Package software.amazon.encryption.s3

Class S3EncryptionClient.Builder

    • Method Detail

      • wrappedClient

        public S3EncryptionClient.Builder wrappedClient​(software.amazon.awssdk.services.s3.S3Client _wrappedClient)
        Sets the wrappedClient to be used for non-cryptographic operations.

      • wrappedAsyncClient

        public S3EncryptionClient.Builder wrappedAsyncClient​(software.amazon.awssdk.services.s3.S3AsyncClient _wrappedAsyncClient)
        Sets the wrappedAsyncClient to be used for cryptographic operations.

      • keyring

        public S3EncryptionClient.Builder keyring​(Keyring keyring)
        Specifies the Keyring to use for key wrapping and unwrapping.
        Parameters:
        keyring - the Keyring instance to use
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • aesKey

        public S3EncryptionClient.Builder aesKey​(SecretKey aesKey)
        Specifies a "raw" AES key to use for key wrapping/unwrapping.
        Parameters:
        aesKey - the AES key as a SecretKey instance
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • rsaKeyPair

        public S3EncryptionClient.Builder rsaKeyPair​(KeyPair rsaKeyPair)
        Specifies a "raw" RSA key pair to use for key wrapping/unwrapping.
        Parameters:
        rsaKeyPair - the RSA key pair as a KeyPair instance
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • rsaKeyPair

        public S3EncryptionClient.Builder rsaKeyPair​(PartialRsaKeyPair partialRsaKeyPair)
        Specifies a "raw" RSA key pair to use for key wrapping/unwrapping. This option takes a PartialRsaKeyPair instance, which allows either a public key (decryption only) or private key (encryption only) rather than requiring both parts.
        Parameters:
        partialRsaKeyPair - the RSA key pair as a PartialRsaKeyPair instance
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • kmsKeyId

        public S3EncryptionClient.Builder kmsKeyId​(String kmsKeyId)
        Specifies a KMS key to use for key wrapping/unwrapping. Any valid KMS key identifier (including the full ARN or an alias ARN) is permitted. When decrypting objects, the key referred to by this KMS key identifier is always used.
        Parameters:
        kmsKeyId - the KMS key identifier as a String instance
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • enableLegacyWrappingAlgorithms

        public S3EncryptionClient.Builder enableLegacyWrappingAlgorithms​(boolean shouldEnableLegacyWrappingAlgorithms)
        When set to true, decryption of objects using legacy key wrapping modes is enabled.
        Parameters:
        shouldEnableLegacyWrappingAlgorithms - true to enable legacy wrapping algorithms
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • enableLegacyUnauthenticatedModes

        public S3EncryptionClient.Builder enableLegacyUnauthenticatedModes​(boolean shouldEnableLegacyUnauthenticatedModes)
        When set to true, decryption of content using legacy encryption algorithms is enabled. This includes use of GetObject requests with a range, as this mode is not authenticated.
        Parameters:
        shouldEnableLegacyUnauthenticatedModes - true to enable legacy content algorithms
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • enableDelayedAuthenticationMode

        public S3EncryptionClient.Builder enableDelayedAuthenticationMode​(boolean shouldEnableDelayedAuthenticationMode)
        When set to true, authentication of streamed objects is delayed until the entire object is read from the stream. When this mode is enabled, the consuming application must support a way to invalidate any data read from the stream as the tag will not be validated until the stream is read to completion, as the integrity of the data cannot be ensured. See the AWS Documentation for more information.
        Parameters:
        shouldEnableDelayedAuthenticationMode - true to enable delayed authentication
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • enableMultipartPutObject

        public S3EncryptionClient.Builder enableMultipartPutObject​(boolean _enableMultipartPutObject)
        When set to true, the putObject method will use multipart upload to perform the upload. Disabled by default.
        Parameters:
        _enableMultipartPutObject - true enables the multipart upload implementation of putObject
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • cryptoProvider

        public S3EncryptionClient.Builder cryptoProvider​(Provider cryptoProvider)
        Allows the user to pass an instance of Provider to be used for cryptographic operations. By default, the S3 Encryption Client will use the first compatible Provider in the chain. When this option is used, the given provider will be used for all cryptographic operations. If the provider is missing a required algorithm suite, e.g. AES-GCM, then operations may fail. Advanced option. Users who configure a Provider are responsible for the security and correctness of the provider.
        Parameters:
        cryptoProvider - the to always use
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • secureRandom

        public S3EncryptionClient.Builder secureRandom​(SecureRandom secureRandom)
        Allows the user to pass an instance of SecureRandom to be used for generating keys and IVs. Advanced option. Users who provide a SecureRandom are responsible for the security and correctness of the SecureRandom implementation.
        Parameters:
        secureRandom - the SecureRandom instance to use
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • build

        public S3EncryptionClient build()
        Validates and builds the S3EncryptionClient according to the configuration options passed to the Builder object.
        Returns:
        an instance of the S3EncryptionClient