Examples with DecryptRequest com.amazonaws.services.kms.model.DecryptRequest used on opensource projects

Example 1 with DecryptRequest

use of com.amazonaws.services.kms.model.DecryptRequest in project herd by FINRAOS.

the class KmsDaoImpl method decrypt.

@Override
public String decrypt(AwsParamsDto awsParamsDto, String base64ciphertextBlob) {
    // Construct a new AWS KMS service client using the specified client configuration.
    // A credentials provider chain will be used that searches for credentials in this order:
    // - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
    // - Java System Properties - aws.accessKeyId and aws.secretKey
    // - Instance Profile Credentials - delivered through the Amazon EC2 metadata service
    AWSKMSClient awsKmsClient = new AWSKMSClient(awsHelper.getClientConfiguration(awsParamsDto));
    // Decode the base64 encoded ciphertext.
    ByteBuffer ciphertextBlob = ByteBuffer.wrap(Base64.decodeBase64(base64ciphertextBlob));
    // Create the decrypt request.
    DecryptRequest decryptRequest = new DecryptRequest().withCiphertextBlob(ciphertextBlob);
    // Call AWS KMS decrypt service method.
    DecryptResult decryptResult = kmsOperations.decrypt(awsKmsClient, decryptRequest);
    // Get decrypted plaintext data.
    ByteBuffer plainText = decryptResult.getPlaintext();
    // Return the plain text as a string.
    return new String(plainText.array(), StandardCharsets.UTF_8);
}

Example 2 with DecryptRequest

use of com.amazonaws.services.kms.model.DecryptRequest in project spring-cloud-config-aws-kms by zalando.

the class KmsTextEncryptorTest method setUp.

@Before
public void setUp() throws Exception {
    mockKms = mock(AWSKMS.class);
    textEncryptor = new KmsTextEncryptor(mockKms, KMS_KEY_ID);
    expectedEncryptRequest = new EncryptRequest();
    expectedEncryptRequest.setKeyId(KMS_KEY_ID);
    expectedEncryptRequest.setPlaintext(wrap(PLAINTEXT.getBytes()));
    encryptResult = new EncryptResult();
    encryptResult.setCiphertextBlob(wrap(CIPHER_TEXT.getBytes()));
    when(mockKms.encrypt(any(EncryptRequest.class))).thenReturn(encryptResult);
    expectedDecryptRequest = new DecryptRequest();
    expectedDecryptRequest.setCiphertextBlob(wrap(CIPHER_TEXT.getBytes()));
    decryptResult = new DecryptResult();
    decryptResult.setPlaintext(wrap(PLAINTEXT.getBytes()));
    when(mockKms.decrypt(any(DecryptRequest.class))).thenReturn(decryptResult);
}

Example 3 with DecryptRequest

use of com.amazonaws.services.kms.model.DecryptRequest in project spring-cloud-config-aws-kms by zalando.

the class KmsTextEncryptor method decrypt.

@Override
public String decrypt(final String encryptedText) {
    if (encryptedText == null || encryptedText.isEmpty()) {
        return EMPTY_STRING;
    } else {
        // Extract the encryption context and the remaining part
        final Map<String, String> encryptionContext = extractEncryptionContext(encryptedText);
        final String encryptedValue = extractEncryptedValue(encryptedText);
        // Assuming the encryptedText is encoded in Base64
        final ByteBuffer encryptedBytes = ByteBuffer.wrap(Base64.decode(encryptedValue.getBytes()));
        final DecryptRequest decryptRequest = new DecryptRequest().withCiphertextBlob(encryptedBytes).withEncryptionContext(encryptionContext);
        return extractString(kms.decrypt(decryptRequest).getPlaintext());
    }
}

Example 4 with DecryptRequest

use of com.amazonaws.services.kms.model.DecryptRequest in project bender by Nextdoor.

the class Passwords method decrypt.

public static String decrypt(String str, Region region) throws UnsupportedEncodingException {
    if (isJUnitTest()) {
        return str;
    }
    AWSKMS kms = AWSKMSClientBuilder.standard().withRegion(region.getName()).build();
    /*
     * The KMS ciphertext is base64 encoded and must be decoded before the request is made
     */
    String cipherString = str;
    byte[] cipherBytes = Base64.decode(cipherString);
    /*
     * Create decode request and decode
     */
    ByteBuffer cipherBuffer = ByteBuffer.wrap(cipherBytes);
    DecryptRequest req = new DecryptRequest().withCiphertextBlob(cipherBuffer);
    DecryptResult resp = kms.decrypt(req);
    /*
     * Convert the response plaintext bytes to a string
     */
    return new String(resp.getPlaintext().array(), Charset.forName("UTF-8"));
}

Example 5 with DecryptRequest

use of com.amazonaws.services.kms.model.DecryptRequest in project tink by google.

the class AwsKmsAead method decrypt.

@Override
public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException {
    try {
        DecryptRequest req = new DecryptRequest().withCiphertextBlob(ByteBuffer.wrap(ciphertext));
        if (associatedData != null && associatedData.length != 0) {
            req = req.addEncryptionContextEntry("associatedData", BinaryUtils.toHex(associatedData));
        }
        DecryptResult result = kmsClient.decrypt(req);
        if (!result.getKeyId().equals(keyArn)) {
            throw new GeneralSecurityException("decryption failed: wrong key id");
        }
        return result.getPlaintext().array();
    } catch (AmazonServiceException e) {
        throw new GeneralSecurityException("decryption failed", e);
    }
}