Java 类com.amazonaws.services.s3.model.CryptoConfiguration 实例源码

项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCredentials(AWSCredentialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCryptoConfiguration(CryptoConfiguration)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withClientConfiguration(ClientConfiguration)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withMetricsCollector(RequestMetricCollector)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withKmsClient(AWSKMS)}
 */
@Deprecated
public AmazonS3EncryptionClient(AWSKMSClient kms,
        AWSCredentialsProvider credentialsProvider,
        EncryptionMaterialsProvider kekMaterialsProvider,
        ClientConfiguration clientConfig,
        CryptoConfiguration cryptoConfig,
        RequestMetricCollector requestMetricCollector) {
    super(credentialsProvider, clientConfig, requestMetricCollector);
    assertParameterNotNull(kekMaterialsProvider,
            "EncryptionMaterialsProvider parameter must not be null.");
    assertParameterNotNull(cryptoConfig,
            "CryptoConfiguration parameter must not be null.");
    this.isKMSClientInternal = kms == null;
    this.kms = isKMSClientInternal 
        ? newAWSKMSClient(credentialsProvider, clientConfig, cryptoConfig, 
                requestMetricCollector)
        : kms;
    this.crypto = new CryptoModuleDispatcher(this.kms, new S3DirectImpl(),
            credentialsProvider, kekMaterialsProvider, cryptoConfig);
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java   
/**
 * Uses AES/GCM with AESWrap key wrapping to encrypt the key. Uses v2 metadata schema. Note that authenticated
 * encryption requires the bouncy castle provider to be on the classpath. Also, for authenticated encryption the size
 * of the data can be no longer than 64 GB.
 */
public void authenticatedEncryption_CustomerManagedKey() throws NoSuchAlgorithmException {
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
            .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java   
/**
 * For ranged GET we do not use authenticated encryption since we aren't reading the entire message and can't produce the
 * MAC. Instead we use AES/CTR, an unauthenticated encryption algorithm. If {@link CryptoMode#StrictAuthenticatedEncryption}
 * is enabled, ranged GETs will not be allowed since they do not use authenticated encryption..
 */
public void authenticatedEncryption_RangeGet_CustomerManagedKey() throws NoSuchAlgorithmException {
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
            .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java   
/**
 * Same as {@link #authenticatedEncryption_CustomerManagedKey()} except uses an asymmetric key pair and
 * RSA/ECB/OAEPWithSHA-256AndMGF1Padding as the key wrapping algorithm.
 */
public void authenticatedEncryption_CustomerManagedAsymmetricKey() throws NoSuchAlgorithmException {
    KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
            .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(keyPair)))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java   
/**
 * Uses AES/GCM with AESWrap key wrapping to encrypt the key. Uses v2 metadata schema. The only difference between this and
 * {@link #authenticatedEncryption_CustomerManagedKey()} is that attempting to retrieve an object non
 * encrypted with AES/GCM will thrown an exception instead of falling back to encryption only or plaintext GET.
 */
public void strictAuthenticatedEncryption_CustomerManagedKey() throws NoSuchAlgorithmException {
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.StrictAuthenticatedEncryption))
            .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    try {
        s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY);
    } catch (SecurityException e) {
        // Strict authenticated encryption will throw an exception if an object is not encrypted with AES/GCM
        System.err.println(NON_ENCRYPTED_KEY + " was not encrypted with AES/GCM");
    }
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java   
/**
 * Strict authenticated encryption mode does not support ranged GETs. This is because we must use AES/CTR for ranged
 * GETs which is not an authenticated encryption algorithm. To do a partial get using authenticated encryption you have to
 * get the whole object and filter to the data you want.
 */
public void strictAuthenticatedEncryption_RangeGet_CustomerManagedKey() throws NoSuchAlgorithmException {
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.StrictAuthenticatedEncryption))
            .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
            .build();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    try {
        s3Encryption.getObject(new GetObjectRequest(BUCKET_NAME, ENCRYPTED_KEY).withRange(0, 2));
    } catch (SecurityException e) {
        System.err.println("Range GET is not supported with authenticated encryption");
    }
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java   
/**
 * Uses AES/CBC algorithm, no key wrapping.
 */
public void encryptionOnly_CustomerManagedKey() throws NoSuchAlgorithmException {
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly))
            .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java   
/**
 * Uses an asymmetric key pair instead of a symmetric key. Note this does not change the algorithm used to encrypt
 * the content, that will still be a symmetric key algorithm (AES/CBC in this case) using the derived CEK. It does impact
 * the algorithm used to encrypt the CEK, in this case we use RSA/ECB/OAEPWithSHA-256AndMGF1Padding.
 */
public void encryptionOnly_CustomerManagedAsymetricKey() throws NoSuchAlgorithmException {
    KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly))
            .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(keyPair)))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java   
/**
 * This uses the V2 metadata schema with a key wrap algorithm of 'kms' and a CEK algorithm of AES/CBC/PKCS5Padding.
 */
public void encryptionOnly_KmsManagedKey() throws NoSuchAlgorithmException {
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly))
            // Can either be Key ID or alias (prefixed with 'alias/')
            .withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key"))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java   
/**
 * This uses the V2 metadata schema with a key wrap algorithm of 'kms' and a CEK algorithm of AES/GCM/NoPadding.
 */
public void authenticatedEncryption_KmsManagedKey() throws NoSuchAlgorithmException {
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
            // Can either be Key ID or alias (prefixed with 'alias/')
            .withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key"))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java   
/**
 * Same as authenticatedEncryption_KmsManagedKey except throws an exception when trying to get objects not encrypted with
 * AES/GCM.
 */
public void strictAuthenticatedEncryption_KmsManagedKey() throws NoSuchAlgorithmException {
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption))
            // Can either be Key ID or alias (prefixed with 'alias/')
            .withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key"))
            .build();

    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    try {
        s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY);
    } catch (SecurityException e) {
        // Strict authenticated encryption will throw an exception if an object is not encrypted with AES/GCM
        System.err.println(NON_ENCRYPTED_KEY + " was not encrypted with AES/GCM");
    }
}
项目:cerberus-lifecycle-cli    文件:CreateCerberusBackupOperation.java   
private S3StoreService getEncryptedStoreServiceForRegion(String region) {
    Optional<BackupRegionInfo> backupRegionInfo = configStore.getBackupInfoForRegion(region);

    if (! backupRegionInfo.isPresent()) {
        String kmsCmkId = provisionKmsCmkForBackupRegion(region);
        String backupBucket = provisionBackupBucketForRegion(region);
        configStore.storeBackupInfoForRegion(region, backupBucket, kmsCmkId);
        backupRegionInfo = Optional.of(new BackupRegionInfo(backupBucket, kmsCmkId));
    }

    KMSEncryptionMaterialsProvider materialProvider =
            new KMSEncryptionMaterialsProvider(backupRegionInfo.get().getKmsCmkId());

    AmazonS3Encryption encryptionClient =
            AmazonS3EncryptionClientBuilder.standard()
                    .withCredentials(getAWSCredentialsProviderChain())
                    .withEncryptionMaterials(materialProvider)
                    .withCryptoConfiguration(new CryptoConfiguration()
                            .withAwsKmsRegion(Region.getRegion(Regions.fromName(region))))
                    .withRegion(region)
                    .build();

    S3StoreService storeService = new S3StoreService(encryptionClient, backupRegionInfo.get().getS3Bucket(), "");
    regionToEncryptedStoreServiceMap.put(region, storeService);
    return storeService;
}
项目:cerberus-lifecycle-cli    文件:ConfigStore.java   
private void initEncryptedConfigStoreService() {
    if (encryptedConfigStoreService == null) {
        final Environment environment = getEnvironmentData();

        KMSEncryptionMaterialsProvider materialProvider =
                new KMSEncryptionMaterialsProvider(environment.getConfigKeyId());

        AmazonS3EncryptionClient encryptionClient =
                new AmazonS3EncryptionClient(
                        new DefaultAWSCredentialsProviderChain(),
                        materialProvider,
                        new CryptoConfiguration()
                                .withAwsKmsRegion(Region.getRegion(environmentMetadata.getRegions())))
                        .withRegion(Region.getRegion(environmentMetadata.getRegions()));

        encryptedConfigStoreService = new S3StoreService(encryptionClient, environmentMetadata.getBucketName(), "");
    }
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClientParamsWrapper.java   
AmazonS3EncryptionClientParamsWrapper(AwsSyncClientParams getClientParams,
                                      S3ClientOptions getS3ClientOptions,
                                      EncryptionMaterialsProvider encryptionMaterials,
                                      CryptoConfiguration cryptoConfiguration,
                                      AWSKMS kms) {
    this.encryptionMaterials = encryptionMaterials;
    this.cryptoConfiguration = cryptoConfiguration;
    this.kms = kms;
    this.getClientParams = getClientParams;
    this.getS3ClientOptions = getS3ClientOptions;
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClientBuilder.java   
/**
 * Construct a synchronous implementation of AmazonS3Encryption using the current builder configuration.
 *
 * @return Fully configured implementation of AmazonS3Encryption.
 */
@Override
protected AmazonS3Encryption build(AwsSyncClientParams clientParams) {
    return new AmazonS3EncryptionClient(
            new AmazonS3EncryptionClientParamsWrapper(clientParams,
                    resolveS3ClientOptions(),
                    encryptionMaterials,
                    cryptoConfig != null ? cryptoConfig : new CryptoConfiguration(),
                    kms));
}
项目:ibm-cos-sdk-java    文件:S3CryptoModuleAEStrict.java   
/**
 * @param cryptoConfig a read-only copy of the crypto configuration.
 */
S3CryptoModuleAEStrict(AWSKMS kms, S3Direct s3,
                       AWSCredentialsProvider credentialsProvider,
                       EncryptionMaterialsProvider encryptionMaterialsProvider,
                       CryptoConfiguration cryptoConfig) {
    super(kms, s3, credentialsProvider, encryptionMaterialsProvider,
            cryptoConfig);
    if (cryptoConfig.getCryptoMode() != StrictAuthenticatedEncryption)
        throw new IllegalArgumentException();
}
项目:ibm-cos-sdk-java    文件:S3CryptoModuleBase.java   
/**
 * @param cryptoConfig a read-only copy of the crypto configuration.
 */
protected S3CryptoModuleBase(AWSKMS kms, S3Direct s3,
        AWSCredentialsProvider credentialsProvider,
        EncryptionMaterialsProvider kekMaterialsProvider,
        CryptoConfiguration cryptoConfig) {
    if (!cryptoConfig.isReadOnly())
        throw new IllegalArgumentException("The cryto configuration parameter is required to be read-only");
    this.kekMaterialsProvider = kekMaterialsProvider;
    this.s3 = s3;
    this.cryptoConfig = cryptoConfig;
    this.cryptoScheme = S3CryptoScheme.from(cryptoConfig.getCryptoMode());
    this.contentCryptoScheme = cryptoScheme.getContentCryptoScheme();
    this.kms = kms;
}
项目:ibm-cos-sdk-java    文件:S3CryptoModuleBase.java   
/**
 * For testing purposes only.
 */
protected S3CryptoModuleBase(S3Direct s3,
        AWSCredentialsProvider credentialsProvider,
        EncryptionMaterialsProvider kekMaterialsProvider,
        CryptoConfiguration cryptoConfig) {
    this.kekMaterialsProvider = kekMaterialsProvider;
    this.s3 = s3;
    this.cryptoConfig = cryptoConfig;
    this.cryptoScheme = S3CryptoScheme.from(cryptoConfig.getCryptoMode());
    this.contentCryptoScheme = cryptoScheme.getContentCryptoScheme();
    this.kms = null;
}
项目:ibm-cos-sdk-java    文件:S3CryptoModuleEO.java   
/**
 * @param cryptoConfig a read-only copy of the crypto configuration
 */
S3CryptoModuleEO(AWSKMS kms, S3Direct s3,
                 AWSCredentialsProvider credentialsProvider,
                 EncryptionMaterialsProvider encryptionMaterialsProvider,
                 CryptoConfiguration cryptoConfig) {
    super(kms, s3, credentialsProvider, encryptionMaterialsProvider,
            cryptoConfig);
    if (cryptoConfig.getCryptoMode() != EncryptionOnly)
        throw new IllegalArgumentException();
}
项目:ibm-cos-sdk-java    文件:S3CryptoModuleEO.java   
/**
 * Used for testing purposes only.
 */
S3CryptoModuleEO(S3Direct s3,
        EncryptionMaterialsProvider encryptionMaterialsProvider,
        CryptoConfiguration cryptoConfig) {
    this(null, s3, new DefaultAWSCredentialsProviderChain(),
            encryptionMaterialsProvider, cryptoConfig);
}
项目:ibm-cos-sdk-java    文件:S3CryptoModuleEO.java   
/**
 * Used for testing purposes only.
 */
S3CryptoModuleEO(AWSKMS kms, S3Direct s3,
        EncryptionMaterialsProvider encryptionMaterialsProvider,
        CryptoConfiguration cryptoConfig) {
    this(kms, s3, new DefaultAWSCredentialsProviderChain(),
            encryptionMaterialsProvider, cryptoConfig);
}
项目:ibm-cos-sdk-java    文件:S3CryptoModuleAE.java   
/**
 * @param cryptoConfig a read-only copy of the crypto configuration.
 */
S3CryptoModuleAE(AWSKMS kms, S3Direct s3,
                 AWSCredentialsProvider credentialsProvider,
                 EncryptionMaterialsProvider encryptionMaterialsProvider,
                 CryptoConfiguration cryptoConfig) {
    super(kms, s3, credentialsProvider, encryptionMaterialsProvider,
            cryptoConfig);
    CryptoMode mode = cryptoConfig.getCryptoMode();
    if (mode != StrictAuthenticatedEncryption
    &&  mode != AuthenticatedEncryption) {
        throw new IllegalArgumentException();
    }
}
项目:ibm-cos-sdk-java    文件:S3CryptoModuleAE.java   
/**
 * Used for testing purposes only.
 */
S3CryptoModuleAE(S3Direct s3,
        EncryptionMaterialsProvider encryptionMaterialsProvider,
        CryptoConfiguration cryptoConfig) {
    this(null, s3, new DefaultAWSCredentialsProviderChain(),
            encryptionMaterialsProvider, cryptoConfig);
}
项目:ibm-cos-sdk-java    文件:S3CryptoModuleAE.java   
/**
 * Used for testing purposes only.
 */
S3CryptoModuleAE(AWSKMS kms, S3Direct s3,
                 EncryptionMaterialsProvider encryptionMaterialsProvider,
                 CryptoConfiguration cryptoConfig) {
    this(kms, s3, new DefaultAWSCredentialsProviderChain(),
            encryptionMaterialsProvider, cryptoConfig);
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCredentials(AWSCredentialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCryptoConfiguration(CryptoConfiguration)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withClientConfiguration(ClientConfiguration)}
 */
@Deprecated
public AmazonS3EncryptionClient(AWSCredentials credentials,
        EncryptionMaterialsProvider encryptionMaterialsProvider,
        ClientConfiguration clientConfig, CryptoConfiguration cryptoConfig) {
    this(new StaticCredentialsProvider(credentials),
            encryptionMaterialsProvider, clientConfig, cryptoConfig);
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCredentials(AWSCredentialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCryptoConfiguration(CryptoConfiguration)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withClientConfiguration(ClientConfiguration)}
 */
@Deprecated
public AmazonS3EncryptionClient(
        AWSCredentialsProvider credentialsProvider,
        EncryptionMaterialsProvider kekMaterialsProvider,
        ClientConfiguration clientConfig,
        CryptoConfiguration cryptoConfig) {
    this(credentialsProvider, kekMaterialsProvider, clientConfig,
            cryptoConfig,
            null    // request metric collector
    );
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCredentials(AWSCredentialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCryptoConfiguration(CryptoConfiguration)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withClientConfiguration(ClientConfiguration)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withMetricsCollector(RequestMetricCollector)}
 */
@Deprecated
public AmazonS3EncryptionClient(
        AWSCredentialsProvider credentialsProvider,
        EncryptionMaterialsProvider kekMaterialsProvider,
        ClientConfiguration clientConfig,
        CryptoConfiguration cryptoConfig,
        RequestMetricCollector requestMetricCollector) {
    this(null, // KMS client
        credentialsProvider, kekMaterialsProvider, clientConfig,
        cryptoConfig, requestMetricCollector);
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * Creates and returns a new instance of AWS KMS client in the case when
 * an explicit AWS KMS client is not specified.
 */
private AWSKMSClient newAWSKMSClient(
        AWSCredentialsProvider credentialsProvider,
        ClientConfiguration clientConfig,
        CryptoConfiguration cryptoConfig,
        RequestMetricCollector requestMetricCollector
) {
    final AWSKMSClient kmsClient = new AWSKMSClient(
        credentialsProvider, clientConfig, requestMetricCollector);
    final Region kmsRegion = cryptoConfig.getAwsKmsRegion();
    if (kmsRegion != null)
        kmsClient.setRegion(kmsRegion);
    return kmsClient;
}
项目:cerberus-management-service    文件:CmsEnvPropertiesLoader.java   
public CmsEnvPropertiesLoader(final String bucketName, final String region, final String kmsKeyId) {
    final KMSEncryptionMaterialsProvider materialProvider =
            new KMSEncryptionMaterialsProvider(kmsKeyId);

    this.s3Client =
            new AmazonS3EncryptionClient(
                    new DefaultAWSCredentialsProviderChain(),
                    materialProvider,
                    new CryptoConfiguration()
                            .withAwsKmsRegion(Region.getRegion(
                                    Regions.fromName(region))))
                    .withRegion(Region.getRegion(Regions.fromName(region)));

    this.bucketName = bucketName;
}
项目:aws-doc-sdk-examples    文件:S3Encrypt.java   
/**
 * Non-authenticated encryption schemes can do range GETs without an issue.
 */
public void encryptionOnly_RangeGet_CustomerManagedKey() throws NoSuchAlgorithmException {
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder
            .standard()
            .withRegion(Regions.US_WEST_2)
            .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly))
            .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey)))
            .build();

    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    System.out.println(s3Encryption.getObject(new GetObjectRequest(BUCKET_NAME, ENCRYPTED_KEY)
                                                      .withRange(0, 2)));
}
项目:cerberus-lifecycle-cli    文件:RestoreCerberusBackupOperation.java   
private S3StoreService getS3EncryptionStoreService(String cmkId,
                                                   RestoreCerberusBackupCommand command) {

    Region region = Region.getRegion(Regions.fromName(command.getS3Region()));
    KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(cmkId);
    AmazonS3EncryptionClient encryptionClient =
            new AmazonS3EncryptionClient(
                    new DefaultAWSCredentialsProviderChain(),
                    materialProvider,
                    new CryptoConfiguration()
                            .withAwsKmsRegion(region))
                    .withRegion(region);

    return new S3StoreService(encryptionClient, command.getS3Bucket(), command.getS3Prefix());
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClientParamsWrapper.java   
@Override
CryptoConfiguration getCryptoConfiguration() {
    return cryptoConfiguration;
}
项目:ibm-cos-sdk-java    文件:CryptoModuleDispatcher.java   
public CryptoModuleDispatcher(AWSKMS kms, S3Direct s3,
                              AWSCredentialsProvider credentialsProvider,
                              EncryptionMaterialsProvider encryptionMaterialsProvider,
                              CryptoConfiguration cryptoConfig) {
    cryptoConfig = cryptoConfig.clone();    // make a clone
    CryptoMode cryptoMode = cryptoConfig.getCryptoMode();
    if (cryptoMode == null) {
        cryptoMode = EncryptionOnly;
        cryptoConfig.setCryptoMode(cryptoMode); // defaults to EO
    }
    cryptoConfig = cryptoConfig.readOnly(); // make read-only
    this.defaultCryptoMode = cryptoConfig.getCryptoMode();
    switch(this.defaultCryptoMode) {
        case StrictAuthenticatedEncryption:
            this.ae = new S3CryptoModuleAEStrict(kms, s3, credentialsProvider,
                    encryptionMaterialsProvider,
                    cryptoConfig);
            this.eo = null;
            break;
        case AuthenticatedEncryption:
            this.ae = new S3CryptoModuleAE(kms, s3, credentialsProvider,
                    encryptionMaterialsProvider,
                    cryptoConfig);
            this.eo = null;
            break;
        case EncryptionOnly:
            this.eo = new S3CryptoModuleEO(kms, s3, credentialsProvider,
                    encryptionMaterialsProvider,
                    cryptoConfig);
            CryptoConfiguration aeConfig = cryptoConfig.clone();
            try {
                aeConfig.setCryptoMode(AuthenticatedEncryption);
            } catch(UnsupportedOperationException ex) {
                // BC not available during runtime; but EO can still work.
                // Hence ignoring.
            }
            this.ae = new S3CryptoModuleAE(kms, s3, credentialsProvider,
                encryptionMaterialsProvider,
                aeConfig.readOnly());
            break;
        default:
            throw new IllegalStateException();
    }
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * <p>
 * Constructs a new Amazon S3 Encryption client that will make <b>anonymous</b>
 * requests to Amazon S3.  If {@link #getObject(String, String)} is called,
 * the object contents will be decrypted with the encryption materials provided.
 * </p>
 * <p>
 * Only a subset of the Amazon S3 API will work with anonymous
 * <i>(i.e. unsigned)</i> requests, but this can prove useful in some situations.
 * For example:
 * <ul>
 *  <li>If an Amazon S3 bucket has {@link Permission#Read} permission for the
 *  {@link GroupGrantee#AllUsers} group, anonymous clients can call
 *  {@link #listObjects(String)} to see what objects are stored in a bucket.</li>
 *  <li>If an object has {@link Permission#Read} permission for the
 *  {@link GroupGrantee#AllUsers} group, anonymous clients can call
 *  {@link #getObject(String, String)} and
 *  {@link #getObjectMetadata(String, String)} to pull object content and
 *  metadata.</li>
 *  <li>If a bucket has {@link Permission#Write} permission for the
 *  {@link GroupGrantee#AllUsers} group, anonymous clients can upload objects
 *  to the bucket.</li>
 * </ul>
 * </p>
 *
 * @param encryptionMaterialsProvider
 *            A provider for the encryption materials to be used to encrypt and decrypt data.
 * @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)}
 */
@Deprecated
public AmazonS3EncryptionClient(
        EncryptionMaterialsProvider encryptionMaterialsProvider) {

    this(new StaticCredentialsProvider(new AnonymousAWSCredentials()),
            encryptionMaterialsProvider,
            configFactory.getConfig(), new CryptoConfiguration());
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * <p>
 * Constructs a new Amazon S3 Encryption client that will make <b>anonymous</b>
 * requests to Amazon S3.  If {@link #getObject(String, String)} is called,
 * the object contents will be decrypted with the encryption materials provided.
 * The encryption implementation of the provided crypto provider will be
 * used to encrypt and decrypt data.
 * </p>
 * <p>
 * Only a subset of the Amazon S3 API will work with anonymous
 * <i>(i.e. unsigned)</i> requests, but this can prove useful in some situations.
 * For example:
 * <ul>
 *  <li>If an Amazon S3 bucket has {@link Permission#Read} permission for the
 *  {@link GroupGrantee#AllUsers} group, anonymous clients can call
 *  {@link #listObjects(String)} to see what objects are stored in a bucket.</li>
 *  <li>If an object has {@link Permission#Read} permission for the
 *  {@link GroupGrantee#AllUsers} group, anonymous clients can call
 *  {@link #getObject(String, String)} and
 *  {@link #getObjectMetadata(String, String)} to pull object content and
 *  metadata.</li>
 *  <li>If a bucket has {@link Permission#Write} permission for the
 *  {@link GroupGrantee#AllUsers} group, anonymous clients can upload objects
 *  to the bucket.</li>
 * </ul>
 * </p>
 *
 * @param encryptionMaterials
 *              The encryption materials to be used to encrypt and decrypt data.
 * @param cryptoConfig
 *                The crypto configuration whose parameters will be used to encrypt and decrypt data.
 * @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCryptoConfiguration(CryptoConfiguration)}
 */
@Deprecated
public AmazonS3EncryptionClient(EncryptionMaterials encryptionMaterials,
        CryptoConfiguration cryptoConfig) {
    this(new StaticEncryptionMaterialsProvider(encryptionMaterials),
            cryptoConfig);
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * <p>
 * Constructs a new Amazon S3 Encryption client that will make <b>anonymous</b>
 * requests to Amazon S3.  If {@link #getObject(String, String)} is called,
 * the object contents will be decrypted with the encryption materials provided.
 * The encryption implementation of the provided crypto provider will be
 * used to encrypt and decrypt data.
 * </p>
 * <p>
 * Only a subset of the Amazon S3 API will work with anonymous
 * <i>(i.e. unsigned)</i> requests, but this can prove useful in some situations.
 * For example:
 * <ul>
 *  <li>If an Amazon S3 bucket has {@link Permission#Read} permission for the
 *  {@link GroupGrantee#AllUsers} group, anonymous clients can call
 *  {@link #listObjects(String)} to see what objects are stored in a bucket.</li>
 *  <li>If an object has {@link Permission#Read} permission for the
 *  {@link GroupGrantee#AllUsers} group, anonymous clients can call
 *  {@link #getObject(String, String)} and
 *  {@link #getObjectMetadata(String, String)} to pull object content and
 *  metadata.</li>
 *  <li>If a bucket has {@link Permission#Write} permission for the
 *  {@link GroupGrantee#AllUsers} group, anonymous clients can upload objects
 *  to the bucket.</li>
 * </ul>
 * </p>
 *
 * @param encryptionMaterialsProvider
 *            A provider for the encryption materials to be used to encrypt and decrypt data.
 * @param cryptoConfig
 *            The crypto configuration whose parameters will be used to encrypt and decrypt data.
 * @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCryptoConfiguration(CryptoConfiguration)}
 */
@Deprecated
public AmazonS3EncryptionClient(
        EncryptionMaterialsProvider encryptionMaterialsProvider,
        CryptoConfiguration cryptoConfig) {

    this(new StaticCredentialsProvider(new AnonymousAWSCredentials()),
            encryptionMaterialsProvider,
            configFactory.getConfig(), cryptoConfig);
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * <p>
 * Constructs a new Amazon S3 Encryption client using the specified AWS credentials to
 * access Amazon S3.  Object contents will be encrypted and decrypted with the encryption
 * materials provided.
 * </p>
 *
 * @param credentials
 *            The AWS credentials to use when making requests to Amazon S3
 *            with this client.
 * @param encryptionMaterialsProvider
 *            A provider for the encryption materials to be used to encrypt and decrypt data.
 * @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCredentials(AWSCredentialsProvider)}
 */
@Deprecated
public AmazonS3EncryptionClient(AWSCredentials credentials,
        EncryptionMaterialsProvider encryptionMaterialsProvider) {
    this(credentials, encryptionMaterialsProvider,
            configFactory.getConfig(), new CryptoConfiguration());
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * <p>
 * Constructs a new Amazon S3 Encryption client using the specified AWS credentials to
 * access Amazon S3.  Object contents will be encrypted and decrypted with the encryption
 * materials provided.
 * </p>
 *
 * @param credentialsProvider
 *            The AWS credentials provider which will provide credentials
 *            to authenticate requests with AWS services.
 * @param encryptionMaterialsProvider
 *            A provider for the encryption materials to be used to encrypt and decrypt data.
 * @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCredentials(AWSCredentialsProvider)}
 */
@Deprecated
public AmazonS3EncryptionClient(
        AWSCredentialsProvider credentialsProvider,
        EncryptionMaterialsProvider encryptionMaterialsProvider) {
    this(credentialsProvider, encryptionMaterialsProvider,
            configFactory.getConfig(), new CryptoConfiguration());
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * <p>
 * Constructs a new Amazon S3 Encryption client using the specified AWS credentials to
 * access Amazon S3.  Object contents will be encrypted and decrypted with the encryption
 * materials provided.  The encryption implementation of the provided crypto provider will
 * be used to encrypt and decrypt data.
 * </p>
 *
 * @param credentials
 *            The AWS credentials to use when making requests to Amazon S3
 *            with this client.
 * @param encryptionMaterials
 *            The encryption materials to be used to encrypt and decrypt data.
 * @param cryptoConfig
 *            The crypto configuration whose parameters will be used to encrypt and decrypt data.
 * @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCredentials(AWSCredentialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCryptoConfiguration(CryptoConfiguration)}
 */
@Deprecated
public AmazonS3EncryptionClient(AWSCredentials credentials,
        EncryptionMaterials encryptionMaterials,
        CryptoConfiguration cryptoConfig) {
    this(credentials, new StaticEncryptionMaterialsProvider(
            encryptionMaterials), cryptoConfig);
}
项目:ibm-cos-sdk-java    文件:AmazonS3EncryptionClient.java   
/**
 * <p>
 * Constructs a new Amazon S3 Encryption client using the specified AWS credentials to
 * access Amazon S3.  Object contents will be encrypted and decrypted with the encryption
 * materials provided.  The encryption implementation of the provided crypto provider will
 * be used to encrypt and decrypt data.
 * </p>
 *
 * @param credentials
 *            The AWS credentials to use when making requests to Amazon S3
 *            with this client.
 * @param encryptionMaterialsProvider
 *            A provider for the encryption materials to be used to encrypt and decrypt data.
 * @param cryptoConfig
 *            The crypto configuration whose parameters will be used to encrypt and decrypt data.
 * @deprecated use {@link AmazonS3EncryptionClientBuilder#withEncryptionMaterials(EncryptionMaterialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCredentials(AWSCredentialsProvider)} and
 *                 {@link AmazonS3EncryptionClientBuilder#withCryptoConfiguration(CryptoConfiguration)}
 */
@Deprecated
public AmazonS3EncryptionClient(AWSCredentials credentials,
        EncryptionMaterialsProvider encryptionMaterialsProvider,
        CryptoConfiguration cryptoConfig) {
    this(credentials, encryptionMaterialsProvider,
            configFactory.getConfig(), cryptoConfig);
}