Class S3Keyring
- java.lang.Object
-
- software.amazon.encryption.s3.materials.S3Keyring
-
- All Implemented Interfaces:
Keyring
- Direct Known Subclasses:
AesKeyring,KmsKeyring,RsaKeyring
public abstract class S3Keyring extends Object implements Keyring
This serves as the base class for all the keyrings in the S3 encryption client. Shared functionality is all performed here.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classS3Keyring.Builder<KeyringT extends S3Keyring,BuilderT extends S3Keyring.Builder<KeyringT,BuilderT>>
-
Field Summary
Fields Modifier and Type Field Description protected DataKeyGenerator_dataKeyGeneratorstatic StringKEY_PROVIDER_ID
-
Constructor Summary
Constructors Modifier Constructor Description protectedS3Keyring(S3Keyring.Builder<?,?> builder)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected abstract Map<String,DecryptDataKeyStrategy>decryptDataKeyStrategies()EncryptionMaterialsdefaultGenerateDataKey(EncryptionMaterials materials)Generates a data key using the provided EncryptionMaterials and the configured DataKeyGenerator.protected abstract EncryptDataKeyStrategyencryptDataKeyStrategy()protected abstract GenerateDataKeyStrategygenerateDataKeyStrategy()DecryptionMaterialsonDecrypt(DecryptionMaterials materials, List<EncryptedDataKey> encryptedDataKeys)EncryptionMaterialsonEncrypt(EncryptionMaterials materials)voidwarnIfEncryptionContextIsPresent(EncryptionMaterials materials)Checks if an encryption context is present in the EncryptionMaterials and issues a warning if an encryption context is found.
-
-
-
Field Detail
-
KEY_PROVIDER_ID
public static final String KEY_PROVIDER_ID
- See Also:
- Constant Field Values
-
_dataKeyGenerator
protected final DataKeyGenerator _dataKeyGenerator
-
-
Constructor Detail
-
S3Keyring
protected S3Keyring(S3Keyring.Builder<?,?> builder)
-
-
Method Detail
-
defaultGenerateDataKey
public EncryptionMaterials defaultGenerateDataKey(EncryptionMaterials materials)
Generates a data key using the provided EncryptionMaterials and the configured DataKeyGenerator.This method is intended for extension by customers who need to customize key generation within their Keyring implementation. It generates a data key for encryption using the algorithm suite and cryptographic provider configured in the provided EncryptionMaterials object.
- Parameters:
materials- The EncryptionMaterials containing information about the algorithm suite and cryptographic provider to be used for data key generation.- Returns:
- An updated EncryptionMaterials object with the generated plaintext data key.
-
onEncrypt
public EncryptionMaterials onEncrypt(EncryptionMaterials materials)
-
generateDataKeyStrategy
protected abstract GenerateDataKeyStrategy generateDataKeyStrategy()
-
encryptDataKeyStrategy
protected abstract EncryptDataKeyStrategy encryptDataKeyStrategy()
-
onDecrypt
public DecryptionMaterials onDecrypt(DecryptionMaterials materials, List<EncryptedDataKey> encryptedDataKeys)
-
decryptDataKeyStrategies
protected abstract Map<String,DecryptDataKeyStrategy> decryptDataKeyStrategies()
-
warnIfEncryptionContextIsPresent
public void warnIfEncryptionContextIsPresent(EncryptionMaterials materials)
Checks if an encryption context is present in the EncryptionMaterials and issues a warning if an encryption context is found.Encryption context is not recommended for use with non-KMS keyrings as it may not provide additional security benefits.
- Parameters:
materials- EncryptionMaterials
-
-