public class CryptoConfiguration
extends java.lang.Object
implements java.lang.Cloneable, java.io.Serializable
Modifier and Type | Class and Description |
---|---|
private static class |
CryptoConfiguration.ReadOnly
Used to provide a read-only copy of the configuration.
|
Modifier and Type | Field and Description |
---|---|
private Region |
awskmsRegion
Used to specify the KMS region for the AWS KMS client when such client
is internally instantiated instead of externally passed in by users; or
null if no explicit KMS region is specified.
|
private CryptoMode |
cryptoMode |
private java.security.Provider |
cryptoProvider |
private boolean |
ignoreMissingInstructionFile
True to ignore instruction file that cannot be found during a GET
operation; false otherwise.
|
private static long |
serialVersionUID |
private CryptoStorageMode |
storageMode |
Constructor and Description |
---|
CryptoConfiguration()
Creates a new CryptoConfiguration object with default storage mode and
crypto provider settings.
|
CryptoConfiguration(CryptoMode cryptoMode) |
Modifier and Type | Method and Description |
---|---|
private void |
check(CryptoMode cryptoMode)
Checks if the crypto mode is supported by the runtime.
|
CryptoConfiguration |
clone() |
private CryptoConfiguration |
copyTo(CryptoConfiguration that) |
Region |
getAwsKmsRegion()
Returns the the KMS region explicitly specified for the AWS KMS client
when such client is internally instantiated; or null if no explicit KMS
region is specified.
|
CryptoMode |
getCryptoMode()
Returns the optionally specified crypto mode applicable only to the S3
encryption client; or null.
|
java.security.Provider |
getCryptoProvider()
Returns the crypto provider whose encryption implementation will be used
to encrypt and decrypt data.
|
Regions |
getKmsRegion()
Deprecated.
|
CryptoStorageMode |
getStorageMode()
Returns the current storage mode of a CryptoConfiguration object.
|
boolean |
isIgnoreMissingInstructionFile()
Returns true to ignore instruction file that cannot be found during a GET
operation; false otherwise.
|
boolean |
isReadOnly() |
CryptoConfiguration |
readOnly()
Returns a read-only copy of this configuration.
|
void |
setAwsKmsRegion(Region awsKmsRegion)
Sets the KMS region for the AWS KMS client when such client is internally
instantiated instead of externally passed in by users; or null if no
explicit KMS region is explicitly configured.This KMS region parameter is
ignored when the AWS KMS client of the S3 encryption client is explicitly
passed in by the users, instead of being implicitly created.
|
void |
setCryptoMode(CryptoMode cryptoMode)
Sets the crypto mode; applicable only to the S3 encryption client.
|
void |
setCryptoProvider(java.security.Provider cryptoProvider)
Sets the crypto provider to the specified provider.
|
void |
setIgnoreMissingInstructionFile(boolean ignoreMissingInstructionFile) |
void |
setKmsRegion(Regions kmsRegion)
Deprecated.
|
void |
setStorageMode(CryptoStorageMode storageMode)
Sets the storage mode to the specified mode.
|
CryptoConfiguration |
withAwsKmsRegion(Region awsKmsRegion)
Fluent API for setting the KMS region for the AWS KMS client when such
client is internally instantiated instead of externally passed in by
users; or null if no explicit KMS region is explicitly configured.This
KMS region parameter is ignored when the AWS KMS client of the S3
encryption client is explicitly passed in by the users, instead of being
implicitly created.
|
CryptoConfiguration |
withCryptoMode(CryptoMode cryptoMode)
Fluent API to set the crypto mode; applicable only to the S3 encryption
client.
|
CryptoConfiguration |
withCryptoProvider(java.security.Provider cryptoProvider)
Sets the crypto provider to the specified provider, and returns the
updated CryptoConfiguration object.
|
CryptoConfiguration |
withIgnoreMissingInstructionFile(boolean ignoreMissingInstructionFile)
Fluent API to set the property to ignore instruction file that cannot be
found during a GET operation.
|
CryptoConfiguration |
withKmsRegion(Regions kmsRegion)
Deprecated.
|
CryptoConfiguration |
withStorageMode(CryptoStorageMode storageMode)
Sets the storage mode to the specified mode, and returns the updated
CryptoConfiguration object.
|
private static final long serialVersionUID
private CryptoMode cryptoMode
private CryptoStorageMode storageMode
private java.security.Provider cryptoProvider
private boolean ignoreMissingInstructionFile
CryptoMode.StrictAuthenticatedEncryption
where
missing instruction file would always cause security exception.private transient Region awskmsRegion
public CryptoConfiguration()
public CryptoConfiguration(CryptoMode cryptoMode)
cryptoMode
- cryptographic mode to be usedjava.lang.UnsupportedOperationException
- if the necessary security provider cannot be found or the
necessary cryptographic operations are not supported for the
specified crypto mode.public void setStorageMode(CryptoStorageMode storageMode)
storageMode
- The storage mode to be used for storing encryption
information.public CryptoConfiguration withStorageMode(CryptoStorageMode storageMode)
storageMode
- The storage mode to be used for storing encryption
information.public CryptoStorageMode getStorageMode()
public void setCryptoProvider(java.security.Provider cryptoProvider)
cryptoProvider
- The crypto provider whose encryption implementation will be
used to encrypt and decrypt data.public CryptoConfiguration withCryptoProvider(java.security.Provider cryptoProvider)
cryptoProvider
- The crypto provider whose encryption implementation will be
used to encrypt and decrypt data.public java.security.Provider getCryptoProvider()
public CryptoMode getCryptoMode()
public void setCryptoMode(CryptoMode cryptoMode) throws java.lang.UnsupportedOperationException
java.lang.UnsupportedOperationException
- if the necessary security provider cannot be found or the
necessary cryptographic operations are not supported for the
specified crypto mode. Note the crypto mode can and will
still (intentionally) be set in such case, and it's up to the
caller to decide what to do about it.public CryptoConfiguration withCryptoMode(CryptoMode cryptoMode) throws java.lang.UnsupportedOperationException
java.lang.UnsupportedOperationException
- if the necessary security provider cannot be found or the
necessary cryptographic operations are not supported for the
specified crypto mode.Note the crypto mode can and will still
(intentionally) be set in such case, and it's up to the
caller to decide what to do about it.public boolean isIgnoreMissingInstructionFile()
CryptoMode.StrictAuthenticatedEncryption
where
missing instruction file would always cause security exception.public void setIgnoreMissingInstructionFile(boolean ignoreMissingInstructionFile)
ignoreMissingInstructionFile
- true to ignore instruction file that cannot be found during a
GET operation; false otherwise. Default is true. This property
is ignored if the crypto mode is
CryptoMode.StrictAuthenticatedEncryption
where missing
instruction file would always cause security exception.public CryptoConfiguration withIgnoreMissingInstructionFile(boolean ignoreMissingInstructionFile)
private void check(CryptoMode cryptoMode)
java.lang.UnsupportedOperationException
- if the necessary security provider cannot be found or the
necessary cryptographic operations are not supported for the
specified crypto mode.public boolean isReadOnly()
public CryptoConfiguration readOnly()
public CryptoConfiguration clone()
clone
in class java.lang.Object
private CryptoConfiguration copyTo(CryptoConfiguration that)
@Deprecated public Regions getKmsRegion()
@Deprecated public void setKmsRegion(Regions kmsRegion)
@Deprecated public CryptoConfiguration withKmsRegion(Regions kmsRegion)
public Region getAwsKmsRegion()
public void setAwsKmsRegion(Region awsKmsRegion)
public CryptoConfiguration withAwsKmsRegion(Region awsKmsRegion)