Search in sources :

Example 1 with AWSKMSClient

use of com.amazonaws.services.kms.AWSKMSClient in project herd by FINRAOS.

the class KmsDaoImpl method decrypt.

@Override
public String decrypt(AwsParamsDto awsParamsDto, String base64ciphertextBlob) {
    // Construct a new AWS KMS service client using the specified client configuration.
    // A credentials provider chain will be used that searches for credentials in this order:
    // - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
    // - Java System Properties - aws.accessKeyId and aws.secretKey
    // - Instance Profile Credentials - delivered through the Amazon EC2 metadata service
    AWSKMSClient awsKmsClient = new AWSKMSClient(awsHelper.getClientConfiguration(awsParamsDto));
    // Decode the base64 encoded ciphertext.
    ByteBuffer ciphertextBlob = ByteBuffer.wrap(Base64.decodeBase64(base64ciphertextBlob));
    // Create the decrypt request.
    DecryptRequest decryptRequest = new DecryptRequest().withCiphertextBlob(ciphertextBlob);
    // Call AWS KMS decrypt service method.
    DecryptResult decryptResult = kmsOperations.decrypt(awsKmsClient, decryptRequest);
    // Get decrypted plaintext data.
    ByteBuffer plainText = decryptResult.getPlaintext();
    // Return the plain text as a string.
    return new String(plainText.array(), StandardCharsets.UTF_8);
}
Also used : DecryptResult(com.amazonaws.services.kms.model.DecryptResult) AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient) ByteBuffer(java.nio.ByteBuffer) DecryptRequest(com.amazonaws.services.kms.model.DecryptRequest)

Example 2 with AWSKMSClient

use of com.amazonaws.services.kms.AWSKMSClient in project testcases by coheigea.

the class KMSPasswordEncryptor method decrypt.

@Override
public String decrypt(String encryptedPassword) {
    final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
    AWSKMSClient kms = new AWSKMSClient(creds);
    kms.setEndpoint(endpoint);
    try {
        byte[] encryptedBytes = Base64.decode(encryptedPassword);
        ByteBuffer encryptedKey = ByteBuffer.wrap(encryptedBytes);
        DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey);
        ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext();
        byte[] key = new byte[plaintextKey.remaining()];
        plaintextKey.get(key);
        return new String(key);
    } catch (Base64DecodingException ex) {
        return null;
    }
}
Also used : Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException) AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) AWSCredentials(com.amazonaws.auth.AWSCredentials) ByteBuffer(java.nio.ByteBuffer) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) DecryptRequest(com.amazonaws.services.kms.model.DecryptRequest)

Example 3 with AWSKMSClient

use of com.amazonaws.services.kms.AWSKMSClient in project testcases by coheigea.

the class KMSPasswordEncryptor method encrypt.

@Override
public String encrypt(String password) {
    final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
    AWSKMSClient kms = new AWSKMSClient(creds);
    kms.setEndpoint(endpoint);
    ByteBuffer plaintext = ByteBuffer.wrap(password.getBytes());
    EncryptRequest req = new EncryptRequest().withPlaintext(plaintext);
    req.setKeyId(masterKeyId);
    ByteBuffer encryptedKey = kms.encrypt(req).getCiphertextBlob();
    byte[] key = new byte[encryptedKey.remaining()];
    encryptedKey.get(key);
    return Base64.encode(key);
}
Also used : AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) AWSCredentials(com.amazonaws.auth.AWSCredentials) ByteBuffer(java.nio.ByteBuffer) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) EncryptRequest(com.amazonaws.services.kms.model.EncryptRequest)

Example 4 with AWSKMSClient

use of com.amazonaws.services.kms.AWSKMSClient in project testcases by coheigea.

the class CommonCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof WSPasswordCallback) {
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
            if (pc.getUsage() == WSPasswordCallback.SECRET_KEY) {
                final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
                AWSKMSClient kms = new AWSKMSClient(creds);
                kms.setEndpoint(endpoint);
                if (pc.getEncryptedSecret() != null) {
                    ByteBuffer encryptedKey = ByteBuffer.wrap(pc.getEncryptedSecret());
                    DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey);
                    ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext();
                    byte[] key = new byte[plaintextKey.remaining()];
                    plaintextKey.get(key);
                    pc.setKey(key);
                } else {
                    GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest();
                    dataKeyRequest.setKeyId(masterKeyId);
                    String algorithm = "AES_128";
                    if (pc.getAlgorithm() != null && pc.getAlgorithm().contains("aes256")) {
                        algorithm = "AES_256";
                    }
                    dataKeyRequest.setKeySpec(algorithm);
                    GenerateDataKeyResult dataKeyResult = kms.generateDataKey(dataKeyRequest);
                    ByteBuffer plaintextKey = dataKeyResult.getPlaintext();
                    byte[] key = new byte[plaintextKey.remaining()];
                    plaintextKey.get(key);
                    pc.setKey(key);
                    ByteBuffer encryptedKey = dataKeyResult.getCiphertextBlob();
                    byte[] encKey = new byte[encryptedKey.remaining()];
                    encryptedKey.get(encKey);
                    pc.setEncryptedSecret(encKey);
                    // Create a KeyName pointing to the encryption key
                    Document doc = DOMUtils.newDocument();
                    Element keyInfoElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN);
                    keyInfoElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS);
                    Element keyNameElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":KeyName");
                    keyNameElement.setTextContent("1c84a3f2-51cc-4c66-9045-68f51ef8b1eb");
                    keyInfoElement.appendChild(keyNameElement);
                    pc.setKeyInfoReference(keyInfoElement);
                }
            }
        }
    }
}
Also used : GenerateDataKeyResult(com.amazonaws.services.kms.model.GenerateDataKeyResult) Element(org.w3c.dom.Element) Document(org.w3c.dom.Document) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) AWSCredentials(com.amazonaws.auth.AWSCredentials) ByteBuffer(java.nio.ByteBuffer) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) GenerateDataKeyRequest(com.amazonaws.services.kms.model.GenerateDataKeyRequest) AWSKMSClient(com.amazonaws.services.kms.AWSKMSClient) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) DecryptRequest(com.amazonaws.services.kms.model.DecryptRequest)

Aggregations

AWSKMSClient (com.amazonaws.services.kms.AWSKMSClient)4 ByteBuffer (java.nio.ByteBuffer)4 AWSCredentials (com.amazonaws.auth.AWSCredentials)3 BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)3 DecryptRequest (com.amazonaws.services.kms.model.DecryptRequest)3 DecryptResult (com.amazonaws.services.kms.model.DecryptResult)1 EncryptRequest (com.amazonaws.services.kms.model.EncryptRequest)1 GenerateDataKeyRequest (com.amazonaws.services.kms.model.GenerateDataKeyRequest)1 GenerateDataKeyResult (com.amazonaws.services.kms.model.GenerateDataKeyResult)1 WSPasswordCallback (org.apache.wss4j.common.ext.WSPasswordCallback)1 Base64DecodingException (org.apache.xml.security.exceptions.Base64DecodingException)1 Document (org.w3c.dom.Document)1 Element (org.w3c.dom.Element)1