Example usage for com.amazonaws.services.s3.model CryptoConfiguration setAwsKmsRegion

List of usage examples for com.amazonaws.services.s3.model CryptoConfiguration setAwsKmsRegion

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.services.s3.model.*
  5. CryptoConfiguration
  6. setAwsKmsRegion

Introduction

In this page you can find the example usage for com.amazonaws.services.s3.model CryptoConfiguration setAwsKmsRegion.

Prototype

public void setAwsKmsRegion(Region awsKmsRegion)

Source Link

Document

Sets the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.

Usage

From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideCMKEncryptionStrategy.java

License:Apache License

/**
 * Create an encryption client./* ww  w  . j av  a  2s.  co m*/
 *
 * @param credentialsProvider AWS credentials provider.
 * @param clientConfiguration Client configuration
 * @param region AWS region
 * @param keyIdOrMaterial client master key, always base64 encoded
 * @return AWS S3 client
 */
@Override
public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider,
        ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial)
        throws SecurityException {
    if (!validateKey(keyIdOrMaterial).isValid()) {
        throw new SecurityException("Invalid client key; ensure key material is base64 encoded.");
    }

    byte[] keyMaterial = Base64.decodeBase64(keyIdOrMaterial);
    SecretKeySpec symmetricKey = new SecretKeySpec(keyMaterial, "AES");
    StaticEncryptionMaterialsProvider encryptionMaterialsProvider = new StaticEncryptionMaterialsProvider(
            new EncryptionMaterials(symmetricKey));
    boolean haveRegion = StringUtils.isNotBlank(region);
    CryptoConfiguration cryptoConfig = new CryptoConfiguration();
    Region awsRegion = null;

    if (haveRegion) {
        awsRegion = Region.getRegion(Regions.fromName(region));
        cryptoConfig.setAwsKmsRegion(awsRegion);
    }

    AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider,
            encryptionMaterialsProvider, cryptoConfig);
    if (haveRegion && awsRegion != null) {
        client.setRegion(awsRegion);
    }

    return client;
}

From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideKMSEncryptionStrategy.java

License:Apache License

/**
 * Create an encryption client./*from   w w  w  .j  a  v  a  2  s. co m*/
 *
 * @param credentialsProvider AWS credentials provider.
 * @param clientConfiguration Client configuration
 * @param region AWS region
 * @param keyIdOrMaterial KMS key id
 * @return AWS S3 client
 */
@Override
public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider,
        ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial) {
    KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(keyIdOrMaterial);
    boolean haveRegion = StringUtils.isNotBlank(region);
    Region awsRegion = null;

    CryptoConfiguration cryptoConfig = new CryptoConfiguration();
    if (haveRegion) {
        awsRegion = Region.getRegion(Regions.fromName(region));
        cryptoConfig.setAwsKmsRegion(awsRegion);
    }

    AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, materialProvider,
            cryptoConfig);
    if (haveRegion) {
        client.setRegion(awsRegion);
    }

    return client;
}

From source file:org.apache.nifi.processors.aws.s3.encryption.service.StandardS3ClientSideEncryptionService.java

License:Apache License

private CryptoConfiguration cryptoConfiguration() {
    CryptoConfiguration config = new CryptoConfiguration();

    if (!StringUtils.isBlank(cryptoMode)) {
        config.setCryptoMode(CryptoMode.valueOf(cryptoMode));
    }//from  w w w.  j av  a 2 s. c  o  m

    if (!StringUtils.isBlank(cryptoStorageMode)) {
        config.setStorageMode(CryptoStorageMode.valueOf(cryptoStorageMode));
    }

    if (!StringUtils.isBlank(kmsRegion)) {
        config.setAwsKmsRegion(Region.getRegion(Regions.fromName(kmsRegion)));
    }

    config.setIgnoreMissingInstructionFile(ignoreMissingInstructionFile);
    return config;
}

From source file:org.apache.zeppelin.notebook.repo.OldS3NotebookRepo.java

License:Apache License

public void init(ZeppelinConfiguration conf) throws IOException {
    this.conf = conf;
    bucketName = conf.getS3BucketName();
    user = conf.getS3User();/*  w w w.  j a  v  a  2s.c om*/
    useServerSideEncryption = conf.isS3ServerSideEncryption();

    // always use the default provider chain
    AWSCredentialsProvider credentialsProvider = new DefaultAWSCredentialsProviderChain();
    CryptoConfiguration cryptoConf = new CryptoConfiguration();
    String keyRegion = conf.getS3KMSKeyRegion();

    if (StringUtils.isNotBlank(keyRegion)) {
        cryptoConf.setAwsKmsRegion(Region.getRegion(Regions.fromName(keyRegion)));
    }

    ClientConfiguration cliConf = createClientConfiguration();

    // see if we should be encrypting data in S3
    String kmsKeyID = conf.getS3KMSKeyID();
    if (kmsKeyID != null) {
        // use the AWS KMS to encrypt data
        KMSEncryptionMaterialsProvider emp = new KMSEncryptionMaterialsProvider(kmsKeyID);
        this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf);
    } else if (conf.getS3EncryptionMaterialsProviderClass() != null) {
        // use a custom encryption materials provider class
        EncryptionMaterialsProvider emp = createCustomProvider(conf);
        this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf);
    } else {
        // regular S3
        this.s3client = new AmazonS3Client(credentialsProvider, cliConf);
    }

    // set S3 endpoint to use
    s3client.setEndpoint(conf.getS3Endpoint());
}

From source file:org.apache.zeppelin.notebook.repo.S3NotebookRepo.java

License:Apache License

public void init(ZeppelinConfiguration conf) throws IOException {
    this.conf = conf;
    bucketName = conf.getS3BucketName();
    user = conf.getS3User();/*  w  w  w.  j  ava  2  s  .  c  o m*/
    rootFolder = user + "/notebook";
    useServerSideEncryption = conf.isS3ServerSideEncryption();

    // always use the default provider chain
    AWSCredentialsProvider credentialsProvider = new DefaultAWSCredentialsProviderChain();
    CryptoConfiguration cryptoConf = new CryptoConfiguration();
    String keyRegion = conf.getS3KMSKeyRegion();

    if (StringUtils.isNotBlank(keyRegion)) {
        cryptoConf.setAwsKmsRegion(Region.getRegion(Regions.fromName(keyRegion)));
    }

    ClientConfiguration cliConf = createClientConfiguration();

    // see if we should be encrypting data in S3
    String kmsKeyID = conf.getS3KMSKeyID();
    if (kmsKeyID != null) {
        // use the AWS KMS to encrypt data
        KMSEncryptionMaterialsProvider emp = new KMSEncryptionMaterialsProvider(kmsKeyID);
        this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf);
    } else if (conf.getS3EncryptionMaterialsProviderClass() != null) {
        // use a custom encryption materials provider class
        EncryptionMaterialsProvider emp = createCustomProvider(conf);
        this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf);
    } else {
        // regular S3
        this.s3client = new AmazonS3Client(credentialsProvider, cliConf);
    }

    // set S3 endpoint to use
    s3client.setEndpoint(conf.getS3Endpoint());
}