Package | Description |
---|---|
com.amazonaws.services.s3.internal.crypto |
Modifier and Type | Field and Description |
---|---|
private ContentCryptoMaterial |
MultipartUploadCryptoContext.cekMaterial |
Modifier and Type | Method and Description |
---|---|
private ContentCryptoMaterial |
S3CryptoModuleBase.buildContentCryptoMaterial(EncryptionMaterials materials,
java.security.Provider provider,
AmazonWebServiceRequest req) |
private ContentCryptoMaterial |
S3CryptoModuleBase.ccmFromJson(java.lang.String json) |
private ContentCryptoMaterial |
S3CryptoModuleBase.contentCryptoMaterialOf(S3ObjectWrapper s3w)
Returns the content crypto material of an existing S3 object.
|
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.create(javax.crypto.SecretKey cek,
byte[] iv,
EncryptionMaterials kekMaterials,
ContentCryptoScheme contentCryptoScheme,
S3CryptoScheme targetScheme,
java.security.Provider provider,
AWSKMSClient kms,
AmazonWebServiceRequest req)
Returns a new instance of
ContentCryptoMaterial for the
input parameters using the specified content crypto scheme, and the key
wrapping and secure randomness specified of the specified s3 crypto
scheme. |
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.create(javax.crypto.SecretKey cek,
byte[] iv,
EncryptionMaterials kekMaterials,
S3CryptoScheme scheme,
java.security.Provider provider,
AWSKMSClient kms,
AmazonWebServiceRequest req)
Returns a new instance of
ContentCryptoMaterial
for the input parameters using the specified s3 crypto scheme. |
protected ContentCryptoMaterial |
S3CryptoModuleBase.createContentCryptoMaterial(AmazonWebServiceRequest req)
Creates and returns a non-null content crypto material for the given
request.
|
private static ContentCryptoMaterial |
ContentCryptoMaterial.doCreate(javax.crypto.SecretKey cek,
byte[] iv,
EncryptionMaterials kekMaterials,
ContentCryptoScheme contentCryptoScheme,
S3CryptoScheme targetS3CryptoScheme,
java.security.Provider provider,
AWSKMSClient kms,
AmazonWebServiceRequest req)
Returns a new instance of
ContentCryptoMaterial for the
given input parameters by using the specified content crypto scheme, and
S3 crypto scheme. |
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.fromInstructionFile(java.util.Map<java.lang.String,java.lang.String> instFile,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
boolean keyWrapExpected,
AWSKMSClient kms) |
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.fromInstructionFile(java.util.Map<java.lang.String,java.lang.String> instFile,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
long[] range,
ExtraMaterialsDescription extra,
boolean keyWrapExpected,
AWSKMSClient kms)
Factory method to return the content crypto material from the S3
instruction file, using the specified key encrypting key material
accessor and an optional security provider.
|
private static ContentCryptoMaterial |
ContentCryptoMaterial.fromInstructionFile0(java.util.Map<java.lang.String,java.lang.String> instFile,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
long[] range,
ExtraMaterialsDescription extra,
boolean keyWrapExpected,
AWSKMSClient kms) |
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.fromObjectMetadata(ObjectMetadata metadata,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
boolean keyWrapExpected,
AWSKMSClient kms) |
(package private) static ContentCryptoMaterial |
ContentCryptoMaterial.fromObjectMetadata(ObjectMetadata metadata,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
long[] range,
ExtraMaterialsDescription extra,
boolean keyWrapExpected,
AWSKMSClient kms)
Factory method to return the content crypto material from the S3 object
meta data, using the specified key encrypting key material accessor and
an optional security provider.
|
private static ContentCryptoMaterial |
ContentCryptoMaterial.fromObjectMetadata0(ObjectMetadata metadata,
EncryptionMaterialsAccessor kekMaterialAccessor,
java.security.Provider securityProvider,
long[] range,
ExtraMaterialsDescription extra,
boolean keyWrapExpected,
AWSKMSClient kms) |
(package private) ContentCryptoMaterial |
MultipartUploadCryptoContext.getContentCryptoMaterial()
Returns the content encrypting cryptographic material for the multi-part
uploads.
|
private ContentCryptoMaterial |
S3CryptoModuleBase.newContentCryptoMaterial(EncryptionMaterialsProvider kekMaterialProvider,
java.util.Map<java.lang.String,java.lang.String> materialsDescription,
java.security.Provider provider,
AmazonWebServiceRequest req)
Returns the content encryption material generated with the given kek
material, material description and security providers; or null if
the encryption material cannot be found for the specified description.
|
private ContentCryptoMaterial |
S3CryptoModuleBase.newContentCryptoMaterial(EncryptionMaterialsProvider kekMaterialProvider,
java.security.Provider provider,
AmazonWebServiceRequest req)
Returns a non-null content encryption material generated with the given kek
material and security providers.
|
(package private) ContentCryptoMaterial |
ContentCryptoMaterial.recreate(EncryptionMaterials newKEK,
EncryptionMaterialsAccessor accessor,
S3CryptoScheme targetScheme,
java.security.Provider p,
AWSKMSClient kms,
AmazonWebServiceRequest req)
Recreates a new content crypto material from the current material given a
new KEK encryption materials.
|
(package private) ContentCryptoMaterial |
ContentCryptoMaterial.recreate(java.util.Map<java.lang.String,java.lang.String> newKEKMatDesc,
EncryptionMaterialsAccessor accessor,
S3CryptoScheme targetScheme,
java.security.Provider p,
AWSKMSClient kms,
AmazonWebServiceRequest req)
Recreates a new content crypto material from the current material given a
new KEK material-descriptions.
|
static ContentCryptoMaterial |
ContentCryptoMaterial.wrap(javax.crypto.SecretKey cek,
byte[] iv,
ContentCryptoScheme contentCryptoScheme,
java.security.Provider provider,
SecuredCEK cekSecured)
Returns a new instance of
ContentCryptoMaterial by wrapping
the input parameters, including the already secured CEK. |
Modifier and Type | Method and Description |
---|---|
protected PutObjectRequest |
S3CryptoModuleBase.createInstructionPutRequest(java.lang.String bucketName,
java.lang.String key,
ContentCryptoMaterial cekMaterial) |
private S3ObjectWrapper |
S3CryptoModuleAE.decrypt(S3ObjectWrapper wrapper,
ContentCryptoMaterial cekMaterial,
long[] range)
Returns an updated object where the object content input stream contains the decrypted contents.
|
private CipherLiteInputStream |
S3CryptoModuleBase.newS3CipherLiteInputStream(AbstractPutObjectRequest req,
ContentCryptoMaterial cekMaterial,
long plaintextLength) |
(package private) MultipartUploadCbcContext |
S3CryptoModuleEO.newUploadContext(InitiateMultipartUploadRequest req,
ContentCryptoMaterial cekMaterial) |
(package private) abstract T |
S3CryptoModuleBase.newUploadContext(InitiateMultipartUploadRequest req,
ContentCryptoMaterial cekMaterial) |
(package private) MultipartUploadCryptoContext |
S3CryptoModuleAE.newUploadContext(InitiateMultipartUploadRequest req,
ContentCryptoMaterial cekMaterial) |
protected void |
S3CryptoModuleBase.securityCheck(ContentCryptoMaterial cekMaterial,
S3ObjectWrapper retrieved)
Checks if the the crypto scheme used in the given content crypto material
is allowed to be used in this crypto module.
|
protected void |
S3CryptoModuleAEStrict.securityCheck(ContentCryptoMaterial cekMaterial,
S3ObjectWrapper retrieved) |
protected PutObjectRequest |
S3CryptoModuleBase.updateInstructionPutRequest(PutObjectRequest req,
ContentCryptoMaterial cekMaterial)
Updates put request to store the specified instruction object in S3.
|
protected ObjectMetadata |
S3CryptoModuleBase.updateMetadataWithContentCryptoMaterial(ObjectMetadata metadata,
java.io.File file,
ContentCryptoMaterial instruction) |
protected <R extends AbstractPutObjectRequest> |
S3CryptoModuleBase.wrapWithCipher(R request,
ContentCryptoMaterial cekMaterial)
Returns the given
PutObjectRequest but has the content as
input stream wrapped with a cipher, and configured with some meta data
and user metadata. |
Constructor and Description |
---|
MultipartUploadCbcContext(java.lang.String bucketName,
java.lang.String key,
ContentCryptoMaterial cekMaterial) |
MultipartUploadCryptoContext(java.lang.String bucketName,
java.lang.String key,
ContentCryptoMaterial cekMaterial) |