class S3CryptoModuleAE extends S3CryptoModuleBase<MultipartUploadCryptoContext>
contentCryptoScheme, cryptoConfig, cryptoScheme, DEFAULT_BUFFER_SIZE, kekMaterialsProvider, kms, log, multipartUploadContexts, s3
Constructor and Description |
---|
S3CryptoModuleAE(AWSKMSClient kms,
S3Direct s3,
AWSCredentialsProvider credentialsProvider,
EncryptionMaterialsProvider encryptionMaterialsProvider,
CryptoConfiguration cryptoConfig) |
S3CryptoModuleAE(AWSKMSClient kms,
S3Direct s3,
EncryptionMaterialsProvider encryptionMaterialsProvider,
CryptoConfiguration cryptoConfig)
Used for testing purposes only.
|
S3CryptoModuleAE(S3Direct s3,
EncryptionMaterialsProvider encryptionMaterialsProvider,
CryptoConfiguration cryptoConfig)
Used for testing purposes only.
|
Modifier and Type | Method and Description |
---|---|
protected S3ObjectWrapper |
adjustToDesiredRange(S3ObjectWrapper s3object,
long[] range,
java.util.Map<java.lang.String,java.lang.String> instruction)
Adjusts the retrieved S3Object so that the object contents contain only the range of bytes
desired by the user.
|
private void |
assertParameterNotNull(java.lang.Object parameterValue,
java.lang.String errorMessage)
Asserts that the specified parameter value is not null and if it is,
throws an IllegalArgumentException with the specified error message.
|
(package private) CipherLite |
cipherLiteForNextPart(MultipartUploadCryptoContext uploadContext) |
protected long |
ciphertextLength(long originalContentLength)
Returns the length of the ciphertext computed from the length of the
plaintext.
|
(package private) long |
computeLastPartSize(UploadPartRequest req) |
private S3Object |
decipher(GetObjectRequest req,
long[] desiredRange,
long[] cryptoRange,
S3Object retrieved) |
private S3Object |
decipherWithInstFileSuffix(GetObjectRequest req,
long[] desiredRange,
long[] cryptoRange,
S3Object retrieved,
java.lang.String instFileSuffix)
Same as
decipher(GetObjectRequest, long[], long[], S3Object)
but makes use of an instruction file with the specified suffix. |
private S3Object |
decipherWithInstructionFile(GetObjectRequest req,
long[] desiredRange,
long[] cryptoRange,
S3ObjectWrapper retrieved,
S3ObjectWrapper instructionFile) |
private S3Object |
decipherWithMetadata(GetObjectRequest req,
long[] desiredRange,
long[] cryptoRange,
S3ObjectWrapper retrieved) |
private S3ObjectWrapper |
decrypt(S3ObjectWrapper wrapper,
ContentCryptoMaterial cekMaterial,
long[] range)
Returns an updated object where the object content input stream contains the decrypted contents.
|
S3Object |
getObjectSecurely(GetObjectRequest req) |
ObjectMetadata |
getObjectSecurely(GetObjectRequest getObjectRequest,
java.io.File destinationFile) |
protected boolean |
isStrict()
Returns true if a strict encryption mode is in use in the current crypto
module; false otherwise.
|
(package private) MultipartUploadCryptoContext |
newUploadContext(InitiateMultipartUploadRequest req,
ContentCryptoMaterial cekMaterial) |
(package private) void |
updateUploadContext(MultipartUploadCryptoContext uploadContext,
SdkFilterInputStream is) |
(package private) SdkFilterInputStream |
wrapForMultipart(CipherLiteInputStream is,
long partSize) |
abortMultipartUploadSecurely, appendUserAgent, completeMultipartUploadSecurely, copyPartSecurely, createContentCryptoMaterial, createInstructionGetRequest, createInstructionGetRequest, createInstructionPutRequest, fetchInstructionFile, generateCEK, getAdjustedCryptoRange, getS3CryptoScheme, initiateMultipartUploadSecurely, newMultipartS3CipherInputStream, plaintextLength, putInstructionFileSecurely, putLocalObjectSecurely, putObjectSecurely, securityCheck, updateInstructionPutRequest, updateMetadataWithContentCryptoMaterial, uploadPartSecurely, wrapWithCipher
S3CryptoModuleAE(AWSKMSClient kms, S3Direct s3, AWSCredentialsProvider credentialsProvider, EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfig)
cryptoConfig
- a read-only copy of the crypto configuration.S3CryptoModuleAE(S3Direct s3, EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfig)
S3CryptoModuleAE(AWSKMSClient kms, S3Direct s3, EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfig)
protected boolean isStrict()
public S3Object getObjectSecurely(GetObjectRequest req)
getObjectSecurely
in class S3CryptoModule<MultipartUploadCryptoContext>
private S3Object decipher(GetObjectRequest req, long[] desiredRange, long[] cryptoRange, S3Object retrieved)
private S3Object decipherWithInstFileSuffix(GetObjectRequest req, long[] desiredRange, long[] cryptoRange, S3Object retrieved, java.lang.String instFileSuffix)
decipher(GetObjectRequest, long[], long[], S3Object)
but makes use of an instruction file with the specified suffix.instFileSuffix
- never null or empty (which is assumed to have been
sanitized upstream.)private S3Object decipherWithInstructionFile(GetObjectRequest req, long[] desiredRange, long[] cryptoRange, S3ObjectWrapper retrieved, S3ObjectWrapper instructionFile)
private S3Object decipherWithMetadata(GetObjectRequest req, long[] desiredRange, long[] cryptoRange, S3ObjectWrapper retrieved)
protected final S3ObjectWrapper adjustToDesiredRange(S3ObjectWrapper s3object, long[] range, java.util.Map<java.lang.String,java.lang.String> instruction)
s3object
- The S3Object retrieved from S3 that could possibly contain more bytes than desired
by the user.range
- A two-element array of longs corresponding to the start and finish (inclusive) of a desired
range of bytes.instruction
- Instruction file in JSON or null if no instruction file is involvedpublic ObjectMetadata getObjectSecurely(GetObjectRequest getObjectRequest, java.io.File destinationFile)
getObjectSecurely
in class S3CryptoModule<MultipartUploadCryptoContext>
final MultipartUploadCryptoContext newUploadContext(InitiateMultipartUploadRequest req, ContentCryptoMaterial cekMaterial)
newUploadContext
in class S3CryptoModuleBase<MultipartUploadCryptoContext>
final CipherLite cipherLiteForNextPart(MultipartUploadCryptoContext uploadContext)
cipherLiteForNextPart
in class S3CryptoModuleBase<MultipartUploadCryptoContext>
final SdkFilterInputStream wrapForMultipart(CipherLiteInputStream is, long partSize)
wrapForMultipart
in class S3CryptoModuleBase<MultipartUploadCryptoContext>
final long computeLastPartSize(UploadPartRequest req)
computeLastPartSize
in class S3CryptoModuleBase<MultipartUploadCryptoContext>
final void updateUploadContext(MultipartUploadCryptoContext uploadContext, SdkFilterInputStream is)
updateUploadContext
in class S3CryptoModuleBase<MultipartUploadCryptoContext>
private S3ObjectWrapper decrypt(S3ObjectWrapper wrapper, ContentCryptoMaterial cekMaterial, long[] range)
wrapper
- The object whose contents are to be decrypted.cekMaterial
- The instruction that will be used to decrypt the object data.private void assertParameterNotNull(java.lang.Object parameterValue, java.lang.String errorMessage)
parameterValue
- The parameter value being checked.errorMessage
- The error message to include in the IllegalArgumentException
if the specified parameter is null.protected final long ciphertextLength(long originalContentLength)
S3CryptoModuleBase
ciphertextLength
in class S3CryptoModuleBase<MultipartUploadCryptoContext>
originalContentLength
- a non-negative number