Search in sources :

Example 1 with CreateKeyResult

use of com.amazonaws.services.kms.model.CreateKeyResult in project aws-doc-sdk-examples by awsdocs.

the class S3EncryptV2 method putEncryptedData3_Kms.

public static void putEncryptedData3_Kms() {
    // snippet-start:[s3.java.s3_cse-v2.kms]
    AWSKMS kmsClient = AWSKMSClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
    // create CMK for for testing this example
    CreateKeyRequest createKeyRequest = new CreateKeyRequest();
    CreateKeyResult createKeyResult = kmsClient.createKey(createKeyRequest);
    // specify an Amazon KMS customer master key (CMK) ID
    String keyId = createKeyResult.getKeyMetadata().getKeyId();
    String s3ObjectKey = "EncryptedContent3.txt";
    String s3ObjectContent = "This is the 3rd content to encrypt";
    AmazonS3EncryptionV2 s3Encryption = AmazonS3EncryptionClientV2Builder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfigurationV2().withCryptoMode(CryptoMode.StrictAuthenticatedEncryption)).withEncryptionMaterialsProvider(new KMSEncryptionMaterialsProvider(keyId)).build();
    s3Encryption.putObject(bucketName, s3ObjectKey, s3ObjectContent);
    System.out.println(s3Encryption.getObjectAsString(bucketName, s3ObjectKey));
    // schedule deletion of CMK generated for testing
    ScheduleKeyDeletionRequest scheduleKeyDeletionRequest = new ScheduleKeyDeletionRequest().withKeyId(keyId).withPendingWindowInDays(7);
    kmsClient.scheduleKeyDeletion(scheduleKeyDeletionRequest);
    s3Encryption.shutdown();
    kmsClient.shutdown();
// snippet-end:[s3.java.s3_cse-v2.kms]
}
Also used : AmazonS3EncryptionV2(com.amazonaws.services.s3.AmazonS3EncryptionV2) ScheduleKeyDeletionRequest(com.amazonaws.services.kms.model.ScheduleKeyDeletionRequest) CreateKeyResult(com.amazonaws.services.kms.model.CreateKeyResult) KMSEncryptionMaterialsProvider(com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider) CreateKeyRequest(com.amazonaws.services.kms.model.CreateKeyRequest) CryptoConfigurationV2(com.amazonaws.services.s3.model.CryptoConfigurationV2) AWSKMS(com.amazonaws.services.kms.AWSKMS)

Example 2 with CreateKeyResult

use of com.amazonaws.services.kms.model.CreateKeyResult in project aws-doc-sdk-examples by awsdocs.

the class UploadObjectKMSKey method main.

public static void main(String[] args) throws IOException {
    String bucketName = "*** Bucket name ***";
    String keyName = "*** Object key name ***";
    Regions clientRegion = Regions.DEFAULT_REGION;
    String kms_cmk_id = "*** AWS KMS customer master key ID ***";
    int readChunkSize = 4096;
    try {
        // Optional: If you don't have a KMS key (or need another one),
        // create one. This example creates a key with AWS-created
        // key material.
        AWSKMS kmsClient = AWSKMSClientBuilder.standard().withRegion(clientRegion).build();
        CreateKeyResult keyResult = kmsClient.createKey();
        kms_cmk_id = keyResult.getKeyMetadata().getKeyId();
        // Create the encryption client.
        KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(kms_cmk_id);
        CryptoConfiguration cryptoConfig = new CryptoConfiguration().withAwsKmsRegion(RegionUtils.getRegion(clientRegion.toString()));
        AmazonS3Encryption encryptionClient = AmazonS3EncryptionClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withEncryptionMaterials(materialProvider).withCryptoConfiguration(cryptoConfig).withRegion(clientRegion).build();
        // Upload an object using the encryption client.
        String origContent = "S3 Encrypted Object Using KMS-Managed Customer Master Key.";
        int origContentLength = origContent.length();
        encryptionClient.putObject(bucketName, keyName, origContent);
        // Download the object. The downloaded object is still encrypted.
        S3Object downloadedObject = encryptionClient.getObject(bucketName, keyName);
        S3ObjectInputStream input = downloadedObject.getObjectContent();
        // Decrypt and read the object and close the input stream.
        byte[] readBuffer = new byte[readChunkSize];
        ByteArrayOutputStream baos = new ByteArrayOutputStream(readChunkSize);
        int bytesRead = 0;
        int decryptedContentLength = 0;
        while ((bytesRead = input.read(readBuffer)) != -1) {
            baos.write(readBuffer, 0, bytesRead);
            decryptedContentLength += bytesRead;
        }
        input.close();
        // Verify that the original and decrypted contents are the same size.
        System.out.println("Original content length: " + origContentLength);
        System.out.println("Decrypted content length: " + decryptedContentLength);
    } catch (AmazonServiceException e) {
        // The call was transmitted successfully, but Amazon S3 couldn't process
        // it, so it returned an error response.
        e.printStackTrace();
    } catch (SdkClientException e) {
        // Amazon S3 couldn't be contacted for a response, or the client
        // couldn't parse the response from Amazon S3.
        e.printStackTrace();
    }
}
Also used : KMSEncryptionMaterialsProvider(com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider) CryptoConfiguration(com.amazonaws.services.s3.model.CryptoConfiguration) Regions(com.amazonaws.regions.Regions) S3ObjectInputStream(com.amazonaws.services.s3.model.S3ObjectInputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) AWSKMS(com.amazonaws.services.kms.AWSKMS) CreateKeyResult(com.amazonaws.services.kms.model.CreateKeyResult) SdkClientException(com.amazonaws.SdkClientException) AmazonServiceException(com.amazonaws.AmazonServiceException) ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider) AmazonS3Encryption(com.amazonaws.services.s3.AmazonS3Encryption) S3Object(com.amazonaws.services.s3.model.S3Object)

Example 3 with CreateKeyResult

use of com.amazonaws.services.kms.model.CreateKeyResult in project aws-doc-sdk-examples by awsdocs.

the class CreateCustomerMasterKey method main.

public static void main(String[] args) {
    AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
    // Create a CMK
    String desc = "Key for protecting critical data";
    CreateKeyRequest req = new CreateKeyRequest().withDescription(desc);
    CreateKeyResult result = kmsClient.createKey(req);
    System.out.printf("Created a customer master key with id \"%s\"%n", result.getKeyMetadata().getArn());
}
Also used : CreateKeyResult(com.amazonaws.services.kms.model.CreateKeyResult) CreateKeyRequest(com.amazonaws.services.kms.model.CreateKeyRequest) AWSKMS(com.amazonaws.services.kms.AWSKMS)

Aggregations

AWSKMS (com.amazonaws.services.kms.AWSKMS)3 CreateKeyResult (com.amazonaws.services.kms.model.CreateKeyResult)3 CreateKeyRequest (com.amazonaws.services.kms.model.CreateKeyRequest)2 KMSEncryptionMaterialsProvider (com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider)2 AmazonServiceException (com.amazonaws.AmazonServiceException)1 SdkClientException (com.amazonaws.SdkClientException)1 ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)1 Regions (com.amazonaws.regions.Regions)1 ScheduleKeyDeletionRequest (com.amazonaws.services.kms.model.ScheduleKeyDeletionRequest)1 AmazonS3Encryption (com.amazonaws.services.s3.AmazonS3Encryption)1 AmazonS3EncryptionV2 (com.amazonaws.services.s3.AmazonS3EncryptionV2)1 CryptoConfiguration (com.amazonaws.services.s3.model.CryptoConfiguration)1 CryptoConfigurationV2 (com.amazonaws.services.s3.model.CryptoConfigurationV2)1 S3Object (com.amazonaws.services.s3.model.S3Object)1 S3ObjectInputStream (com.amazonaws.services.s3.model.S3ObjectInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1