List of usage examples for com.amazonaws.services.s3 AmazonS3EncryptionClient setRegion
@Override @Deprecated public synchronized void setRegion(com.amazonaws.regions.Region region)
From source file:S3ClientSideEncryptionWithSymmetricMasterKey.java
License:Apache License
public static void main(String[] args) throws Exception { SecretKey mySymmetricKey = loadSymmetricAESKey(masterKeyDir, "AES"); EncryptionMaterials encryptionMaterials = new EncryptionMaterials(mySymmetricKey); AWSCredentials credentials = new BasicAWSCredentials("Q3AM3UQ867SPQQA43P2F", "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG"); AmazonS3EncryptionClient encryptionClient = new AmazonS3EncryptionClient(credentials, new StaticEncryptionMaterialsProvider(encryptionMaterials)); Region usEast1 = Region.getRegion(Regions.US_EAST_1); encryptionClient.setRegion(usEast1); encryptionClient.setEndpoint("https://play.minio.io:9000"); final S3ClientOptions clientOptions = S3ClientOptions.builder().setPathStyleAccess(true).build(); encryptionClient.setS3ClientOptions(clientOptions); // Create the bucket encryptionClient.createBucket(bucketName); // Upload object using the encryption client. byte[] plaintext = "Hello World, S3 Client-side Encryption Using Asymmetric Master Key!".getBytes(); System.out.println("plaintext's length: " + plaintext.length); encryptionClient.putObject(new PutObjectRequest(bucketName, objectKey, new ByteArrayInputStream(plaintext), new ObjectMetadata())); // Download the object. S3Object downloadedObject = encryptionClient.getObject(bucketName, objectKey); byte[] decrypted = IOUtils.toByteArray(downloadedObject.getObjectContent()); // Verify same data. Assert.assertTrue(Arrays.equals(plaintext, decrypted)); //deleteBucketAndAllContents(encryptionClient); }
From source file:S3ClientSideEncryptionAsymmetricMasterKey.java
License:Apache License
public static void main(String[] args) throws Exception { // 1. Load keys from files byte[] bytes = FileUtils.readFileToByteArray(new File(keyDir + "/private.key")); KeyFactory kf = KeyFactory.getInstance("RSA"); PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(bytes); PrivateKey pk = kf.generatePrivate(ks); bytes = FileUtils.readFileToByteArray(new File(keyDir + "/public.key")); PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bytes)); KeyPair loadedKeyPair = new KeyPair(publicKey, pk); // 2. Construct an instance of AmazonS3EncryptionClient. EncryptionMaterials encryptionMaterials = new EncryptionMaterials(loadedKeyPair); AWSCredentials credentials = new BasicAWSCredentials("Q3AM3UQ867SPQQA43P2F", "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG"); AmazonS3EncryptionClient encryptionClient = new AmazonS3EncryptionClient(credentials, new StaticEncryptionMaterialsProvider(encryptionMaterials)); Region usEast1 = Region.getRegion(Regions.US_EAST_1); encryptionClient.setRegion(usEast1); encryptionClient.setEndpoint("https://play.minio.io:9000"); final S3ClientOptions clientOptions = S3ClientOptions.builder().setPathStyleAccess(true).build(); encryptionClient.setS3ClientOptions(clientOptions); // Create the bucket encryptionClient.createBucket(bucketName); // 3. Upload the object. byte[] plaintext = "Hello World, S3 Client-side Encryption Using Asymmetric Master Key!".getBytes(); System.out.println("plaintext's length: " + plaintext.length); encryptionClient.putObject(new PutObjectRequest(bucketName, objectKey, new ByteArrayInputStream(plaintext), new ObjectMetadata())); // 4. Download the object. S3Object downloadedObject = encryptionClient.getObject(bucketName, objectKey); byte[] decrypted = IOUtils.toByteArray(downloadedObject.getObjectContent()); Assert.assertTrue(Arrays.equals(plaintext, decrypted)); System.out.println("decrypted length: " + decrypted.length); //deleteBucketAndAllContents(encryptionClient); }
From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideCMKEncryptionStrategy.java
License:Apache License
/** * Create an encryption client./*ww w. j a v a 2 s .c o m*/ * * @param credentialsProvider AWS credentials provider. * @param clientConfiguration Client configuration * @param region AWS region * @param keyIdOrMaterial client master key, always base64 encoded * @return AWS S3 client */ @Override public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial) throws SecurityException { if (!validateKey(keyIdOrMaterial).isValid()) { throw new SecurityException("Invalid client key; ensure key material is base64 encoded."); } byte[] keyMaterial = Base64.decodeBase64(keyIdOrMaterial); SecretKeySpec symmetricKey = new SecretKeySpec(keyMaterial, "AES"); StaticEncryptionMaterialsProvider encryptionMaterialsProvider = new StaticEncryptionMaterialsProvider( new EncryptionMaterials(symmetricKey)); boolean haveRegion = StringUtils.isNotBlank(region); CryptoConfiguration cryptoConfig = new CryptoConfiguration(); Region awsRegion = null; if (haveRegion) { awsRegion = Region.getRegion(Regions.fromName(region)); cryptoConfig.setAwsKmsRegion(awsRegion); } AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, encryptionMaterialsProvider, cryptoConfig); if (haveRegion && awsRegion != null) { client.setRegion(awsRegion); } return client; }
From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideKMSEncryptionStrategy.java
License:Apache License
/** * Create an encryption client.// ww w . j ava 2 s .co m * * @param credentialsProvider AWS credentials provider. * @param clientConfiguration Client configuration * @param region AWS region * @param keyIdOrMaterial KMS key id * @return AWS S3 client */ @Override public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial) { KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(keyIdOrMaterial); boolean haveRegion = StringUtils.isNotBlank(region); Region awsRegion = null; CryptoConfiguration cryptoConfig = new CryptoConfiguration(); if (haveRegion) { awsRegion = Region.getRegion(Regions.fromName(region)); cryptoConfig.setAwsKmsRegion(awsRegion); } AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, materialProvider, cryptoConfig); if (haveRegion) { client.setRegion(awsRegion); } return client; }