Package com.amazonaws.encryptionsdk.jce

Class KeyStoreProvider

java.lang.Object

com.amazonaws.encryptionsdk.MasterKeyProvider<JceMasterKey>

com.amazonaws.encryptionsdk.jce.KeyStoreProvider

public class KeyStoreProvider
extends MasterKeyProvider<JceMasterKey>

This MasterKeyProvider provides keys backed by a JCE KeyStore. Please see decryptDataKey(CryptoAlgorithm, Collection, Map) for an of how decryption is managed and see getMasterKeysForEncryption(MasterKeyRequest) for an explanation of how encryption is managed.

Constructor Summary

Constructors

Constructor	Description
KeyStoreProvider(KeyStore keystore, KeyStore.ProtectionParameter protection, String providerName, String wrappingAlgorithm)	Creates an instance of this class using wrappingAlgorithm which will work for decrypt only.
KeyStoreProvider(KeyStore keystore, KeyStore.ProtectionParameter protection, String providerName, String wrappingAlgorithm, String... aliasNames)	Creates an instance of this class using wrappingAlgorithm which will encrypt data to the keys specified by aliasNames.

Method Summary

Modifier and Type	Method	Description
DataKey<JceMasterKey>	decryptDataKey(CryptoAlgorithm algorithm, Collection<? extends EncryptedDataKey> encryptedDataKeys, Map<String,String> encryptionContext)	Attempts to decrypts the encryptedDataKeys by first iterating through all aliasNames specified in the constructor and then over all other compatible keys in the KeyStore.
String	getDefaultProviderId()	Returns "JavaKeyStore".
JceMasterKey	getMasterKey(String provider, String keyId)	Returns a JceMasterKey corresponding to the entry in the KeyStore with the specified alias and compatible algorithm.
List<JceMasterKey>	getMasterKeysForEncryption(MasterKeyRequest request)	Returns JceMasterKeys corresponding to the aliasNames passed into the constructor.

Methods inherited from class com.amazonaws.encryptionsdk.MasterKeyProvider

buildCannotDecryptDksException, buildCannotDecryptDksException, buildCannotDecryptDksException, canProvide, getMasterKey

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyStoreProvider

public KeyStoreProvider(KeyStore keystore,
                        KeyStore.ProtectionParameter protection,
                        String providerName,
                        String wrappingAlgorithm)

Creates an instance of this class using wrappingAlgorithm which will work for decrypt only.

KeyStoreProvider

public KeyStoreProvider(KeyStore keystore,
                        KeyStore.ProtectionParameter protection,
                        String providerName,
                        String wrappingAlgorithm,
                        String... aliasNames)

Creates an instance of this class using wrappingAlgorithm which will encrypt data to the keys specified by aliasNames.

Method Detail

getMasterKey

public JceMasterKey getMasterKey(String provider,
                                 String keyId)
                          throws UnsupportedProviderException,
                                 NoSuchMasterKeyException

Returns a JceMasterKey corresponding to the entry in the KeyStore with the specified alias and compatible algorithm.

Specified by:

getMasterKey in class MasterKeyProvider<JceMasterKey>

Returns:

Throws:

UnsupportedProviderException - if this object cannot return MasterKeys associated with the given provider

NoSuchMasterKeyException - if this object cannot find (and thus construct) the MasterKey associated with keyId

getDefaultProviderId

public String getDefaultProviderId()

Returns "JavaKeyStore".

Specified by:

getDefaultProviderId in class MasterKeyProvider<JceMasterKey>

getMasterKeysForEncryption

public List<JceMasterKey> getMasterKeysForEncryption(MasterKeyRequest request)

Returns JceMasterKeys corresponding to the aliasNames passed into the constructor.

Specified by:

getMasterKeysForEncryption in class MasterKeyProvider<JceMasterKey>

decryptDataKey

public DataKey<JceMasterKey> decryptDataKey(CryptoAlgorithm algorithm,
                                            Collection<? extends EncryptedDataKey> encryptedDataKeys,
                                            Map<String,String> encryptionContext)
                                     throws UnsupportedProviderException,
                                            AwsCryptoException

Attempts to decrypts the encryptedDataKeys by first iterating through all aliasNames specified in the constructor and then over all other compatible keys in the KeyStore. This includes TrustedCertificates as well as standard key entries.

Specified by:

decryptDataKey in class MasterKeyProvider<JceMasterKey>

Returns:

a DataKey if one can be decrypted, otherwise returns null

Throws:

UnsupportedProviderException - if the encryptedDataKey is associated with an unsupported provider

CannotUnwrapDataKeyException - if the encryptedDataKey cannot be decrypted

AwsCryptoException