com.amazonaws.encryptionsdk.kmssdkv2

Class KmsMasterKeyProvider.Builder

java.lang.Object

com.amazonaws.encryptionsdk.kmssdkv2.KmsMasterKeyProvider.Builder

All Implemented Interfaces:

Cloneable

Enclosing class:

KmsMasterKeyProvider

public static class KmsMasterKeyProvider.Builder
extends Object
implements Cloneable

Method Summary

Modifier and Type	Method and Description
KmsMasterKeyProvider	buildDiscovery() Builds the master key provider in Discovery Mode.
KmsMasterKeyProvider	buildDiscovery(DiscoveryFilter filter) Builds the master key provider in Discovery Mode with a DiscoveryFilter.
KmsMasterKeyProvider.Builder	builderSupplier(Supplier<software.amazon.awssdk.services.kms.KmsClientBuilder> supplier) Configures the KmsMasterKeyProvider to use settings from this KmsClientBuilder to configure KMS clients.
KmsMasterKeyProvider	buildStrict(List<String> keyIds) Builds the master key provider in Strict Mode.
KmsMasterKeyProvider	buildStrict(String... keyIds) Builds the master key provider in strict mode.
KmsMasterKeyProvider.Builder	clone()
KmsMasterKeyProvider.Builder	customRegionalClientSupplier(RegionalClientSupplier regionalClientSupplier) Provides a custom factory function that will vend KMS clients.
KmsMasterKeyProvider.Builder	defaultRegion(software.amazon.awssdk.regions.Region defaultRegion) Sets the default region.
protected void	snoopClientCache(ConcurrentHashMap<software.amazon.awssdk.regions.Region,software.amazon.awssdk.services.kms.KmsClient> map)

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

clone

public KmsMasterKeyProvider.Builder clone()

Overrides:

clone in class Object

defaultRegion

public KmsMasterKeyProvider.Builder defaultRegion(software.amazon.awssdk.regions.Region defaultRegion)

Sets the default region. This region will be used when specifying key IDs for encryption or in MasterKeyProvider.getMasterKey(String) that are not full ARNs, but are instead bare key IDs or aliases.

If the default region is not specified, only full key ARNs will be usable.

Parameters:

defaultRegion - The default region to use.

Returns:

customRegionalClientSupplier

public KmsMasterKeyProvider.Builder customRegionalClientSupplier(RegionalClientSupplier regionalClientSupplier)

Provides a custom factory function that will vend KMS clients. This is provided for advanced use cases which require complete control over the client construction process.

Because the regional client supplier fully controls the client construction process, it is not possible to configure the client through methods such as builderSupplier(Supplier); if you try to use these in combination, an IllegalStateException will be thrown.

Note: The AWS Encryption SDK for Java does not support the KmsAsyncClient interface.

Parameters:

regionalClientSupplier -

Returns:

builderSupplier

public KmsMasterKeyProvider.Builder builderSupplier(Supplier<software.amazon.awssdk.services.kms.KmsClientBuilder> supplier)

Configures the KmsMasterKeyProvider to use settings from this KmsClientBuilder to configure KMS clients. Note that the region set on this builder will be ignored, but all other settings will be propagated into the regional clients.

Trying to use this method in combination with customRegionalClientSupplier(RegionalClientSupplier) will cause an IllegalStateException to be thrown.

Note: The AWS Encryption SDK for Java does not support the KmsAsyncClient interface.

Parameters:

supplier - Should return a new KmsClientBuilder on each invocation.

Returns:

buildDiscovery

public KmsMasterKeyProvider buildDiscovery()

Builds the master key provider in Discovery Mode. In Discovery Mode the KMS Master Key Provider will attempt to decrypt using any key identifier it discovers in the encrypted message. KMS Master Key Providers in Discovery Mode will not encrypt data keys.

Returns:

buildDiscovery

public KmsMasterKeyProvider buildDiscovery(DiscoveryFilter filter)

Builds the master key provider in Discovery Mode with a DiscoveryFilter. In Discovery Mode the KMS Master Key Provider will attempt to decrypt using any key identifier it discovers in the encrypted message that is accepted by the filter. KMS Master Key Providers in Discovery Mode will not encrypt data keys.

Parameters:

filter -

Returns:

buildStrict

public KmsMasterKeyProvider buildStrict(List<String> keyIds)

Builds the master key provider in Strict Mode. KMS Master Key Providers in Strict Mode will only attempt to decrypt using key ARNs listed in keyIds. KMS Master Key Providers in Strict Mode will encrypt data keys using the keys listed in keyIds

In Strict Mode, one or more CMKs must be provided. For providers that will only be used for encryption, you can use any valid KMS key identifier. For providers that will be used for decryption, you must use the key ARN; key ids, alias names, and alias ARNs are not supported.

Parameters:

keyIds -

Returns:

buildStrict

public KmsMasterKeyProvider buildStrict(String... keyIds)

Builds the master key provider in strict mode. KMS Master Key Providers in Strict Mode will only attempt to decrypt using key ARNs listed in keyIds. KMS Master Key Providers in Strict Mode will encrypt data keys using the keys listed in keyIds

In Strict Mode, one or more CMKs must be provided. For providers that will only be used for encryption, you can use any valid KMS key identifier. For providers that will be used for decryption, you must use the key ARN; key ids, alias names, and alias ARNs are not supported.

Parameters:

keyIds -

Returns:

snoopClientCache

protected void snoopClientCache(ConcurrentHashMap<software.amazon.awssdk.regions.Region,software.amazon.awssdk.services.kms.KmsClient> map)