use of com.amazonaws.services.kms.model.DescribeKeyRequest in project aws-doc-sdk-examples by awsdocs.
the class ViewCustomerMasterKey method main.
public static void main(String[] args) {
final String USAGE = "To run this example, supply a key id or ARN\n" + "Usage: ViewCustomerMasterKey <key-id>\n" + "Example: ViewCustomerMasterKey 1234abcd-12ab-34cd-56ef-1234567890ab\n";
if (args.length != 1) {
System.out.println(USAGE);
System.exit(1);
}
String keyId = args[0];
AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
// Describe a CMK
DescribeKeyRequest req = new DescribeKeyRequest().withKeyId(keyId);
DescribeKeyResult result = kmsClient.describeKey(req);
KeyMetadata metadata = result.getKeyMetadata();
System.out.printf("%-15s %s%n", "KeyId:", keyId);
System.out.printf("%-15s %s%n", "Arn:", metadata.getArn());
System.out.printf("%-15s %s%n", "CreationDate:", metadata.getCreationDate());
System.out.printf("%-15s %s%n", "Description:", metadata.getDescription());
System.out.printf("%-15s %s%n", "KeyUsage:", metadata.getKeyUsage());
System.out.printf("%-15s %s%n", "KeyState:", metadata.getKeyState());
System.out.printf("%-15s %s%n", "Origin:", metadata.getOrigin());
System.out.printf("%-15s %s%n", "KeyManager:", metadata.getKeyManager());
}
use of com.amazonaws.services.kms.model.DescribeKeyRequest in project di-authentication-api by alphagov.
the class KmsKeyExtension method keyExists.
protected boolean keyExists(String keyAlias) {
try {
var request = new DescribeKeyRequest().withKeyId(keyAlias);
kms.describeKey(request);
return true;
} catch (NotFoundException ignored) {
return false;
}
}
use of com.amazonaws.services.kms.model.DescribeKeyRequest in project cloudbreak by hortonworks.
the class AwsPlatformResources method encryptionKeys.
@Override
public CloudEncryptionKeys encryptionKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
String queryFailedMessage = "Could not get encryption keys from Amazon: ";
CloudEncryptionKeys cloudEncryptionKeys = new CloudEncryptionKeys(new HashSet<>());
AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
AmazonKmsClient client = awsClient.createAWSKMS(awsCredentialView, region.value());
try {
ListKeysRequest listKeysRequest = new ListKeysRequest();
ListKeysResult listKeysResult = client.listKeys(listKeysRequest);
ListAliasesResult listAliasesResult = client.listAliases(new ListAliasesRequest());
for (AliasListEntry keyListEntry : listAliasesResult.getAliases()) {
try {
listKeysResult.getKeys().stream().filter(item -> item.getKeyId().equals(keyListEntry.getTargetKeyId())).findFirst().ifPresent(item -> {
DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest().withKeyId(item.getKeyId());
DescribeKeyResult describeKeyResult = client.describeKey(describeKeyRequest);
Map<String, Object> meta = new HashMap<>();
meta.put("aWSAccountId", describeKeyResult.getKeyMetadata().getAWSAccountId());
meta.put("creationDate", describeKeyResult.getKeyMetadata().getCreationDate());
meta.put("enabled", describeKeyResult.getKeyMetadata().getEnabled());
meta.put("expirationModel", describeKeyResult.getKeyMetadata().getExpirationModel());
meta.put("keyManager", describeKeyResult.getKeyMetadata().getKeyManager());
meta.put("keyState", describeKeyResult.getKeyMetadata().getKeyState());
meta.put("keyUsage", describeKeyResult.getKeyMetadata().getKeyUsage());
meta.put("origin", describeKeyResult.getKeyMetadata().getOrigin());
meta.put("validTo", describeKeyResult.getKeyMetadata().getValidTo());
if (!CloudConstants.AWS.equalsIgnoreCase(describeKeyResult.getKeyMetadata().getKeyManager())) {
CloudEncryptionKey key = new CloudEncryptionKey(item.getKeyArn(), describeKeyResult.getKeyMetadata().getKeyId(), describeKeyResult.getKeyMetadata().getDescription(), keyListEntry.getAliasName().replace("alias/", ""), meta);
cloudEncryptionKeys.getCloudEncryptionKeys().add(key);
}
});
} catch (AmazonServiceException e) {
if (e.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, e);
} else {
LOGGER.info(queryFailedMessage, e);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
}
}
} catch (AmazonServiceException ase) {
if (ase.getStatusCode() == UNAUTHORIZED) {
String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
LOGGER.error(policyMessage, ase);
throw new CloudUnauthorizedException(policyMessage, ase);
} else {
LOGGER.info(queryFailedMessage, ase);
throw new CloudConnectorException(queryFailedMessage + ase.getMessage(), ase);
}
} catch (Exception e) {
LOGGER.warn(queryFailedMessage, e);
throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
}
return cloudEncryptionKeys;
}
Aggregations