Example usage for com.amazonaws.services.kms AWSKMSClient AWSKMSClient

Introduction

In this page you can find the example usage for com.amazonaws.services.kms AWSKMSClient AWSKMSClient.

Prototype

AWSKMSClient(AwsSyncClientParams clientParams, boolean endpointDiscoveryEnabled)

Source Link

Document

Constructs a new client to invoke service methods on KMS using the specified parameters.

Usage

From source file:ch.cyberduck.core.kms.KMSEncryptionFeature.java

License:Open Source License

/**
 * @return List of IDs of KMS managed keys
 *//*from ww w  .j  a v  a2  s  .  co m*/
@Override
public Set<Algorithm> getKeys(final Path container, final LoginCallback prompt) throws BackgroundException {
    final Set<Algorithm> keys = super.getKeys(container, prompt);
    try {
        keys.addAll(this.authenticated(new Authenticated<Set<Algorithm>>() {
            @Override
            public Set<Algorithm> call() throws BackgroundException {
                // Create new IAM credentials
                final AWSKMSClient client = new AWSKMSClient(new com.amazonaws.auth.AWSCredentials() {
                    @Override
                    public String getAWSAccessKeyId() {
                        return host.getCredentials().getUsername();
                    }

                    @Override
                    public String getAWSSecretKey() {
                        return host.getCredentials().getPassword();
                    }
                }, configuration);
                final Location feature = session.getFeature(Location.class);
                final Location.Name region = feature.getLocation(containerService.getContainer(container));
                client.setRegion(Region.getRegion(Regions.fromName(region.getIdentifier())));
                try {
                    final Map<String, String> aliases = new HashMap<String, String>();
                    for (AliasListEntry entry : client.listAliases().getAliases()) {
                        aliases.put(entry.getTargetKeyId(), entry.getAliasName());
                    }
                    final Set<Algorithm> keys = new HashSet<Algorithm>();
                    for (KeyListEntry entry : client.listKeys().getKeys()) {
                        keys.add(new AliasedAlgorithm(entry, aliases.get(entry.getKeyId()), region));
                    }
                    return keys;
                } catch (AmazonClientException e) {
                    throw new AmazonServiceExceptionMappingService().map("Cannot read AWS KMS configuration",
                            e);
                } finally {
                    client.shutdown();
                }
            }
        }, prompt));
    } catch (AccessDeniedException e) {
        log.warn(String.format("Ignore failure reading keys from KMS. %s", e.getMessage()));
        keys.add(SSE_KMS_DEFAULT);
    }
    return keys;
}

From source file:com.cloudera.director.aws.AWSProvider.java

License:Apache License

@Override
protected ConfigurationValidator getResourceProviderConfigurationValidator(
        ResourceProviderMetadata resourceProviderMetadata) {
    ClientConfiguration clientConfiguration = getClientConfiguration();
    ConfigurationValidator providerSpecificValidator;
    if (resourceProviderMetadata.getId().equals(EC2Provider.METADATA.getId())) {
        AmazonEC2Client client = new AmazonEC2Client(credentialsProvider, clientConfiguration);
        AmazonIdentityManagementClient identityManagementClient = new AmazonIdentityManagementClient(
                credentialsProvider, clientConfiguration);
        AWSKMSClient kmsClient = new AWSKMSClient(credentialsProvider, clientConfiguration);
        providerSpecificValidator = new EC2ProviderConfigurationValidator(client, identityManagementClient,
                kmsClient);/*from   w  w  w.ja va  2  s  .co  m*/
    } else if (resourceProviderMetadata.getId().equals(RDSProvider.METADATA.getId())) {
        AmazonRDSClient client = new AmazonRDSClient(credentialsProvider, clientConfiguration);
        providerSpecificValidator = new RDSProviderConfigurationValidator(client, rdsEndpoints);
    } else {
        throw new IllegalArgumentException("No such provider: " + resourceProviderMetadata.getId());
    }
    return new CompositeConfigurationValidator(METADATA.getProviderConfigurationValidator(),
            providerSpecificValidator);
}

From source file:com.cloudera.director.aws.AWSProvider.java

License:Apache License

/**
 * Creates an EC2 provider with the specified configuration.
 *
 * @param target the configuration//from ww w  .  j a  v a2 s  .  c  o  m
 * @return the EC2 provider
 */
protected EC2Provider createEC2Provider(Configured target) {
    ClientConfiguration clientConfiguration = getClientConfiguration();
    return new EC2Provider(target, ephemeralDeviceMappings, ebsMetadata, virtualizationMappings, awsFilters,
            awsTimeouts, new AmazonEC2Client(credentialsProvider, clientConfiguration),
            new AmazonIdentityManagementClient(credentialsProvider, clientConfiguration),
            new AWSKMSClient(credentialsProvider, clientConfiguration), getLocalizationContext());
}

From source file:org.finra.herd.dao.credstash.JCredStashWrapper.java

License:Apache License

/**
 * Constructor for the JCredStashWrapper
 *
 * @param region the aws region location of the KMS Client
 * @param tableName name of the credentials table
 * @param clientConfiguration the AWS client configuration
 *//* w ww  .j av a  2s  . c  om*/
public JCredStashWrapper(String region, String tableName, ClientConfiguration clientConfiguration) {
    AWSCredentialsProvider provider = new DefaultAWSCredentialsProviderChain();
    AmazonDynamoDBClient ddb = new AmazonDynamoDBClient(provider, clientConfiguration)
            .withRegion(Regions.fromName(region));
    AWSKMSClient kms = new AWSKMSClient(provider, clientConfiguration).withRegion(Regions.fromName(region));
    credstash = new JCredStash(tableName, ddb, kms, new CredStashBouncyCastleCrypto());
}