public abstract class S3CryptoModuleBase<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext> extends S3CryptoModule<T>
| Modifier and Type | Field and Description |
|---|---|
protected com.amazonaws.services.s3.internal.crypto.ContentCryptoScheme |
contentCryptoScheme |
protected CryptoConfiguration |
cryptoConfig
A read-only copy of the crypto configuration.
|
protected com.amazonaws.services.s3.internal.crypto.S3CryptoScheme |
cryptoScheme |
protected static int |
DEFAULT_BUFFER_SIZE |
protected EncryptionMaterialsProvider |
kekMaterialsProvider |
protected AWSKMSClient |
kms |
protected org.apache.commons.logging.Log |
log |
protected Map<String,T> |
multipartUploadContexts
Map of data about in progress encrypted multipart uploads.
|
protected S3Direct |
s3 |
| Modifier | Constructor and Description |
|---|---|
protected |
S3CryptoModuleBase(AWSKMSClient kms,
S3Direct s3,
com.amazonaws.auth.AWSCredentialsProvider credentialsProvider,
EncryptionMaterialsProvider kekMaterialsProvider,
CryptoConfiguration cryptoConfig) |
protected |
S3CryptoModuleBase(S3Direct s3,
com.amazonaws.auth.AWSCredentialsProvider credentialsProvider,
EncryptionMaterialsProvider kekMaterialsProvider,
CryptoConfiguration cryptoConfig)
For testing purposes only.
|
| Modifier and Type | Method and Description |
|---|---|
void |
abortMultipartUploadSecurely(AbortMultipartUploadRequest req) |
protected abstract long |
ciphertextLength(long plaintextLength)
Returns the length of the ciphertext computed from the length of the
plaintext.
|
CompleteMultipartUploadResult |
completeMultipartUploadSecurely(CompleteMultipartUploadRequest req) |
CopyPartResult |
copyPartSecurely(CopyPartRequest copyPartRequest) |
protected com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial |
createContentCryptoMaterial(com.amazonaws.AmazonWebServiceRequest req) |
protected PutObjectRequest |
createInstructionPutRequest(String bucketName,
String key,
com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial) |
protected SecretKey |
generateCEK(EncryptionMaterials kekMaterials,
Provider providerIn) |
com.amazonaws.services.s3.internal.crypto.S3CryptoScheme |
getS3CryptoScheme() |
InitiateMultipartUploadResult |
initiateMultipartUploadSecurely(InitiateMultipartUploadRequest req) |
protected CipherLiteInputStream |
newMultipartS3CipherInputStream(UploadPartRequest req,
com.amazonaws.services.s3.internal.crypto.CipherLite cipherLite) |
protected long |
plaintextLength(PutObjectRequest request,
ObjectMetadata metadata)
Returns the plaintext length from the request and metadata; or -1 if
unknown.
|
PutObjectResult |
putInstructionFileSecurely(PutInstructionFileRequest req) |
PutObjectResult |
putObjectSecurely(PutObjectRequest req) |
protected void |
securityCheck(com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial,
com.amazonaws.services.s3.internal.crypto.S3ObjectWrapper retrieved)
Checks if the the crypto scheme used in the given content crypto material
is allowed to be used in this crypto module.
|
protected PutObjectRequest |
updateInstructionPutRequest(PutObjectRequest req,
com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial)
Updates put request to store the specified instruction object in S3.
|
protected ObjectMetadata |
updateMetadataWithContentCryptoMaterial(ObjectMetadata metadata,
File file,
com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial instruction) |
UploadPartResult |
uploadPartSecurely(UploadPartRequest req) |
protected PutObjectRequest |
wrapWithCipher(PutObjectRequest request,
com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial)
Returns a request that has the content as input stream wrapped with a
cipher, and configured with some meta data and user metadata.
|
getObjectSecurely, getObjectSecurelyprotected static final int DEFAULT_BUFFER_SIZE
protected final EncryptionMaterialsProvider kekMaterialsProvider
protected final org.apache.commons.logging.Log log
protected final com.amazonaws.services.s3.internal.crypto.S3CryptoScheme cryptoScheme
protected final com.amazonaws.services.s3.internal.crypto.ContentCryptoScheme contentCryptoScheme
protected final CryptoConfiguration cryptoConfig
protected final Map<String,T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext> multipartUploadContexts
protected final S3Direct s3
protected final AWSKMSClient kms
protected S3CryptoModuleBase(AWSKMSClient kms, S3Direct s3, com.amazonaws.auth.AWSCredentialsProvider credentialsProvider, EncryptionMaterialsProvider kekMaterialsProvider, CryptoConfiguration cryptoConfig)
cryptoConfig - a read-only copy of the crypto configuration.protected S3CryptoModuleBase(S3Direct s3, com.amazonaws.auth.AWSCredentialsProvider credentialsProvider, EncryptionMaterialsProvider kekMaterialsProvider, CryptoConfiguration cryptoConfig)
protected abstract long ciphertextLength(long plaintextLength)
plaintextLength - a non-negative numberpublic PutObjectResult putObjectSecurely(PutObjectRequest req)
putObjectSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>public final void abortMultipartUploadSecurely(AbortMultipartUploadRequest req)
abortMultipartUploadSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>public final CopyPartResult copyPartSecurely(CopyPartRequest copyPartRequest)
copyPartSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>public InitiateMultipartUploadResult initiateMultipartUploadSecurely(InitiateMultipartUploadRequest req)
initiateMultipartUploadSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>public UploadPartResult uploadPartSecurely(UploadPartRequest req)
NOTE: Because the encryption process requires context from previous blocks, parts uploaded with the AmazonS3EncryptionClient (as opposed to the normal AmazonS3Client) must be uploaded serially, and in order. Otherwise, the previous encryption context isn't available to use when encrypting the current part.
uploadPartSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>protected final CipherLiteInputStream newMultipartS3CipherInputStream(UploadPartRequest req, com.amazonaws.services.s3.internal.crypto.CipherLite cipherLite)
public CompleteMultipartUploadResult completeMultipartUploadSecurely(CompleteMultipartUploadRequest req)
completeMultipartUploadSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>protected final ObjectMetadata updateMetadataWithContentCryptoMaterial(ObjectMetadata metadata, File file, com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial instruction)
protected final com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial createContentCryptoMaterial(com.amazonaws.AmazonWebServiceRequest req)
protected final SecretKey generateCEK(EncryptionMaterials kekMaterials, Provider providerIn)
protected final PutObjectRequest wrapWithCipher(PutObjectRequest request, com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial)
protected final long plaintextLength(PutObjectRequest request, ObjectMetadata metadata)
public final com.amazonaws.services.s3.internal.crypto.S3CryptoScheme getS3CryptoScheme()
protected final PutObjectRequest updateInstructionPutRequest(PutObjectRequest req, com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial)
req - The put-instruction-file request for the instruction file to
be stored in S3.cekMaterial - The instruction object to be stored in S3.protected final PutObjectRequest createInstructionPutRequest(String bucketName, String key, com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial)
protected void securityCheck(com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial cekMaterial,
com.amazonaws.services.s3.internal.crypto.S3ObjectWrapper retrieved)
SecurityException - if the crypto scheme used in the given content crypto
material is not allowed in this crypto module.public final PutObjectResult putInstructionFileSecurely(PutInstructionFileRequest req)
putInstructionFileSecurely in class S3CryptoModule<T extends com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext>EncryptedGetObjectRequest.Copyright © 2014. All rights reserved.