List of usage examples for com.amazonaws.services.kms AWSKMSClient generateDataKey
@Override
public GenerateDataKeyResult generateDataKey(GenerateDataKeyRequest request)
Generates a unique symmetric data key.
From source file:com.choicemaker.xmlencryption.AwsKmsUtils.java
License:Open Source License
static GenerateDataKeyResult generateDataKey(AWSCredentials creds, String masterKeyId, String algorithm, String endpoint) {//from w ww . ja v a2 s .c o m Precondition.assertNonNullArgument("null credentials", creds); Precondition.assertNonEmptyString("null or blank master key id", masterKeyId); if (!StringUtils.nonEmptyString(algorithm)) { algorithm = DefaultAlgorithms.DEFAULT_AWS_KEY_ENCRYPTION_ALGORITHM; } AWSKMSClient kms = new AWSKMSClient(creds); if (endpoint != null) { kms.setEndpoint(endpoint); } GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest(); dataKeyRequest.setKeyId(masterKeyId); dataKeyRequest.setKeySpec(algorithm); GenerateDataKeyResult retVal = kms.generateDataKey(dataKeyRequest); return retVal; }
From source file:org.apache.coheigea.cxf.kms.common.CommonCallbackHandler.java
License:Apache License
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof WSPasswordCallback) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; if (pc.getUsage() == WSPasswordCallback.SECRET_KEY) { final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey); AWSKMSClient kms = new AWSKMSClient(creds); kms.setEndpoint(endpoint); if (pc.getEncryptedSecret() != null) { ByteBuffer encryptedKey = ByteBuffer.wrap(pc.getEncryptedSecret()); DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey); ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext(); byte[] key = new byte[plaintextKey.remaining()]; plaintextKey.get(key); pc.setKey(key);//w w w . j a v a 2 s . co m } else { GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest(); dataKeyRequest.setKeyId(masterKeyId); String algorithm = "AES_128"; if (pc.getAlgorithm() != null && pc.getAlgorithm().contains("aes256")) { algorithm = "AES_256"; } dataKeyRequest.setKeySpec(algorithm); GenerateDataKeyResult dataKeyResult = kms.generateDataKey(dataKeyRequest); ByteBuffer plaintextKey = dataKeyResult.getPlaintext(); byte[] key = new byte[plaintextKey.remaining()]; plaintextKey.get(key); pc.setKey(key); ByteBuffer encryptedKey = dataKeyResult.getCiphertextBlob(); byte[] encKey = new byte[encryptedKey.remaining()]; encryptedKey.get(encKey); pc.setEncryptedSecret(encKey); // Create a KeyName pointing to the encryption key Document doc = DOMUtils.newDocument(); Element keyInfoElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN); keyInfoElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS); Element keyNameElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":KeyName"); keyNameElement.setTextContent("1c84a3f2-51cc-4c66-9045-68f51ef8b1eb"); keyInfoElement.appendChild(keyNameElement); pc.setKeyInfoReference(keyInfoElement); } } } } }