Package com.amazonaws.encryptionsdk.kms

Class AwsKmsMrkAwareMasterKeyProvider

java.lang.Object

com.amazonaws.encryptionsdk.MasterKeyProvider<AwsKmsMrkAwareMasterKey>

com.amazonaws.encryptionsdk.kms.AwsKmsMrkAwareMasterKeyProvider

public final class AwsKmsMrkAwareMasterKeyProvider
extends MasterKeyProvider<AwsKmsMrkAwareMasterKey>

Represents a list Aws KMS keys and is used to encrypt/decrypt data with AwsCrypto. Some of these keys may be multi region keys, in which case this component is able to recognize different regional replicas of this multi region key as the same.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	AwsKmsMrkAwareMasterKeyProvider.Builder

Method Summary

Modifier and Type	Method	Description
static AwsKmsMrkAwareMasterKeyProvider.Builder	builder()
DataKey<AwsKmsMrkAwareMasterKey>	decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)	Iterates through encryptedDataKeys and returns the first one which can be successfully decrypted.
String	getDefaultProviderId()	Returns "aws-kms"
List<String>	getGrantTokens()
AwsKmsMrkAwareMasterKey	getMasterKey(String providerId, String requestedKeyArn)	Added flexibility in matching multi-Region keys from different regions.
List<AwsKmsMrkAwareMasterKey>	getMasterKeysForEncryption(MasterKeyRequest request)	Returns all CMKs provided to the constructor of this object.
AwsKmsMrkAwareMasterKeyProvider	withGrantTokens(String... grantTokens)	Returns a new AwsKmsMrkAwareMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens.
AwsKmsMrkAwareMasterKeyProvider	withGrantTokens(List<String> grantTokens)	Returns a new AwsKmsMrkAwareMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens.

Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider

buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKey

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

builder

public static AwsKmsMrkAwareMasterKeyProvider.Builder builder()

getDefaultProviderId

public String getDefaultProviderId()

Returns "aws-kms"

Specified by:

getDefaultProviderId in class MasterKeyProvider<AwsKmsMrkAwareMasterKey>

getMasterKey

public AwsKmsMrkAwareMasterKey getMasterKey(String providerId,
                                            String requestedKeyArn)
                                     throws UnsupportedProviderException,
                                            NoSuchMasterKeyException

Added flexibility in matching multi-Region keys from different regions.

Specified by:

getMasterKey in class MasterKeyProvider<AwsKmsMrkAwareMasterKey>

Returns:

Throws:

UnsupportedProviderException - if this object cannot return MasterKeys associated with the given provider

NoSuchMasterKeyException - if this object cannot find (and thus construct) the MasterKey associated with keyId

See Also:

MasterKey.getMasterKey(String, String)

getMasterKeysForEncryption

public List<AwsKmsMrkAwareMasterKey> getMasterKeysForEncryption(MasterKeyRequest request)

Returns all CMKs provided to the constructor of this object.

Specified by:

getMasterKeysForEncryption in class MasterKeyProvider<AwsKmsMrkAwareMasterKey>

See Also:

MasterKey.getMasterKeysForEncryption(MasterKeyRequest)

decryptDataKey

public DataKey<AwsKmsMrkAwareMasterKey> decryptDataKey(CryptoAlgorithm algorithm,
                                                       Collection<? extends EncryptedDataKey> encryptedDataKeys,
                                                       Map<String,String> encryptionContext)
                                                throws AwsCryptoException

Description copied from class: MasterKeyProvider

Iterates through encryptedDataKeys and returns the first one which can be successfully decrypted.

Specified by:

decryptDataKey in class MasterKeyProvider<AwsKmsMrkAwareMasterKey>

Returns:

a DataKey if one can be decrypted, otherwise returns null

Throws:

AwsCryptoException

UnsupportedProviderException - if the encryptedDataKey is associated with an unsupported provider

CannotUnwrapDataKeyException - if the encryptedDataKey cannot be decrypted

See Also:

KmsMasterKey.decryptDataKey(CryptoAlgorithm, Collection, Map)

getGrantTokens

public List<String> getGrantTokens()

withGrantTokens

public AwsKmsMrkAwareMasterKeyProvider withGrantTokens(List<String> grantTokens)

Returns a new AwsKmsMrkAwareMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).

withGrantTokens

public AwsKmsMrkAwareMasterKeyProvider withGrantTokens(String... grantTokens)

Returns a new AwsKmsMrkAwareMasterKeyProvider that is configured identically to this one, except with the given list of grant tokens. The grant token list in the returned provider is immutable (but can be further overridden by invoking withGrantTokens again).