use of com.amazonaws.services.kms.AWSKMSClient in project herd by FINRAOS.
the class KmsDaoImpl method decrypt.
@Override
public String decrypt(AwsParamsDto awsParamsDto, String base64ciphertextBlob) {
// Construct a new AWS KMS service client using the specified client configuration.
// A credentials provider chain will be used that searches for credentials in this order:
// - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
// - Java System Properties - aws.accessKeyId and aws.secretKey
// - Instance Profile Credentials - delivered through the Amazon EC2 metadata service
AWSKMSClient awsKmsClient = new AWSKMSClient(awsHelper.getClientConfiguration(awsParamsDto));
// Decode the base64 encoded ciphertext.
ByteBuffer ciphertextBlob = ByteBuffer.wrap(Base64.decodeBase64(base64ciphertextBlob));
// Create the decrypt request.
DecryptRequest decryptRequest = new DecryptRequest().withCiphertextBlob(ciphertextBlob);
// Call AWS KMS decrypt service method.
DecryptResult decryptResult = kmsOperations.decrypt(awsKmsClient, decryptRequest);
// Get decrypted plaintext data.
ByteBuffer plainText = decryptResult.getPlaintext();
// Return the plain text as a string.
return new String(plainText.array(), StandardCharsets.UTF_8);
}
use of com.amazonaws.services.kms.AWSKMSClient in project testcases by coheigea.
the class KMSPasswordEncryptor method decrypt.
@Override
public String decrypt(String encryptedPassword) {
final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
AWSKMSClient kms = new AWSKMSClient(creds);
kms.setEndpoint(endpoint);
try {
byte[] encryptedBytes = Base64.decode(encryptedPassword);
ByteBuffer encryptedKey = ByteBuffer.wrap(encryptedBytes);
DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey);
ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext();
byte[] key = new byte[plaintextKey.remaining()];
plaintextKey.get(key);
return new String(key);
} catch (Base64DecodingException ex) {
return null;
}
}
use of com.amazonaws.services.kms.AWSKMSClient in project testcases by coheigea.
the class KMSPasswordEncryptor method encrypt.
@Override
public String encrypt(String password) {
final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
AWSKMSClient kms = new AWSKMSClient(creds);
kms.setEndpoint(endpoint);
ByteBuffer plaintext = ByteBuffer.wrap(password.getBytes());
EncryptRequest req = new EncryptRequest().withPlaintext(plaintext);
req.setKeyId(masterKeyId);
ByteBuffer encryptedKey = kms.encrypt(req).getCiphertextBlob();
byte[] key = new byte[encryptedKey.remaining()];
encryptedKey.get(key);
return Base64.encode(key);
}
use of com.amazonaws.services.kms.AWSKMSClient in project testcases by coheigea.
the class CommonCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if (pc.getUsage() == WSPasswordCallback.SECRET_KEY) {
final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
AWSKMSClient kms = new AWSKMSClient(creds);
kms.setEndpoint(endpoint);
if (pc.getEncryptedSecret() != null) {
ByteBuffer encryptedKey = ByteBuffer.wrap(pc.getEncryptedSecret());
DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey);
ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext();
byte[] key = new byte[plaintextKey.remaining()];
plaintextKey.get(key);
pc.setKey(key);
} else {
GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest();
dataKeyRequest.setKeyId(masterKeyId);
String algorithm = "AES_128";
if (pc.getAlgorithm() != null && pc.getAlgorithm().contains("aes256")) {
algorithm = "AES_256";
}
dataKeyRequest.setKeySpec(algorithm);
GenerateDataKeyResult dataKeyResult = kms.generateDataKey(dataKeyRequest);
ByteBuffer plaintextKey = dataKeyResult.getPlaintext();
byte[] key = new byte[plaintextKey.remaining()];
plaintextKey.get(key);
pc.setKey(key);
ByteBuffer encryptedKey = dataKeyResult.getCiphertextBlob();
byte[] encKey = new byte[encryptedKey.remaining()];
encryptedKey.get(encKey);
pc.setEncryptedSecret(encKey);
// Create a KeyName pointing to the encryption key
Document doc = DOMUtils.newDocument();
Element keyInfoElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN);
keyInfoElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS);
Element keyNameElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":KeyName");
keyNameElement.setTextContent("1c84a3f2-51cc-4c66-9045-68f51ef8b1eb");
keyInfoElement.appendChild(keyNameElement);
pc.setKeyInfoReference(keyInfoElement);
}
}
}
}
}
Aggregations