List of usage examples for com.amazonaws.services.s3.model CryptoConfiguration setAwsKmsRegion
public void setAwsKmsRegion(Region awsKmsRegion)
From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideCMKEncryptionStrategy.java
License:Apache License
/** * Create an encryption client./* ww w . j av a 2s. co m*/ * * @param credentialsProvider AWS credentials provider. * @param clientConfiguration Client configuration * @param region AWS region * @param keyIdOrMaterial client master key, always base64 encoded * @return AWS S3 client */ @Override public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial) throws SecurityException { if (!validateKey(keyIdOrMaterial).isValid()) { throw new SecurityException("Invalid client key; ensure key material is base64 encoded."); } byte[] keyMaterial = Base64.decodeBase64(keyIdOrMaterial); SecretKeySpec symmetricKey = new SecretKeySpec(keyMaterial, "AES"); StaticEncryptionMaterialsProvider encryptionMaterialsProvider = new StaticEncryptionMaterialsProvider( new EncryptionMaterials(symmetricKey)); boolean haveRegion = StringUtils.isNotBlank(region); CryptoConfiguration cryptoConfig = new CryptoConfiguration(); Region awsRegion = null; if (haveRegion) { awsRegion = Region.getRegion(Regions.fromName(region)); cryptoConfig.setAwsKmsRegion(awsRegion); } AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, encryptionMaterialsProvider, cryptoConfig); if (haveRegion && awsRegion != null) { client.setRegion(awsRegion); } return client; }
From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideKMSEncryptionStrategy.java
License:Apache License
/** * Create an encryption client./*from w w w .j a v a 2 s. co m*/ * * @param credentialsProvider AWS credentials provider. * @param clientConfiguration Client configuration * @param region AWS region * @param keyIdOrMaterial KMS key id * @return AWS S3 client */ @Override public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial) { KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(keyIdOrMaterial); boolean haveRegion = StringUtils.isNotBlank(region); Region awsRegion = null; CryptoConfiguration cryptoConfig = new CryptoConfiguration(); if (haveRegion) { awsRegion = Region.getRegion(Regions.fromName(region)); cryptoConfig.setAwsKmsRegion(awsRegion); } AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, materialProvider, cryptoConfig); if (haveRegion) { client.setRegion(awsRegion); } return client; }
From source file:org.apache.nifi.processors.aws.s3.encryption.service.StandardS3ClientSideEncryptionService.java
License:Apache License
private CryptoConfiguration cryptoConfiguration() { CryptoConfiguration config = new CryptoConfiguration(); if (!StringUtils.isBlank(cryptoMode)) { config.setCryptoMode(CryptoMode.valueOf(cryptoMode)); }//from w w w. j av a 2 s. c o m if (!StringUtils.isBlank(cryptoStorageMode)) { config.setStorageMode(CryptoStorageMode.valueOf(cryptoStorageMode)); } if (!StringUtils.isBlank(kmsRegion)) { config.setAwsKmsRegion(Region.getRegion(Regions.fromName(kmsRegion))); } config.setIgnoreMissingInstructionFile(ignoreMissingInstructionFile); return config; }
From source file:org.apache.zeppelin.notebook.repo.OldS3NotebookRepo.java
License:Apache License
public void init(ZeppelinConfiguration conf) throws IOException { this.conf = conf; bucketName = conf.getS3BucketName(); user = conf.getS3User();/* w w w. j a v a 2s.c om*/ useServerSideEncryption = conf.isS3ServerSideEncryption(); // always use the default provider chain AWSCredentialsProvider credentialsProvider = new DefaultAWSCredentialsProviderChain(); CryptoConfiguration cryptoConf = new CryptoConfiguration(); String keyRegion = conf.getS3KMSKeyRegion(); if (StringUtils.isNotBlank(keyRegion)) { cryptoConf.setAwsKmsRegion(Region.getRegion(Regions.fromName(keyRegion))); } ClientConfiguration cliConf = createClientConfiguration(); // see if we should be encrypting data in S3 String kmsKeyID = conf.getS3KMSKeyID(); if (kmsKeyID != null) { // use the AWS KMS to encrypt data KMSEncryptionMaterialsProvider emp = new KMSEncryptionMaterialsProvider(kmsKeyID); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else if (conf.getS3EncryptionMaterialsProviderClass() != null) { // use a custom encryption materials provider class EncryptionMaterialsProvider emp = createCustomProvider(conf); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else { // regular S3 this.s3client = new AmazonS3Client(credentialsProvider, cliConf); } // set S3 endpoint to use s3client.setEndpoint(conf.getS3Endpoint()); }
From source file:org.apache.zeppelin.notebook.repo.S3NotebookRepo.java
License:Apache License
public void init(ZeppelinConfiguration conf) throws IOException { this.conf = conf; bucketName = conf.getS3BucketName(); user = conf.getS3User();/* w w w. j ava 2 s . c o m*/ rootFolder = user + "/notebook"; useServerSideEncryption = conf.isS3ServerSideEncryption(); // always use the default provider chain AWSCredentialsProvider credentialsProvider = new DefaultAWSCredentialsProviderChain(); CryptoConfiguration cryptoConf = new CryptoConfiguration(); String keyRegion = conf.getS3KMSKeyRegion(); if (StringUtils.isNotBlank(keyRegion)) { cryptoConf.setAwsKmsRegion(Region.getRegion(Regions.fromName(keyRegion))); } ClientConfiguration cliConf = createClientConfiguration(); // see if we should be encrypting data in S3 String kmsKeyID = conf.getS3KMSKeyID(); if (kmsKeyID != null) { // use the AWS KMS to encrypt data KMSEncryptionMaterialsProvider emp = new KMSEncryptionMaterialsProvider(kmsKeyID); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else if (conf.getS3EncryptionMaterialsProviderClass() != null) { // use a custom encryption materials provider class EncryptionMaterialsProvider emp = createCustomProvider(conf); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else { // regular S3 this.s3client = new AmazonS3Client(credentialsProvider, cliConf); } // set S3 endpoint to use s3client.setEndpoint(conf.getS3Endpoint()); }