List of usage examples for com.amazonaws.services.kms.model DecryptResult getKeyId
public String getKeyId()
The ARN of the customer master key that was used to perform the decryption.
From source file:com.google.crypto.tink.integration.awskms.AwsKmsAead.java
License:Apache License
@Override public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException { try {/*from w w w . java2s.com*/ DecryptRequest req = new DecryptRequest().withCiphertextBlob(ByteBuffer.wrap(ciphertext)); if (associatedData != null && associatedData.length != 0) { req = req.addEncryptionContextEntry("associatedData", BinaryUtils.toHex(associatedData)); } DecryptResult result = kmsClient.decrypt(req); if (!result.getKeyId().equals(keyArn)) { throw new GeneralSecurityException("decryption failed: wrong key id"); } return result.getPlaintext().array(); } catch (AmazonServiceException e) { throw new GeneralSecurityException("decryption failed", e); } }