com.amazonaws.services.s3.internal.crypto

Class S3CryptoModuleBase<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>

java.lang.Object

com.amazonaws.services.s3.internal.crypto.S3CryptoModule<T>

com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase<T>

Type Parameters:

T - class type.

Deprecated.

See AmazonS3EncryptionClient for further details.

@Deprecated
public abstract class S3CryptoModuleBase<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>
extends S3CryptoModule<T>

Common implementation for different S3 cryptographic modules.

Field Summary

Fields

Modifier and Type	Field and Description
protected com.amazonaws.services.s3.internal.crypto.ContentCryptoScheme	contentCryptoScheme Deprecated.
protected CryptoConfiguration	cryptoConfig Deprecated. A read-only copy of the crypto configuration.
protected com.amazonaws.services.s3.internal.crypto.S3CryptoScheme	cryptoScheme Deprecated.
protected static int	DEFAULT_BUFFER_SIZE Deprecated.
protected EncryptionMaterialsProvider	kekMaterialsProvider Deprecated.
protected com.amazonaws.services.kms.AWSKMSClient	kms Deprecated.
protected com.amazonaws.logging.Log	log Deprecated.
protected java.util.Map<java.lang.String,T>	multipartUploadContexts Deprecated. Map of data about in progress encrypted multipart uploads.
protected S3Direct	s3 Deprecated.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	S3CryptoModuleBase(com.amazonaws.services.kms.AWSKMSClient kms, S3Direct s3, com.amazonaws.auth.AWSCredentialsProvider credentialsProvider, EncryptionMaterialsProvider kekMaterialsProvider, CryptoConfiguration cryptoConfig) Deprecated.
protected	S3CryptoModuleBase(S3Direct s3, com.amazonaws.auth.AWSCredentialsProvider credentialsProvider, EncryptionMaterialsProvider kekMaterialsProvider, CryptoConfiguration cryptoConfig) Deprecated. For testing purposes only.

Method Summary

Modifier and Type	Method and Description
void	abortMultipartUploadSecurely(AbortMultipartUploadRequest req) Deprecated.
protected abstract long	ciphertextLength(long plaintextLength) Deprecated. Returns the length of the ciphertext computed from the length of the plaintext.
CompleteMultipartUploadResult	completeMultipartUploadSecurely(CompleteMultipartUploadRequest req) Deprecated.
CopyPartResult	copyPartSecurely(CopyPartRequest copyPartRequest) Deprecated.
protected com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial	createContentCryptoMaterial(com.amazonaws.AmazonWebServiceRequest req) Deprecated. Creates and returns a non-null content crypto material for the given request.
protected PutObjectRequest	createInstructionPutRequest(java.lang.String bucketName, java.lang.String key, com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial) Deprecated.
protected javax.crypto.SecretKey	generateCEK(EncryptionMaterials kekMaterials, java.security.Provider providerIn) Deprecated.
com.amazonaws.services.s3.internal.crypto.S3CryptoScheme	getS3CryptoScheme() Deprecated.
InitiateMultipartUploadResult	initiateMultipartUploadSecurely(InitiateMultipartUploadRequest req) Deprecated.
protected CipherLiteInputStream	newMultipartS3CipherInputStream(UploadPartRequest req, com.amazonaws.services.s3.internal.crypto.CipherLite cipherLite) Deprecated.
protected long	plaintextLength(AbstractPutObjectRequest request, ObjectMetadata metadata) Deprecated. Returns the plaintext length from the request and metadata; or -1 if unknown.
PutObjectResult	putInstructionFileSecurely(PutInstructionFileRequest req) Deprecated.
void	putLocalObjectSecurely(UploadObjectRequest reqIn, java.lang.String uploadId, java.io.OutputStream os) Deprecated.
PutObjectResult	putObjectSecurely(PutObjectRequest req) Deprecated.
protected void	securityCheck(com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial, com.amazonaws.services.s3.internal.crypto.S3ObjectWrapper retrieved) Deprecated. Checks if the the crypto scheme used in the given content crypto material is allowed to be used in this crypto module.
protected PutObjectRequest	updateInstructionPutRequest(PutObjectRequest req, com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial) Deprecated. Updates put request to store the specified instruction object in S3.
protected ObjectMetadata	updateMetadataWithContentCryptoMaterial(ObjectMetadata metadata, java.io.File file, com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial instruction) Deprecated.
UploadPartResult	uploadPartSecurely(UploadPartRequest req) Deprecated.
protected <R extends AbstractPutObjectRequest> R	wrapWithCipher(R request, com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial) Deprecated. Returns the given PutObjectRequest but has the content as input stream wrapped with a cipher, and configured with some meta data and user metadata.

Methods inherited from class com.amazonaws.services.s3.internal.crypto.S3CryptoModule

getObjectSecurely, getObjectSecurely

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_BUFFER_SIZE

protected static final int DEFAULT_BUFFER_SIZE

Deprecated.

See Also:

Constant Field Values

kekMaterialsProvider

protected final EncryptionMaterialsProvider kekMaterialsProvider

Deprecated.

log

protected final com.amazonaws.logging.Log log

Deprecated.

cryptoScheme

protected final com.amazonaws.services.s3.internal.crypto.S3CryptoScheme cryptoScheme

Deprecated.

contentCryptoScheme

protected final com.amazonaws.services.s3.internal.crypto.ContentCryptoScheme contentCryptoScheme

Deprecated.

cryptoConfig

protected final CryptoConfiguration cryptoConfig

Deprecated.

A read-only copy of the crypto configuration.

multipartUploadContexts

protected final java.util.Map<java.lang.String,T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext> multipartUploadContexts

Deprecated.

Map of data about in progress encrypted multipart uploads.

s3

protected final S3Direct s3

Deprecated.

kms

protected final com.amazonaws.services.kms.AWSKMSClient kms

Deprecated.

Constructor Detail

S3CryptoModuleBase

protected S3CryptoModuleBase(com.amazonaws.services.kms.AWSKMSClient kms,
                             S3Direct s3,
                             com.amazonaws.auth.AWSCredentialsProvider credentialsProvider,
                             EncryptionMaterialsProvider kekMaterialsProvider,
                             CryptoConfiguration cryptoConfig)

Deprecated.

Parameters:

cryptoConfig - a read-only copy of the crypto configuration.

S3CryptoModuleBase

protected S3CryptoModuleBase(S3Direct s3,
                             com.amazonaws.auth.AWSCredentialsProvider credentialsProvider,
                             EncryptionMaterialsProvider kekMaterialsProvider,
                             CryptoConfiguration cryptoConfig)

Deprecated.

For testing purposes only.

Method Detail

ciphertextLength

protected abstract long ciphertextLength(long plaintextLength)

Deprecated.

Returns the length of the ciphertext computed from the length of the plaintext.

Parameters:

plaintextLength - a non-negative number

Returns:

a non-negative number

putObjectSecurely

public PutObjectResult putObjectSecurely(PutObjectRequest req)

Deprecated.

Specified by:

putObjectSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>

Parameters:

req - the PutObjectRequest.

Returns:

the result of the putting the S3 object.

abortMultipartUploadSecurely

public final void abortMultipartUploadSecurely(AbortMultipartUploadRequest req)

Deprecated.

Specified by:

abortMultipartUploadSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>

Parameters:

req - the AbortMultipartUploadRequest.

copyPartSecurely

public final CopyPartResult copyPartSecurely(CopyPartRequest copyPartRequest)

Deprecated.

Specified by:

copyPartSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>

Parameters:

copyPartRequest - the CopyPartRequest.

Returns:

the CopyPartResult.

initiateMultipartUploadSecurely

public InitiateMultipartUploadResult initiateMultipartUploadSecurely(InitiateMultipartUploadRequest req)

Deprecated.

Specified by:

initiateMultipartUploadSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>

Parameters:

req - the InitiateMultipartUploadRequest.

Returns:

the InitiateMultipartUploadResult.

uploadPartSecurely

public UploadPartResult uploadPartSecurely(UploadPartRequest req)

Deprecated.

NOTE: Because the encryption process requires context from previous blocks, parts uploaded with the AmazonS3EncryptionClient (as opposed to the normal AmazonS3Client) must be uploaded serially, and in order. Otherwise, the previous encryption context isn't available to use when encrypting the current part.

Specified by:

uploadPartSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>

Parameters:

req - the UploadPartRequest.

Returns:

the UploadPartResult.

newMultipartS3CipherInputStream

protected final CipherLiteInputStream newMultipartS3CipherInputStream(UploadPartRequest req,
                                                                      com.amazonaws.services.s3.internal.crypto.CipherLite cipherLite)

Deprecated.

completeMultipartUploadSecurely

public CompleteMultipartUploadResult completeMultipartUploadSecurely(CompleteMultipartUploadRequest req)

Deprecated.

Specified by:

completeMultipartUploadSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>

Parameters:

req - the CompleteMultipartUploadRequest.

Returns:

the CompleteMultipartUploadResult.

updateMetadataWithContentCryptoMaterial

protected final ObjectMetadata updateMetadataWithContentCryptoMaterial(ObjectMetadata metadata,
                                                                       java.io.File file,
                                                                       com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial instruction)

Deprecated.

createContentCryptoMaterial

protected final com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial createContentCryptoMaterial(com.amazonaws.AmazonWebServiceRequest req)

Deprecated.

Creates and returns a non-null content crypto material for the given request.

Throws:

com.amazonaws.AmazonClientException - if no encryption material can be found.

putLocalObjectSecurely

public final void putLocalObjectSecurely(UploadObjectRequest reqIn,
                                         java.lang.String uploadId,
                                         java.io.OutputStream os)
                                  throws java.io.IOException

Deprecated.

Specified by:

putLocalObjectSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>

Parameters:

reqIn - the UploadObjectRequest.

uploadId - multipart upload id.

os - output stream which will be closed upon method completion.

Throws:

java.io.IOException

generateCEK

protected final javax.crypto.SecretKey generateCEK(EncryptionMaterials kekMaterials,
                                                   java.security.Provider providerIn)

Deprecated.

Parameters:

kekMaterials - non-null encryption materials

wrapWithCipher

protected final <R extends AbstractPutObjectRequest> R wrapWithCipher(R request,
                                                                      com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial)

Deprecated.

Returns the given PutObjectRequest but has the content as input stream wrapped with a cipher, and configured with some meta data and user metadata.

plaintextLength

protected final long plaintextLength(AbstractPutObjectRequest request,
                                     ObjectMetadata metadata)

Deprecated.

Returns the plaintext length from the request and metadata; or -1 if unknown.

getS3CryptoScheme

public final com.amazonaws.services.s3.internal.crypto.S3CryptoScheme getS3CryptoScheme()

Deprecated.

updateInstructionPutRequest

protected final PutObjectRequest updateInstructionPutRequest(PutObjectRequest req,
                                                             com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial)

Deprecated.

Updates put request to store the specified instruction object in S3.

Parameters:

req - The put-instruction-file request for the instruction file to be stored in S3.

cekMaterial - The instruction object to be stored in S3.

Returns:

A put request to store the specified instruction object in S3.

createInstructionPutRequest

protected final PutObjectRequest createInstructionPutRequest(java.lang.String bucketName,
                                                             java.lang.String key,
                                                             com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial)

Deprecated.

securityCheck

protected void securityCheck(com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial,
                             com.amazonaws.services.s3.internal.crypto.S3ObjectWrapper retrieved)

Deprecated.

Checks if the the crypto scheme used in the given content crypto material is allowed to be used in this crypto module. Default is no-op. Subclass may override.

Throws:

java.lang.SecurityException - if the crypto scheme used in the given content crypto material is not allowed in this crypto module.

putInstructionFileSecurely

public final PutObjectResult putInstructionFileSecurely(PutInstructionFileRequest req)

Deprecated.

Specified by:

putInstructionFileSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>

Parameters:

req - the PutInstructionFileRequest.

Returns:

the result of putting the instruction file in S3; or null if the specified S3 object doesn't exist. The S3 object can be subsequently retrieved using the new instruction file via the usual get operation by specifying a EncryptedGetObjectRequest.