List of usage examples for com.amazonaws.services.kms AWSKMSClient setEndpoint
@Deprecated public void setEndpoint(String endpoint) throws IllegalArgumentException
From source file:com.choicemaker.xmlencryption.AwsKmsUtils.java
License:Open Source License
public static ByteBuffer computeSecretBytes(AWSCredentials creds, String masterKeyId, String algorithm, String encValueSecretKey, String endpoint) throws Base64DecodingException { Precondition.assertNonNullArgument("null credentials", creds); Precondition.assertNonEmptyString("null or blank master key id", masterKeyId); Precondition.assertNonEmptyString("null or blank encrypted value", encValueSecretKey); if (!StringUtils.nonEmptyString(algorithm)) { algorithm = DefaultAlgorithms.DEFAULT_AWS_KEY_ENCRYPTION_ALGORITHM; }/*from w w w .java 2 s . c o m*/ AWSKMSClient kms = new AWSKMSClient(creds); if (endpoint != null) { kms.setEndpoint(endpoint); } byte[] encBase64 = encValueSecretKey.getBytes(); byte[] encBytes = Base64.decode(encBase64); ByteBuffer encryptedKey = ByteBuffer.wrap(encBytes); DecryptRequest request = new DecryptRequest().withCiphertextBlob(encryptedKey); DecryptResult result = kms.decrypt(request); ByteBuffer retVal = result.getPlaintext(); return retVal; }
From source file:com.choicemaker.xmlencryption.AwsKmsUtils.java
License:Open Source License
static GenerateDataKeyResult generateDataKey(AWSCredentials creds, String masterKeyId, String algorithm, String endpoint) {/*from w ww .java 2 s . c o m*/ Precondition.assertNonNullArgument("null credentials", creds); Precondition.assertNonEmptyString("null or blank master key id", masterKeyId); if (!StringUtils.nonEmptyString(algorithm)) { algorithm = DefaultAlgorithms.DEFAULT_AWS_KEY_ENCRYPTION_ALGORITHM; } AWSKMSClient kms = new AWSKMSClient(creds); if (endpoint != null) { kms.setEndpoint(endpoint); } GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest(); dataKeyRequest.setKeyId(masterKeyId); dataKeyRequest.setKeySpec(algorithm); GenerateDataKeyResult retVal = kms.generateDataKey(dataKeyRequest); return retVal; }
From source file:com.cloudera.director.aws.ec2.EC2Provider.java
License:Apache License
/** * Configures the specified KMS client./*from w ww . j a va 2s .c om*/ * * @param configuration the provider configuration * @param accumulator the exception accumulator * @param kmsClient the KMS client * @param providerLocalizationContext the resource provider localization context * @return the configured client * @throws InvalidCredentialsException if the supplied credentials are invalid * @throws TransientProviderException if a transient exception occurs communicating with the * provider * @throws UnrecoverableProviderException if an unrecoverable exception occurs communicating with * the provider */ protected static AWSKMSClient configureKmsClient(Configured configuration, PluginExceptionConditionAccumulator accumulator, AWSKMSClient kmsClient, LocalizationContext providerLocalizationContext) { checkNotNull(kmsClient, "kmsClient is null"); try { String regionEndpoint = configuration.getConfigurationValue(KMS_REGION_ENDPOINT, providerLocalizationContext); if (regionEndpoint != null) { LOG.info("<< Using configured region endpoint for KMS client: {}", regionEndpoint); } else { String region = configuration.getConfigurationValue(REGION, providerLocalizationContext); regionEndpoint = getKMSEndpointForRegion(kmsClient, region); } kmsClient.setEndpoint(regionEndpoint); } catch (AmazonClientException e) { throw AWSExceptions.propagate(e); } catch (IllegalArgumentException e) { accumulator.addError(REGION.unwrap().getConfigKey(), e.getMessage()); } return kmsClient; }
From source file:org.apache.coheigea.cxf.kms.asymmetric.KMSPasswordEncryptor.java
License:Apache License
@Override public String encrypt(String password) { final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey); AWSKMSClient kms = new AWSKMSClient(creds); kms.setEndpoint(endpoint); ByteBuffer plaintext = ByteBuffer.wrap(password.getBytes()); EncryptRequest req = new EncryptRequest().withPlaintext(plaintext); req.setKeyId(masterKeyId);/* ww w . j a v a2 s . c o m*/ ByteBuffer encryptedKey = kms.encrypt(req).getCiphertextBlob(); byte[] key = new byte[encryptedKey.remaining()]; encryptedKey.get(key); return Base64.encode(key); }
From source file:org.apache.coheigea.cxf.kms.asymmetric.KMSPasswordEncryptor.java
License:Apache License
@Override public String decrypt(String encryptedPassword) { final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey); AWSKMSClient kms = new AWSKMSClient(creds); kms.setEndpoint(endpoint); try {/*from ww w. j a va2s . c om*/ byte[] encryptedBytes = Base64.decode(encryptedPassword); ByteBuffer encryptedKey = ByteBuffer.wrap(encryptedBytes); DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey); ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext(); byte[] key = new byte[plaintextKey.remaining()]; plaintextKey.get(key); return new String(key); } catch (Base64DecodingException ex) { return null; } }
From source file:org.apache.coheigea.cxf.kms.common.CommonCallbackHandler.java
License:Apache License
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof WSPasswordCallback) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; if (pc.getUsage() == WSPasswordCallback.SECRET_KEY) { final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey); AWSKMSClient kms = new AWSKMSClient(creds); kms.setEndpoint(endpoint); if (pc.getEncryptedSecret() != null) { ByteBuffer encryptedKey = ByteBuffer.wrap(pc.getEncryptedSecret()); DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey); ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext(); byte[] key = new byte[plaintextKey.remaining()]; plaintextKey.get(key); pc.setKey(key);//from w w w. j a va2 s . c o m } else { GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest(); dataKeyRequest.setKeyId(masterKeyId); String algorithm = "AES_128"; if (pc.getAlgorithm() != null && pc.getAlgorithm().contains("aes256")) { algorithm = "AES_256"; } dataKeyRequest.setKeySpec(algorithm); GenerateDataKeyResult dataKeyResult = kms.generateDataKey(dataKeyRequest); ByteBuffer plaintextKey = dataKeyResult.getPlaintext(); byte[] key = new byte[plaintextKey.remaining()]; plaintextKey.get(key); pc.setKey(key); ByteBuffer encryptedKey = dataKeyResult.getCiphertextBlob(); byte[] encKey = new byte[encryptedKey.remaining()]; encryptedKey.get(encKey); pc.setEncryptedSecret(encKey); // Create a KeyName pointing to the encryption key Document doc = DOMUtils.newDocument(); Element keyInfoElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN); keyInfoElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS); Element keyNameElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":KeyName"); keyNameElement.setTextContent("1c84a3f2-51cc-4c66-9045-68f51ef8b1eb"); keyInfoElement.appendChild(keyNameElement); pc.setKeyInfoReference(keyInfoElement); } } } } }