

setGrantTokens

getGrantTokens

addGrantToken

withGrantTokens

withGrantTokens