software.amazon.awssdk.services.kms.model.KeyMetadata Java Examples

The following examples show how to use software.amazon.awssdk.services.kms.model.KeyMetadata. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AwsKmsScanner.java    From clouditor with Apache License 2.0 6 votes vote down vote up 
@Override
protected Asset transform(KeyMetadata keyMetadata) throws ScanException {
  var asset = super.transform(keyMetadata);

  asset.setProperty(
      "keyRotationStatus",
      this.api
          .getKeyRotationStatus(
              GetKeyRotationStatusRequest.builder().keyId(keyMetadata.keyId()).build())
          .keyRotationEnabled());

  asset.setProperty(
      "keyPolicy",
      this.api
          .getKeyPolicy(GetKeyPolicyRequest.builder().keyId(keyMetadata.keyId()).build())
          .policy());

  return asset;
}
Example #2
Source File: AwsKmsScanner.java    From clouditor with Apache License 2.0 5 votes vote down vote up 
@Override
protected List<KeyMetadata> list() {
  /*
   * Filter out "master keys", since they are managed by AWS and no properties can be set for them.
   * An AWS master key can be identified as such, if the keyManager type of a key is "AWS".
   */
  return this.api.listKeys().keys().stream()
      .map(
          keyListEntry ->
              this.api
                  .describeKey(DescribeKeyRequest.builder().keyId(keyListEntry.keyId()).build())
                  .keyMetadata())
      .filter(keyMetadata -> keyMetadata.keyManager() != KeyManagerType.AWS)
      .collect(Collectors.toList());
}
Example #3
Source File: ServiceIntegrationTest.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up 
private static void checkValid_KeyMetadata(KeyMetadata kmd) {
    Assert.assertNotNull(kmd);

    Assert.assertNotNull(kmd.arn());
    Assert.assertNotNull(kmd.awsAccountId());
    Assert.assertNotNull(kmd.description());
    Assert.assertNotNull(kmd.keyId());
    Assert.assertNotNull(kmd.keyUsage());
    Assert.assertNotNull(kmd.creationDate());
    Assert.assertNotNull(kmd.enabled());
}
Example #4
Source File: FakeKMS.java    From aws-dynamodb-encryption-java with Apache License 2.0 5 votes vote down vote up 
@Override
public CreateKeyResponse createKey(CreateKeyRequest createKeyRequest) {
    String keyId = UUID.randomUUID().toString();
    String arn = "arn:aws:testing:kms:" + ACCOUNT_ID + ":key/" + keyId;
    return CreateKeyResponse.builder()
                            .keyMetadata(KeyMetadata.builder().awsAccountId(ACCOUNT_ID)
                                .creationDate(Instant.now())
                                .description(createKeyRequest.description())
                                .enabled(true)
                                .keyId(keyId)
                                .keyUsage(KeyUsageType.ENCRYPT_DECRYPT)
                                .arn(arn)
                                .build())
                            .build();
}
Example #5
Source File: AwsKmsScanner.java    From clouditor with Apache License 2.0 4 votes vote down vote up 
public AwsKmsScanner() {
  // TODO: name from tags?
  super(KmsClient::builder, KeyMetadata::arn, KeyMetadata::keyId);
}
Example #6
Source File: AwsKmsScannerTest.java    From clouditor with Apache License 2.0 4 votes vote down vote up 
@BeforeAll
static void setUpOnce() throws IOException {
  discoverAssets(
      KmsClient.class,
      AwsKmsScanner::new,
      api -> {
        when(api.listKeys())
            .thenReturn(
                ListKeysResponse.builder()
                    .keys(
                        KeyListEntry.builder().keyArn("key1").keyId("key1").build(),
                        KeyListEntry.builder().keyArn("key2").keyId("key2").build(),
                        KeyListEntry.builder().keyArn("key3").keyId("key3").build())
                    .build());

        when(api.describeKey(DescribeKeyRequest.builder().keyId("key1").build()))
            .thenReturn(
                DescribeKeyResponse.builder()
                    .keyMetadata(
                        KeyMetadata.builder()
                            .keyId("key1")
                            .arn("key1")
                            .origin(OriginType.EXTERNAL)
                            .build())
                    .build());

        when(api.getKeyRotationStatus(
                GetKeyRotationStatusRequest.builder().keyId("key1").build()))
            .thenReturn(GetKeyRotationStatusResponse.builder().keyRotationEnabled(true).build());

        when(api.describeKey(DescribeKeyRequest.builder().keyId("key2").build()))
            .thenReturn(
                DescribeKeyResponse.builder()
                    .keyMetadata(
                        KeyMetadata.builder()
                            .keyId("key2")
                            .arn("key2")
                            .origin(OriginType.AWS_KMS)
                            .build())
                    .build());

        when(api.getKeyRotationStatus(
                GetKeyRotationStatusRequest.builder().keyId("key2").build()))
            .thenReturn(GetKeyRotationStatusResponse.builder().keyRotationEnabled(false).build());

        when(api.describeKey(DescribeKeyRequest.builder().keyId("key3").build()))
            .thenReturn(
                DescribeKeyResponse.builder()
                    .keyMetadata(
                        KeyMetadata.builder()
                            .keyId("key3")
                            .arn("key3")
                            .origin(OriginType.AWS_KMS)
                            .keyManager(KeyManagerType.AWS)
                            .build())
                    .build());

        when(api.getKeyRotationStatus(
                GetKeyRotationStatusRequest.builder().keyId("key3").build()))
            .thenReturn(GetKeyRotationStatusResponse.builder().keyRotationEnabled(false).build());

        when(api.getKeyPolicy(ArgumentMatchers.any(GetKeyPolicyRequest.class)))
            .thenReturn(GetKeyPolicyResponse.builder().policy("my-policy").build());
      });
}