com.amazonaws.services.kms.model.KeyUsageType Java Examples

The following examples show how to use com.amazonaws.services.kms.model.KeyUsageType. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: MockKMSClient.java    From aws-encryption-sdk-java with Apache License 2.0 5 votes vote down vote up
@Override
public CreateKeyResult createKey(CreateKeyRequest req) throws AmazonServiceException, AmazonClientException {
    String keyId = UUID.randomUUID().toString();
    String arn = "arn:aws:kms:" + region_.getName() + ":" + ACCOUNT_ID + ":key/" + keyId;
    activeKeys.add(arn);
    keyAliases.put(keyId, arn);
    keyAliases.put(arn, arn);
    CreateKeyResult result = new CreateKeyResult();
    result.setKeyMetadata(new KeyMetadata().withAWSAccountId(ACCOUNT_ID).withCreationDate(new Date())
            .withDescription(req.getDescription()).withEnabled(true).withKeyId(keyId)
            .withKeyUsage(KeyUsageType.ENCRYPT_DECRYPT).withArn(arn));
    return result;
}
 
Example #2
Source File: FakeKMS.java    From aws-dynamodb-encryption-java with Apache License 2.0 5 votes vote down vote up
@Override
public CreateKeyResult createKey(CreateKeyRequest req) throws AmazonServiceException,
        AmazonClientException {
    String keyId = UUID.randomUUID().toString();
    String arn = "arn:aws:testing:kms:" + ACCOUNT_ID + ":key/" + keyId;
    CreateKeyResult result = new CreateKeyResult();
    result.setKeyMetadata(new KeyMetadata().withAWSAccountId(ACCOUNT_ID)
            .withCreationDate(new Date()).withDescription(req.getDescription())
            .withEnabled(true).withKeyId(keyId).withKeyUsage(KeyUsageType.ENCRYPT_DECRYPT)
            .withArn(arn));
    return result;
}
 
Example #3
Source File: KmsServiceTest.java    From cerberus with Apache License 2.0 4 votes vote down vote up
@Test
public void test_provisionKmsKey() {

  String iamRoleId = "role-id";
  String awsRegion = "aws-region";
  String user = "user";
  OffsetDateTime dateTime = OffsetDateTime.now();

  String policy = "policy";
  String arn = "arn:aws:iam::12345678901234:role/some-role";

  String awsIamRoleKmsKeyId = "awsIamRoleKmsKeyId";

  when(uuidSupplier.get()).thenReturn(awsIamRoleKmsKeyId);
  when(kmsPolicyService.generateStandardKmsPolicy(arn)).thenReturn(policy);

  AWSKMSClient client = mock(AWSKMSClient.class);
  when(kmsClientFactory.getClient(awsRegion)).thenReturn(client);

  CreateKeyRequest request = new CreateKeyRequest();
  request.setKeyUsage(KeyUsageType.ENCRYPT_DECRYPT);
  request.setDescription("Key used by Cerberus fakeEnv for IAM role authentication. " + arn);
  request.setPolicy(policy);
  request.setTags(
      Lists.newArrayList(
          new Tag().withTagKey("created_by").withTagValue(ARTIFACT + VERSION),
          new Tag().withTagKey("created_for").withTagValue("cerberus_auth"),
          new Tag().withTagKey("auth_principal").withTagValue(arn),
          new Tag().withTagKey("cerberus_env").withTagValue(ENV)));

  CreateKeyResult createKeyResult = mock(CreateKeyResult.class);
  KeyMetadata metadata = mock(KeyMetadata.class);
  when(metadata.getArn()).thenReturn(arn);
  when(createKeyResult.getKeyMetadata()).thenReturn(metadata);
  when(client.createKey(any())).thenReturn(createKeyResult);

  // invoke method under test
  String actualResult =
      kmsService.provisionKmsKey(iamRoleId, arn, awsRegion, user, dateTime).getAwsKmsKeyId();

  assertEquals(arn, actualResult);

  CreateAliasRequest aliasRequest = new CreateAliasRequest();
  aliasRequest.setAliasName(kmsService.getAliasName(awsIamRoleKmsKeyId, arn));
  aliasRequest.setTargetKeyId(arn);
  verify(client).createAlias(aliasRequest);

  AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord();
  awsIamRoleKmsKeyRecord.setId(awsIamRoleKmsKeyId);
  awsIamRoleKmsKeyRecord.setAwsIamRoleId(iamRoleId);
  awsIamRoleKmsKeyRecord.setAwsKmsKeyId(arn);
  awsIamRoleKmsKeyRecord.setAwsRegion(awsRegion);
  awsIamRoleKmsKeyRecord.setCreatedBy(user);
  awsIamRoleKmsKeyRecord.setLastUpdatedBy(user);
  awsIamRoleKmsKeyRecord.setCreatedTs(dateTime);
  awsIamRoleKmsKeyRecord.setLastUpdatedTs(dateTime);
  awsIamRoleKmsKeyRecord.setLastValidatedTs(dateTime);
  verify(awsIamRoleDao).createIamRoleKmsKey(awsIamRoleKmsKeyRecord);
}