public final class AwsKmsMrkAwareMasterKeyProvider extends MasterKeyProvider<AwsKmsMrkAwareMasterKey>
AwsCrypto. Some
of these keys may be multi region keys, in which case this component is able to recognize
different regional replicas of this multi region key as the same.| Modifier and Type | Class and Description |
|---|---|
static class |
AwsKmsMrkAwareMasterKeyProvider.Builder |
| Modifier and Type | Method and Description |
|---|---|
static AwsKmsMrkAwareMasterKeyProvider.Builder |
builder() |
DataKey<AwsKmsMrkAwareMasterKey> |
decryptDataKey(CryptoAlgorithm algorithm,
Collection<? extends EncryptedDataKey> encryptedDataKeys,
Map<String,String> encryptionContext)
Iterates through
encryptedDataKeys and returns the first one which can be successfully
decrypted. |
String |
getDefaultProviderId()
Returns "aws-kms"
|
List<String> |
getGrantTokens() |
AwsKmsMrkAwareMasterKey |
getMasterKey(String providerId,
String requestedKeyArn)
Added flexibility in matching multi-Region keys from different regions.
|
List<AwsKmsMrkAwareMasterKey> |
getMasterKeysForEncryption(MasterKeyRequest request)
Returns all CMKs provided to the constructor of this object.
|
AwsKmsMrkAwareMasterKeyProvider |
withGrantTokens(List<String> grantTokens)
Returns a new
AwsKmsMrkAwareMasterKeyProvider that is configured identically to this
one, except with the given list of grant tokens. |
AwsKmsMrkAwareMasterKeyProvider |
withGrantTokens(String... grantTokens)
Returns a new
AwsKmsMrkAwareMasterKeyProvider that is configured identically to this
one, except with the given list of grant tokens. |
buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKeypublic static AwsKmsMrkAwareMasterKeyProvider.Builder builder()
public String getDefaultProviderId()
getDefaultProviderId in class MasterKeyProvider<AwsKmsMrkAwareMasterKey>public AwsKmsMrkAwareMasterKey getMasterKey(String providerId, String requestedKeyArn) throws UnsupportedProviderException, NoSuchMasterKeyException
getMasterKey in class MasterKeyProvider<AwsKmsMrkAwareMasterKey>UnsupportedProviderException - if this object cannot return MasterKeys associated
with the given providerNoSuchMasterKeyException - if this object cannot find (and thus construct) the MasterKey associated with keyIdMasterKey.getMasterKey(String, String)public List<AwsKmsMrkAwareMasterKey> getMasterKeysForEncryption(MasterKeyRequest request)
getMasterKeysForEncryption in class MasterKeyProvider<AwsKmsMrkAwareMasterKey>MasterKey.getMasterKeysForEncryption(MasterKeyRequest)public DataKey<AwsKmsMrkAwareMasterKey> decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext) throws AwsCryptoException
MasterKeyProviderencryptedDataKeys and returns the first one which can be successfully
decrypted.decryptDataKey in class MasterKeyProvider<AwsKmsMrkAwareMasterKey>nullAwsCryptoExceptionUnsupportedProviderException - if the encryptedDataKey is associated with an
unsupported providerCannotUnwrapDataKeyException - if the encryptedDataKey cannot be decryptedKmsMasterKey.decryptDataKey(CryptoAlgorithm, Collection, Map)public AwsKmsMrkAwareMasterKeyProvider withGrantTokens(List<String> grantTokens)
AwsKmsMrkAwareMasterKeyProvider that is configured identically to this
one, except with the given list of grant tokens. The grant token list in the returned provider
is immutable (but can be further overridden by invoking withGrantTokens again).public AwsKmsMrkAwareMasterKeyProvider withGrantTokens(String... grantTokens)
AwsKmsMrkAwareMasterKeyProvider that is configured identically to this
one, except with the given list of grant tokens. The grant token list in the returned provider
is immutable (but can be further overridden by invoking withGrantTokens again).Copyright © 2023. All rights reserved.