List of usage examples for com.amazonaws.services.s3.model KMSEncryptionMaterialsProvider KMSEncryptionMaterialsProvider
public KMSEncryptionMaterialsProvider(KMSEncryptionMaterials materials)
From source file:com.facebook.presto.hive.s3.PrestoS3FileSystem.java
License:Apache License
private static Optional<EncryptionMaterialsProvider> createEncryptionMaterialsProvider( Configuration hadoopConfig) { String kmsKeyId = hadoopConfig.get(S3_KMS_KEY_ID); if (kmsKeyId != null) { return Optional.of(new KMSEncryptionMaterialsProvider(kmsKeyId)); }/* w ww .ja v a 2 s. c o m*/ String empClassName = hadoopConfig.get(S3_ENCRYPTION_MATERIALS_PROVIDER); if (empClassName == null) { return Optional.empty(); } try { Object instance = Class.forName(empClassName).getConstructor().newInstance(); if (!(instance instanceof EncryptionMaterialsProvider)) { throw new RuntimeException( "Invalid encryption materials provider class: " + instance.getClass().getName()); } EncryptionMaterialsProvider emp = (EncryptionMaterialsProvider) instance; if (emp instanceof Configurable) { ((Configurable) emp).setConf(hadoopConfig); } return Optional.of(emp); } catch (ReflectiveOperationException e) { throw new RuntimeException("Unable to load or create S3 encryption materials provider: " + empClassName, e); } }
From source file:com.nike.cerberus.config.CmsEnvPropertiesLoader.java
License:Apache License
public CmsEnvPropertiesLoader(final String bucketName, final String region, final String kmsKeyId) { final KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(kmsKeyId); this.s3Client = new AmazonS3EncryptionClient(new DefaultAWSCredentialsProviderChain(), materialProvider, new CryptoConfiguration().withAwsKmsRegion(Region.getRegion(Regions.fromName(region)))) .withRegion(Region.getRegion(Regions.fromName(region))); this.bucketName = bucketName; }
From source file:com.nike.cerberus.store.ConfigStore.java
License:Apache License
private void initEncryptedConfigStoreService() { if (encryptedConfigStoreService == null) { final Environment environment = getEnvironmentData(); KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider( environment.getConfigKeyId()); AmazonS3EncryptionClient encryptionClient = new AmazonS3EncryptionClient( new DefaultAWSCredentialsProviderChain(), materialProvider, new CryptoConfiguration().withAwsKmsRegion(Region.getRegion(environmentMetadata.getRegions()))) .withRegion(Region.getRegion(environmentMetadata.getRegions())); encryptedConfigStoreService = new S3StoreService(encryptionClient, environmentMetadata.getBucketName(), ""); }//ww w . jav a 2 s. c om }
From source file:ingest.utility.IngestUtilities.java
License:Apache License
/** * Gets an instance of an S3 client to use. * /*ww w .j a v a 2 s.co m*/ * @param useEncryption * True if encryption should be used (only for Piazza Bucket). For all external Buckets, encryption is * not used. * * @return The S3 client */ public AmazonS3 getAwsClient(boolean useEncryption) { AmazonS3 s3Client; if ((AMAZONS3_ACCESS_KEY.isEmpty()) && (AMAZONS3_PRIVATE_KEY.isEmpty())) { s3Client = new AmazonS3Client(); } else { BasicAWSCredentials credentials = new BasicAWSCredentials(AMAZONS3_ACCESS_KEY, AMAZONS3_PRIVATE_KEY); // Set up encryption using the KMS CMK Key if (useEncryption) { KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(S3_KMS_CMK_ID); s3Client = new AmazonS3EncryptionClient(credentials, materialProvider, new CryptoConfiguration().withKmsRegion(Regions.US_EAST_1)) .withRegion(Region.getRegion(Regions.US_EAST_1)); } else { s3Client = new AmazonS3Client(credentials); } } return s3Client; }
From source file:model.data.location.FileAccessFactory.java
License:Apache License
/** * Gets the input stream for an S3 file store. This will stream the bytes from S3. Null, or exception will be thrown * if an error occurs during acquisition. * /* ww w . j a v a 2 s. c o m*/ * The S3 Credentials MUST be populated using the setCredentials() method before executing this call, or a * Credentials exception is likely to be thrown by S3. */ @JsonIgnore public InputStream getS3File(FileLocation fileLocation, String accessKey, String privateKey, String s3EncryptKey) { // Get the file from S3. Connect to S3 Bucket. Only apply credentials if they are present. final AmazonS3Client s3Client; S3FileStore fileStore = (S3FileStore) fileLocation; if (accessKey.isEmpty() || privateKey.isEmpty()) { s3Client = new AmazonS3Client(); } else { // If an encryption key was provided, use the encrypted client BasicAWSCredentials credentials = new BasicAWSCredentials(accessKey, privateKey); if (s3EncryptKey != null) { KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(s3EncryptKey); s3Client = new AmazonS3EncryptionClient(credentials, materialProvider, new CryptoConfiguration().withKmsRegion(Regions.US_EAST_1)) .withRegion(Region.getRegion(Regions.US_EAST_1)); } else { s3Client = new AmazonS3Client(credentials); } } S3Object s3Object = s3Client.getObject(fileStore.getBucketName(), fileStore.getFileName()); return s3Object.getObjectContent(); }
From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideKMSEncryptionStrategy.java
License:Apache License
/** * Create an encryption client.//from www. j ava 2s . co m * * @param credentialsProvider AWS credentials provider. * @param clientConfiguration Client configuration * @param region AWS region * @param keyIdOrMaterial KMS key id * @return AWS S3 client */ @Override public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial) { KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(keyIdOrMaterial); boolean haveRegion = StringUtils.isNotBlank(region); Region awsRegion = null; CryptoConfiguration cryptoConfig = new CryptoConfiguration(); if (haveRegion) { awsRegion = Region.getRegion(Regions.fromName(region)); cryptoConfig.setAwsKmsRegion(awsRegion); } AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, materialProvider, cryptoConfig); if (haveRegion) { client.setRegion(awsRegion); } return client; }
From source file:org.apache.zeppelin.notebook.repo.OldS3NotebookRepo.java
License:Apache License
public void init(ZeppelinConfiguration conf) throws IOException { this.conf = conf; bucketName = conf.getS3BucketName(); user = conf.getS3User();/* ww w. ja va2 s.com*/ useServerSideEncryption = conf.isS3ServerSideEncryption(); // always use the default provider chain AWSCredentialsProvider credentialsProvider = new DefaultAWSCredentialsProviderChain(); CryptoConfiguration cryptoConf = new CryptoConfiguration(); String keyRegion = conf.getS3KMSKeyRegion(); if (StringUtils.isNotBlank(keyRegion)) { cryptoConf.setAwsKmsRegion(Region.getRegion(Regions.fromName(keyRegion))); } ClientConfiguration cliConf = createClientConfiguration(); // see if we should be encrypting data in S3 String kmsKeyID = conf.getS3KMSKeyID(); if (kmsKeyID != null) { // use the AWS KMS to encrypt data KMSEncryptionMaterialsProvider emp = new KMSEncryptionMaterialsProvider(kmsKeyID); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else if (conf.getS3EncryptionMaterialsProviderClass() != null) { // use a custom encryption materials provider class EncryptionMaterialsProvider emp = createCustomProvider(conf); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else { // regular S3 this.s3client = new AmazonS3Client(credentialsProvider, cliConf); } // set S3 endpoint to use s3client.setEndpoint(conf.getS3Endpoint()); }
From source file:org.apache.zeppelin.notebook.repo.S3NotebookRepo.java
License:Apache License
public void init(ZeppelinConfiguration conf) throws IOException { this.conf = conf; bucketName = conf.getS3BucketName(); user = conf.getS3User();/*from w w w. ja v a 2 s .c o m*/ rootFolder = user + "/notebook"; useServerSideEncryption = conf.isS3ServerSideEncryption(); // always use the default provider chain AWSCredentialsProvider credentialsProvider = new DefaultAWSCredentialsProviderChain(); CryptoConfiguration cryptoConf = new CryptoConfiguration(); String keyRegion = conf.getS3KMSKeyRegion(); if (StringUtils.isNotBlank(keyRegion)) { cryptoConf.setAwsKmsRegion(Region.getRegion(Regions.fromName(keyRegion))); } ClientConfiguration cliConf = createClientConfiguration(); // see if we should be encrypting data in S3 String kmsKeyID = conf.getS3KMSKeyID(); if (kmsKeyID != null) { // use the AWS KMS to encrypt data KMSEncryptionMaterialsProvider emp = new KMSEncryptionMaterialsProvider(kmsKeyID); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else if (conf.getS3EncryptionMaterialsProviderClass() != null) { // use a custom encryption materials provider class EncryptionMaterialsProvider emp = createCustomProvider(conf); this.s3client = new AmazonS3EncryptionClient(credentialsProvider, emp, cliConf, cryptoConf); } else { // regular S3 this.s3client = new AmazonS3Client(credentialsProvider, cliConf); } // set S3 endpoint to use s3client.setEndpoint(conf.getS3Endpoint()); }
From source file:org.talend.components.s3.runtime.S3Connection.java
License:Open Source License
public static AmazonS3 createClient(S3OutputProperties properties) { S3DatasetProperties data_set = properties.getDatasetProperties(); S3DatastoreProperties data_store = properties.getDatasetProperties().getDatastoreProperties(); com.amazonaws.auth.AWSCredentials credentials = new com.amazonaws.auth.BasicAWSCredentials( data_store.accessKey.getValue(), data_store.secretKey.getValue()); Region region = RegionUtils.getRegion(data_set.region.getValue().getValue()); Boolean clientSideEnc = data_set.encryptDataInMotion.getValue(); AmazonS3 conn = null;/* w ww . j a v a 2 s . c o m*/ if (clientSideEnc != null && clientSideEnc) { String kms_cmk = data_set.kmsForDataInMotion.getValue(); KMSEncryptionMaterialsProvider encryptionMaterialsProvider = new KMSEncryptionMaterialsProvider( kms_cmk); conn = new AmazonS3EncryptionClient(credentials, encryptionMaterialsProvider, new CryptoConfiguration().withAwsKmsRegion(region)); } else { AWSCredentialsProvider basicCredentialsProvider = new StaticCredentialsProvider(credentials); conn = new AmazonS3Client(basicCredentialsProvider); } conn.setRegion(region); return conn; }