-
Notifications
You must be signed in to change notification settings - Fork 19
Expand file tree
/
Copy pathRawKeyring.java
More file actions
64 lines (56 loc) · 2.37 KB
/
Copy pathRawKeyring.java
File metadata and controls
64 lines (56 loc) · 2.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package software.amazon.encryption.s3.materials;
import org.apache.commons.logging.LogFactory;
import software.amazon.encryption.s3.S3EncryptionClient;
/**
* This is an abstract base class for keyrings that use raw cryptographic keys (AES + RSA)
*/
public abstract class RawKeyring extends S3Keyring {
protected final MaterialsDescription _materialsDescription;
protected final boolean _reEncryptInstructionFile;
protected RawKeyring(Builder<?, ?> builder) {
super(builder);
_materialsDescription = builder._materialsDescription;
_reEncryptInstructionFile = builder._reEncryptInstructionFile;
}
public MaterialsDescription getMaterialsDescription() {
return _materialsDescription;
}
public boolean getReEncryptInstructionFile() {
return _reEncryptInstructionFile;
}
public EncryptionMaterials modifyMaterialHelper(EncryptionMaterials materials) {
warnIfEncryptionContextIsPresent(materials);
if (_materialsDescription != null && !_materialsDescription.isEmpty()) {
materials = materials.toBuilder()
.materialsDescription(_materialsDescription)
.build();
return materials;
}
return materials;
}
public void warnIfEncryptionContextIsPresent(EncryptionMaterials materials) {
materials.s3Request().overrideConfiguration()
.flatMap(overrideConfiguration ->
overrideConfiguration.executionAttributes()
.getOptionalAttribute(S3EncryptionClient.ENCRYPTION_CONTEXT))
.ifPresent(ctx -> LogFactory.getLog(getClass()).warn("Usage of Encryption Context provides no security benefit in " + getClass().getSimpleName()));
}
public static abstract class Builder<KeyringT extends RawKeyring, BuilderT extends Builder<KeyringT, BuilderT>>
extends S3Keyring.Builder<KeyringT, BuilderT> {
protected MaterialsDescription _materialsDescription;
protected boolean _reEncryptInstructionFile = false;
protected Builder() {
super();
}
public BuilderT materialsDescription(MaterialsDescription materialsDescription) {
_materialsDescription = materialsDescription;
return builder();
}
public BuilderT reEncryptInstructionFile(boolean reEncryptInstructionFile) {
_reEncryptInstructionFile = reEncryptInstructionFile;
return builder();
}
}
}