Package com.amazonaws.encryptionsdk.caching

Class CachingCryptoMaterialsManager.Builder

    • Method Detail

      • withPartitionId

        public CachingCryptoMaterialsManager.Builder withPartitionId​(String partitionId)
        Sets the partition ID for this CMM. This is an optional operation.

        By default, two CMMs will never use each other's cache entries. This helps ensure that CMMs with different delegates won't incorrectly use each other's encrypt and decrypt results. However, in certain special circumstances it can be useful to share entries between different CMMs - for example, if the backing CMM is constructed based on some parameters that depend on the operation, you may wish for delegates constructed with the same parameters to share the same partition.

        To accomplish this, set the same partition ID and backing cache on both CMMs; entries cached from one of these CMMs can then be used by the other. This should only be done with careful consideration and verification that the CMM delegates are equivalent for your application's purposes.

        By default, the partition ID is set to a random UUID to avoid any collisions.

        Parameters:
        partitionId - The partition ID
        Returns:
        this builder

      • withMaxAge

        public CachingCryptoMaterialsManager.Builder withMaxAge​(long maxAge,
                                                        TimeUnit units)
        Sets the maximum lifetime for entries in the cache, for both encrypt and decrypt operations. When the specified amount of time passes after initial creation of the entry, the entry will be considered unusable, and the next operation will incur a cache miss.
        Parameters:
        maxAge - The amount of time entries are allowed to live. Must be positive.
        units - The units maxAge is expressed in
        Returns:
        this builder

      • withMessageUseLimit

        public CachingCryptoMaterialsManager.Builder withMessageUseLimit​(long messageUseLimit)
        Sets the maximum number of individual messages that can be encrypted under the same a cached data key. This does not affect decrypt operations.

        Specifying this limit is optional; by default, the limit is set to 2^32. This is also the maximum accepted value; if you specify a higher limit, an IllegalArgumentException will be thrown.

        Parameters:
        messageUseLimit - The maximum number of messages that can be encrypted by the same data key. Must be positive.
        Returns:
        this builder

      • withByteUseLimit

        public CachingCryptoMaterialsManager.Builder withByteUseLimit​(long byteUseLimit)
        Sets the maximum number of plaintext bytes that can be encrypted under the same a cached data key. This does not affect decrypt operations.

        Specifying this limit is optional; by default, the limit is set to 2^63 - 1.

        While this limit can be set to zero, in this case keys can only be cached if they are used for zero-length messages.

        Parameters:
        byteUseLimit - The maximum number of bytes that can be encrypted by the same data key. Must be non-negative.
        Returns:
        this builder