public static AWSKMSClientBuilder builder() { return AWSKMSClientBuilder.standard(); }
/** * @return Default client using the {@link com.amazonaws.auth.DefaultAWSCredentialsProviderChain} and * {@link com.amazonaws.regions.DefaultAwsRegionProviderChain} chain */ public static AWSKMS defaultClient() { return standard().build(); }
public static AWSKMSClientBuilder builder() { return AWSKMSClientBuilder.standard(); }
public static AWSKMSClientBuilder builder() { return AWSKMSClientBuilder.standard(); }
/** * @return Default client using the {@link com.amazonaws.auth.DefaultAWSCredentialsProviderChain} and * {@link com.amazonaws.regions.DefaultAwsRegionProviderChain} chain */ public static AWSKMS defaultClient() { return standard().build(); }
/** * @return Default client using the {@link com.amazonaws.auth.DefaultAWSCredentialsProviderChain} and * {@link com.amazonaws.regions.DefaultAwsRegionProviderChain} chain */ public static AWSKMS defaultClient() { return standard().build(); }
/** Loads AWS credentials from a provider. */ private KmsClient withCredentialsProvider(AWSCredentialsProvider provider) throws GeneralSecurityException { try { this.client = AWSKMSClientBuilder.standard().withCredentials(provider).build(); return this; } catch (AmazonServiceException e) { throw new GeneralSecurityException("cannot load credentials from provider", e); } }
/** * Configures the {@link KmsMasterKeyProvider} to use specific credentials. If a builder was previously set, * this will override whatever credentials it set. * @param credentialsProvider * @return */ public Builder withCredentials(AWSCredentialsProvider credentialsProvider) { if (regionalClientSupplier_ != null) { throw clientSupplierComboException(); } if (templateBuilder_ == null) { templateBuilder_ = AWSKMSClientBuilder.standard(); } templateBuilder_.setCredentials(credentialsProvider); return this; }
private RegionalClientSupplier clientFactory() { if (regionalClientSupplier_ != null) { return regionalClientSupplier_; } // Clone again; this MKP builder might be reused to build a second MKP with different creds. AWSKMSClientBuilder builder = templateBuilder_ != null ? cloneClientBuilder(templateBuilder_) : AWSKMSClientBuilder.standard(); ConcurrentHashMap<String, AWSKMS> clientCache = new ConcurrentHashMap<>(); snoopClientCache(clientCache); return region -> { AWSKMS kms = clientCache.get(region); if (kms != null) return kms; // We can't just use computeIfAbsent as we need to avoid leaking KMS clients if we're asked to decrypt // an EDK with a bogus region in its ARN. So we'll install a request handler to identify the first // successful call, and cache it when we see that. SuccessfulRequestCacher cacher = new SuccessfulRequestCacher(clientCache, region); ArrayList<RequestHandler2> handlers = new ArrayList<>(); if (builder.getRequestHandlers() != null) { handlers.addAll(builder.getRequestHandlers()); } handlers.add(cacher); kms = cloneClientBuilder(builder) .withRegion(region) .withRequestHandlers(handlers.toArray(new RequestHandler2[handlers.size()])) .build(); cacher.client_ = kms; return kms; }; }
public static String decrypt(String str, Region region) throws UnsupportedEncodingException { if (isJUnitTest()) { return str; } AWSKMS kms = AWSKMSClientBuilder.standard().withRegion(region.getName()).build(); /* * The KMS ciphertext is base64 encoded and must be decoded before the request is made */ String cipherString = str; byte[] cipherBytes = Base64.decode(cipherString); /* * Create decode request and decode */ ByteBuffer cipherBuffer = ByteBuffer.wrap(cipherBytes); DecryptRequest req = new DecryptRequest().withCiphertextBlob(cipherBuffer); DecryptResult resp = kms.decrypt(req); /* * Convert the response plaintext bytes to a string */ return new String(resp.getPlaintext().array(), Charset.forName("UTF-8")); } }
public static String decrypt(String str, Region region) throws UnsupportedEncodingException { if (isJUnitTest()) { return str; } AWSKMS kms = AWSKMSClientBuilder.standard().withRegion(region.getName()).build(); /* * The KMS ciphertext is base64 encoded and must be decoded before the request is made */ String cipherString = str; byte[] cipherBytes = Base64.decode(cipherString); /* * Create decode request and decode */ ByteBuffer cipherBuffer = ByteBuffer.wrap(cipherBytes); DecryptRequest req = new DecryptRequest().withCiphertextBlob(cipherBuffer); DecryptResult resp = kms.decrypt(req); /* * Convert the response plaintext bytes to a string */ return new String(resp.getPlaintext().array(), Charset.forName("UTF-8")); } }
/** * Returns an instance of this object with the supplied configuration and credentials. all keys * listed in {@code keyIds} will be used to protect data. */ public KmsMasterKeyProvider(final AWSCredentialsProvider creds, final Region region, final ClientConfiguration clientConfiguration, final List<String> keyIds) { this(builder().withClientBuilder(AWSKMSClientBuilder.standard() .withClientConfiguration(clientConfiguration) .withCredentials(creds)) .clientFactory(), region.getName(), keyIds ); }
try{ if(!skipRegions.contains(region.getName())){ awskms = AWSKMSClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withRegion(region.getName()).build(); List<KeyListEntry> regionKeys = awskms.listKeys().getKeys(); List<AliasListEntry> regionKeyAliases = awskms.listAliases().getAliases();
private AWSKMS client(final Path container) throws BackgroundException { final AWSKMSClientBuilder builder = AWSKMSClientBuilder.standard() .withCredentials(AWSCredentialsConfigurator.toAWSCredentialsProvider(bookmark.getCredentials())) .withClientConfiguration(configuration); final Location.Name region = locationFeature.getLocation(container); if(Location.unknown.equals(region)) { builder.withRegion(Regions.DEFAULT_REGION); } else { builder.withRegion(region.getIdentifier()); } return builder.build(); }