List of usage examples for com.amazonaws.services.kms AWSKMSClient decrypt
@Override
public DecryptResult decrypt(DecryptRequest request)
Decrypts ciphertext that was encrypted by a AWS KMS customer master key (CMK) using any of the following operations:
You can use this operation to decrypt ciphertext that was encrypted under a symmetric or asymmetric CMK.
From source file:com.choicemaker.xmlencryption.AwsKmsUtils.java
License:Open Source License
public static ByteBuffer computeSecretBytes(AWSCredentials creds, String masterKeyId, String algorithm, String encValueSecretKey, String endpoint) throws Base64DecodingException { Precondition.assertNonNullArgument("null credentials", creds); Precondition.assertNonEmptyString("null or blank master key id", masterKeyId); Precondition.assertNonEmptyString("null or blank encrypted value", encValueSecretKey); if (!StringUtils.nonEmptyString(algorithm)) { algorithm = DefaultAlgorithms.DEFAULT_AWS_KEY_ENCRYPTION_ALGORITHM; }//w ww . ja va 2 s . c o m AWSKMSClient kms = new AWSKMSClient(creds); if (endpoint != null) { kms.setEndpoint(endpoint); } byte[] encBase64 = encValueSecretKey.getBytes(); byte[] encBytes = Base64.decode(encBase64); ByteBuffer encryptedKey = ByteBuffer.wrap(encBytes); DecryptRequest request = new DecryptRequest().withCiphertextBlob(encryptedKey); DecryptResult result = kms.decrypt(request); ByteBuffer retVal = result.getPlaintext(); return retVal; }
From source file:org.apache.coheigea.cxf.kms.asymmetric.KMSPasswordEncryptor.java
License:Apache License
@Override public String decrypt(String encryptedPassword) { final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey); AWSKMSClient kms = new AWSKMSClient(creds); kms.setEndpoint(endpoint);//from w w w . ja v a 2s. c o m try { byte[] encryptedBytes = Base64.decode(encryptedPassword); ByteBuffer encryptedKey = ByteBuffer.wrap(encryptedBytes); DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey); ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext(); byte[] key = new byte[plaintextKey.remaining()]; plaintextKey.get(key); return new String(key); } catch (Base64DecodingException ex) { return null; } }
From source file:org.apache.coheigea.cxf.kms.common.CommonCallbackHandler.java
License:Apache License
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof WSPasswordCallback) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; if (pc.getUsage() == WSPasswordCallback.SECRET_KEY) { final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey); AWSKMSClient kms = new AWSKMSClient(creds); kms.setEndpoint(endpoint); if (pc.getEncryptedSecret() != null) { ByteBuffer encryptedKey = ByteBuffer.wrap(pc.getEncryptedSecret()); DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey); ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext(); byte[] key = new byte[plaintextKey.remaining()]; plaintextKey.get(key); pc.setKey(key);/* w w w . ja v a 2 s . com*/ } else { GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest(); dataKeyRequest.setKeyId(masterKeyId); String algorithm = "AES_128"; if (pc.getAlgorithm() != null && pc.getAlgorithm().contains("aes256")) { algorithm = "AES_256"; } dataKeyRequest.setKeySpec(algorithm); GenerateDataKeyResult dataKeyResult = kms.generateDataKey(dataKeyRequest); ByteBuffer plaintextKey = dataKeyResult.getPlaintext(); byte[] key = new byte[plaintextKey.remaining()]; plaintextKey.get(key); pc.setKey(key); ByteBuffer encryptedKey = dataKeyResult.getCiphertextBlob(); byte[] encKey = new byte[encryptedKey.remaining()]; encryptedKey.get(encKey); pc.setEncryptedSecret(encKey); // Create a KeyName pointing to the encryption key Document doc = DOMUtils.newDocument(); Element keyInfoElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN); keyInfoElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS); Element keyNameElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":KeyName"); keyNameElement.setTextContent("1c84a3f2-51cc-4c66-9045-68f51ef8b1eb"); keyInfoElement.appendChild(keyNameElement); pc.setKeyInfoReference(keyInfoElement); } } } } }
From source file:org.finra.dm.dao.impl.KmsOperationsImpl.java
License:Apache License
/** * {@inheritDoc}//from www.j a v a 2 s .c o m */ @Override public DecryptResult decrypt(AWSKMSClient awsKmsClient, DecryptRequest decryptRequest) { // Call AWS KMS decrypt service method. return awsKmsClient.decrypt(decryptRequest); }
From source file:org.finra.herd.dao.impl.KmsOperationsImpl.java
License:Apache License
@Override public DecryptResult decrypt(AWSKMSClient awsKmsClient, DecryptRequest decryptRequest) { // Call AWS KMS decrypt service method. return awsKmsClient.decrypt(decryptRequest); }