List of usage examples for com.amazonaws.services.s3.model StaticEncryptionMaterialsProvider StaticEncryptionMaterialsProvider
public StaticEncryptionMaterialsProvider(EncryptionMaterials materials)
From source file:S3ClientSideEncryptionWithSymmetricMasterKey.java
License:Apache License
public static void main(String[] args) throws Exception { SecretKey mySymmetricKey = loadSymmetricAESKey(masterKeyDir, "AES"); EncryptionMaterials encryptionMaterials = new EncryptionMaterials(mySymmetricKey); AWSCredentials credentials = new BasicAWSCredentials("Q3AM3UQ867SPQQA43P2F", "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG"); AmazonS3EncryptionClient encryptionClient = new AmazonS3EncryptionClient(credentials, new StaticEncryptionMaterialsProvider(encryptionMaterials)); Region usEast1 = Region.getRegion(Regions.US_EAST_1); encryptionClient.setRegion(usEast1); encryptionClient.setEndpoint("https://play.minio.io:9000"); final S3ClientOptions clientOptions = S3ClientOptions.builder().setPathStyleAccess(true).build(); encryptionClient.setS3ClientOptions(clientOptions); // Create the bucket encryptionClient.createBucket(bucketName); // Upload object using the encryption client. byte[] plaintext = "Hello World, S3 Client-side Encryption Using Asymmetric Master Key!".getBytes(); System.out.println("plaintext's length: " + plaintext.length); encryptionClient.putObject(new PutObjectRequest(bucketName, objectKey, new ByteArrayInputStream(plaintext), new ObjectMetadata())); // Download the object. S3Object downloadedObject = encryptionClient.getObject(bucketName, objectKey); byte[] decrypted = IOUtils.toByteArray(downloadedObject.getObjectContent()); // Verify same data. Assert.assertTrue(Arrays.equals(plaintext, decrypted)); //deleteBucketAndAllContents(encryptionClient); }
From source file:S3ClientSideEncryptionAsymmetricMasterKey.java
License:Apache License
public static void main(String[] args) throws Exception { // 1. Load keys from files byte[] bytes = FileUtils.readFileToByteArray(new File(keyDir + "/private.key")); KeyFactory kf = KeyFactory.getInstance("RSA"); PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(bytes); PrivateKey pk = kf.generatePrivate(ks); bytes = FileUtils.readFileToByteArray(new File(keyDir + "/public.key")); PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bytes)); KeyPair loadedKeyPair = new KeyPair(publicKey, pk); // 2. Construct an instance of AmazonS3EncryptionClient. EncryptionMaterials encryptionMaterials = new EncryptionMaterials(loadedKeyPair); AWSCredentials credentials = new BasicAWSCredentials("Q3AM3UQ867SPQQA43P2F", "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG"); AmazonS3EncryptionClient encryptionClient = new AmazonS3EncryptionClient(credentials, new StaticEncryptionMaterialsProvider(encryptionMaterials)); Region usEast1 = Region.getRegion(Regions.US_EAST_1); encryptionClient.setRegion(usEast1); encryptionClient.setEndpoint("https://play.minio.io:9000"); final S3ClientOptions clientOptions = S3ClientOptions.builder().setPathStyleAccess(true).build(); encryptionClient.setS3ClientOptions(clientOptions); // Create the bucket encryptionClient.createBucket(bucketName); // 3. Upload the object. byte[] plaintext = "Hello World, S3 Client-side Encryption Using Asymmetric Master Key!".getBytes(); System.out.println("plaintext's length: " + plaintext.length); encryptionClient.putObject(new PutObjectRequest(bucketName, objectKey, new ByteArrayInputStream(plaintext), new ObjectMetadata())); // 4. Download the object. S3Object downloadedObject = encryptionClient.getObject(bucketName, objectKey); byte[] decrypted = IOUtils.toByteArray(downloadedObject.getObjectContent()); Assert.assertTrue(Arrays.equals(plaintext, decrypted)); System.out.println("decrypted length: " + decrypted.length); //deleteBucketAndAllContents(encryptionClient); }
From source file:io.konig.camel.component.aws.s3.client.impl.S3ClientIAMOptimizedImpl.java
License:Apache License
/** * Getting the s3 aws client that is used. * @return Amazon S3 Client./* w w w. j av a 2 s.co m*/ */ public AmazonS3 getS3Client() { AmazonS3 client = null; AmazonS3ClientBuilder clientBuilder = null; AmazonS3EncryptionClientBuilder encClientBuilder = null; ClientConfiguration clientConfiguration = null; if (configuration.hasProxyConfiguration()) { clientConfiguration = new ClientConfiguration(); clientConfiguration.setProxyHost(configuration.getProxyHost()); clientConfiguration.setProxyPort(configuration.getProxyPort()); clientConfiguration.setMaxConnections(maxConnections); } else { clientConfiguration = new ClientConfiguration(); clientConfiguration.setMaxConnections(maxConnections); } if (configuration.getAccessKey() != null || configuration.getSecretKey() != null) { LOG.trace("Do not pass in unnecessary static credentials when selecting the IAM credential option."); } if (!configuration.isUseEncryption()) { clientBuilder = AmazonS3ClientBuilder.standard() .withCredentials(new InstanceProfileCredentialsProvider(false)); } else if (configuration.isUseEncryption()) { StaticEncryptionMaterialsProvider encryptionMaterialsProvider = new StaticEncryptionMaterialsProvider( configuration.getEncryptionMaterials()); encClientBuilder = AmazonS3EncryptionClientBuilder.standard() .withClientConfiguration(clientConfiguration) .withEncryptionMaterials(encryptionMaterialsProvider) .withCredentials(new InstanceProfileCredentialsProvider(false)); } else { clientBuilder = AmazonS3ClientBuilder.standard().withClientConfiguration(clientConfiguration) .withCredentials(new InstanceProfileCredentialsProvider(false)); } if (!configuration.isUseEncryption()) { if (ObjectHelper.isNotEmpty(configuration.getRegion())) { clientBuilder = clientBuilder.withRegion(Regions.valueOf(configuration.getRegion())); } clientBuilder = clientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess()); client = clientBuilder.build(); } else { if (ObjectHelper.isNotEmpty(configuration.getRegion())) { encClientBuilder = encClientBuilder.withRegion(Regions.valueOf(configuration.getRegion())); } encClientBuilder = encClientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess()); client = encClientBuilder.build(); } return client; }
From source file:io.konig.camel.component.aws.s3.client.impl.S3ClientStandardImpl.java
License:Apache License
/** * Getting the s3 aws client that is used. * @return Amazon S3 Client./*from w w w . j ava 2 s . c om*/ */ public AmazonS3 getS3Client() { AmazonS3 client = null; AmazonS3ClientBuilder clientBuilder = null; AmazonS3EncryptionClientBuilder encClientBuilder = null; ClientConfiguration clientConfiguration = null; if (configuration.hasProxyConfiguration()) { clientConfiguration = new ClientConfiguration(); clientConfiguration.setProxyHost(configuration.getProxyHost()); clientConfiguration.setProxyPort(configuration.getProxyPort()); clientConfiguration.setMaxConnections(maxConnections); } else { clientConfiguration = new ClientConfiguration(); clientConfiguration.setMaxConnections(maxConnections); } if (configuration.getAccessKey() != null && configuration.getSecretKey() != null) { AWSCredentials credentials = new BasicAWSCredentials(configuration.getAccessKey(), configuration.getSecretKey()); AWSCredentialsProvider credentialsProvider = new AWSStaticCredentialsProvider(credentials); if (!configuration.isUseEncryption()) { clientBuilder = AmazonS3ClientBuilder.standard().withClientConfiguration(clientConfiguration) .withCredentials(credentialsProvider); } else if (configuration.isUseEncryption()) { StaticEncryptionMaterialsProvider encryptionMaterialsProvider = new StaticEncryptionMaterialsProvider( configuration.getEncryptionMaterials()); encClientBuilder = AmazonS3EncryptionClientBuilder.standard() .withClientConfiguration(clientConfiguration).withCredentials(credentialsProvider) .withEncryptionMaterials(encryptionMaterialsProvider); } else { clientBuilder = AmazonS3ClientBuilder.standard().withCredentials(credentialsProvider); } if (!configuration.isUseEncryption()) { if (ObjectHelper.isNotEmpty(configuration.getRegion())) { clientBuilder = clientBuilder.withRegion(Regions.valueOf(configuration.getRegion())); } clientBuilder = clientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess()); client = clientBuilder.build(); } else { if (ObjectHelper.isNotEmpty(configuration.getRegion())) { encClientBuilder = encClientBuilder.withRegion(Regions.valueOf(configuration.getRegion())); } encClientBuilder = encClientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess()); client = encClientBuilder.build(); } } else { if (!configuration.isUseEncryption()) { clientBuilder = AmazonS3ClientBuilder.standard(); } else if (configuration.isUseEncryption()) { StaticEncryptionMaterialsProvider encryptionMaterialsProvider = new StaticEncryptionMaterialsProvider( configuration.getEncryptionMaterials()); encClientBuilder = AmazonS3EncryptionClientBuilder.standard() .withClientConfiguration(clientConfiguration) .withEncryptionMaterials(encryptionMaterialsProvider); } else { clientBuilder = AmazonS3ClientBuilder.standard().withClientConfiguration(clientConfiguration); } if (!configuration.isUseEncryption()) { if (ObjectHelper.isNotEmpty(configuration.getRegion())) { clientBuilder = clientBuilder.withRegion(Regions.valueOf(configuration.getRegion())); } clientBuilder = clientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess()); client = clientBuilder.build(); } else { if (ObjectHelper.isNotEmpty(configuration.getRegion())) { encClientBuilder = encClientBuilder.withRegion(Regions.valueOf(configuration.getRegion())); } encClientBuilder = encClientBuilder.withPathStyleAccessEnabled(configuration.isPathStyleAccess()); client = encClientBuilder.build(); } } return client; }
From source file:org.apache.nifi.processors.aws.s3.encryption.ClientSideCMKEncryptionStrategy.java
License:Apache License
/** * Create an encryption client./*from w w w . j a v a2s . co m*/ * * @param credentialsProvider AWS credentials provider. * @param clientConfiguration Client configuration * @param region AWS region * @param keyIdOrMaterial client master key, always base64 encoded * @return AWS S3 client */ @Override public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String region, String keyIdOrMaterial) throws SecurityException { if (!validateKey(keyIdOrMaterial).isValid()) { throw new SecurityException("Invalid client key; ensure key material is base64 encoded."); } byte[] keyMaterial = Base64.decodeBase64(keyIdOrMaterial); SecretKeySpec symmetricKey = new SecretKeySpec(keyMaterial, "AES"); StaticEncryptionMaterialsProvider encryptionMaterialsProvider = new StaticEncryptionMaterialsProvider( new EncryptionMaterials(symmetricKey)); boolean haveRegion = StringUtils.isNotBlank(region); CryptoConfiguration cryptoConfig = new CryptoConfiguration(); Region awsRegion = null; if (haveRegion) { awsRegion = Region.getRegion(Regions.fromName(region)); cryptoConfig.setAwsKmsRegion(awsRegion); } AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, encryptionMaterialsProvider, cryptoConfig); if (haveRegion && awsRegion != null) { client.setRegion(awsRegion); } return client; }
From source file:org.apache.nifi.processors.aws.s3.encryption.service.StandardS3ClientSideEncryptionService.java
License:Apache License
public AmazonS3Client encryptedClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration config) { return new AmazonS3EncryptionClient(credentialsProvider, new StaticEncryptionMaterialsProvider(encryptionMaterials()), config, cryptoConfiguration()); }
From source file:org.nuxeo.ecm.core.storage.sql.S3BinaryManager.java
License:Apache License
@Override protected void setupCloudClient() throws IOException { // Get settings from the configuration bucketName = getProperty(BUCKET_NAME_PROPERTY); bucketNamePrefix = MoreObjects.firstNonNull(getProperty(BUCKET_PREFIX_PROPERTY), StringUtils.EMPTY); String bucketRegion = getProperty(BUCKET_REGION_PROPERTY); if (isBlank(bucketRegion)) { bucketRegion = DEFAULT_BUCKET_REGION; }/*from w w w . ja v a 2 s. c o m*/ String awsID = getProperty(AWS_ID_PROPERTY); String awsSecret = getProperty(AWS_SECRET_PROPERTY); String proxyHost = Framework.getProperty(Environment.NUXEO_HTTP_PROXY_HOST); String proxyPort = Framework.getProperty(Environment.NUXEO_HTTP_PROXY_PORT); String proxyLogin = Framework.getProperty(Environment.NUXEO_HTTP_PROXY_LOGIN); String proxyPassword = Framework.getProperty(Environment.NUXEO_HTTP_PROXY_PASSWORD); int maxConnections = getIntProperty(CONNECTION_MAX_PROPERTY); int maxErrorRetry = getIntProperty(CONNECTION_RETRY_PROPERTY); int connectionTimeout = getIntProperty(CONNECTION_TIMEOUT_PROPERTY); int socketTimeout = getIntProperty(SOCKET_TIMEOUT_PROPERTY); String keystoreFile = getProperty(KEYSTORE_FILE_PROPERTY); String keystorePass = getProperty(KEYSTORE_PASS_PROPERTY); String privkeyAlias = getProperty(PRIVKEY_ALIAS_PROPERTY); String privkeyPass = getProperty(PRIVKEY_PASS_PROPERTY); String endpoint = getProperty(ENDPOINT_PROPERTY); String sseprop = getProperty(SERVERSIDE_ENCRYPTION_PROPERTY); if (isNotBlank(sseprop)) { userServerSideEncryption = Boolean.parseBoolean(sseprop); } // Fallback on default env keys for ID and secret if (isBlank(awsID)) { awsID = System.getenv(AWS_ID_ENV); } if (isBlank(awsSecret)) { awsSecret = System.getenv(AWS_SECRET_ENV); } if (isBlank(bucketName)) { throw new RuntimeException("Missing conf: " + BUCKET_NAME_PROPERTY); } if (!isBlank(bucketNamePrefix) && !bucketNamePrefix.endsWith("/")) { log.warn(String.format("%s %s S3 bucket prefix should end by '/' " + ": added automatically.", BUCKET_PREFIX_PROPERTY, bucketNamePrefix)); bucketNamePrefix += "/"; } // set up credentials if (isBlank(awsID) || isBlank(awsSecret)) { awsCredentialsProvider = new InstanceProfileCredentialsProvider(); try { awsCredentialsProvider.getCredentials(); } catch (AmazonClientException e) { throw new RuntimeException("Missing AWS credentials and no instance role found"); } } else { awsCredentialsProvider = new BasicAWSCredentialsProvider(awsID, awsSecret); } // set up client configuration clientConfiguration = new ClientConfiguration(); if (isNotBlank(proxyHost)) { clientConfiguration.setProxyHost(proxyHost); } if (isNotBlank(proxyPort)) { clientConfiguration.setProxyPort(Integer.parseInt(proxyPort)); } if (isNotBlank(proxyLogin)) { clientConfiguration.setProxyUsername(proxyLogin); } if (proxyPassword != null) { // could be blank clientConfiguration.setProxyPassword(proxyPassword); } if (maxConnections > 0) { clientConfiguration.setMaxConnections(maxConnections); } if (maxErrorRetry >= 0) { // 0 is allowed clientConfiguration.setMaxErrorRetry(maxErrorRetry); } if (connectionTimeout >= 0) { // 0 is allowed clientConfiguration.setConnectionTimeout(connectionTimeout); } if (socketTimeout >= 0) { // 0 is allowed clientConfiguration.setSocketTimeout(socketTimeout); } // set up encryption encryptionMaterials = null; if (isNotBlank(keystoreFile)) { boolean confok = true; if (keystorePass == null) { // could be blank log.error("Keystore password missing"); confok = false; } if (isBlank(privkeyAlias)) { log.error("Key alias missing"); confok = false; } if (privkeyPass == null) { // could be blank log.error("Key password missing"); confok = false; } if (!confok) { throw new RuntimeException("S3 Crypto configuration incomplete"); } try { // Open keystore File ksFile = new File(keystoreFile); FileInputStream ksStream = new FileInputStream(ksFile); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(ksStream, keystorePass.toCharArray()); ksStream.close(); // Get keypair for alias if (!keystore.isKeyEntry(privkeyAlias)) { throw new RuntimeException("Alias " + privkeyAlias + " is missing or not a key alias"); } PrivateKey privKey = (PrivateKey) keystore.getKey(privkeyAlias, privkeyPass.toCharArray()); Certificate cert = keystore.getCertificate(privkeyAlias); PublicKey pubKey = cert.getPublicKey(); KeyPair keypair = new KeyPair(pubKey, privKey); // Get encryptionMaterials from keypair encryptionMaterials = new EncryptionMaterials(keypair); cryptoConfiguration = new CryptoConfiguration(); } catch (IOException | GeneralSecurityException e) { throw new RuntimeException("Could not read keystore: " + keystoreFile + ", alias: " + privkeyAlias, e); } } isEncrypted = encryptionMaterials != null; // Try to create bucket if it doesn't exist if (!isEncrypted) { amazonS3 = new AmazonS3Client(awsCredentialsProvider, clientConfiguration); } else { amazonS3 = new AmazonS3EncryptionClient(awsCredentialsProvider, new StaticEncryptionMaterialsProvider(encryptionMaterials), clientConfiguration, cryptoConfiguration); } if (isNotBlank(endpoint)) { amazonS3.setEndpoint(endpoint); } // Set region explicitely for regions that reguire Version 4 signature ArrayList<String> V4_ONLY_REGIONS = new ArrayList<String>(); V4_ONLY_REGIONS.add("eu-central-1"); V4_ONLY_REGIONS.add("ap-northeast-2"); if (V4_ONLY_REGIONS.contains(bucketRegion)) { amazonS3.setRegion(Region.getRegion(Regions.fromName(bucketRegion))); } try { if (!amazonS3.doesBucketExist(bucketName)) { amazonS3.createBucket(bucketName, bucketRegion); amazonS3.setBucketAcl(bucketName, CannedAccessControlList.Private); } } catch (AmazonClientException e) { throw new IOException(e); } // compat for NXP-17895, using "downloadfroms3", to be removed // these two fields have already been initialized by the base class initialize() // using standard property "directdownload" String dd = getProperty(DIRECTDOWNLOAD_PROPERTY_COMPAT); if (dd != null) { directDownload = Boolean.parseBoolean(dd); } int dde = getIntProperty(DIRECTDOWNLOAD_EXPIRE_PROPERTY_COMPAT); if (dde >= 0) { directDownloadExpire = dde; } transferManager = new TransferManager(amazonS3); abortOldUploads(); }