com.amazonaws.encryptionsdk.internal

Class EncryptionHandler<K extends MasterKey<K>>

java.lang.Object

com.amazonaws.encryptionsdk.internal.EncryptionHandler<K>

All Implemented Interfaces:

CryptoHandler, MessageCryptoHandler<K>

public class EncryptionHandler<K extends MasterKey<K>>
extends Object
implements MessageCryptoHandler<K>

This class implements the CryptoHandler interface by providing methods for the encryption of plaintext data.

This class creates the ciphertext headers and delegates the encryption of the plaintext to the BlockEncryptionHandler or FrameEncryptionHandler based on the content type.

Constructor Summary

Constructors

Constructor and Description
EncryptionHandler(List<K> masterKeys, Map<String,String> encryptionContext, CryptoAlgorithm cryptoAlgorithm, int frameSize) Create an encryption handler using the provided master key and encryption context.

Method Summary

Modifier and Type	Method and Description
int	doFinal(byte[] out, int outOff) Finish encryption of the plaintext bytes.
int	estimateOutputSize(int inLen) Return the size of the output buffer required for a processBytes plus a doFinal with an input of inLen bytes.
Map<String,String>	getEncryptionContext() Return the encryption context.
CiphertextHeaders	getHeaders()
List<K>	getMasterKeys() All used MasterKeys.
boolean	isComplete() For decrypt and parsing flows returns true when this has handled as many bytes as it can.
ProcessingSummary	processBytes(byte[] in, int off, int len, byte[] out, int outOff) Encrypt a block of bytes from in putting the plaintext result into out.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EncryptionHandler

public EncryptionHandler(List<K> masterKeys,
                         Map<String,String> encryptionContext,
                         CryptoAlgorithm cryptoAlgorithm,
                         int frameSize)
                  throws AwsCryptoException

Create an encryption handler using the provided master key and encryption context.

Parameters:

masterKeys - the master keys to use.

encryptionContext - the encryption context to use.

cryptoAlgorithm - the cryptography algorithm to use for encryption

frameSize - the size of the frames to use in storing encrypted content

Throws:

AwsCryptoException - if the encryption context or master key is null.

Method Detail

processBytes

public ProcessingSummary processBytes(byte[] in,
                                      int off,
                                      int len,
                                      byte[] out,
                                      int outOff)
                               throws AwsCryptoException,
                                      BadCiphertextException

Encrypt a block of bytes from in putting the plaintext result into out.

It encrypts by performing the following operations:

1. if this is the first call to encrypt, write the ciphertext headers to the output being returned.
2. else, pass off the input data to underlying content cryptohandler.

Specified by:

processBytes in interface CryptoHandler

Parameters:

in - the input byte array.

off - the offset into the in array where the data to be encrypted starts.

len - the number of bytes to be encrypted.

out - the output buffer the encrypted bytes go into.

outOff - the offset into the output byte array the encrypted data starts at.

Returns:

the number of bytes written to out and processed

Throws:

AwsCryptoException - if len or offset values are negative.

BadCiphertextException - thrown by the underlying cipher handler.

doFinal

public int doFinal(byte[] out,
                   int outOff)
            throws BadCiphertextException

Finish encryption of the plaintext bytes.

Specified by:

doFinal in interface CryptoHandler

Parameters:

out - space for any resulting output data.

outOff - offset into out to start copying the data at.

Returns:

number of bytes written into out.

Throws:

BadCiphertextException - thrown by the underlying cipher handler.

estimateOutputSize

public int estimateOutputSize(int inLen)

Return the size of the output buffer required for a processBytes plus a doFinal with an input of inLen bytes.

Specified by:

estimateOutputSize in interface CryptoHandler

Parameters:

inLen - the length of the input.

Returns:

the space required to accommodate a call to processBytes and doFinal with len bytes of input.

getEncryptionContext

public Map<String,String> getEncryptionContext()

Return the encryption context.

Specified by:

getEncryptionContext in interface MessageCryptoHandler<K extends MasterKey<K>>

Returns:

the key-value map containing encryption context.

getHeaders

public CiphertextHeaders getHeaders()

Specified by:

getHeaders in interface MessageCryptoHandler<K extends MasterKey<K>>

getMasterKeys

public List<K> getMasterKeys()

Description copied from interface: MessageCryptoHandler

All used MasterKeys. For encryption flows, these are all the MasterKeys used to protect the data. In the decryption flow, it is the single MasterKey actually used to decrypt the data.

Specified by:

getMasterKeys in interface MessageCryptoHandler<K extends MasterKey<K>>

isComplete

public boolean isComplete()

Description copied from interface: CryptoHandler

For decrypt and parsing flows returns true when this has handled as many bytes as it can. This usually means that it has reached the end of an object, file, or other deliminited stream.

Specified by:

isComplete in interface CryptoHandler