@Override public String decrypt(AwsParamsDto awsParamsDto, String base64ciphertextBlob) { // Construct a new AWS KMS service client using the specified client configuration. // A credentials provider chain will be used that searches for credentials in this order: // - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY // - Java System Properties - aws.accessKeyId and aws.secretKey // - Instance Profile Credentials - delivered through the Amazon EC2 metadata service AWSKMSClient awsKmsClient = new AWSKMSClient(awsHelper.getClientConfiguration(awsParamsDto)); // Decode the base64 encoded ciphertext. ByteBuffer ciphertextBlob = ByteBuffer.wrap(Base64.decodeBase64(base64ciphertextBlob)); // Create the decrypt request. DecryptRequest decryptRequest = new DecryptRequest().withCiphertextBlob(ciphertextBlob); // Call AWS KMS decrypt service method. DecryptResult decryptResult = kmsOperations.decrypt(awsKmsClient, decryptRequest); // Get decrypted plaintext data. ByteBuffer plainText = decryptResult.getPlaintext(); // Return the plain text as a string. return new String(plainText.array(), StandardCharsets.UTF_8); } }
@Override public String decrypt(AwsParamsDto awsParamsDto, String base64ciphertextBlob) { // Construct a new AWS KMS service client using the specified client configuration. // A credentials provider chain will be used that searches for credentials in this order: // - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY // - Java System Properties - aws.accessKeyId and aws.secretKey // - Instance Profile Credentials - delivered through the Amazon EC2 metadata service AWSKMSClient awsKmsClient = new AWSKMSClient(awsHelper.getClientConfiguration(awsParamsDto)); // Decode the base64 encoded ciphertext. ByteBuffer ciphertextBlob = ByteBuffer.wrap(Base64.decodeBase64(base64ciphertextBlob)); // Create the decrypt request. DecryptRequest decryptRequest = new DecryptRequest().withCiphertextBlob(ciphertextBlob); // Call AWS KMS decrypt service method. DecryptResult decryptResult = kmsOperations.decrypt(awsKmsClient, decryptRequest); // Get decrypted plaintext data. ByteBuffer plainText = decryptResult.getPlaintext(); // Return the plain text as a string. return new String(plainText.array(), StandardCharsets.UTF_8); } }
/** * Creates a client for accessing Amazon SQS. * * @param awsParamsDto the AWS related parameters DTO that includes optional proxy information * * @return the Amazon SQS client */ @Cacheable(DaoSpringModuleConfig.HERD_CACHE_NAME) public AmazonSQS getAmazonSQSClient(AwsParamsDto awsParamsDto) { // Construct and return a new client to invoke service methods on Amazon SQS using default credentials provider chain. return AmazonSQSClientBuilder.standard().withClientConfiguration(awsHelper.getClientConfiguration(awsParamsDto)) .withRegion(awsParamsDto.getAwsRegionName()).build(); }
/** * Creates a client for accessing Amazon SNS. * * @param awsParamsDto the AWS related parameters DTO that includes optional proxy information * * @return the Amazon SNS client */ @Cacheable(DaoSpringModuleConfig.HERD_CACHE_NAME) public AmazonSNS getAmazonSNSClient(AwsParamsDto awsParamsDto) { // Construct and return a new client to invoke service methods on Amazon SNS using default credentials provider chain. return AmazonSNSClientBuilder.standard().withClientConfiguration(awsHelper.getClientConfiguration(awsParamsDto)) .withRegion(awsParamsDto.getAwsRegionName()).build(); }
/** * Creates a client for accessing Amazon SNS. * * @param awsParamsDto the AWS related parameters DTO that includes optional proxy information * * @return the Amazon SNS client */ @Cacheable(DaoSpringModuleConfig.HERD_CACHE_NAME) public AmazonSNS getAmazonSNSClient(AwsParamsDto awsParamsDto) { // Construct and return a new client to invoke service methods on Amazon SNS using default credentials provider chain. return AmazonSNSClientBuilder.standard().withClientConfiguration(awsHelper.getClientConfiguration(awsParamsDto)) .withRegion(awsParamsDto.getAwsRegionName()).build(); }
/** * Creates a client for accessing Amazon SQS. * * @param awsParamsDto the AWS related parameters DTO that includes optional proxy information * * @return the Amazon SQS client */ @Cacheable(DaoSpringModuleConfig.HERD_CACHE_NAME) public AmazonSQS getAmazonSQSClient(AwsParamsDto awsParamsDto) { // Construct and return a new client to invoke service methods on Amazon SQS using default credentials provider chain. return AmazonSQSClientBuilder.standard().withClientConfiguration(awsHelper.getClientConfiguration(awsParamsDto)) .withRegion(awsParamsDto.getAwsRegionName()).build(); }
ClientConfiguration clientConfiguration = awsHelper.getClientConfiguration(awsHelper.getAwsParamsDto());
ClientConfiguration clientConfiguration = awsHelper.getClientConfiguration(awsHelper.getAwsParamsDto());
when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME)).thenReturn(TABLE_NAME); when(awsHelper.getAwsParamsDto()).thenReturn(awsParamsDto); when(awsHelper.getClientConfiguration(awsParamsDto)).thenReturn(clientConfiguration); when(credStashFactory.getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration)).thenReturn(credStash); when(jsonHelper.unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT)).thenReturn(credStashEncryptionContextMap); verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME); verify(awsHelper).getAwsParamsDto(); verify(awsHelper).getClientConfiguration(awsParamsDto); verify(credStashFactory).getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration); verify(jsonHelper).unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT);
when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME)).thenReturn(TABLE_NAME); when(awsHelper.getAwsParamsDto()).thenReturn(awsParamsDto); when(awsHelper.getClientConfiguration(awsParamsDto)).thenReturn(clientConfiguration); when(credStashFactory.getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration)).thenReturn(credStash); when(jsonHelper.unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT)).thenReturn(credStashEncryptionContextMap); verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME); verify(awsHelper).getAwsParamsDto(); verify(awsHelper).getClientConfiguration(awsParamsDto); verify(credStashFactory).getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration); verify(jsonHelper).unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT);
when(configurationHelper.getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME)).thenReturn(TABLE_NAME); when(awsHelper.getAwsParamsDto()).thenReturn(awsParamsDto); when(awsHelper.getClientConfiguration(awsParamsDto)).thenReturn(clientConfiguration); when(credStashFactory.getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration)).thenReturn(credStash); when(jsonHelper.unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT)).thenReturn(credStashEncryptionContextMap); verify(configurationHelper).getProperty(ConfigurationValue.CREDSTASH_TABLE_NAME); verify(awsHelper).getAwsParamsDto(); verify(awsHelper).getClientConfiguration(awsParamsDto); verify(credStashFactory).getCredStash(AWS_REGION_NAME, TABLE_NAME, clientConfiguration); verify(jsonHelper).unmarshallJsonToObject(Map.class, CREDSTASH_ENCRYPTION_CONTEXT);
/** * Creates a client for accessing Amazon EC2 service. * * @param awsParamsDto the AWS related parameters DTO that includes optional AWS credentials and proxy information * * @return the Amazon EC2 client */ @Cacheable(DaoSpringModuleConfig.HERD_CACHE_NAME) public AmazonEC2 getEc2Client(AwsParamsDto awsParamsDto) { // Get client configuration. ClientConfiguration clientConfiguration = awsHelper.getClientConfiguration(awsParamsDto); // If specified, use the AWS credentials passed in. if (StringUtils.isNotBlank(awsParamsDto.getAwsAccessKeyId())) { return AmazonEC2ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider( new BasicSessionCredentials(awsParamsDto.getAwsAccessKeyId(), awsParamsDto.getAwsSecretKey(), awsParamsDto.getSessionToken()))) .withClientConfiguration(clientConfiguration).withRegion(awsParamsDto.getAwsRegionName()).build(); } // Otherwise, use the default AWS credentials provider chain. else { return AmazonEC2ClientBuilder.standard().withClientConfiguration(clientConfiguration).withRegion(awsParamsDto.getAwsRegionName()).build(); } }
/** * Creates a client for accessing Amazon EC2 service. * * @param awsParamsDto the AWS related parameters DTO that includes optional AWS credentials and proxy information * * @return the Amazon EC2 client */ @Cacheable(DaoSpringModuleConfig.HERD_CACHE_NAME) public AmazonEC2 getEc2Client(AwsParamsDto awsParamsDto) { // Get client configuration. ClientConfiguration clientConfiguration = awsHelper.getClientConfiguration(awsParamsDto); // If specified, use the AWS credentials passed in. if (StringUtils.isNotBlank(awsParamsDto.getAwsAccessKeyId())) { return AmazonEC2ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider( new BasicSessionCredentials(awsParamsDto.getAwsAccessKeyId(), awsParamsDto.getAwsSecretKey(), awsParamsDto.getSessionToken()))) .withClientConfiguration(clientConfiguration).withRegion(awsParamsDto.getAwsRegionName()).build(); } // Otherwise, use the default AWS credentials provider chain. else { return AmazonEC2ClientBuilder.standard().withClientConfiguration(clientConfiguration).withRegion(awsParamsDto.getAwsRegionName()).build(); } }
/** * Creates a client for accessing Amazon EMR service. * * @param awsParamsDto the AWS related parameters DTO that includes optional AWS credentials and proxy information * * @return the Amazon EMR client */ @Cacheable(DaoSpringModuleConfig.HERD_CACHE_NAME) public AmazonElasticMapReduce getEmrClient(AwsParamsDto awsParamsDto) { // Get client configuration. ClientConfiguration clientConfiguration = awsHelper.getClientConfiguration(awsParamsDto); // If specified, use the AWS credentials passed in. if (StringUtils.isNotBlank(awsParamsDto.getAwsAccessKeyId())) { return AmazonElasticMapReduceClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider( new BasicSessionCredentials(awsParamsDto.getAwsAccessKeyId(), awsParamsDto.getAwsSecretKey(), awsParamsDto.getSessionToken()))) .withClientConfiguration(clientConfiguration).withRegion(awsParamsDto.getAwsRegionName()).build(); } // Otherwise, use the default AWS credentials provider chain. else { return AmazonElasticMapReduceClientBuilder.standard().withClientConfiguration(clientConfiguration).withRegion(awsParamsDto.getAwsRegionName()) .build(); } } }
/** * Creates a client for accessing Amazon EMR service. * * @param awsParamsDto the AWS related parameters DTO that includes optional AWS credentials and proxy information * * @return the Amazon EMR client */ @Cacheable(DaoSpringModuleConfig.HERD_CACHE_NAME) public AmazonElasticMapReduce getEmrClient(AwsParamsDto awsParamsDto) { // Get client configuration. ClientConfiguration clientConfiguration = awsHelper.getClientConfiguration(awsParamsDto); // If specified, use the AWS credentials passed in. if (StringUtils.isNotBlank(awsParamsDto.getAwsAccessKeyId())) { return AmazonElasticMapReduceClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider( new BasicSessionCredentials(awsParamsDto.getAwsAccessKeyId(), awsParamsDto.getAwsSecretKey(), awsParamsDto.getSessionToken()))) .withClientConfiguration(clientConfiguration).withRegion(awsParamsDto.getAwsRegionName()).build(); } // Otherwise, use the default AWS credentials provider chain. else { return AmazonElasticMapReduceClientBuilder.standard().withClientConfiguration(clientConfiguration).withRegion(awsParamsDto.getAwsRegionName()) .build(); } } }
@Test public void testGetClientConfiguration() throws Exception { // Try to get AWS parameters using all possible permutations of HTTP proxy settings. for (String testHttpProxyHost : Arrays.asList(STRING_VALUE, BLANK_TEXT, null)) { for (Integer testHttpProxyPort : Arrays.asList(INTEGER_VALUE, null)) { // Create AWS parameters DTO. AwsParamsDto testAwsParamsDto = awsHelper.getAwsParamsDto(); testAwsParamsDto.setHttpProxyHost(testHttpProxyHost); testAwsParamsDto.setHttpProxyPort(testHttpProxyPort); // Get client configuration. ClientConfiguration resultClientConfiguration = awsHelper.getClientConfiguration(testAwsParamsDto); // Validate the results. assertNotNull(resultClientConfiguration); // The proxy settings are set only when both host and port are specified in the AWS parameters DTO. if (STRING_VALUE.equals(testHttpProxyHost) && INTEGER_VALUE.equals(testHttpProxyPort)) { assertEquals(testHttpProxyHost, resultClientConfiguration.getProxyHost()); assertEquals(testHttpProxyPort, Integer.valueOf(resultClientConfiguration.getProxyPort())); } else { assertNull(resultClientConfiguration.getProxyHost()); assertEquals(-1, resultClientConfiguration.getProxyPort()); } } } }