Examples with DecryptResponse com.tencentcloudapi.kms.v20190118.models.DecryptResponse used on opensource projects

Example 1 with DecryptResponse

use of com.tencentcloudapi.kms.v20190118.models.DecryptResponse in project cos-java-sdk-v5 by tencentyun.

the class ContentCryptoMaterial method decryptIV.

public static byte[] decryptIV(byte[] iv, String keyWrapAlgo, EncryptionMaterials materials, Provider securityProvider, ContentCryptoScheme contentCryptoScheme, QCLOUDKMS kms) {
    if (materials.isKMSEnabled()) {
        DecryptRequest decryptReq = new DecryptRequest();
        Map<String, String> materialDesc = materials.getMaterialsDescription();
        try {
            ObjectMapper mapper = new ObjectMapper();
            decryptReq.setEncryptionContext(mapper.writeValueAsString(materialDesc));
        } catch (JsonProcessingException e) {
            throw new CosClientException("decrypt request set encryption context got json processing exception", e);
        }
        decryptReq.setCiphertextBlob(new String(iv, Charset.forName("UTF-8")));
        DecryptResponse decryptRes = kms.decrypt(decryptReq);
        return Base64.decode(decryptRes.getPlaintext());
    }
    Key kek;
    if (materials.getKeyPair() != null) {
        // Do envelope decryption with private key from key pair
        kek = materials.getKeyPair().getPrivate();
        if (kek == null) {
            throw new CosClientException("Key encrypting key not available");
        }
    } else {
        // Do envelope decryption with symmetric key
        kek = materials.getSymmetricKey();
        if (kek == null) {
            throw new CosClientException("Key encrypting key not available");
        }
    }
    try {
        if (keyWrapAlgo != null) {
            // Key wrapping specified
            Cipher cipher = securityProvider == null ? Cipher.getInstance(keyWrapAlgo) : Cipher.getInstance(keyWrapAlgo, securityProvider);
            cipher.init(Cipher.DECRYPT_MODE, kek);
            return cipher.doFinal(iv);
        }
        // fall back to the Encryption Only (EO) key decrypting method
        Cipher cipher;
        if (securityProvider != null) {
            cipher = Cipher.getInstance(kek.getAlgorithm(), securityProvider);
        } else {
            cipher = Cipher.getInstance(kek.getAlgorithm());
        }
        cipher.init(Cipher.DECRYPT_MODE, kek);
        return cipher.doFinal(iv);
    } catch (Exception e) {
        throw new CosClientException("Unable to decrypt symmetric key from object metadata", e);
    }
}

Example 2 with DecryptResponse

use of com.tencentcloudapi.kms.v20190118.models.DecryptResponse in project cos-java-sdk-v5 by tencentyun.

the class ContentCryptoMaterial method cekByKMS.

/**
 * Decrypts the secured CEK via KMS; involves network calls.
 *
 * @return the CEK (in plaintext).
 */
private static SecretKey cekByKMS(byte[] cekSecured, String keyWrapAlgo, EncryptionMaterials materials, ContentCryptoScheme contentCryptoScheme, QCLOUDKMS kms) {
    DecryptRequest decryptReq = new DecryptRequest();
    Map<String, String> materialDesc = materials.getMaterialsDescription();
    try {
        ObjectMapper mapper = new ObjectMapper();
        decryptReq.setEncryptionContext(mapper.writeValueAsString(materialDesc));
    } catch (JsonProcessingException e) {
        throw new CosClientException("decrypt request set encryption context got json processing exception", e);
    }
    decryptReq.setCiphertextBlob(new String(cekSecured));
    DecryptResponse decryptRes = kms.decrypt(decryptReq);
    byte[] key = Base64.decode(decryptRes.getPlaintext());
    return new SecretKeySpec(key, contentCryptoScheme.getKeyGeneratorAlgorithm());
}