com.amazonaws.services.kms.model.EncryptResult Java Examples
The following examples show how to use
com.amazonaws.services.kms.model.EncryptResult.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KmsMasterKey.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
@Override public DataKey<KmsMasterKey> encryptDataKey(final CryptoAlgorithm algorithm, final Map<String, String> encryptionContext, final DataKey<?> dataKey) { final SecretKey key = dataKey.getKey(); if (!key.getFormat().equals("RAW")) { throw new IllegalArgumentException("Only RAW encoded keys are supported"); } try { final EncryptResult encryptResult = kms_.get().encrypt(updateUserAgent( new EncryptRequest() .withKeyId(id_) .withPlaintext(ByteBuffer.wrap(key.getEncoded())) .withEncryptionContext(encryptionContext) .withGrantTokens(grantTokens_))); final byte[] edk = new byte[encryptResult.getCiphertextBlob().remaining()]; encryptResult.getCiphertextBlob().get(edk); return new DataKey<>(dataKey.getKey(), edk, encryptResult.getKeyId().getBytes(StandardCharsets.UTF_8), this); } catch (final AmazonServiceException asex) { throw new AwsCryptoException(asex); } }
Example #2
Source File: MockKMSClient.java From aws-encryption-sdk-java with Apache License 2.0 | 6 votes |
@Override public GenerateDataKeyResult generateDataKey(GenerateDataKeyRequest req) throws AmazonServiceException, AmazonClientException { byte[] pt; if (req.getKeySpec() != null) { if (req.getKeySpec().contains("256")) { pt = new byte[32]; } else if (req.getKeySpec().contains("128")) { pt = new byte[16]; } else { throw new java.lang.UnsupportedOperationException(); } } else { pt = new byte[req.getNumberOfBytes()]; } rnd.nextBytes(pt); ByteBuffer ptBuff = ByteBuffer.wrap(pt); EncryptResult encryptResult = encrypt0(new EncryptRequest().withKeyId(req.getKeyId()).withPlaintext(ptBuff) .withEncryptionContext(req.getEncryptionContext())); String arn = retrieveArn(req.getKeyId()); return new GenerateDataKeyResult().withKeyId(arn).withCiphertextBlob(encryptResult.getCiphertextBlob()) .withPlaintext(ptBuff); }
Example #3
Source File: AsymmetricEncryptionAlgorithmTest.java From spring-cloud-config-aws-kms with Apache License 2.0 | 6 votes |
@Test void testEncrypt() { final byte[] cipherTextBytes = "bla".getBytes(); final String expectedCipherString = Base64.getEncoder().encodeToString(cipherTextBytes); doReturn(new EncryptResult().withCiphertextBlob(ByteBuffer.wrap(cipherTextBytes))) .when(mockKms).encrypt(any(EncryptRequest.class)); final String mySecret = "my-secret"; final String encryptedString = textEncryptor.encrypt(mySecret); assertThat(encryptedString).isEqualTo(expectedCipherString); final EncryptRequest encryptRequest = new EncryptRequest() .withEncryptionAlgorithm("RSAES_OAEP_SHA_1") .withKeyId("asymmetric-sha1-sample-key") .withPlaintext(ByteBuffer.wrap(mySecret.getBytes())); verify(mockKms).encrypt(eq(encryptRequest)); }
Example #4
Source File: ConfigServerTest.java From spring-cloud-config-aws-kms with Apache License 2.0 | 6 votes |
@Test void testEncryptEndpoint() { final String plainText = "some-plaintext"; final String cipherText = "cIpHeR"; doAnswer(invocation -> new EncryptResult().withCiphertextBlob(ByteBuffer.wrap(cipherText.getBytes()))) .when(mockKms).encrypt(any(EncryptRequest.class)); final ResponseEntity<String> response = rest.exchange( post(URI.create("/encrypt")) .contentType(APPLICATION_FORM_URLENCODED) .body(plainText), String.class); assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK); assertThat(response.getBody()).isEqualTo(Base64.getEncoder().encodeToString(cipherText.getBytes())); }
Example #5
Source File: ConfigServerTest.java From spring-cloud-config-aws-kms with Apache License 2.0 | 6 votes |
@Test void testDecryptEndpoint() { final String cipherText = Base64.getEncoder().encodeToString("cIpHeR".getBytes()); // Config Server does a "test" encrypt with the given key doAnswer(invocation -> new EncryptResult().withCiphertextBlob(ByteBuffer.wrap(cipherText.getBytes()))) .when(mockKms).encrypt(any(EncryptRequest.class)); final ResponseEntity<String> response = rest.exchange( post(URI.create("/decrypt")) .contentType(APPLICATION_FORM_URLENCODED) .body(cipherText), String.class); assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK); assertThat(response.getBody()).isEqualTo("Hello World"); }
Example #6
Source File: KmsTextEncryptorTest.java From spring-cloud-config-aws-kms with Apache License 2.0 | 6 votes |
@Before public void setUp() { mockKms = mock(AWSKMS.class); textEncryptor = new KmsTextEncryptor(mockKms, KMS_KEY_ID, SYMMETRIC_DEFAULT.toString()); expectedEncryptRequest = new EncryptRequest(); expectedEncryptRequest.setKeyId(KMS_KEY_ID); expectedEncryptRequest.setPlaintext(wrap(PLAINTEXT.getBytes())); expectedEncryptRequest.setEncryptionAlgorithm(SYMMETRIC_DEFAULT.toString()); encryptResult = new EncryptResult(); encryptResult.setCiphertextBlob(wrap(CIPHER_TEXT.getBytes())); when(mockKms.encrypt(any(EncryptRequest.class))).thenReturn(encryptResult); expectedDecryptRequest = new DecryptRequest(); expectedDecryptRequest.setCiphertextBlob(wrap(CIPHER_TEXT.getBytes())); expectedDecryptRequest.setEncryptionAlgorithm(SYMMETRIC_DEFAULT.toString()); decryptResult = new DecryptResult(); decryptResult.setPlaintext(wrap(PLAINTEXT.getBytes())); when(mockKms.decrypt(any(DecryptRequest.class))).thenReturn(decryptResult); }
Example #7
Source File: FakeKMS.java From aws-dynamodb-encryption-java with Apache License 2.0 | 6 votes |
@Override public GenerateDataKeyResult generateDataKey(GenerateDataKeyRequest req) throws AmazonServiceException, AmazonClientException { byte[] pt; if (req.getKeySpec() != null) { if (req.getKeySpec().contains("256")) { pt = new byte[32]; } else if (req.getKeySpec().contains("128")) { pt = new byte[16]; } else { throw new UnsupportedOperationException(); } } else { pt = new byte[req.getNumberOfBytes()]; } rnd.nextBytes(pt); ByteBuffer ptBuff = ByteBuffer.wrap(pt); EncryptResult encryptResult = encrypt(new EncryptRequest().withKeyId(req.getKeyId()) .withPlaintext(ptBuff).withEncryptionContext(req.getEncryptionContext())); return new GenerateDataKeyResult().withKeyId(req.getKeyId()) .withCiphertextBlob(encryptResult.getCiphertextBlob()).withPlaintext(ptBuff); }
Example #8
Source File: AuthenticationService.java From cerberus with Apache License 2.0 | 5 votes |
/** * Encrypts the data provided using KMS based on the provided region and key id. * * @param regionName Region where key is located * @param keyId Key id * @param data Data to be encrypted * @return encrypted data */ private byte[] encrypt(final String regionName, final String keyId, final byte[] data) { Region region; try { region = Region.getRegion(Regions.fromName(regionName)); } catch (IllegalArgumentException iae) { throw ApiException.newBuilder() .withApiErrors(DefaultApiError.AUTH_IAM_ROLE_AWS_REGION_INVALID) .withExceptionCause(iae) .build(); } final AWSKMSClient kmsClient = kmsClientFactory.getClient(region); try { final EncryptResult encryptResult = kmsClient.encrypt( new EncryptRequest().withKeyId(keyId).withPlaintext(ByteBuffer.wrap(data))); return encryptResult.getCiphertextBlob().array(); } catch (NotFoundException | KMSInvalidStateException keyNotUsableException) { throw new KeyInvalidForAuthException( String.format("Failed to encrypt token using KMS key with id: %s", keyId), keyNotUsableException); } catch (AmazonClientException ace) { throw ApiException.newBuilder() .withApiErrors(DefaultApiError.INTERNAL_SERVER_ERROR) .withExceptionCause(ace) .withExceptionMessage( String.format( "Unexpected error communicating with AWS KMS for region %s.", regionName)) .build(); } }
Example #9
Source File: MockKMSClient.java From aws-encryption-sdk-java with Apache License 2.0 | 5 votes |
private EncryptResult encrypt0(EncryptRequest req) throws AmazonServiceException, AmazonClientException { final byte[] cipherText = new byte[512]; rnd.nextBytes(cipherText); DecryptResult dec = new DecryptResult(); dec.withKeyId(retrieveArn(req.getKeyId())).withPlaintext(req.getPlaintext().asReadOnlyBuffer()); ByteBuffer ctBuff = ByteBuffer.wrap(cipherText); results_.put(new DecryptMapKey(ctBuff, req.getEncryptionContext()), dec); String arn = retrieveArn(req.getKeyId()); return new EncryptResult().withCiphertextBlob(ctBuff).withKeyId(arn); }
Example #10
Source File: FakeKMS.java From aws-dynamodb-encryption-java with Apache License 2.0 | 5 votes |
@Override public EncryptResult encrypt(EncryptRequest req) throws AmazonServiceException, AmazonClientException { final byte[] cipherText = new byte[512]; rnd.nextBytes(cipherText); DecryptResult dec = new DecryptResult(); dec.withKeyId(req.getKeyId()).withPlaintext(req.getPlaintext().asReadOnlyBuffer()); ByteBuffer ctBuff = ByteBuffer.wrap(cipherText); results_.put(new DecryptMapKey(ctBuff, req.getEncryptionContext()), dec); return new EncryptResult().withCiphertextBlob(ctBuff).withKeyId(req.getKeyId()); }
Example #11
Source File: MockKMSClient.java From aws-encryption-sdk-java with Apache License 2.0 | 4 votes |
@Override public EncryptResult encrypt(EncryptRequest req) throws AmazonServiceException, AmazonClientException { // We internally delegate to encrypt, so as to avoid mockito detecting extra calls to encrypt when spying on the // MockKMSClient, we put the real logic into a separate function. return encrypt0(req); }
Example #12
Source File: EmrOperatorFactory.java From digdag with Apache License 2.0 | 4 votes |
private String kmsEncrypt(String value) { String kmsKeyId = context.getSecrets().getSecret("aws.emr.kms_key_id"); EncryptResult result = kms.encrypt(new EncryptRequest().withKeyId(kmsKeyId).withPlaintext(UTF_8.encode(value))); return base64(result.getCiphertextBlob()); }