com.amazonaws.services.kms.model.KeyMetadata Java Examples
The following examples show how to use
com.amazonaws.services.kms.model.KeyMetadata.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: IntegrationTestHelper.java From strongbox with Apache License 2.0 | 6 votes |
private static void cleanUpKMSKeys(Regions testRegion, String testResourcePrefix, Date createdBeforeThreshold, AWSCredentialsProvider awsCredentials) { LOG.info("Cleaning KMS..."); AWSKMS kmsClient = AWSKMSClientBuilder.standard() .withCredentials(awsCredentials) .withRegion(testRegion) .build(); List<AliasListEntry> keys = kmsClient.listAliases().getAliases(); for (AliasListEntry entry: keys) { if (!entry.getAliasName().startsWith("alias/" + testResourcePrefix)) { continue; } DescribeKeyRequest request = new DescribeKeyRequest().withKeyId(entry.getTargetKeyId()); KeyMetadata metadata = kmsClient.describeKey(request).getKeyMetadata(); if (KMSKeyState.fromString(metadata.getKeyState()) != KMSKeyState.PENDING_DELETION && metadata.getCreationDate().before(createdBeforeThreshold)) { LOG.info("Scheduling KMS key for deletion:" + entry.getAliasName()); scheduleKeyDeletion(kmsClient, entry); } } }
Example #2
Source File: KMSManagerTest.java From strongbox with Apache License 2.0 | 6 votes |
@Test public void testCreate() throws Exception { // Mocks the responses from AWS. CreateKeyRequest createKeyRequest = new CreateKeyRequest().withDescription( "This key is automatically managed by Strongbox"); CreateKeyResult createKeyResult = new CreateKeyResult().withKeyMetadata(new KeyMetadata().withArn(KMS_ARN)); CreateAliasRequest createAliasRequest = new CreateAliasRequest().withAliasName(ALIAS_KEY_NAME).withTargetKeyId(KMS_ARN); when(mockKMSClient.describeKey(describeKeyRequest)) .thenThrow(NotFoundException.class) .thenThrow(NotFoundException.class) // still waiting for creation .thenReturn(enabledKeyResult()); when(mockKMSClient.createKey(createKeyRequest)).thenReturn(createKeyResult); // Check the result from create method. String arn = kmsManager.create(); assertEquals(arn, KMS_ARN); // Verify correct number of calls was made to AWS. verify(mockKMSClient, times(3)).describeKey(describeKeyRequest); verify(mockKMSClient, times(1)).createAlias(createAliasRequest); verify(mockKMSClient, times(1)).createKey(createKeyRequest); }
Example #3
Source File: KmsServiceTest.java From cerberus with Apache License 2.0 | 5 votes |
@Test public void test_validatePolicy_validates_policy_when_validate_interval_has_passed() { String kmsKeyArn = "kms key arn"; String awsIamRoleRecordId = "aws iam role record id"; String kmsCMKRegion = "kmsCMKRegion"; String policy = "policy"; OffsetDateTime lastValidated = OffsetDateTime.of(2016, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC); OffsetDateTime now = OffsetDateTime.now(); AWSKMSClient client = mock(AWSKMSClient.class); when(client.describeKey(anyObject())) .thenReturn( new DescribeKeyResult() .withKeyMetadata(new KeyMetadata().withKeyState(KeyState.Enabled))); when(kmsClientFactory.getClient(kmsCMKRegion)).thenReturn(client); GetKeyPolicyResult result = mock(GetKeyPolicyResult.class); when(result.getPolicy()).thenReturn(policy); when(client.getKeyPolicy( new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default"))) .thenReturn(result); when(kmsPolicyService.isPolicyValid(policy)).thenReturn(true); AwsIamRoleKmsKeyRecord kmsKey = mock(AwsIamRoleKmsKeyRecord.class); when(kmsKey.getAwsIamRoleId()).thenReturn(awsIamRoleRecordId); when(kmsKey.getAwsKmsKeyId()).thenReturn(kmsKeyArn); when(kmsKey.getAwsRegion()).thenReturn(kmsCMKRegion); when(kmsKey.getLastValidatedTs()).thenReturn(lastValidated); when(awsIamRoleDao.getKmsKey(awsIamRoleRecordId, kmsCMKRegion)).thenReturn(Optional.of(kmsKey)); when(dateTimeSupplier.get()).thenReturn(now); kmsService.validateKeyAndPolicy(kmsKey, kmsKeyArn); verify(client, times(1)) .getKeyPolicy(new GetKeyPolicyRequest().withKeyId(kmsKeyArn).withPolicyName("default")); verify(kmsPolicyService, times(1)).isPolicyValid(policy); }
Example #4
Source File: KmsServiceTest.java From cerberus with Apache License 2.0 | 5 votes |
@Test public void test_getKmsKeyState_happy() { String awsRegion = "aws region"; String kmsKeyId = "kms key id"; String state = "state"; AWSKMSClient kmsClient = mock(AWSKMSClient.class); when(kmsClientFactory.getClient(awsRegion)).thenReturn(kmsClient); when(kmsClient.describeKey(anyObject())) .thenReturn(new DescribeKeyResult().withKeyMetadata(new KeyMetadata().withKeyState(state))); String result = kmsService.getKmsKeyState(kmsKeyId, awsRegion); assertEquals(state, result); }
Example #5
Source File: ViewCustomerMasterKey.java From aws-doc-sdk-examples with Apache License 2.0 | 5 votes |
public static void main(String[] args) { final String USAGE = "To run this example, supply a key id or ARN\n" + "Usage: ViewCustomerMasterKey <key-id>\n" + "Example: ViewCustomerMasterKey 1234abcd-12ab-34cd-56ef-1234567890ab\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String keyId = args[0]; AWSKMS kmsClient = AWSKMSClientBuilder.standard().build(); // Describe a CMK DescribeKeyRequest req = new DescribeKeyRequest().withKeyId(keyId); DescribeKeyResult result = kmsClient.describeKey(req); KeyMetadata metadata = result.getKeyMetadata(); System.out.printf("%-15s %s%n", "KeyId:", keyId); System.out.printf("%-15s %s%n", "Arn:", metadata.getArn()); System.out.printf("%-15s %s%n", "CreationDate:", metadata.getCreationDate()); System.out.printf("%-15s %s%n", "Description:", metadata.getDescription()); System.out.printf("%-15s %s%n", "KeyUsage:", metadata.getKeyUsage()); System.out.printf("%-15s %s%n", "KeyState:", metadata.getKeyState()); System.out.printf("%-15s %s%n", "Origin:", metadata.getOrigin()); System.out.printf("%-15s %s%n", "KeyManager:", metadata.getKeyManager()); }
Example #6
Source File: MockKMSClient.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
@Override public CreateKeyResult createKey(CreateKeyRequest req) throws AmazonServiceException, AmazonClientException { String keyId = UUID.randomUUID().toString(); String arn = "arn:aws:kms:" + region_.getName() + ":" + ACCOUNT_ID + ":key/" + keyId; activeKeys.add(arn); keyAliases.put(keyId, arn); keyAliases.put(arn, arn); CreateKeyResult result = new CreateKeyResult(); result.setKeyMetadata(new KeyMetadata().withAWSAccountId(ACCOUNT_ID).withCreationDate(new Date()) .withDescription(req.getDescription()).withEnabled(true).withKeyId(keyId) .withKeyUsage(KeyUsageType.ENCRYPT_DECRYPT).withArn(arn)); return result; }
Example #7
Source File: MockKMSClient.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
@Override public DescribeKeyResult describeKey(DescribeKeyRequest arg0) throws AmazonServiceException, AmazonClientException { final String arn = retrieveArn(arg0.getKeyId()); final KeyMetadata keyMetadata = new KeyMetadata().withArn(arn).withKeyId(arn); final DescribeKeyResult describeKeyResult = new DescribeKeyResult().withKeyMetadata(keyMetadata); return describeKeyResult; }
Example #8
Source File: FakeKMS.java From aws-dynamodb-encryption-java with Apache License 2.0 | 5 votes |
@Override public CreateKeyResult createKey(CreateKeyRequest req) throws AmazonServiceException, AmazonClientException { String keyId = UUID.randomUUID().toString(); String arn = "arn:aws:testing:kms:" + ACCOUNT_ID + ":key/" + keyId; CreateKeyResult result = new CreateKeyResult(); result.setKeyMetadata(new KeyMetadata().withAWSAccountId(ACCOUNT_ID) .withCreationDate(new Date()).withDescription(req.getDescription()) .withEnabled(true).withKeyId(keyId).withKeyUsage(KeyUsageType.ENCRYPT_DECRYPT) .withArn(arn)); return result; }
Example #9
Source File: AwsPlatformResourcesTest.java From cloudbreak with Apache License 2.0 | 5 votes |
@Test public void collectEncryptionKeysWhenWeGetBackInfoThenItShouldReturnListWithElements() { ListKeysResult listKeysResult = new ListKeysResult(); Set<KeyListEntry> listEntries = new HashSet<>(); listEntries.add(keyListEntry(1)); listEntries.add(keyListEntry(2)); listEntries.add(keyListEntry(3)); listEntries.add(keyListEntry(4)); listKeysResult.setKeys(listEntries); DescribeKeyResult describeKeyResult = new DescribeKeyResult(); describeKeyResult.setKeyMetadata(new KeyMetadata()); ListAliasesResult describeAliasResult = new ListAliasesResult(); Set<AliasListEntry> aliasListEntries = new HashSet<>(); aliasListEntries.add(aliasListEntry(1)); aliasListEntries.add(aliasListEntry(2)); aliasListEntries.add(aliasListEntry(3)); aliasListEntries.add(aliasListEntry(4)); describeAliasResult.setAliases(aliasListEntries); when(awsClient.createAWSKMS(any(AwsCredentialView.class), anyString())).thenReturn(awskmsClient); when(awskmsClient.listKeys(any(ListKeysRequest.class))).thenReturn(listKeysResult); when(awskmsClient.describeKey(any(DescribeKeyRequest.class))).thenReturn(describeKeyResult); when(awskmsClient.listAliases(any(ListAliasesRequest.class))).thenReturn(describeAliasResult); CloudEncryptionKeys cloudEncryptionKeys = underTest.encryptionKeys(new CloudCredential("crn", "aws-credential"), region("London"), new HashMap<>()); Assert.assertEquals(4L, cloudEncryptionKeys.getCloudEncryptionKeys().size()); }
Example #10
Source File: IAMPolicyManagerTest.java From strongbox with Apache License 2.0 | 4 votes |
private DescribeKeyResult constructDescribeKeyResult() { KeyMetadata keyMetadata = new KeyMetadata().withArn(KMS_ARN); return new DescribeKeyResult().withKeyMetadata(keyMetadata); }
Example #11
Source File: KMSManagerTest.java From strongbox with Apache License 2.0 | 4 votes |
private static DescribeKeyResult constructDescribeKeyResult(KeyState state) { return new DescribeKeyResult().withKeyMetadata( new KeyMetadata().withKeyState(state).withArn(KMS_ARN)); }
Example #12
Source File: KmsServiceTest.java From cerberus with Apache License 2.0 | 4 votes |
@Test public void test_provisionKmsKey() { String iamRoleId = "role-id"; String awsRegion = "aws-region"; String user = "user"; OffsetDateTime dateTime = OffsetDateTime.now(); String policy = "policy"; String arn = "arn:aws:iam::12345678901234:role/some-role"; String awsIamRoleKmsKeyId = "awsIamRoleKmsKeyId"; when(uuidSupplier.get()).thenReturn(awsIamRoleKmsKeyId); when(kmsPolicyService.generateStandardKmsPolicy(arn)).thenReturn(policy); AWSKMSClient client = mock(AWSKMSClient.class); when(kmsClientFactory.getClient(awsRegion)).thenReturn(client); CreateKeyRequest request = new CreateKeyRequest(); request.setKeyUsage(KeyUsageType.ENCRYPT_DECRYPT); request.setDescription("Key used by Cerberus fakeEnv for IAM role authentication. " + arn); request.setPolicy(policy); request.setTags( Lists.newArrayList( new Tag().withTagKey("created_by").withTagValue(ARTIFACT + VERSION), new Tag().withTagKey("created_for").withTagValue("cerberus_auth"), new Tag().withTagKey("auth_principal").withTagValue(arn), new Tag().withTagKey("cerberus_env").withTagValue(ENV))); CreateKeyResult createKeyResult = mock(CreateKeyResult.class); KeyMetadata metadata = mock(KeyMetadata.class); when(metadata.getArn()).thenReturn(arn); when(createKeyResult.getKeyMetadata()).thenReturn(metadata); when(client.createKey(any())).thenReturn(createKeyResult); // invoke method under test String actualResult = kmsService.provisionKmsKey(iamRoleId, arn, awsRegion, user, dateTime).getAwsKmsKeyId(); assertEquals(arn, actualResult); CreateAliasRequest aliasRequest = new CreateAliasRequest(); aliasRequest.setAliasName(kmsService.getAliasName(awsIamRoleKmsKeyId, arn)); aliasRequest.setTargetKeyId(arn); verify(client).createAlias(aliasRequest); AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord(); awsIamRoleKmsKeyRecord.setId(awsIamRoleKmsKeyId); awsIamRoleKmsKeyRecord.setAwsIamRoleId(iamRoleId); awsIamRoleKmsKeyRecord.setAwsKmsKeyId(arn); awsIamRoleKmsKeyRecord.setAwsRegion(awsRegion); awsIamRoleKmsKeyRecord.setCreatedBy(user); awsIamRoleKmsKeyRecord.setLastUpdatedBy(user); awsIamRoleKmsKeyRecord.setCreatedTs(dateTime); awsIamRoleKmsKeyRecord.setLastUpdatedTs(dateTime); awsIamRoleKmsKeyRecord.setLastValidatedTs(dateTime); verify(awsIamRoleDao).createIamRoleKmsKey(awsIamRoleKmsKeyRecord); }
Example #13
Source File: KMSKeyVH.java From pacbot with Apache License 2.0 | 2 votes |
/** * Gets the key. * * @return the key */ public KeyMetadata getKey() { return key; }
Example #14
Source File: KMSKeyVH.java From pacbot with Apache License 2.0 | 2 votes |
/** * Sets the key. * * @param key the new key */ public void setKey(KeyMetadata key) { this.key = key; }