List of usage examples for com.amazonaws.services.kms.model EncryptRequest EncryptRequest
EncryptRequest
From source file:com.google.crypto.tink.integration.awskms.AwsKmsAead.java
License:Apache License
@Override public byte[] encrypt(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException { try {//from w w w . j a va2 s.c o m EncryptRequest req = new EncryptRequest().withKeyId(keyArn).withPlaintext(ByteBuffer.wrap(plaintext)); if (associatedData != null && associatedData.length != 0) { req = req.addEncryptionContextEntry("associatedData", BinaryUtils.toHex(associatedData)); } return kmsClient.encrypt(req).getCiphertextBlob().array(); } catch (AmazonServiceException e) { throw new GeneralSecurityException("encryption failed", e); } }
From source file:com.nike.cerberus.service.AuthenticationService.java
License:Apache License
/** * Encrypts the data provided using KMS based on the provided region and key id. * * @param regionName Region where key is located * @param keyId Key id//from w w w .jav a2 s. c o m * @param data Data to be encrypted * @return encrypted data */ private byte[] encrypt(final String regionName, final String keyId, final byte[] data) { Region region; try { region = Region.getRegion(Regions.fromName(regionName)); } catch (IllegalArgumentException iae) { throw ApiException.newBuilder().withApiErrors(DefaultApiError.AUTH_IAM_ROLE_AWS_REGION_INVALID) .withExceptionCause(iae).build(); } final AWSKMSClient kmsClient = kmsClientFactory.getClient(region); try { final EncryptResult encryptResult = kmsClient .encrypt(new EncryptRequest().withKeyId(keyId).withPlaintext(ByteBuffer.wrap(data))); return encryptResult.getCiphertextBlob().array(); } catch (AmazonClientException ace) { throw ApiException.newBuilder().withApiErrors(DefaultApiError.INTERNAL_SERVER_ERROR) .withExceptionCause(ace) .withExceptionMessage( String.format("Unexpected error communicating with AWS KMS for region %s.", regionName)) .build(); } }
From source file:de.zalando.spring.cloud.config.aws.kms.KmsTextEncryptor.java
License:Apache License
@Override public String encrypt(final String text) { Assert.hasText(kmsKeyId, "kmsKeyId must not be blank"); if (text == null || text.isEmpty()) { return EMPTY_STRING; } else {/*from w w w . ja v a 2 s . co m*/ final EncryptRequest encryptRequest = new EncryptRequest().withKeyId(kmsKeyId) // .withPlaintext(ByteBuffer.wrap(text.getBytes())); final ByteBuffer encryptedBytes = kms.encrypt(encryptRequest).getCiphertextBlob(); return extractString(ByteBuffer.wrap(Base64.encode(encryptedBytes.array()))); } }
From source file:org.apache.coheigea.cxf.kms.asymmetric.KMSPasswordEncryptor.java
License:Apache License
@Override public String encrypt(String password) { final AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey); AWSKMSClient kms = new AWSKMSClient(creds); kms.setEndpoint(endpoint);/*from ww w. j a va 2 s . c om*/ ByteBuffer plaintext = ByteBuffer.wrap(password.getBytes()); EncryptRequest req = new EncryptRequest().withPlaintext(plaintext); req.setKeyId(masterKeyId); ByteBuffer encryptedKey = kms.encrypt(req).getCiphertextBlob(); byte[] key = new byte[encryptedKey.remaining()]; encryptedKey.get(key); return Base64.encode(key); }
From source file:org.sfs.encryption.AwsKms.java
License:Apache License
@Override public Observable<Encrypted> encrypt(VertxContext<Server> vertxContext, byte[] plainBytes) { SfsVertx sfsVertx = vertxContext.vertx(); Context context = sfsVertx.getOrCreateContext(); return Observable.defer(() -> { byte[] cloned = Arrays.copyOf(plainBytes, plainBytes.length); return RxHelper.executeBlocking(context, sfsVertx.getBackgroundPool(), () -> { try { EncryptRequest req = new EncryptRequest().withKeyId(keyId) .withPlaintext(ByteBuffer.wrap(cloned)); ByteBuffer buffer = kms.encrypt(req).getCiphertextBlob(); byte[] b = new byte[buffer.remaining()]; buffer.get(b);/*from w ww. ja va 2 s. co m*/ return new Encrypted(b, String.format("xppsaws:%s", keyId)); } finally { Arrays.fill(cloned, (byte) 0); } }); }); }
From source file:org.zalando.crypto.aws.kms.KmsEncrypter.java
License:Apache License
@Override public String encrypt(String text) { if (isNullOrEmpty(text)) { return EMPTY_STRING; } else {//from ww w . j a v a 2s . co m final EncryptRequest encryptRequest = new EncryptRequest().withKeyId(kmsKeyId) // .withPlaintext(ByteBuffer.wrap(text.getBytes())); final ByteBuffer encryptedBytes = kms.encrypt(encryptRequest).getCiphertextBlob(); return extractString(ByteBuffer.wrap(Base64.encode(encryptedBytes.array()))); } }