Search in sources :

Example 1 with DescribeKeyRequest

use of com.amazonaws.services.kms.model.DescribeKeyRequest in project aws-doc-sdk-examples by awsdocs.

the class ViewCustomerMasterKey method main.

public static void main(String[] args) {
    final String USAGE = "To run this example, supply a key id or ARN\n" + "Usage: ViewCustomerMasterKey <key-id>\n" + "Example: ViewCustomerMasterKey 1234abcd-12ab-34cd-56ef-1234567890ab\n";
    if (args.length != 1) {
        System.out.println(USAGE);
        System.exit(1);
    }
    String keyId = args[0];
    AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
    // Describe a CMK
    DescribeKeyRequest req = new DescribeKeyRequest().withKeyId(keyId);
    DescribeKeyResult result = kmsClient.describeKey(req);
    KeyMetadata metadata = result.getKeyMetadata();
    System.out.printf("%-15s %s%n", "KeyId:", keyId);
    System.out.printf("%-15s %s%n", "Arn:", metadata.getArn());
    System.out.printf("%-15s %s%n", "CreationDate:", metadata.getCreationDate());
    System.out.printf("%-15s %s%n", "Description:", metadata.getDescription());
    System.out.printf("%-15s %s%n", "KeyUsage:", metadata.getKeyUsage());
    System.out.printf("%-15s %s%n", "KeyState:", metadata.getKeyState());
    System.out.printf("%-15s %s%n", "Origin:", metadata.getOrigin());
    System.out.printf("%-15s %s%n", "KeyManager:", metadata.getKeyManager());
}
Also used : KeyMetadata(com.amazonaws.services.kms.model.KeyMetadata) DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult) DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest) AWSKMS(com.amazonaws.services.kms.AWSKMS)

Example 2 with DescribeKeyRequest

use of com.amazonaws.services.kms.model.DescribeKeyRequest in project di-authentication-api by alphagov.

the class KmsKeyExtension method keyExists.

protected boolean keyExists(String keyAlias) {
    try {
        var request = new DescribeKeyRequest().withKeyId(keyAlias);
        kms.describeKey(request);
        return true;
    } catch (NotFoundException ignored) {
        return false;
    }
}
Also used : DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest) NotFoundException(com.amazonaws.services.kms.model.NotFoundException)

Example 3 with DescribeKeyRequest

use of com.amazonaws.services.kms.model.DescribeKeyRequest in project cloudbreak by hortonworks.

the class AwsPlatformResources method encryptionKeys.

@Override
public CloudEncryptionKeys encryptionKeys(ExtendedCloudCredential cloudCredential, Region region, Map<String, String> filters) {
    String queryFailedMessage = "Could not get encryption keys from Amazon: ";
    CloudEncryptionKeys cloudEncryptionKeys = new CloudEncryptionKeys(new HashSet<>());
    AwsCredentialView awsCredentialView = new AwsCredentialView(cloudCredential);
    AmazonKmsClient client = awsClient.createAWSKMS(awsCredentialView, region.value());
    try {
        ListKeysRequest listKeysRequest = new ListKeysRequest();
        ListKeysResult listKeysResult = client.listKeys(listKeysRequest);
        ListAliasesResult listAliasesResult = client.listAliases(new ListAliasesRequest());
        for (AliasListEntry keyListEntry : listAliasesResult.getAliases()) {
            try {
                listKeysResult.getKeys().stream().filter(item -> item.getKeyId().equals(keyListEntry.getTargetKeyId())).findFirst().ifPresent(item -> {
                    DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest().withKeyId(item.getKeyId());
                    DescribeKeyResult describeKeyResult = client.describeKey(describeKeyRequest);
                    Map<String, Object> meta = new HashMap<>();
                    meta.put("aWSAccountId", describeKeyResult.getKeyMetadata().getAWSAccountId());
                    meta.put("creationDate", describeKeyResult.getKeyMetadata().getCreationDate());
                    meta.put("enabled", describeKeyResult.getKeyMetadata().getEnabled());
                    meta.put("expirationModel", describeKeyResult.getKeyMetadata().getExpirationModel());
                    meta.put("keyManager", describeKeyResult.getKeyMetadata().getKeyManager());
                    meta.put("keyState", describeKeyResult.getKeyMetadata().getKeyState());
                    meta.put("keyUsage", describeKeyResult.getKeyMetadata().getKeyUsage());
                    meta.put("origin", describeKeyResult.getKeyMetadata().getOrigin());
                    meta.put("validTo", describeKeyResult.getKeyMetadata().getValidTo());
                    if (!CloudConstants.AWS.equalsIgnoreCase(describeKeyResult.getKeyMetadata().getKeyManager())) {
                        CloudEncryptionKey key = new CloudEncryptionKey(item.getKeyArn(), describeKeyResult.getKeyMetadata().getKeyId(), describeKeyResult.getKeyMetadata().getDescription(), keyListEntry.getAliasName().replace("alias/", ""), meta);
                        cloudEncryptionKeys.getCloudEncryptionKeys().add(key);
                    }
                });
            } catch (AmazonServiceException e) {
                if (e.getStatusCode() == UNAUTHORIZED) {
                    String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
                    LOGGER.error(policyMessage, e);
                } else {
                    LOGGER.info(queryFailedMessage, e);
                }
            } catch (Exception e) {
                LOGGER.warn(queryFailedMessage, e);
            }
        }
    } catch (AmazonServiceException ase) {
        if (ase.getStatusCode() == UNAUTHORIZED) {
            String policyMessage = "Could not get encryption keys because the user does not have enough permission.";
            LOGGER.error(policyMessage, ase);
            throw new CloudUnauthorizedException(policyMessage, ase);
        } else {
            LOGGER.info(queryFailedMessage, ase);
            throw new CloudConnectorException(queryFailedMessage + ase.getMessage(), ase);
        }
    } catch (Exception e) {
        LOGGER.warn(queryFailedMessage, e);
        throw new CloudConnectorException(queryFailedMessage + e.getMessage(), e);
    }
    return cloudEncryptionKeys;
}
Also used : ListAliasesResult(com.amazonaws.services.kms.model.ListAliasesResult) AliasListEntry(com.amazonaws.services.kms.model.AliasListEntry) AmazonKmsClient(com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonKmsClient) HashMap(java.util.HashMap) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) DescribeKeyRequest(com.amazonaws.services.kms.model.DescribeKeyRequest) ListKeysRequest(com.amazonaws.services.kms.model.ListKeysRequest) CloudEncryptionKeys(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException) AmazonServiceException(com.amazonaws.AmazonServiceException) CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException) IOException(java.io.IOException) SdkClientException(com.amazonaws.SdkClientException) AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception) PermanentlyFailedException(com.sequenceiq.cloudbreak.util.PermanentlyFailedException) AwsCredentialView(com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView) CloudEncryptionKey(com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKey) DescribeKeyResult(com.amazonaws.services.kms.model.DescribeKeyResult) AmazonServiceException(com.amazonaws.AmazonServiceException) ListKeysResult(com.amazonaws.services.kms.model.ListKeysResult) ListAliasesRequest(com.amazonaws.services.kms.model.ListAliasesRequest) CloudUnauthorizedException(com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)

Aggregations

DescribeKeyRequest (com.amazonaws.services.kms.model.DescribeKeyRequest)3 DescribeKeyResult (com.amazonaws.services.kms.model.DescribeKeyResult)2 AmazonServiceException (com.amazonaws.AmazonServiceException)1 SdkClientException (com.amazonaws.SdkClientException)1 AmazonEC2Exception (com.amazonaws.services.ec2.model.AmazonEC2Exception)1 AWSKMS (com.amazonaws.services.kms.AWSKMS)1 AliasListEntry (com.amazonaws.services.kms.model.AliasListEntry)1 KeyMetadata (com.amazonaws.services.kms.model.KeyMetadata)1 ListAliasesRequest (com.amazonaws.services.kms.model.ListAliasesRequest)1 ListAliasesResult (com.amazonaws.services.kms.model.ListAliasesResult)1 ListKeysRequest (com.amazonaws.services.kms.model.ListKeysRequest)1 ListKeysResult (com.amazonaws.services.kms.model.ListKeysResult)1 NotFoundException (com.amazonaws.services.kms.model.NotFoundException)1 AmazonKmsClient (com.sequenceiq.cloudbreak.cloud.aws.common.client.AmazonKmsClient)1 AwsCredentialView (com.sequenceiq.cloudbreak.cloud.aws.common.view.AwsCredentialView)1 CloudConnectorException (com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)1 CloudUnauthorizedException (com.sequenceiq.cloudbreak.cloud.exception.CloudUnauthorizedException)1 CloudEncryptionKey (com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKey)1 CloudEncryptionKeys (com.sequenceiq.cloudbreak.cloud.model.CloudEncryptionKeys)1 PermanentlyFailedException (com.sequenceiq.cloudbreak.util.PermanentlyFailedException)1