com.amazonaws.services.s3.model.EncryptionMaterials Java Examples

The following examples show how to use com.amazonaws.services.s3.model.EncryptionMaterials. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ClientSideCEncryptionStrategy.java    From nifi with Apache License 2.0 6 votes vote down vote up 
/**
 * Create an encryption client.
 *
 * @param credentialsProvider AWS credentials provider.
 * @param clientConfiguration Client configuration
 * @param kmsRegion not used by this encryption strategy
 * @param keyIdOrMaterial client master key, always base64 encoded
 * @return AWS S3 client
 */
@Override
public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String kmsRegion, String keyIdOrMaterial) {
    ValidationResult keyValidationResult = validateKey(keyIdOrMaterial);
    if (!keyValidationResult.isValid()) {
        throw new IllegalArgumentException("Invalid client key; " + keyValidationResult.getExplanation());
    }

    byte[] keyMaterial = Base64.decodeBase64(keyIdOrMaterial);
    SecretKeySpec symmetricKey = new SecretKeySpec(keyMaterial, "AES");
    StaticEncryptionMaterialsProvider encryptionMaterialsProvider = new StaticEncryptionMaterialsProvider(new EncryptionMaterials(symmetricKey));

    AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, encryptionMaterialsProvider);

    return client;
}
Example #2
Source File: RSAEncryptionMaterialsProvider.java    From emr-sample-apps with Apache License 2.0 5 votes vote down vote up 
@Override
public EncryptionMaterials getEncryptionMaterials(Map<String, String> materialsDescription) {
  if (materialsDescription == null
      || materialsDescription.get(CSE_RSA_NAME) == null
      || descValue.equals(materialsDescription.get(CSE_RSA_NAME))) {
    return this.encryptionMaterials;
  } else {
    throw new RuntimeException(
        String.format("RSA key pair (%s: %s) doesn't match with the materials description", CSE_RSA_NAME, descValue));
  }
}
Example #3
Source File: RSAEncryptionMaterialsProvider.java    From emr-sample-apps with Apache License 2.0 5 votes vote down vote up 
@Override
public EncryptionMaterials getEncryptionMaterials() {
  if (this.encryptionMaterials != null) {
    return this.encryptionMaterials;
  } else {
    throw new RuntimeException("RSA key pair is not initialized.");
  }
}
Example #4
Source File: TestPrestoS3FileSystem.java    From presto with Apache License 2.0 4 votes vote down vote up 
public TestEncryptionMaterialsProvider()
{
    encryptionMaterials = new EncryptionMaterials(new SecretKeySpec(new byte[] {1, 2, 3}, "AES"));
}
Example #5
Source File: TestPrestoS3FileSystem.java    From presto with Apache License 2.0 4 votes vote down vote up 
@Override
public EncryptionMaterials getEncryptionMaterials(Map<String, String> materialsDescription)
{
    return encryptionMaterials;
}
Example #6
Source File: TestPrestoS3FileSystem.java    From presto with Apache License 2.0 4 votes vote down vote up 
@Override
public EncryptionMaterials getEncryptionMaterials()
{
    return encryptionMaterials;
}
Example #7
Source File: SnowflakeS3Client.java    From snowflake-jdbc with Apache License 2.0 4 votes vote down vote up 
private void setupSnowflakeS3Client(Map<?, ?> stageCredentials,
                                    ClientConfiguration clientConfig,
                                    RemoteStoreFileEncryptionMaterial encMat,
                                    String stageRegion,
                                    String stageEndPoint)
throws SnowflakeSQLException
{
  // Save the client creation parameters so that we can reuse them,
  // to reset the AWS client. We won't save the awsCredentials since
  // we will be refreshing that, every time we reset the AWS client
  this.clientConfig = clientConfig;
  this.stageRegion = stageRegion;
  this.encMat = encMat;
  this.stageEndPoint = stageEndPoint; // FIPS endpoint, if needed

  logger.debug("Setting up AWS client ");

  // Retrieve S3 stage credentials
  String awsID = (String) stageCredentials.get("AWS_KEY_ID");
  String awsKey = (String) stageCredentials.get("AWS_SECRET_KEY");
  String awsToken = (String) stageCredentials.get("AWS_TOKEN");

  // initialize aws credentials
  AWSCredentials awsCredentials = (awsToken != null) ?
                                  new BasicSessionCredentials(awsID, awsKey, awsToken)
                                                     : new BasicAWSCredentials(awsID, awsKey);


  clientConfig.withSignerOverride("AWSS3V4SignerType");
  clientConfig.getApacheHttpClientConfig().setSslSocketFactory(
      getSSLConnectionSocketFactory());
  HttpUtil.setProxyForS3(clientConfig);
  AmazonS3Builder<?, ?> amazonS3Builder = AmazonS3Client.builder();
  if (encMat != null)
  {
    byte[] decodedKey = Base64.decode(encMat.getQueryStageMasterKey());
    encryptionKeySize = decodedKey.length * 8;

    if (encryptionKeySize == 256)
    {
      SecretKey queryStageMasterKey =
          new SecretKeySpec(decodedKey, 0, decodedKey.length, AES);
      EncryptionMaterials encryptionMaterials =
          new EncryptionMaterials(queryStageMasterKey);
      encryptionMaterials.addDescription("queryId",
                                         encMat.getQueryId());
      encryptionMaterials.addDescription("smkId",
                                         Long.toString(encMat.getSmkId()));
      CryptoConfiguration cryptoConfig =
          new CryptoConfiguration(CryptoMode.EncryptionOnly);

      amazonS3Builder = AmazonS3EncryptionClient.encryptionBuilder()
          .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
          .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(encryptionMaterials))
          .withClientConfiguration(clientConfig)
          .withCryptoConfiguration(cryptoConfig);

    }
    else if (encryptionKeySize == 128)
    {
      amazonS3Builder = AmazonS3Client.builder()
          .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
          .withClientConfiguration(clientConfig);
    }
    else
    {
      throw new SnowflakeSQLException(SqlState.INTERNAL_ERROR,
                                      ErrorCode.INTERNAL_ERROR.getMessageCode(),
                                      "unsupported key size", encryptionKeySize);
    }
  }
  else
  {
    amazonS3Builder = AmazonS3Client.builder()
        .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
        .withClientConfiguration(clientConfig);
  }

  if (stageRegion != null)
  {
    Region region = RegionUtils.getRegion(stageRegion);
    if (region != null)
    {
      amazonS3Builder.withRegion(region.getName());
    }
  }
  // Explicitly force to use virtual address style
  amazonS3Builder.withPathStyleAccessEnabled(false);

  amazonClient = (AmazonS3) amazonS3Builder.build();
  if (this.stageEndPoint != null && this.stageEndPoint != "")
  {
    // Set the FIPS endpoint if we need it. GS will tell us if we do by
    // giving us an endpoint to use if required and supported by the region.
    amazonClient.setEndpoint(this.stageEndPoint);
  }
}