Package com.amazonaws.encryptionsdk.internal

Class AwsKmsCmkArnInfo

  • public final class AwsKmsCmkArnInfo
extends Object
    A class to parse and handle AWS KMS identifiers. Mostly AWS KMS ARNs but raw resources are also used in the AWS Encryption SDK.

    • Method Detail

      • parseInfoFromKeyArn

        public static AwsKmsCmkArnInfo parseInfoFromKeyArn​(String keyArn)
        Takes an AWS KMS identifier that may or may not be an ARN and attempts to parse the identifier as an ARN. If the identifier is not an ARN, it returns null. This is an expected condition, not an error.
        Parameters:
        keyArn - The string to parse

      • validAwsKmsIdentifier

        public static void validAwsKmsIdentifier​(String identifier)
        Takes a string an will throw if this identifier is invalid Raw resources like a key ID or alias `mrk-edb7fe6942894d32ac46dbb1c922d574`, `alias/my-alias` or ARNs like arn:aws:kms:us-west-2:111122223333:key/mrk-edb7fe6942894d32ac46dbb1c922d574 arn:aws:kms:us-west-2:111122223333:alias/my-alias
        Parameters:
        identifier - an identifier that is an ARN or raw resource

      • isMRK

        public static boolean isMRK​(String resource)
        Identifies Multi Region AWS KMS keys. This can misidentify an alias that starts with "mrk-".

      • isMRK

        public static boolean isMRK​(AwsKmsCmkArnInfo arn)
        Identifies Multi Region AWS KMS keys. The resource type check is to protect against the edge case where an alias starts with `mrk-` * e.g. arn:aws:kms:us-west-2:111122223333:alias/mrk-someOtherName

      • awsKmsArnMatchForDecrypt

        public static boolean awsKmsArnMatchForDecrypt​(String configuredKeyIdentifier,
                                               String providerInfoKeyIdentifier)
        Tell if two different AWS KMS ARNs match. For identical keys this is trivial, but multi-Region keys can match across regions.

      • getPartition

        public String getPartition()

      • getAccountId

        public String getAccountId()

      • getRegion

        public String getRegion()

      • getResourceType

        public String getResourceType()

      • getResource

        public String getResource()

      • toString

        public String toString()
        Returns the well-formed ARN this object describes.
        Overrides:
        toString in class Object

      • toString

        public String toString​(String mrkRegion)
        AWS KMS multi-Region keys can have replicas in other region. A compatible ARN in a different Region may be required.
        Parameters:
        mrkRegion - The region to use instead of the region in the ARN