List of usage examples for com.amazonaws.services.s3.model CryptoConfiguration CryptoConfiguration
public CryptoConfiguration()
From source file:com.facebook.presto.hive.s3.PrestoS3FileSystem.java
License:Apache License
private AmazonS3Client createAmazonS3Client(URI uri, Configuration hadoopConfig, ClientConfiguration clientConfig) { AWSCredentialsProvider credentials = getAwsCredentialsProvider(uri, hadoopConfig); Optional<EncryptionMaterialsProvider> emp = createEncryptionMaterialsProvider(hadoopConfig); AmazonS3Client client;/*from w w w .j av a 2s . c o m*/ String signerType = hadoopConfig.get(S3_SIGNER_TYPE); if (signerType != null) { clientConfig.withSignerOverride(signerType); } if (emp.isPresent()) { client = new AmazonS3EncryptionClient(credentials, emp.get(), clientConfig, new CryptoConfiguration(), METRIC_COLLECTOR); } else { client = new AmazonS3Client(credentials, clientConfig, METRIC_COLLECTOR); } if (isPathStyleAccess) { S3ClientOptions clientOptions = S3ClientOptions.builder().setPathStyleAccess(true).build(); client.setS3ClientOptions(clientOptions); } // use local region when running inside of EC2 if (pinS3ClientToCurrentRegion) { Region region = Regions.getCurrentRegion(); if (region != null) { client.setRegion(region); } } String endpoint = hadoopConfig.get(S3_ENDPOINT); if (endpoint != null) { client.setEndpoint(endpoint); } return client; }
From source file:com.nike.cerberus.config.CmsEnvPropertiesLoader.java
License:Apache License
public CmsEnvPropertiesLoader(final String bucketName, final String region, final String kmsKeyId) { final KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(kmsKeyId); this.s3Client = new AmazonS3EncryptionClient(new DefaultAWSCredentialsProviderChain(), materialProvider, new CryptoConfiguration().withAwsKmsRegion(Region.getRegion(Regions.fromName(region)))) .withRegion(Region.getRegion(Regions.fromName(region))); this.bucketName = bucketName; }
From source file:com.nike.cerberus.store.ConfigStore.java
License:Apache License
private void initEncryptedConfigStoreService() { if (encryptedConfigStoreService == null) { final Environment environment = getEnvironmentData(); KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider( environment.getConfigKeyId()); AmazonS3EncryptionClient encryptionClient = new AmazonS3EncryptionClient( new DefaultAWSCredentialsProviderChain(), materialProvider, new CryptoConfiguration().withAwsKmsRegion(Region.getRegion(environmentMetadata.getRegions()))) .withRegion(Region.getRegion(environmentMetadata.getRegions())); encryptedConfigStoreService = new S3StoreService(encryptionClient, environmentMetadata.getBucketName(), ""); }/*from w ww.jav a2 s.c o m*/ }
From source file:ingest.utility.IngestUtilities.java
License:Apache License
/** * Gets an instance of an S3 client to use. * /*w w w .ja v a 2s. c om*/ * @param useEncryption * True if encryption should be used (only for Piazza Bucket). For all external Buckets, encryption is * not used. * * @return The S3 client */ public AmazonS3 getAwsClient(boolean useEncryption) { AmazonS3 s3Client; if ((AMAZONS3_ACCESS_KEY.isEmpty()) && (AMAZONS3_PRIVATE_KEY.isEmpty())) { s3Client = new AmazonS3Client(); } else { BasicAWSCredentials credentials = new BasicAWSCredentials(AMAZONS3_ACCESS_KEY, AMAZONS3_PRIVATE_KEY); // Set up encryption using the KMS CMK Key if (useEncryption) { KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(S3_KMS_CMK_ID); s3Client = new AmazonS3EncryptionClient(credentials, materialProvider, new CryptoConfiguration().withKmsRegion(Regions.US_EAST_1)) .withRegion(Region.getRegion(Regions.US_EAST_1)); } else { s3Client = new AmazonS3Client(credentials); } } return s3Client; }
From source file:model.data.location.FileAccessFactory.java
License:Apache License
/** * Gets the input stream for an S3 file store. This will stream the bytes from S3. Null, or exception will be thrown * if an error occurs during acquisition. * /*from w ww. j a va2 s. c om*/ * The S3 Credentials MUST be populated using the setCredentials() method before executing this call, or a * Credentials exception is likely to be thrown by S3. */ @JsonIgnore public InputStream getS3File(FileLocation fileLocation, String accessKey, String privateKey, String s3EncryptKey) { // Get the file from S3. Connect to S3 Bucket. Only apply credentials if they are present. final AmazonS3Client s3Client; S3FileStore fileStore = (S3FileStore) fileLocation; if (accessKey.isEmpty() || privateKey.isEmpty()) { s3Client = new AmazonS3Client(); } else { // If an encryption key was provided, use the encrypted client BasicAWSCredentials credentials = new BasicAWSCredentials(accessKey, privateKey); if (s3EncryptKey != null) { KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(s3EncryptKey); s3Client = new AmazonS3EncryptionClient(credentials, materialProvider, new CryptoConfiguration().withKmsRegion(Regions.US_EAST_1)) .withRegion(Region.getRegion(Regions.US_EAST_1)); } else { s3Client = new AmazonS3Client(credentials); } } S3Object s3Object = s3Client.getObject(fileStore.getBucketName(), fileStore.getFileName()); return s3Object.getObjectContent(); }
From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideCMKEncryptionStrategy.java
License:Apache License
/** * Create an encryption client.// ww w . j av a 2 s . c o m * * @param credentialsProvider AWS credentials provider. * @param clientConfiguration Client configuration * @param region AWS region * @param keyIdOrMaterial client master key, always base64 encoded * @return AWS S3 client */ @Override public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial) throws SecurityException { if (!validateKey(keyIdOrMaterial).isValid()) { throw new SecurityException("Invalid client key; ensure key material is base64 encoded."); } byte[] keyMaterial = Base64.decodeBase64(keyIdOrMaterial); SecretKeySpec symmetricKey = new SecretKeySpec(keyMaterial, "AES"); StaticEncryptionMaterialsProvider encryptionMaterialsProvider = new StaticEncryptionMaterialsProvider( new EncryptionMaterials(symmetricKey)); boolean haveRegion = StringUtils.isNotBlank(region); CryptoConfiguration cryptoConfig = new CryptoConfiguration(); Region awsRegion = null; if (haveRegion) { awsRegion = Region.getRegion(Regions.fromName(region)); cryptoConfig.setAwsKmsRegion(awsRegion); } AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, encryptionMaterialsProvider, cryptoConfig); if (haveRegion && awsRegion != null) { client.setRegion(awsRegion); } return client; }
From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideKMSEncryptionStrategy.java
License:Apache License
/** * Create an encryption client./*from w w w . j ava 2s .co m*/ * * @param credentialsProvider AWS credentials provider. * @param clientConfiguration Client configuration * @param region AWS region * @param keyIdOrMaterial KMS key id * @return AWS S3 client */ @Override public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial) { KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(keyIdOrMaterial); boolean haveRegion = StringUtils.isNotBlank(region); Region awsRegion = null; CryptoConfiguration cryptoConfig = new CryptoConfiguration(); if (haveRegion) { awsRegion = Region.getRegion(Regions.fromName(region)); cryptoConfig.setAwsKmsRegion(awsRegion); } AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, materialProvider, cryptoConfig); if (haveRegion) { client.setRegion(awsRegion); } return client; }
From source file:org.apache.nifi.processors.aws.s3.encryption.service.StandardS3ClientSideEncryptionService.java
License:Apache License
private CryptoConfiguration cryptoConfiguration() { CryptoConfiguration config = new CryptoConfiguration(); if (!StringUtils.isBlank(cryptoMode)) { config.setCryptoMode(CryptoMode.valueOf(cryptoMode)); }/* w w w.ja v a 2s. c o m*/ if (!StringUtils.isBlank(cryptoStorageMode)) { config.setStorageMode(CryptoStorageMode.valueOf(cryptoStorageMode)); } if (!StringUtils.isBlank(kmsRegion)) { config.setAwsKmsRegion(Region.getRegion(Regions.fromName(kmsRegion))); } config.setIgnoreMissingInstructionFile(ignoreMissingInstructionFile); return config; }
From source file:org.apache.zeppelin.notebook.repo.OldS3NotebookRepo.java
License:Apache License
public void init(ZeppelinConfiguration conf) throws IOException { this.conf = conf; bucketName = conf.getS3BucketName(); user = conf.getS3User();//w w w .java 2 s .c om useServerSideEncryption = conf.isS3ServerSideEncryption(); // always use the default provider chain AWSCredentialsProvider credentialsProvider = new DefaultAWSCredentialsProviderChain(); CryptoConfiguration cryptoConf = new CryptoConfiguration(); String keyRegion = conf.getS3KMSKeyRegion(); if (StringUtils.isNotBlank(keyRegion)) { cryptoConf.setAwsKmsRegion(Region.getRegion(Regions.fromName(keyRegion))); } ClientConfiguration cliConf = createClientConfiguration(); // see if we should be encrypting data in S3 String kmsKeyID = conf.getS3KMSKeyID(); if (kmsKeyID != null) { // use the AWS KMS to encrypt data KMSEncryptionMaterialsProvider emp = new KMSEncryptionMaterialsProvider(kmsKeyID); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else if (conf.getS3EncryptionMaterialsProviderClass() != null) { // use a custom encryption materials provider class EncryptionMaterialsProvider emp = createCustomProvider(conf); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else { // regular S3 this.s3client = new AmazonS3Client(credentialsProvider, cliConf); } // set S3 endpoint to use s3client.setEndpoint(conf.getS3Endpoint()); }
From source file:org.apache.zeppelin.notebook.repo.S3NotebookRepo.java
License:Apache License
public void init(ZeppelinConfiguration conf) throws IOException { this.conf = conf; bucketName = conf.getS3BucketName(); user = conf.getS3User();/*from ww w .j a va2 s . c o m*/ rootFolder = user + "/notebook"; useServerSideEncryption = conf.isS3ServerSideEncryption(); // always use the default provider chain AWSCredentialsProvider credentialsProvider = new DefaultAWSCredentialsProviderChain(); CryptoConfiguration cryptoConf = new CryptoConfiguration(); String keyRegion = conf.getS3KMSKeyRegion(); if (StringUtils.isNotBlank(keyRegion)) { cryptoConf.setAwsKmsRegion(Region.getRegion(Regions.fromName(keyRegion))); } ClientConfiguration cliConf = createClientConfiguration(); // see if we should be encrypting data in S3 String kmsKeyID = conf.getS3KMSKeyID(); if (kmsKeyID != null) { // use the AWS KMS to encrypt data KMSEncryptionMaterialsProvider emp = new KMSEncryptionMaterialsProvider(kmsKeyID); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else if (conf.getS3EncryptionMaterialsProviderClass() != null) { // use a custom encryption materials provider class EncryptionMaterialsProvider emp = createCustomProvider(conf); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else { // regular S3 this.s3client = new AmazonS3Client(credentialsProvider, cliConf); } // set S3 endpoint to use s3client.setEndpoint(conf.getS3Endpoint()); }