com.amazonaws.encryptionsdk.internal

Class DecryptionHandler<K extends MasterKey<K>>

java.lang.Object

com.amazonaws.encryptionsdk.internal.DecryptionHandler<K>

All Implemented Interfaces:

CryptoHandler, MessageCryptoHandler<K>

public class DecryptionHandler<K extends MasterKey<K>>
extends Object
implements MessageCryptoHandler<K>

This class implements the CryptoHandler interface by providing methods for the decryption of ciphertext produced by the methods in EncryptionHandler.

This class reads and parses the values in the ciphertext headers and delegates the decryption of the ciphertext to the BlockDecryptionHandler or FrameDecryptionHandler based on the content type parsed in the ciphertext headers.

Constructor Summary

Constructors

Constructor and Description
DecryptionHandler(MasterKeyProvider<K> customerMasterKeyProvider) Create a decryption handler using the provided master key.
DecryptionHandler(MasterKeyProvider<K> customerMasterKeyProvider, CiphertextHeaders headers) Create a decryption handler using the provided master key and already parsed headers.

Method Summary

Modifier and Type	Method and Description
int	doFinal(byte[] out, int outOff) Finish processing of the bytes.
int	estimateOutputSize(int inLen) Return the size of the output buffer required for a processBytes plus a doFinal with an input of inLen bytes.
Map<String,String>	getEncryptionContext() Return the encryption context.
CiphertextHeaders	getHeaders()
List<K>	getMasterKeys() All used MasterKeys.
boolean	isComplete() For decrypt and parsing flows returns true when this has handled as many bytes as it can.
ProcessingSummary	processBytes(byte[] in, int off, int len, byte[] out, int outOff) Decrypt the ciphertext bytes provided in in and copy the plaintext bytes to out.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DecryptionHandler

public DecryptionHandler(MasterKeyProvider<K> customerMasterKeyProvider)
                  throws AwsCryptoException

Create a decryption handler using the provided master key.

Note the methods in the provided master key are used in decrypting the encrypted data key parsed from the ciphertext headers.

Parameters:

customerMasterKeyProvider - the master key provider to use in picking a master key from the key blobs encoded in the provided ciphertext.

Throws:

AwsCryptoException - if the master key is null.

DecryptionHandler

public DecryptionHandler(MasterKeyProvider<K> customerMasterKeyProvider,
                         CiphertextHeaders headers)
                  throws AwsCryptoException

Create a decryption handler using the provided master key and already parsed headers.

Note the methods in the provided master key are used in decrypting the encrypted data key parsed from the ciphertext headers.

Parameters:

customerMasterKeyProvider - the master key provider to use in picking a master key from the key blobs encoded in the provided ciphertext.

headers - already parsed headers which will not be passed into processBytes(byte[], int, int, byte[], int)

Throws:

AwsCryptoException - if the master key is null.

Method Detail

processBytes

public ProcessingSummary processBytes(byte[] in,
                                      int off,
                                      int len,
                                      byte[] out,
                                      int outOff)
                               throws BadCiphertextException,
                                      AwsCryptoException

Decrypt the ciphertext bytes provided in in and copy the plaintext bytes to out.

This method consumes and parses the ciphertext headers. The decryption of the actual content is delegated to BlockDecryptionHandler or FrameDecryptionHandler based on the content type parsed in the ciphertext header.

Specified by:

processBytes in interface CryptoHandler

Parameters:

in - the input byte array.

off - the offset into the in array where the data to be decrypted starts.

len - the number of bytes to be decrypted.

out - the output buffer the decrypted plaintext bytes go into.

outOff - the offset into the output byte array the decrypted data starts at.

Returns:

the number of bytes written to out and processed.

Throws:

BadCiphertextException - if the ciphertext header contains invalid entries or if the header integrity check fails.

AwsCryptoException - if any of the offset or length arguments are negative or if the total bytes to decrypt exceeds the maximum allowed value.

doFinal

public int doFinal(byte[] out,
                   int outOff)
            throws BadCiphertextException

Finish processing of the bytes.

Specified by:

doFinal in interface CryptoHandler

Parameters:

out - space for any resulting output data.

outOff - offset into out to start copying the data at.

Returns:

number of bytes written into out.

Throws:

BadCiphertextException - if the bytes do not decrypt correctly.

estimateOutputSize

public int estimateOutputSize(int inLen)

Return the size of the output buffer required for a processBytes plus a doFinal with an input of inLen bytes.

Specified by:

estimateOutputSize in interface CryptoHandler

Parameters:

inLen - the length of the input.

Returns:

the space required to accommodate a call to processBytes and doFinal with input of size inLen bytes.

getEncryptionContext

public Map<String,String> getEncryptionContext()

Return the encryption context. This value is parsed from the ciphertext.

Specified by:

getEncryptionContext in interface MessageCryptoHandler<K extends MasterKey<K>>

Returns:

the key-value map containing the encryption client.

getHeaders

public CiphertextHeaders getHeaders()

Specified by:

getHeaders in interface MessageCryptoHandler<K extends MasterKey<K>>

getMasterKeys

public List<K> getMasterKeys()

Description copied from interface: MessageCryptoHandler

All used MasterKeys. For encryption flows, these are all the MasterKeys used to protect the data. In the decryption flow, it is the single MasterKey actually used to decrypt the data.

Specified by:

getMasterKeys in interface MessageCryptoHandler<K extends MasterKey<K>>

isComplete

public boolean isComplete()

Description copied from interface: CryptoHandler

For decrypt and parsing flows returns true when this has handled as many bytes as it can. This usually means that it has reached the end of an object, file, or other deliminited stream.

Specified by:

isComplete in interface CryptoHandler