List of usage examples for com.amazonaws.services.kms.model DecryptRequest DecryptRequest
DecryptRequest
From source file:com.choicemaker.xmlencryption.AwsKmsUtils.java
License:Open Source License
public static ByteBuffer computeSecretBytes(AWSCredentials creds, String masterKeyId, String algorithm, String encValueSecretKey, String endpoint) throws Base64DecodingException { Precondition.assertNonNullArgument("null credentials", creds); Precondition.assertNonEmptyString("null or blank master key id", masterKeyId); Precondition.assertNonEmptyString("null or blank encrypted value", encValueSecretKey); if (!StringUtils.nonEmptyString(algorithm)) { algorithm = DefaultAlgorithms.DEFAULT_AWS_KEY_ENCRYPTION_ALGORITHM; }/*from w ww .j a v a 2 s.c o m*/ AWSKMSClient kms = new AWSKMSClient(creds); if (endpoint != null) { kms.setEndpoint(endpoint); } byte[] encBase64 = encValueSecretKey.getBytes(); byte[] encBytes = Base64.decode(encBase64); ByteBuffer encryptedKey = ByteBuffer.wrap(encBytes); DecryptRequest request = new DecryptRequest().withCiphertextBlob(encryptedKey); DecryptResult result = kms.decrypt(request); ByteBuffer retVal = result.getPlaintext(); return retVal; }
From source file:com.google.crypto.tink.integration.awskms.AwsKmsAead.java
License:Apache License
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException { try {//w ww . j av a2s . c o m DecryptRequest req = new DecryptRequest().withCiphertextBlob(ByteBuffer.wrap(ciphertext)); if (associatedData != null && associatedData.length != 0) { req = req.addEncryptionContextEntry("associatedData", BinaryUtils.toHex(associatedData)); } DecryptResult result = kmsClient.decrypt(req); if (!result.getKeyId().equals(keyArn)) { throw new GeneralSecurityException("decryption failed: wrong key id"); } return result.getPlaintext().array(); } catch (AmazonServiceException e) { throw new GeneralSecurityException("decryption failed", e); } }
From source file:com.lasmanis.maven.pgp.loaders.helpers.AwsCryptoHelper.java
License:Apache License
/** {@inheritDoc} */ @Override//from www. java 2s. c o m public String decrypt(final String cipherText) throws MojoExecutionException { // check if (cipherText == null || cipherText.isEmpty()) { throw new MojoExecutionException("Empty cipherText."); } // parse the cipher text final byte[] ciphertextBytes; try { ciphertextBytes = Base64.decode(cipherText); } catch (final IllegalArgumentException ex) { throw new MojoExecutionException("Invalid base 64 in cipherText", ex); } // decrypt try { DecryptRequest req = new DecryptRequest().withCiphertextBlob(ByteBuffer.wrap(ciphertextBytes)); ByteBuffer plainText = this.client.decrypt(req).getPlaintext(); String ret = new String(plainText.array(), StandardCharsets.UTF_8); return ret; } catch (final Exception ex) { throw new MojoExecutionException("Failed to decrypt cipherText", ex); } }
From source file:com.nextdoor.bender.utils.Passwords.java
License:Apache License
public static String decrypt(String str, Region region) throws UnsupportedEncodingException { if (isJUnitTest()) { return str; }/*from w ww . j a v a 2 s.c o m*/ AWSKMS kms = AWSKMSClientBuilder.standard().withRegion(region.getName()).build(); /* * The KMS ciphertext is base64 encoded and must be decoded before the request is made */ String cipherString = str; byte[] cipherBytes = Base64.decode(cipherString); /* * Create decode request and decode */ ByteBuffer cipherBuffer = ByteBuffer.wrap(cipherBytes); DecryptRequest req = new DecryptRequest().withCiphertextBlob(cipherBuffer); DecryptResult resp = kms.decrypt(req); /* * Convert the response plaintext bytes to a string */ return new String(resp.getPlaintext().array(), Charset.forName("UTF-8")); }
From source file:com.yahoo.athenz.auth.impl.aws.AwsPrivateKeyStore.java
License:Apache License
String getDecryptedData(final String bucketName, final String keyName) { String keyValue = ""; S3Object s3Object = s3.getObject(bucketName, keyName); if (LOG.isDebugEnabled()) { LOG.debug("retrieving appName {}, key {}", bucketName, keyName); }/*from ww w. j ava2 s.c o m*/ if (null == s3Object) { LOG.error("error retrieving key {}, from bucket {}", keyName, bucketName); return keyValue; } try (S3ObjectInputStream s3InputStream = s3Object.getObjectContent(); ByteArrayOutputStream result = new ByteArrayOutputStream();) { byte[] buffer = new byte[1024]; int length; while ((length = s3InputStream.read(buffer)) != -1) { result.write(buffer, 0, length); } // if key should be decrypted, do so with KMS if (kmsDecrypt) { DecryptRequest req = new DecryptRequest().withCiphertextBlob(ByteBuffer.wrap(result.toByteArray())); ByteBuffer plainText = kms.decrypt(req).getPlaintext(); keyValue = new String(plainText.array()); } else { keyValue = result.toString(); } } catch (IOException e) { LOG.error("error getting application secret.", e); } return keyValue.trim(); }
From source file:de.zalando.spring.cloud.config.aws.kms.KmsTextEncryptor.java
License:Apache License
@Override public String decrypt(final String encryptedText) { if (encryptedText == null || encryptedText.isEmpty()) { return EMPTY_STRING; } else {//from w ww .j a v a2 s.c om // Assuming the encryptedText is encoded in Base64 final ByteBuffer encryptedBytes = ByteBuffer.wrap(Base64.decode(encryptedText.getBytes())); final DecryptRequest decryptRequest = new DecryptRequest().withCiphertextBlob(encryptedBytes); return extractString(kms.decrypt(decryptRequest).getPlaintext()); } }
From source file:org.apache.coheigea.cxf.kms.asymmetric.KMSPasswordEncryptor.java
License:Apache License
@Override public String decrypt(String encryptedPassword) { final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey); AWSKMSClient kms = new AWSKMSClient(creds); kms.setEndpoint(endpoint);/*from w w w.j ava 2s .c o m*/ try { byte[] encryptedBytes = Base64.decode(encryptedPassword); ByteBuffer encryptedKey = ByteBuffer.wrap(encryptedBytes); DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey); ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext(); byte[] key = new byte[plaintextKey.remaining()]; plaintextKey.get(key); return new String(key); } catch (Base64DecodingException ex) { return null; } }
From source file:org.apache.coheigea.cxf.kms.common.CommonCallbackHandler.java
License:Apache License
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof WSPasswordCallback) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; if (pc.getUsage() == WSPasswordCallback.SECRET_KEY) { final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey); AWSKMSClient kms = new AWSKMSClient(creds); kms.setEndpoint(endpoint); if (pc.getEncryptedSecret() != null) { ByteBuffer encryptedKey = ByteBuffer.wrap(pc.getEncryptedSecret()); DecryptRequest req = new DecryptRequest().withCiphertextBlob(encryptedKey); ByteBuffer plaintextKey = kms.decrypt(req).getPlaintext(); byte[] key = new byte[plaintextKey.remaining()]; plaintextKey.get(key); pc.setKey(key);/*from www . jav a 2s . c o m*/ } else { GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest(); dataKeyRequest.setKeyId(masterKeyId); String algorithm = "AES_128"; if (pc.getAlgorithm() != null && pc.getAlgorithm().contains("aes256")) { algorithm = "AES_256"; } dataKeyRequest.setKeySpec(algorithm); GenerateDataKeyResult dataKeyResult = kms.generateDataKey(dataKeyRequest); ByteBuffer plaintextKey = dataKeyResult.getPlaintext(); byte[] key = new byte[plaintextKey.remaining()]; plaintextKey.get(key); pc.setKey(key); ByteBuffer encryptedKey = dataKeyResult.getCiphertextBlob(); byte[] encKey = new byte[encryptedKey.remaining()]; encryptedKey.get(encKey); pc.setEncryptedSecret(encKey); // Create a KeyName pointing to the encryption key Document doc = DOMUtils.newDocument(); Element keyInfoElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN); keyInfoElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS); Element keyNameElement = doc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":KeyName"); keyNameElement.setTextContent("1c84a3f2-51cc-4c66-9045-68f51ef8b1eb"); keyInfoElement.appendChild(keyNameElement); pc.setKeyInfoReference(keyInfoElement); } } } } }
From source file:org.finra.dm.dao.impl.KmsDaoImpl.java
License:Apache License
/** * {@inheritDoc}/* w w w . jav a 2 s.c om*/ */ @Override public String decrypt(AwsParamsDto awsParamsDto, String base64ciphertextBlob) { // Construct a new AWS KMS service client using the specified client configuration. // A credentials provider chain will be used that searches for credentials in this order: // - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY // - Java System Properties - aws.accessKeyId and aws.secretKey // - Instance Profile Credentials - delivered through the Amazon EC2 metadata service AWSKMSClient awsKmsClient = new AWSKMSClient(awsHelper.getClientConfiguration(awsParamsDto)); // Decode the base64 encoded ciphertext. ByteBuffer ciphertextBlob = ByteBuffer.wrap(Base64.decodeBase64(base64ciphertextBlob)); // Create the decrypt request. DecryptRequest decryptRequest = new DecryptRequest().withCiphertextBlob(ciphertextBlob); // Call AWS KMS decrypt service method. DecryptResult decryptResult = kmsOperations.decrypt(awsKmsClient, decryptRequest); // Get decrypted plaintext data. ByteBuffer plainText = decryptResult.getPlaintext(); // Return the plain text as a string. return new String(plainText.array(), StandardCharsets.UTF_8); }
From source file:org.finra.herd.dao.impl.KmsDaoImpl.java
License:Apache License
@Override public String decrypt(AwsParamsDto awsParamsDto, String base64ciphertextBlob) { // Construct a new AWS KMS service client using the specified client configuration. // A credentials provider chain will be used that searches for credentials in this order: // - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY // - Java System Properties - aws.accessKeyId and aws.secretKey // - Instance Profile Credentials - delivered through the Amazon EC2 metadata service AWSKMSClient awsKmsClient = new AWSKMSClient(awsHelper.getClientConfiguration(awsParamsDto)); // Decode the base64 encoded ciphertext. ByteBuffer ciphertextBlob = ByteBuffer.wrap(Base64.decodeBase64(base64ciphertextBlob)); // Create the decrypt request. DecryptRequest decryptRequest = new DecryptRequest().withCiphertextBlob(ciphertextBlob); // Call AWS KMS decrypt service method. DecryptResult decryptResult = kmsOperations.decrypt(awsKmsClient, decryptRequest); // Get decrypted plaintext data. ByteBuffer plainText = decryptResult.getPlaintext(); // Return the plain text as a string. return new String(plainText.array(), StandardCharsets.UTF_8); }