/** * <p> * The encryption context. If this was specified in the <a>Encrypt</a> function, it must be specified here or the * decryption operation will fail. For more information, see <a * href="http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html">Encryption Context</a>. * </p> * * @param encryptionContext * The encryption context. If this was specified in the <a>Encrypt</a> function, it must be specified here or * the decryption operation will fail. For more information, see <a * href="http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html">Encryption * Context</a>. * @return Returns a reference to this object so that method calls can be chained together. */ public DecryptRequest withEncryptionContext(java.util.Map<String, String> encryptionContext) { setEncryptionContext(encryptionContext); return this; }
/** * <p> * The encryption context. If this was specified in the <a>Encrypt</a> function, it must be specified here or the * decryption operation will fail. For more information, see <a * href="http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html">Encryption Context</a>. * </p> * * @param encryptionContext * The encryption context. If this was specified in the <a>Encrypt</a> function, it must be specified here or * the decryption operation will fail. For more information, see <a * href="http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html">Encryption * Context</a>. * @return Returns a reference to this object so that method calls can be chained together. */ public DecryptRequest withEncryptionContext(java.util.Map<String, String> encryptionContext) { setEncryptionContext(encryptionContext); return this; }
/** * <p> * The encryption context. If this was specified in the <a>Encrypt</a> function, it must be specified here or the * decryption operation will fail. For more information, see <a * href="http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html">Encryption Context</a>. * </p> * * @param encryptionContext * The encryption context. If this was specified in the <a>Encrypt</a> function, it must be specified here or * the decryption operation will fail. For more information, see <a * href="http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html">Encryption * Context</a>. * @return Returns a reference to this object so that method calls can be chained together. */ public DecryptRequest withEncryptionContext(java.util.Map<String, String> encryptionContext) { setEncryptionContext(encryptionContext); return this; }
@Override public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) { final Map<String, String> materialDescription = context.getMaterialDescription(); final Map<String, String> ec = new HashMap<>(); final String providedEncAlg = materialDescription.get(CONTENT_KEY_ALGORITHM); final String providedSigAlg = materialDescription.get(SIGNING_KEY_ALGORITHM); ec.put("*" + CONTENT_KEY_ALGORITHM + "*", providedEncAlg); ec.put("*" + SIGNING_KEY_ALGORITHM + "*", providedSigAlg); populateKmsEcFromEc(context, ec); DecryptRequest request = appendUserAgent(new DecryptRequest()); request.setCiphertextBlob(ByteBuffer.wrap(Base64.decode(materialDescription.get(ENVELOPE_KEY)))); request.setEncryptionContext(ec); final DecryptResult decryptResult = kms.decrypt(request); validateEncryptionKeyId(decryptResult.getKeyId(), context); final Hkdf kdf; try { kdf = Hkdf.getInstance(KDF_ALG); } catch (NoSuchAlgorithmException e) { throw new DynamoDBMappingException(e); } kdf.init(toArray(decryptResult.getPlaintext())); final String[] encAlgParts = providedEncAlg.split("/", 2); int encLength = encAlgParts.length == 2 ? Integer.parseInt(encAlgParts[1]) : 256; final String[] sigAlgParts = providedSigAlg.split("/", 2); int sigLength = sigAlgParts.length == 2 ? Integer.parseInt(sigAlgParts[1]) : 256; final SecretKey encryptionKey = new SecretKeySpec(kdf.deriveKey(KDF_ENC_INFO, encLength / 8), encAlgParts[0]); final SecretKey macKey = new SecretKeySpec(kdf.deriveKey(KDF_SIG_INFO, sigLength / 8), sigAlgParts[0]); return new SymmetricRawMaterials(encryptionKey, macKey, materialDescription); }
@Override public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) { final Map<String, String> materialDescription = context.getMaterialDescription(); final Map<String, String> ec = new HashMap<>(); final String providedEncAlg = materialDescription.get(CONTENT_KEY_ALGORITHM); final String providedSigAlg = materialDescription.get(SIGNING_KEY_ALGORITHM); ec.put("*" + CONTENT_KEY_ALGORITHM + "*", providedEncAlg); ec.put("*" + SIGNING_KEY_ALGORITHM + "*", providedSigAlg); populateKmsEcFromEc(context, ec); DecryptRequest request = appendUserAgent(new DecryptRequest()); request.setCiphertextBlob(ByteBuffer.wrap(Base64.decode(materialDescription.get(ENVELOPE_KEY)))); request.setEncryptionContext(ec); final DecryptResult decryptResult = decrypt(request, context); validateEncryptionKeyId(decryptResult.getKeyId(), context); final Hkdf kdf; try { kdf = Hkdf.getInstance(KDF_ALG); } catch (NoSuchAlgorithmException e) { throw new DynamoDBMappingException(e); } kdf.init(toArray(decryptResult.getPlaintext())); final String[] encAlgParts = providedEncAlg.split("/", 2); int encLength = encAlgParts.length == 2 ? Integer.parseInt(encAlgParts[1]) : 256; final String[] sigAlgParts = providedSigAlg.split("/", 2); int sigLength = sigAlgParts.length == 2 ? Integer.parseInt(sigAlgParts[1]) : 256; final SecretKey encryptionKey = new SecretKeySpec(kdf.deriveKey(KDF_ENC_INFO, encLength / 8), encAlgParts[0]); final SecretKey macKey = new SecretKeySpec(kdf.deriveKey(KDF_SIG_INFO, sigLength / 8), sigAlgParts[0]); return new SymmetricRawMaterials(encryptionKey, macKey, materialDescription); }