Overview  Package   Class  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.amazonaws.services.s3.internal.crypto
Class EncryptionUtils

java.lang.Object
  extended by com.amazonaws.services.s3.internal.crypto.EncryptionUtils

public class EncryptionUtils
extends Object

The EncryptionUtils class encrypts and decrypts data stored in S3. It can be used to prepare requests for encryption before they are stored in S3 and to decrypt objects that are retrieved from S3.

Constructor Summary
EncryptionUtils()
           
 
Method Summary
static S3Object adjustOutputToDesiredRange(S3Object object, long[] range)
          Adjusts the retrieved S3Object so that the object contents contain only the range of bytes desired by the user.
static EncryptionInstruction buildInstructionFromInstructionFile(S3Object instructionFile, EncryptionMaterials materials, Provider cryptoProvider)
          Builds an instruction object from the contents of an instruction file.
static DeleteObjectRequest createInstructionDeleteObjectRequest(DeleteObjectRequest request)
          Creates a delete request to delete an instruction file in S3.
static GetObjectRequest createInstructionGetRequest(GetObjectRequest request)
          Creates a get request to retrieve an instruction file from S3.
static PutObjectRequest createInstructionPutRequest(PutObjectRequest request, EncryptionInstruction instruction)
          Creates a put request to store the specified instruction object in S3.
static S3Object decryptObjectUsingInstruction(S3Object object, EncryptionInstruction instruction)
          Returns an updated object where the object content input stream contains the decrypted contents.
static S3Object decryptObjectUsingMetadata(S3Object object, EncryptionMaterials materials, Provider cryptoProvider)
          Returns an updated object where the object content input stream contains the decrypted contents.
static PutObjectRequest encryptRequestUsingInstruction(PutObjectRequest request, EncryptionInstruction instruction)
          Returns an updated request where the input stream contains the encrypted object contents.
static PutObjectRequest encryptRequestUsingMetadata(PutObjectRequest request, EncryptionMaterials materials, Provider cryptoProvider)
          Returns an updated request where the metadata contains encryption information and the input stream contains the encrypted object contents.
static EncryptionInstruction generateInstruction(PutObjectRequest putObjectRequest, EncryptionMaterials materials, Provider cryptoProvider)
          Generates an instruction that will be used to encrypt an object.
static long[] getAdjustedCryptoRange(long[] range)
          Adjusts a user specified range to retrieve all of the cipher blocks (each of size 16 bytes) that contain the specified range.
static boolean isEncryptionInfoInInstructionFile(S3Object instructionFile)
          Returns true if the specified S3Object is an instruction file containing encryption info, false otherwise.
static boolean isEncryptionInfoInMetadata(S3Object retrievedObject)
          Returns true if the specified S3Object contains encryption info in its metadata, false otherwise.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

EncryptionUtils

public EncryptionUtils()
Method Detail

encryptRequestUsingMetadata

public static PutObjectRequest encryptRequestUsingMetadata(PutObjectRequest request,
                                                           EncryptionMaterials materials,
                                                           Provider cryptoProvider)
Returns an updated request where the metadata contains encryption information and the input stream contains the encrypted object contents. The specified encryption materials will be used to encrypt and decrypt data.

Parameters:
request - The request whose contents are to be encrypted.
materials - The encryption materials to be used to encrypt and decrypt data.
cryptoProvider - The crypto provider whose encryption implementation will be used to encrypt data
Returns:
The updated request where the metadata is set up for encryption and input stream contains the encrypted contents.

decryptObjectUsingMetadata

public static S3Object decryptObjectUsingMetadata(S3Object object,
                                                  EncryptionMaterials materials,
                                                  Provider cryptoProvider)
Returns an updated object where the object content input stream contains the decrypted contents.

Parameters:
object - The object whose contents are to be decrypted.
materials - The encryption materials to be used to encrypt and decrypt data.
cryptoProvider - The crypto provider whose encryption implementation will be used to decrypt data
Returns:
The updated object where the object content input stream contains the decrypted contents.

generateInstruction

public static EncryptionInstruction generateInstruction(PutObjectRequest putObjectRequest,
                                                        EncryptionMaterials materials,
                                                        Provider cryptoProvider)
Generates an instruction that will be used to encrypt an object.

Parameters:
putObjectRequest - The request whose contents are to be encrypted.
materials - The encryption materials to be used to encrypt and decrypt data.
cryptoProvider - The crypto provider whose encryption implementation will be used to encrypt and decrypt data.
Returns:
The instruction that will be used to encrypt an object.

buildInstructionFromInstructionFile

public static EncryptionInstruction buildInstructionFromInstructionFile(S3Object instructionFile,
                                                                        EncryptionMaterials materials,
                                                                        Provider cryptoProvider)
Builds an instruction object from the contents of an instruction file. Returns null if unable to read encryption info from instruction file.

Parameters:
instructionFile - An instruction file retrieved from S3 that contains encryption information
materials - The encryption materials to be used to encrypt and decrypt data.
cryptoProvider - The crypto provider whose encryption implementation will be used to encrypt and decrypt data.
Returns:
An instruction object containing encryption information

encryptRequestUsingInstruction

public static PutObjectRequest encryptRequestUsingInstruction(PutObjectRequest request,
                                                              EncryptionInstruction instruction)
Returns an updated request where the input stream contains the encrypted object contents. The specified instruction will be used to encrypt data.

Parameters:
request - The request whose contents are to be encrypted.
instruction - The instruction that will be used to encrypt the object data.
Returns:
The updated request where the input stream contains the encrypted contents.

decryptObjectUsingInstruction

public static S3Object decryptObjectUsingInstruction(S3Object object,
                                                     EncryptionInstruction instruction)
Returns an updated object where the object content input stream contains the decrypted contents.

Parameters:
object - The object whose contents are to be decrypted.
instruction - The instruction that will be used to decrypt the object data.
Returns:
The updated object where the object content input stream contains the decrypted contents.

createInstructionPutRequest

public static PutObjectRequest createInstructionPutRequest(PutObjectRequest request,
                                                           EncryptionInstruction instruction)
Creates a put request to store the specified instruction object in S3.

Parameters:
request - The put request for the original object to be stored in S3.
instruction - The instruction object to be stored in S3.
Returns:
A put request to store the specified instruction object in S3.

createInstructionGetRequest

public static GetObjectRequest createInstructionGetRequest(GetObjectRequest request)
Creates a get request to retrieve an instruction file from S3.

Parameters:
request - The get request for the original object to be retrieved from S3.
Returns:
A get request to retrieve an instruction file from S3.

createInstructionDeleteObjectRequest

public static DeleteObjectRequest createInstructionDeleteObjectRequest(DeleteObjectRequest request)
Creates a delete request to delete an instruction file in S3.

Parameters:
request - The delete request for the original object to be deleted from S3.
Returns:
A delete request to delete an instruction file in S3.

isEncryptionInfoInMetadata

public static boolean isEncryptionInfoInMetadata(S3Object retrievedObject)
Returns true if the specified S3Object contains encryption info in its metadata, false otherwise.

Parameters:
retrievedObject - An S3Object
Returns:
True if the specified S3Object contains encryption info in its metadata, false otherwise.

isEncryptionInfoInInstructionFile

public static boolean isEncryptionInfoInInstructionFile(S3Object instructionFile)
Returns true if the specified S3Object is an instruction file containing encryption info, false otherwise.

Parameters:
instructionFile - An S3Object that may potentially be an instruction file
Returns:
True if the specified S3Object is an instruction file containing encryption info, false otherwise.

getAdjustedCryptoRange

public static long[] getAdjustedCryptoRange(long[] range)
Adjusts a user specified range to retrieve all of the cipher blocks (each of size 16 bytes) that contain the specified range. For Chained Block Cipher decryption to function properly, we need to retrieve the cipher block that precedes the range, all of the cipher blocks that contain the range, and the cipher block that follows the range.

Parameters:
range - A two-element array of longs corresponding to the start and finish (inclusive) of a desired range of bytes.
Returns:
A two-element array of longs corresponding to the start and finish of the cipher blocks to be retrieved. If the range is invalid, then return null.

adjustOutputToDesiredRange

public static S3Object adjustOutputToDesiredRange(S3Object object,
                                                  long[] range)
Adjusts the retrieved S3Object so that the object contents contain only the range of bytes desired by the user. Since encrypted contents can only be retrieved in CIPHER_BLOCK_SIZE (16 bytes) chunks, the S3Object potentially contains more bytes than desired, so this method adjusts the contents range.

Parameters:
object - The S3Object retrieved from S3 that could possibly contain more bytes than desired by the user.
range - A two-element array of longs corresponding to the start and finish (inclusive) of a desired range of bytes.
Returns:
The S3Object with adjusted object contents containing only the range desired by the user. If the range specified is invalid, then the S3Object is returned without any modifications.
Overview  Package   Class  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2010 Amazon Web Services, Inc. All Rights Reserved.