com.amazonaws.services.s3.model.CryptoConfiguration Java Examples

The following examples show how to use com.amazonaws.services.s3.model.CryptoConfiguration. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ClientSideKMSEncryptionStrategy.java    From nifi with Apache License 2.0 6 votes vote down vote up
/**
 * Create an encryption client.
 *
 * @param credentialsProvider AWS credentials provider.
 * @param clientConfiguration Client configuration
 * @param kmsRegion AWS KMS region
 * @param keyIdOrMaterial KMS key id
 * @return AWS S3 client
 */
@Override
public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String kmsRegion, String keyIdOrMaterial) {
    KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(keyIdOrMaterial);
    boolean haveKmsRegion = StringUtils.isNotBlank(kmsRegion);

    CryptoConfiguration cryptoConfig = new CryptoConfiguration();
    if (haveKmsRegion) {
        Region awsRegion = Region.getRegion(Regions.fromName(kmsRegion));
        cryptoConfig.setAwsKmsRegion(awsRegion);
    }

    AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, materialProvider, cryptoConfig);

    return client;
}
 
Example #2
Source File: AwsS3Processor.java    From camel-quarkus with Apache License 2.0 4 votes vote down vote up
@BuildStep
RuntimeInitializedClassBuildItem cryptoConfiguration() {
    return new RuntimeInitializedClassBuildItem(CryptoConfiguration.class.getCanonicalName());
}
 
Example #3
Source File: SnowflakeS3Client.java    From snowflake-jdbc with Apache License 2.0 4 votes vote down vote up
private void setupSnowflakeS3Client(Map<?, ?> stageCredentials,
                                    ClientConfiguration clientConfig,
                                    RemoteStoreFileEncryptionMaterial encMat,
                                    String stageRegion,
                                    String stageEndPoint)
throws SnowflakeSQLException
{
  // Save the client creation parameters so that we can reuse them,
  // to reset the AWS client. We won't save the awsCredentials since
  // we will be refreshing that, every time we reset the AWS client
  this.clientConfig = clientConfig;
  this.stageRegion = stageRegion;
  this.encMat = encMat;
  this.stageEndPoint = stageEndPoint; // FIPS endpoint, if needed

  logger.debug("Setting up AWS client ");

  // Retrieve S3 stage credentials
  String awsID = (String) stageCredentials.get("AWS_KEY_ID");
  String awsKey = (String) stageCredentials.get("AWS_SECRET_KEY");
  String awsToken = (String) stageCredentials.get("AWS_TOKEN");

  // initialize aws credentials
  AWSCredentials awsCredentials = (awsToken != null) ?
                                  new BasicSessionCredentials(awsID, awsKey, awsToken)
                                                     : new BasicAWSCredentials(awsID, awsKey);


  clientConfig.withSignerOverride("AWSS3V4SignerType");
  clientConfig.getApacheHttpClientConfig().setSslSocketFactory(
      getSSLConnectionSocketFactory());
  HttpUtil.setProxyForS3(clientConfig);
  AmazonS3Builder<?, ?> amazonS3Builder = AmazonS3Client.builder();
  if (encMat != null)
  {
    byte[] decodedKey = Base64.decode(encMat.getQueryStageMasterKey());
    encryptionKeySize = decodedKey.length * 8;

    if (encryptionKeySize == 256)
    {
      SecretKey queryStageMasterKey =
          new SecretKeySpec(decodedKey, 0, decodedKey.length, AES);
      EncryptionMaterials encryptionMaterials =
          new EncryptionMaterials(queryStageMasterKey);
      encryptionMaterials.addDescription("queryId",
                                         encMat.getQueryId());
      encryptionMaterials.addDescription("smkId",
                                         Long.toString(encMat.getSmkId()));
      CryptoConfiguration cryptoConfig =
          new CryptoConfiguration(CryptoMode.EncryptionOnly);

      amazonS3Builder = AmazonS3EncryptionClient.encryptionBuilder()
          .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
          .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(encryptionMaterials))
          .withClientConfiguration(clientConfig)
          .withCryptoConfiguration(cryptoConfig);

    }
    else if (encryptionKeySize == 128)
    {
      amazonS3Builder = AmazonS3Client.builder()
          .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
          .withClientConfiguration(clientConfig);
    }
    else
    {
      throw new SnowflakeSQLException(SqlState.INTERNAL_ERROR,
                                      ErrorCode.INTERNAL_ERROR.getMessageCode(),
                                      "unsupported key size", encryptionKeySize);
    }
  }
  else
  {
    amazonS3Builder = AmazonS3Client.builder()
        .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
        .withClientConfiguration(clientConfig);
  }

  if (stageRegion != null)
  {
    Region region = RegionUtils.getRegion(stageRegion);
    if (region != null)
    {
      amazonS3Builder.withRegion(region.getName());
    }
  }
  // Explicitly force to use virtual address style
  amazonS3Builder.withPathStyleAccessEnabled(false);

  amazonClient = (AmazonS3) amazonS3Builder.build();
  if (this.stageEndPoint != null && this.stageEndPoint != "")
  {
    // Set the FIPS endpoint if we need it. GS will tell us if we do by
    // giving us an endpoint to use if required and supported by the region.
    amazonClient.setEndpoint(this.stageEndPoint);
  }
}