com.amazonaws.services.kms.model.CreateKeyResult Java Examples

The following examples show how to use com.amazonaws.services.kms.model.CreateKeyResult. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KMSManagerTest.java    From strongbox with Apache License 2.0 6 votes vote down vote up 
@Test
public void testCreate() throws Exception {
    // Mocks the responses from AWS.
    CreateKeyRequest createKeyRequest = new CreateKeyRequest().withDescription(
            "This key is automatically managed by Strongbox");
    CreateKeyResult createKeyResult = new CreateKeyResult().withKeyMetadata(new KeyMetadata().withArn(KMS_ARN));
    CreateAliasRequest createAliasRequest = new CreateAliasRequest().withAliasName(ALIAS_KEY_NAME).withTargetKeyId(KMS_ARN);

    when(mockKMSClient.describeKey(describeKeyRequest))
            .thenThrow(NotFoundException.class)
            .thenThrow(NotFoundException.class)  // still waiting for creation
            .thenReturn(enabledKeyResult());
    when(mockKMSClient.createKey(createKeyRequest)).thenReturn(createKeyResult);

    // Check the result from create method.
    String arn = kmsManager.create();
    assertEquals(arn, KMS_ARN);

    // Verify correct number of calls was made to AWS.
    verify(mockKMSClient, times(3)).describeKey(describeKeyRequest);
    verify(mockKMSClient, times(1)).createAlias(createAliasRequest);
    verify(mockKMSClient, times(1)).createKey(createKeyRequest);
}
Example #2
Source File: CreateCustomerMasterKey.java    From aws-doc-sdk-examples with Apache License 2.0 5 votes vote down vote up 
public static void main(String[] args) {
    AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();

    // Create a CMK

    String desc = "Key for protecting critical data";

    CreateKeyRequest req = new CreateKeyRequest().withDescription(desc);
    CreateKeyResult result = kmsClient.createKey(req);

    System.out.printf(
        "Created a customer master key with id \"%s\"%n",
        result.getKeyMetadata().getArn()
    );
}
Example #3
Source File: MockKMSClient.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up 
@Override
public CreateKeyResult createKey(CreateKeyRequest req) throws AmazonServiceException, AmazonClientException {
    String keyId = UUID.randomUUID().toString();
    String arn = "arn:aws:kms:" + region_.getName() + ":" + ACCOUNT_ID + ":key/" + keyId;
    activeKeys.add(arn);
    keyAliases.put(keyId, arn);
    keyAliases.put(arn, arn);
    CreateKeyResult result = new CreateKeyResult();
    result.setKeyMetadata(new KeyMetadata().withAWSAccountId(ACCOUNT_ID).withCreationDate(new Date())
            .withDescription(req.getDescription()).withEnabled(true).withKeyId(keyId)
            .withKeyUsage(KeyUsageType.ENCRYPT_DECRYPT).withArn(arn));
    return result;
}
Example #4
Source File: LocalstackContainerTest.java    From testcontainers-java with MIT License 5 votes vote down vote up 
@Test
public void kmsKeyCreationTest() {
    AWSKMS awskms = AWSKMSClientBuilder.standard()
        .withEndpointConfiguration(localstack.getEndpointConfiguration(KMS))
        .withCredentials(localstack.getDefaultCredentialsProvider())
        .build();

    String desc = String.format("AWS CMK Description");
    Tag createdByTag = new Tag().withTagKey("CreatedBy").withTagValue("StorageService");
    CreateKeyRequest req = new CreateKeyRequest().withDescription(desc).withTags(createdByTag);
    CreateKeyResult key = awskms.createKey(req);

    assertEquals("AWS KMS Customer Managed Key should be created ", key.getKeyMetadata().getDescription(), desc);
}
Example #5
Source File: FakeKMS.java    From aws-dynamodb-encryption-java with Apache License 2.0 5 votes vote down vote up 
@Override
public CreateKeyResult createKey(CreateKeyRequest req) throws AmazonServiceException,
        AmazonClientException {
    String keyId = UUID.randomUUID().toString();
    String arn = "arn:aws:testing:kms:" + ACCOUNT_ID + ":key/" + keyId;
    CreateKeyResult result = new CreateKeyResult();
    result.setKeyMetadata(new KeyMetadata().withAWSAccountId(ACCOUNT_ID)
            .withCreationDate(new Date()).withDescription(req.getDescription())
            .withEnabled(true).withKeyId(keyId).withKeyUsage(KeyUsageType.ENCRYPT_DECRYPT)
            .withArn(arn));
    return result;
}
Example #6
Source File: AbstractS3IT.java    From nifi with Apache License 2.0 5 votes vote down vote up 
protected static String getKMSKey() {
    CreateKeyRequest cmkRequest = new CreateKeyRequest().withDescription("CMK for unit tests");
    CreateKeyResult cmkResult = kmsClient.createKey(cmkRequest);

    GenerateDataKeyRequest dekRequest = new GenerateDataKeyRequest().withKeyId(cmkResult.getKeyMetadata().getKeyId()).withKeySpec("AES_128");
    GenerateDataKeyResult dekResult = kmsClient.generateDataKey(dekRequest);

    return dekResult.getKeyId();
}
Example #7
Source File: KmsServiceTest.java    From cerberus with Apache License 2.0 4 votes vote down vote up 
@Test
public void test_provisionKmsKey() {

  String iamRoleId = "role-id";
  String awsRegion = "aws-region";
  String user = "user";
  OffsetDateTime dateTime = OffsetDateTime.now();

  String policy = "policy";
  String arn = "arn:aws:iam::12345678901234:role/some-role";

  String awsIamRoleKmsKeyId = "awsIamRoleKmsKeyId";

  when(uuidSupplier.get()).thenReturn(awsIamRoleKmsKeyId);
  when(kmsPolicyService.generateStandardKmsPolicy(arn)).thenReturn(policy);

  AWSKMSClient client = mock(AWSKMSClient.class);
  when(kmsClientFactory.getClient(awsRegion)).thenReturn(client);

  CreateKeyRequest request = new CreateKeyRequest();
  request.setKeyUsage(KeyUsageType.ENCRYPT_DECRYPT);
  request.setDescription("Key used by Cerberus fakeEnv for IAM role authentication. " + arn);
  request.setPolicy(policy);
  request.setTags(
      Lists.newArrayList(
          new Tag().withTagKey("created_by").withTagValue(ARTIFACT + VERSION),
          new Tag().withTagKey("created_for").withTagValue("cerberus_auth"),
          new Tag().withTagKey("auth_principal").withTagValue(arn),
          new Tag().withTagKey("cerberus_env").withTagValue(ENV)));

  CreateKeyResult createKeyResult = mock(CreateKeyResult.class);
  KeyMetadata metadata = mock(KeyMetadata.class);
  when(metadata.getArn()).thenReturn(arn);
  when(createKeyResult.getKeyMetadata()).thenReturn(metadata);
  when(client.createKey(any())).thenReturn(createKeyResult);

  // invoke method under test
  String actualResult =
      kmsService.provisionKmsKey(iamRoleId, arn, awsRegion, user, dateTime).getAwsKmsKeyId();

  assertEquals(arn, actualResult);

  CreateAliasRequest aliasRequest = new CreateAliasRequest();
  aliasRequest.setAliasName(kmsService.getAliasName(awsIamRoleKmsKeyId, arn));
  aliasRequest.setTargetKeyId(arn);
  verify(client).createAlias(aliasRequest);

  AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord();
  awsIamRoleKmsKeyRecord.setId(awsIamRoleKmsKeyId);
  awsIamRoleKmsKeyRecord.setAwsIamRoleId(iamRoleId);
  awsIamRoleKmsKeyRecord.setAwsKmsKeyId(arn);
  awsIamRoleKmsKeyRecord.setAwsRegion(awsRegion);
  awsIamRoleKmsKeyRecord.setCreatedBy(user);
  awsIamRoleKmsKeyRecord.setLastUpdatedBy(user);
  awsIamRoleKmsKeyRecord.setCreatedTs(dateTime);
  awsIamRoleKmsKeyRecord.setLastUpdatedTs(dateTime);
  awsIamRoleKmsKeyRecord.setLastValidatedTs(dateTime);
  verify(awsIamRoleDao).createIamRoleKmsKey(awsIamRoleKmsKeyRecord);
}
Example #8
Source File: MockKMSClient.java    From aws-encryption-sdk-java with Apache License 2.0 4 votes vote down vote up 
@Override
public CreateKeyResult createKey() throws AmazonServiceException, AmazonClientException {
    return createKey(new CreateKeyRequest());
}
Example #9
Source File: FakeKMS.java    From aws-dynamodb-encryption-java with Apache License 2.0 4 votes vote down vote up 
@Override
public CreateKeyResult createKey() throws AmazonServiceException, AmazonClientException {
    return createKey(new CreateKeyRequest());
}