com.amazonaws.services.kms.model.CreateAliasRequest Java Examples

The following examples show how to use com.amazonaws.services.kms.model.CreateAliasRequest. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KMSManagerTest.java    From strongbox with Apache License 2.0 6 votes vote down vote up 
@Test
public void testCreate() throws Exception {
    // Mocks the responses from AWS.
    CreateKeyRequest createKeyRequest = new CreateKeyRequest().withDescription(
            "This key is automatically managed by Strongbox");
    CreateKeyResult createKeyResult = new CreateKeyResult().withKeyMetadata(new KeyMetadata().withArn(KMS_ARN));
    CreateAliasRequest createAliasRequest = new CreateAliasRequest().withAliasName(ALIAS_KEY_NAME).withTargetKeyId(KMS_ARN);

    when(mockKMSClient.describeKey(describeKeyRequest))
            .thenThrow(NotFoundException.class)
            .thenThrow(NotFoundException.class)  // still waiting for creation
            .thenReturn(enabledKeyResult());
    when(mockKMSClient.createKey(createKeyRequest)).thenReturn(createKeyResult);

    // Check the result from create method.
    String arn = kmsManager.create();
    assertEquals(arn, KMS_ARN);

    // Verify correct number of calls was made to AWS.
    verify(mockKMSClient, times(3)).describeKey(describeKeyRequest);
    verify(mockKMSClient, times(1)).createAlias(createAliasRequest);
    verify(mockKMSClient, times(1)).createKey(createKeyRequest);
}
Example #2
Source File: CreateAlias.java    From aws-doc-sdk-examples with Apache License 2.0 6 votes vote down vote up 
public static void main(String[] args) {
    final String USAGE =
        "To run this example, supply a key id or ARN and an alias name\n" +
        "Usage: CreateAlias <key-id> <alias-name>\n" +
        "Example: CreateAlias 1234abcd-12ab-34cd-56ef-1234567890ab " +
        "alias/projectKey1\n";

    if (args.length != 2) {
        System.out.println(USAGE);
        System.exit(1);
    }

    String targetKeyId = args[0];
    String aliasName = args[1];

    AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();

    // Create an alias for a CMK

    CreateAliasRequest req = new CreateAliasRequest().withAliasName(aliasName).withTargetKeyId(targetKeyId);
    kmsClient.createAlias(req);
}
Example #3
Source File: KMSProviderBuilderMockTests.java    From aws-encryption-sdk-java with Apache License 2.0 6 votes vote down vote up 
@Test
public void testBareAliasMapping() {
    MockKMSClient client = spy(new MockKMSClient());

    RegionalClientSupplier supplier = mock(RegionalClientSupplier.class);
    when(supplier.getClient(notNull())).thenReturn(client);

    String key1 = client.createKey().getKeyMetadata().getKeyId();
    client.createAlias(new CreateAliasRequest()
                               .withAliasName("foo")
                               .withTargetKeyId(key1)
    );

    KmsMasterKeyProvider mkp0 = KmsMasterKeyProvider.builder()
                                                    .withKeysForEncryption("alias/foo")
                                                    .withCustomClientFactory(supplier)
                                                    .withDefaultRegion("us-west-2")
                                                    .build();

    new AwsCrypto().encryptData(mkp0, new byte[0]);
}
Example #4
Source File: KMSProviderBuilderMockTests.java    From aws-encryption-sdk-java with Apache License 2.0 6 votes vote down vote up 
@Test
public void testBareAliasMapping_withLegacyCtor() {
    MockKMSClient client = spy(new MockKMSClient());

    RegionalClientSupplier supplier = mock(RegionalClientSupplier.class);
    when(supplier.getClient(any())).thenReturn(client);

    String key1 = client.createKey().getKeyMetadata().getKeyId();
    client.createAlias(new CreateAliasRequest()
        .withAliasName("foo")
        .withTargetKeyId(key1)
    );

    KmsMasterKeyProvider mkp0 = new KmsMasterKeyProvider(
            client, Region.getRegion(Regions.DEFAULT_REGION), Arrays.asList("alias/foo")
    );

    new AwsCrypto().encryptData(mkp0, new byte[0]);
}
Example #5
Source File: MockKMSClient.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up 
@Override
public CreateAliasResult createAlias(CreateAliasRequest arg0) throws AmazonServiceException, AmazonClientException {
    assertExists(arg0.getTargetKeyId());

    keyAliases.put(
            "alias/" + arg0.getAliasName(),
            keyAliases.get(arg0.getTargetKeyId())
    );

    return new CreateAliasResult();
}
Example #6
Source File: KmsServiceTest.java    From cerberus with Apache License 2.0 4 votes vote down vote up 
@Test
public void test_provisionKmsKey() {

  String iamRoleId = "role-id";
  String awsRegion = "aws-region";
  String user = "user";
  OffsetDateTime dateTime = OffsetDateTime.now();

  String policy = "policy";
  String arn = "arn:aws:iam::12345678901234:role/some-role";

  String awsIamRoleKmsKeyId = "awsIamRoleKmsKeyId";

  when(uuidSupplier.get()).thenReturn(awsIamRoleKmsKeyId);
  when(kmsPolicyService.generateStandardKmsPolicy(arn)).thenReturn(policy);

  AWSKMSClient client = mock(AWSKMSClient.class);
  when(kmsClientFactory.getClient(awsRegion)).thenReturn(client);

  CreateKeyRequest request = new CreateKeyRequest();
  request.setKeyUsage(KeyUsageType.ENCRYPT_DECRYPT);
  request.setDescription("Key used by Cerberus fakeEnv for IAM role authentication. " + arn);
  request.setPolicy(policy);
  request.setTags(
      Lists.newArrayList(
          new Tag().withTagKey("created_by").withTagValue(ARTIFACT + VERSION),
          new Tag().withTagKey("created_for").withTagValue("cerberus_auth"),
          new Tag().withTagKey("auth_principal").withTagValue(arn),
          new Tag().withTagKey("cerberus_env").withTagValue(ENV)));

  CreateKeyResult createKeyResult = mock(CreateKeyResult.class);
  KeyMetadata metadata = mock(KeyMetadata.class);
  when(metadata.getArn()).thenReturn(arn);
  when(createKeyResult.getKeyMetadata()).thenReturn(metadata);
  when(client.createKey(any())).thenReturn(createKeyResult);

  // invoke method under test
  String actualResult =
      kmsService.provisionKmsKey(iamRoleId, arn, awsRegion, user, dateTime).getAwsKmsKeyId();

  assertEquals(arn, actualResult);

  CreateAliasRequest aliasRequest = new CreateAliasRequest();
  aliasRequest.setAliasName(kmsService.getAliasName(awsIamRoleKmsKeyId, arn));
  aliasRequest.setTargetKeyId(arn);
  verify(client).createAlias(aliasRequest);

  AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord();
  awsIamRoleKmsKeyRecord.setId(awsIamRoleKmsKeyId);
  awsIamRoleKmsKeyRecord.setAwsIamRoleId(iamRoleId);
  awsIamRoleKmsKeyRecord.setAwsKmsKeyId(arn);
  awsIamRoleKmsKeyRecord.setAwsRegion(awsRegion);
  awsIamRoleKmsKeyRecord.setCreatedBy(user);
  awsIamRoleKmsKeyRecord.setLastUpdatedBy(user);
  awsIamRoleKmsKeyRecord.setCreatedTs(dateTime);
  awsIamRoleKmsKeyRecord.setLastUpdatedTs(dateTime);
  awsIamRoleKmsKeyRecord.setLastValidatedTs(dateTime);
  verify(awsIamRoleDao).createIamRoleKmsKey(awsIamRoleKmsKeyRecord);
}