use of com.amazonaws.services.kms.model.DecryptRequest in project aws-doc-sdk-examples by awsdocs.
the class DecryptDataKey method main.
public static void main(String[] args) {
AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
// Decrypt a data key
//
ByteBuffer ciphertextBlob = ByteBuffer.wrap(new byte[] { Byte.parseByte("Place your ciphertext here") });
DecryptRequest req = new DecryptRequest().withCiphertextBlob(ciphertextBlob);
ByteBuffer plainText = kmsClient.decrypt(req).getPlaintext();
}
use of com.amazonaws.services.kms.model.DecryptRequest in project bender by Nextdoor.
the class Passwords method decrypt.
public static String decrypt(String str, Region region) throws UnsupportedEncodingException {
if (isJUnitTest()) {
return str;
}
AWSKMS kms = AWSKMSClientBuilder.standard().withRegion(region.getName()).build();
/*
* The KMS ciphertext is base64 encoded and must be decoded before the request is made
*/
String cipherString = str;
byte[] cipherBytes = Base64.decode(cipherString);
/*
* Create decode request and decode
*/
ByteBuffer cipherBuffer = ByteBuffer.wrap(cipherBytes);
DecryptRequest req = new DecryptRequest().withCiphertextBlob(cipherBuffer);
DecryptResult resp = kms.decrypt(req);
/*
* Convert the response plaintext bytes to a string
*/
return new String(resp.getPlaintext().array(), Charset.forName("UTF-8"));
}
use of com.amazonaws.services.kms.model.DecryptRequest in project testcases by coheigea.
the class CommonCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if (pc.getUsage() == WSPasswordCallback.SECRET_KEY) {
final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
AWSKMSClient kms = new AWSKMSClient(creds);
kms.setEndpoint(endpoint);
if (pc.getEncryptedSecret() != null) {
ByteBuffer encryptedKey = ByteBuffer.wrap(pc.getEncryptedSecret());
DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey);
ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext();
byte[] key = new byte[plaintextKey.remaining()];
plaintextKey.get(key);
pc.setKey(key);
} else {
GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest();
dataKeyRequest.setKeyId(masterKeyId);
String algorithm = "AES_128";
if (pc.getAlgorithm() != null && pc.getAlgorithm().contains("aes256")) {
algorithm = "AES_256";
}
dataKeyRequest.setKeySpec(algorithm);
GenerateDataKeyResult dataKeyResult = kms.generateDataKey(dataKeyRequest);
ByteBuffer plaintextKey = dataKeyResult.getPlaintext();
byte[] key = new byte[plaintextKey.remaining()];
plaintextKey.get(key);
pc.setKey(key);
ByteBuffer encryptedKey = dataKeyResult.getCiphertextBlob();
byte[] encKey = new byte[encryptedKey.remaining()];
encryptedKey.get(encKey);
pc.setEncryptedSecret(encKey);
// Create a KeyName pointing to the encryption key
Document doc = DOMUtils.newDocument();
Element keyInfoElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN);
keyInfoElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS);
Element keyNameElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":KeyName");
keyNameElement.setTextContent("1c84a3f2-51cc-4c66-9045-68f51ef8b1eb");
keyInfoElement.appendChild(keyNameElement);
pc.setKeyInfoReference(keyInfoElement);
}
}
}
}
}
use of com.amazonaws.services.kms.model.DecryptRequest in project spring-cloud-config-aws-kms by zalando.
the class KmsEncryptionIntegrationConfigurationTest method testPropertyHasBeenDecrypted.
@Test
public void testPropertyHasBeenDecrypted() throws Exception {
assertThat(decryptedSecret).isEqualTo(PLAINTEXT);
final DecryptRequest decryptRequest = new DecryptRequest();
decryptRequest.setCiphertextBlob(CIPHER_TEXT_BLOB);
verify(mockKms, atLeastOnce()).decrypt(decryptRequest);
}
use of com.amazonaws.services.kms.model.DecryptRequest in project athenz by yahoo.
the class AwsPrivateKeyStore method getDecryptedData.
private String getDecryptedData(final String bucketName, final String keyName) {
String keyValue = "";
S3Object s3Object = getS3().getObject(bucketName, keyName);
if (LOG.isDebugEnabled()) {
LOG.debug("retrieving appName {}, key {}", bucketName, keyName);
}
if (null == s3Object) {
LOG.error("error retrieving key {}, from bucket {}", keyName, bucketName);
return keyValue;
}
try (S3ObjectInputStream s3InputStream = s3Object.getObjectContent();
ByteArrayOutputStream result = new ByteArrayOutputStream()) {
byte[] buffer = new byte[1024];
int length;
while ((length = s3InputStream.read(buffer)) != -1) {
result.write(buffer, 0, length);
}
if (kmsDecrypt) {
DecryptRequest req = new DecryptRequest().withCiphertextBlob(ByteBuffer.wrap(result.toByteArray()));
ByteBuffer plainText = getKMS().decrypt(req).getPlaintext();
keyValue = new String(plainText.array());
} else {
keyValue = result.toString();
}
} catch (IOException e) {
LOG.error("error getting application secret.", e);
}
return keyValue.trim();
}
Aggregations