List of usage examples for com.amazonaws.services.s3 AmazonS3EncryptionClient AmazonS3EncryptionClient
@Deprecated
public AmazonS3EncryptionClient(AWSCredentialsProvider credentialsProvider,
EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfig)
Constructs a new Amazon S3 Encryption client using the specified AWS credentials to access Amazon S3.
From source file:com.nike.cerberus.config.CmsEnvPropertiesLoader.java
License:Apache License
public CmsEnvPropertiesLoader(final String bucketName, final String region, final String kmsKeyId) { final KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(kmsKeyId); this.s3Client = new AmazonS3EncryptionClient(new DefaultAWSCredentialsProviderChain(), materialProvider, new CryptoConfiguration().withAwsKmsRegion(Region.getRegion(Regions.fromName(region)))) .withRegion(Region.getRegion(Regions.fromName(region))); this.bucketName = bucketName; }
From source file:com.nike.cerberus.store.ConfigStore.java
License:Apache License
private void initEncryptedConfigStoreService() { if (encryptedConfigStoreService == null) { final Environment environment = getEnvironmentData(); KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider( environment.getConfigKeyId()); AmazonS3EncryptionClient encryptionClient = new AmazonS3EncryptionClient( new DefaultAWSCredentialsProviderChain(), materialProvider, new CryptoConfiguration().withAwsKmsRegion(Region.getRegion(environmentMetadata.getRegions()))) .withRegion(Region.getRegion(environmentMetadata.getRegions())); encryptedConfigStoreService = new S3StoreService(encryptionClient, environmentMetadata.getBucketName(), ""); }// w w w .jav a2 s. c o m }
From source file:ingest.utility.IngestUtilities.java
License:Apache License
/** * Gets an instance of an S3 client to use. * // w w w .ja va 2 s .c om * @param useEncryption * True if encryption should be used (only for Piazza Bucket). For all external Buckets, encryption is * not used. * * @return The S3 client */ public AmazonS3 getAwsClient(boolean useEncryption) { AmazonS3 s3Client; if ((AMAZONS3_ACCESS_KEY.isEmpty()) && (AMAZONS3_PRIVATE_KEY.isEmpty())) { s3Client = new AmazonS3Client(); } else { BasicAWSCredentials credentials = new BasicAWSCredentials(AMAZONS3_ACCESS_KEY, AMAZONS3_PRIVATE_KEY); // Set up encryption using the KMS CMK Key if (useEncryption) { KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(S3_KMS_CMK_ID); s3Client = new AmazonS3EncryptionClient(credentials, materialProvider, new CryptoConfiguration().withKmsRegion(Regions.US_EAST_1)) .withRegion(Region.getRegion(Regions.US_EAST_1)); } else { s3Client = new AmazonS3Client(credentials); } } return s3Client; }
From source file:model.data.location.FileAccessFactory.java
License:Apache License
/** * Gets the input stream for an S3 file store. This will stream the bytes from S3. Null, or exception will be thrown * if an error occurs during acquisition. * //from www .j a va 2 s .c o m * The S3 Credentials MUST be populated using the setCredentials() method before executing this call, or a * Credentials exception is likely to be thrown by S3. */ @JsonIgnore public InputStream getS3File(FileLocation fileLocation, String accessKey, String privateKey, String s3EncryptKey) { // Get the file from S3. Connect to S3 Bucket. Only apply credentials if they are present. final AmazonS3Client s3Client; S3FileStore fileStore = (S3FileStore) fileLocation; if (accessKey.isEmpty() || privateKey.isEmpty()) { s3Client = new AmazonS3Client(); } else { // If an encryption key was provided, use the encrypted client BasicAWSCredentials credentials = new BasicAWSCredentials(accessKey, privateKey); if (s3EncryptKey != null) { KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(s3EncryptKey); s3Client = new AmazonS3EncryptionClient(credentials, materialProvider, new CryptoConfiguration().withKmsRegion(Regions.US_EAST_1)) .withRegion(Region.getRegion(Regions.US_EAST_1)); } else { s3Client = new AmazonS3Client(credentials); } } S3Object s3Object = s3Client.getObject(fileStore.getBucketName(), fileStore.getFileName()); return s3Object.getObjectContent(); }
From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideCMKEncryptionStrategy.java
License:Apache License
/** * Create an encryption client.// w w w. ja v a2s .c o m * * @param credentialsProvider AWS credentials provider. * @param clientConfiguration Client configuration * @param region AWS region * @param keyIdOrMaterial client master key, always base64 encoded * @return AWS S3 client */ @Override public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial) throws SecurityException { if (!validateKey(keyIdOrMaterial).isValid()) { throw new SecurityException("Invalid client key; ensure key material is base64 encoded."); } byte[] keyMaterial = Base64.decodeBase64(keyIdOrMaterial); SecretKeySpec symmetricKey = new SecretKeySpec(keyMaterial, "AES"); StaticEncryptionMaterialsProvider encryptionMaterialsProvider = new StaticEncryptionMaterialsProvider( new EncryptionMaterials(symmetricKey)); boolean haveRegion = StringUtils.isNotBlank(region); CryptoConfiguration cryptoConfig = new CryptoConfiguration(); Region awsRegion = null; if (haveRegion) { awsRegion = Region.getRegion(Regions.fromName(region)); cryptoConfig.setAwsKmsRegion(awsRegion); } AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, encryptionMaterialsProvider, cryptoConfig); if (haveRegion && awsRegion != null) { client.setRegion(awsRegion); } return client; }
From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideKMSEncryptionStrategy.java
License:Apache License
/** * Create an encryption client.// w w w .ja v a2 s. c om * * @param credentialsProvider AWS credentials provider. * @param clientConfiguration Client configuration * @param region AWS region * @param keyIdOrMaterial KMS key id * @return AWS S3 client */ @Override public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial) { KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(keyIdOrMaterial); boolean haveRegion = StringUtils.isNotBlank(region); Region awsRegion = null; CryptoConfiguration cryptoConfig = new CryptoConfiguration(); if (haveRegion) { awsRegion = Region.getRegion(Regions.fromName(region)); cryptoConfig.setAwsKmsRegion(awsRegion); } AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, materialProvider, cryptoConfig); if (haveRegion) { client.setRegion(awsRegion); } return client; }
From source file:org.talend.components.s3.runtime.S3Connection.java
License:Open Source License
public static AmazonS3 createClient(S3OutputProperties properties) { S3DatasetProperties data_set = properties.getDatasetProperties(); S3DatastoreProperties data_store = properties.getDatasetProperties().getDatastoreProperties(); com.amazonaws.auth.AWSCredentials credentials = new com.amazonaws.auth.BasicAWSCredentials( data_store.accessKey.getValue(), data_store.secretKey.getValue()); Region region = RegionUtils.getRegion(data_set.region.getValue().getValue()); Boolean clientSideEnc = data_set.encryptDataInMotion.getValue(); AmazonS3 conn = null;/*from w w w . ja va 2s . co m*/ if (clientSideEnc != null && clientSideEnc) { String kms_cmk = data_set.kmsForDataInMotion.getValue(); KMSEncryptionMaterialsProvider encryptionMaterialsProvider = new KMSEncryptionMaterialsProvider( kms_cmk); conn = new AmazonS3EncryptionClient(credentials, encryptionMaterialsProvider, new CryptoConfiguration().withAwsKmsRegion(region)); } else { AWSCredentialsProvider basicCredentialsProvider = new StaticCredentialsProvider(credentials); conn = new AmazonS3Client(basicCredentialsProvider); } conn.setRegion(region); return conn; }