Example usage for com.amazonaws.services.s3 Headers SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID

List of usage examples for com.amazonaws.services.s3 Headers SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.services.s3.*
  5. Headers
  6. SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID

Introduction

In this page you can find the example usage for com.amazonaws.services.s3 Headers SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID.

Prototype

String SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID

To view the source code for com.amazonaws.services.s3 Headers SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID.

Click Source Link

Document

Header in the request and response indicating the AWS Key Management System key id used for Server Side Encryption.

Usage

From source file:com.streamsets.pipeline.lib.aws.s3.S3Accessor.java

License:Apache License

public EncryptionMetadataBuilder createEncryptionMetadataBuilder() {
    return () -> {
        ObjectMetadata metadata = null;/*  ww  w  .  ja  v a  2s  . c  o m*/
        if (sseConfigs != null) {
            switch (sseConfigs.getEncryption()) {
            case NONE:
                metadata = null;
                break;
            case S3:
                metadata = new ObjectMetadata();
                metadata.setSSEAlgorithm(SSEAlgorithm.AES256.getAlgorithm());
                break;
            case KMS:
                metadata = new ObjectMetadata();
                metadata.setSSEAlgorithm(SSEAlgorithm.KMS.getAlgorithm());
                metadata.setHeader(Headers.SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID,
                        sseConfigs.getKmsKeyId().get());
                metadata.setHeader("x-amz-server-side-encryption-context",
                        sseConfigs.getEncryptionContext().entrySet().stream().collect(
                                Collectors.toMap(e -> e.getKey(), e -> Caller.call(() -> e.getValue().get()))));
                break;
            case CUSTOMER:
                metadata = new ObjectMetadata();
                metadata.setSSECustomerAlgorithm(SSEAlgorithm.AES256.getAlgorithm());
                metadata.setHeader(Headers.SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY,
                        sseConfigs.getCustomerKey().get());
                metadata.setHeader(Headers.COPY_SOURCE_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5,
                        sseConfigs.getCustomerKeyMd5().get());
                break;
            default:
                throw new IllegalArgumentException(
                        String.format("Invalid encryption option '%s'", sseConfigs.getEncryption()));
            }
        }
        return metadata;
    };
}

From source file:com.streamsets.pipeline.stage.destination.s3.FileHelper.java

License:Apache License

protected ObjectMetadata getObjectMetadata() throws StageException {
    ObjectMetadata metadata = null;/*www.j ava  2 s. co m*/
    if (s3TargetConfigBean.sseConfig.useSSE) {
        metadata = new ObjectMetadata();
        switch (s3TargetConfigBean.sseConfig.encryption) {
        case S3:
            metadata.setSSEAlgorithm(SSEAlgorithm.AES256.getAlgorithm());
            break;
        case KMS:
            metadata.setSSEAlgorithm(SSEAlgorithm.KMS.getAlgorithm());
            metadata.setHeader(Headers.SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID,
                    s3TargetConfigBean.sseConfig.kmsKeyId.get());
            if (!s3TargetConfigBean.sseConfig.encryptionContext.isEmpty()) {
                metadata.setHeader("x-amz-server-side-encryption-context",
                        s3TargetConfigBean.sseConfig.resolveEncryptionContext());
            }
            break;
        case CUSTOMER:
            metadata.setSSECustomerAlgorithm(SSEAlgorithm.AES256.getAlgorithm());
            metadata.setHeader(Headers.SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY,
                    s3TargetConfigBean.sseConfig.customerKey.get());
            metadata.setHeader(Headers.COPY_SOURCE_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5,
                    s3TargetConfigBean.sseConfig.customerKeyMd5.get());
            break;
        default:
            throw new IllegalStateException(
                    Utils.format("Unknown encryption option: ", s3TargetConfigBean.sseConfig.encryption));
        }
    }
    return metadata;
}

From source file:org.finra.herd.dao.impl.S3DaoImpl.java

License:Apache License

/**
 * Prepares the object metadata for server side encryption and reduced redundancy storage.
 *
 * @param params the parameters.//  w  w  w .  j a v a  2  s  . co  m
 * @param metadata the metadata to prepare.
 */
private void prepareMetadata(final S3FileTransferRequestParamsDto params, ObjectMetadata metadata) {
    // Set the server side encryption
    if (params.getKmsKeyId() != null) {
        /*
         * TODO Use proper way to set KMS once AWS provides a way.
         * We are modifying the raw headers directly since TransferManager's uploadFileList operation does not provide a way to set a KMS key ID.
         * This would normally cause some issues when uploading where an MD5 checksum validation exception will be thrown, even though the object is
         * correctly uploaded.
         * To get around this, a system property defined at
         * com.amazonaws.services.s3.internal.SkipMd5CheckStrategy.DISABLE_PUT_OBJECT_MD5_VALIDATION_PROPERTY must be set.
         */
        metadata.setSSEAlgorithm(SSEAlgorithm.KMS.getAlgorithm());
        metadata.setHeader(Headers.SERVER_SIDE_ENCRYPTION_AWS_KMS_KEYID, params.getKmsKeyId().trim());
    } else {
        metadata.setSSEAlgorithm(SSEAlgorithm.AES256.getAlgorithm());
    }

    // If specified, set the metadata to use RRS.
    if (Boolean.TRUE.equals(params.isUseRrs())) {
        // TODO: For upload File, we can set RRS on the putObjectRequest. For uploadDirectory, this is the only
        // way to do it. However, setHeader() is flagged as For Internal Use Only
        metadata.setHeader(Headers.STORAGE_CLASS, StorageClass.ReducedRedundancy.toString());
    }
}