Skip to content

Commit 091b7b4

Browse files
chore: rename and format (#2118)
1 parent 18dbc50 commit 091b7b4

135 files changed

Lines changed: 15930 additions & 12503 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/ci_examples_java.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,8 @@ jobs:
103103
working-directory: ./Examples
104104
run: |
105105
# Run simple examples
106-
gradle -p runtimes/java/DynamoDbEncryption test
106+
# TODO -- remove this
107+
# gradle -p runtimes/java/DynamoDbEncryption test
107108
gradle -p runtimes/java/DDBECwithSDKV2 test
108109
# Run migration examples
109110
gradle -p runtimes/java/Migration/PlaintextToAWSDBE test

.github/workflows/pull.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ name: PR CI
44
permissions:
55
contents: read
66
id-token: write
7-
7+
88
on:
99
pull_request:
1010

DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/InternalLegacyOverride.java

Lines changed: 16 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -209,7 +209,10 @@ public static Result<Option<InternalLegacyOverride>, Error> Build(
209209
}
210210

211211
final LegacyEncryptorAdapter encryptorAdapter;
212-
if (maybeEncryptor instanceof com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor) {
212+
if (
213+
maybeEncryptor instanceof
214+
com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor
215+
) {
213216
encryptorAdapter =
214217
new V1EncryptorAdapter(
215218
(com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor) maybeEncryptor,
@@ -218,11 +221,11 @@ public static Result<Option<InternalLegacyOverride>, Error> Build(
218221
);
219222
} else if (
220223
maybeEncryptor instanceof
221-
software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDBEncryptor
224+
com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.DynamoDBEncryptor
222225
) {
223226
encryptorAdapter =
224227
new V2EncryptorAdapter(
225-
(software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDBEncryptor) maybeEncryptor,
228+
(com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.DynamoDBEncryptor) maybeEncryptor,
226229
convertActionsV1ToV2(maybeActions.value()),
227230
convertEncryptionContextV1ToV2(maybeEncryptionContext.value())
228231
);
@@ -259,32 +262,33 @@ public static boolean isDynamoDBEncryptor(
259262
software.amazon.cryptography.dbencryptionsdk.dynamodb.ILegacyDynamoDbEncryptor maybe
260263
) {
261264
return (
262-
maybe instanceof com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor ||
263265
maybe instanceof
264-
software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDBEncryptor
266+
com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor ||
267+
maybe instanceof
268+
com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.DynamoDBEncryptor
265269
);
266270
}
267271

268272
// Convert SDK V1 EncryptionFlags to SDK V2
269273
private static Map<
270274
String,
271275
Set<
272-
software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionFlags
276+
com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.EncryptionFlags
273277
>
274278
> convertActionsV1ToV2(Map<String, Set<EncryptionFlags>> v1Actions) {
275279
Map<
276280
String,
277281
Set<
278-
software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionFlags
282+
com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.EncryptionFlags
279283
>
280284
> v2Actions = new HashMap<>();
281285
for (Map.Entry<String, Set<EncryptionFlags>> entry : v1Actions.entrySet()) {
282286
Set<
283-
software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionFlags
287+
com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.EncryptionFlags
284288
> v2Flags = new HashSet<>();
285289
for (EncryptionFlags v1Flag : entry.getValue()) {
286290
v2Flags.add(
287-
software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionFlags.valueOf(
291+
com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.EncryptionFlags.valueOf(
288292
v1Flag.name()
289293
)
290294
);
@@ -295,11 +299,11 @@ > convertActionsV1ToV2(Map<String, Set<EncryptionFlags>> v1Actions) {
295299
}
296300

297301
// Convert SDK V1 EncryptionContext to SDK V2
298-
private static software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionContext convertEncryptionContextV1ToV2(
302+
private static com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.EncryptionContext convertEncryptionContextV1ToV2(
299303
final EncryptionContext v1Context
300304
) {
301-
final software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionContext.Builder builder =
302-
software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionContext
305+
final com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.EncryptionContext.Builder builder =
306+
com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.EncryptionContext
303307
.builder()
304308
.tableName(v1Context.getTableName())
305309
.hashKeyName(v1Context.getHashKeyName())

DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/V2EncryptorAdapter.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
package software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.legacy;
22

3+
import com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.DynamoDBEncryptor;
4+
import com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.EncryptionContext;
5+
import com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption.EncryptionFlags;
36
import java.security.GeneralSecurityException;
47
import java.util.Map;
58
import java.util.Set;
6-
import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDBEncryptor;
7-
import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionContext;
8-
import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionFlags;
99

1010
public class V2EncryptorAdapter implements LegacyEncryptorAdapter {
1111

Original file line numberDiff line numberDiff line change
@@ -0,0 +1,157 @@
1+
/*
2+
* Copyright 2014-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License").
5+
* You may not use this file except in compliance with the License.
6+
* A copy of the License is located at
7+
*
8+
* http://aws.amazon.com/apache2.0
9+
*
10+
* or in the "license" file accompanying this file. This file is distributed
11+
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12+
* express or implied. See the License for the specific language governing
13+
* permissions and limitations under the License.
14+
*/
15+
package com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.encryption;
16+
17+
import java.security.GeneralSecurityException;
18+
import java.security.InvalidAlgorithmParameterException;
19+
import java.security.InvalidKeyException;
20+
import java.security.Key;
21+
import java.security.NoSuchAlgorithmException;
22+
import javax.crypto.BadPaddingException;
23+
import javax.crypto.Cipher;
24+
import javax.crypto.IllegalBlockSizeException;
25+
import javax.crypto.NoSuchPaddingException;
26+
import javax.crypto.SecretKey;
27+
28+
/**
29+
* Identifies keys which should not be used directly with {@link Cipher} but
30+
* instead contain their own cryptographic logic. This can be used to wrap more
31+
* complex logic, HSM integration, or service-calls.
32+
*
33+
* <p>
34+
* Most delegated keys will only support a subset of these operations. (For
35+
* example, AES keys will generally not support {@link #sign(byte[], String)} or
36+
* {@link #verify(byte[], byte[], String)} and HMAC keys will generally not
37+
* support anything except <code>sign</code> and <code>verify</code>.)
38+
* {@link UnsupportedOperationException} should be thrown in these cases.
39+
*
40+
* @author Greg Rubin
41+
*/
42+
public interface DelegatedKey extends SecretKey {
43+
/**
44+
* Encrypts the provided plaintext and returns a byte-array containing the ciphertext.
45+
*
46+
* @param plainText
47+
* @param additionalAssociatedData
48+
* Optional additional data which must then also be provided for successful
49+
* decryption. Both <code>null</code> and arrays of length 0 are treated identically.
50+
* Not all keys will support this parameter.
51+
* @param algorithm
52+
* the transformation to be used when encrypting the data
53+
* @return ciphertext the ciphertext produced by this encryption operation
54+
* @throws UnsupportedOperationException
55+
* if encryption is not supported or if <code>additionalAssociatedData</code> is
56+
* provided, but not supported.
57+
*/
58+
byte[] encrypt(
59+
byte[] plainText,
60+
byte[] additionalAssociatedData,
61+
String algorithm
62+
)
63+
throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException;
64+
65+
/**
66+
* Decrypts the provided ciphertext and returns a byte-array containing the
67+
* plaintext.
68+
*
69+
* @param cipherText
70+
* @param additionalAssociatedData
71+
* Optional additional data which was provided during encryption.
72+
* Both <code>null</code> and arrays of length 0 are treated
73+
* identically. Not all keys will support this parameter.
74+
* @param algorithm
75+
* the transformation to be used when decrypting the data
76+
* @return plaintext the result of decrypting the input ciphertext
77+
* @throws UnsupportedOperationException
78+
* if decryption is not supported or if
79+
* <code>additionalAssociatedData</code> is provided, but not
80+
* supported.
81+
*/
82+
byte[] decrypt(
83+
byte[] cipherText,
84+
byte[] additionalAssociatedData,
85+
String algorithm
86+
)
87+
throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException;
88+
89+
/**
90+
* Wraps (encrypts) the provided <code>key</code> to make it safe for
91+
* storage or transmission.
92+
*
93+
* @param key
94+
* @param additionalAssociatedData
95+
* Optional additional data which must then also be provided for
96+
* successful unwrapping. Both <code>null</code> and arrays of
97+
* length 0 are treated identically. Not all keys will support
98+
* this parameter.
99+
* @param algorithm
100+
* the transformation to be used when wrapping the key
101+
* @return the wrapped key
102+
* @throws UnsupportedOperationException
103+
* if wrapping is not supported or if
104+
* <code>additionalAssociatedData</code> is provided, but not
105+
* supported.
106+
*/
107+
byte[] wrap(Key key, byte[] additionalAssociatedData, String algorithm)
108+
throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException;
109+
110+
/**
111+
* Unwraps (decrypts) the provided <code>wrappedKey</code> to recover the
112+
* original key.
113+
*
114+
* @param wrappedKey
115+
* @param additionalAssociatedData
116+
* Optional additional data which was provided during wrapping.
117+
* Both <code>null</code> and arrays of length 0 are treated
118+
* identically. Not all keys will support this parameter.
119+
* @param algorithm
120+
* the transformation to be used when unwrapping the key
121+
* @return the unwrapped key
122+
* @throws UnsupportedOperationException
123+
* if wrapping is not supported or if
124+
* <code>additionalAssociatedData</code> is provided, but not
125+
* supported.
126+
*/
127+
Key unwrap(
128+
byte[] wrappedKey,
129+
String wrappedKeyAlgorithm,
130+
int wrappedKeyType,
131+
byte[] additionalAssociatedData,
132+
String algorithm
133+
)
134+
throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException;
135+
136+
/**
137+
* Calculates and returns a signature for <code>dataToSign</code>.
138+
*
139+
* @param dataToSign
140+
* @param algorithm
141+
* @return the signature
142+
* @throws UnsupportedOperationException if signing is not supported
143+
*/
144+
byte[] sign(byte[] dataToSign, String algorithm)
145+
throws GeneralSecurityException;
146+
147+
/**
148+
* Checks the provided signature for correctness.
149+
*
150+
* @param dataToSign
151+
* @param signature
152+
* @param algorithm
153+
* @return true if and only if the <code>signature</code> matches the <code>dataToSign</code>.
154+
* @throws UnsupportedOperationException if signature validation is not supported
155+
*/
156+
boolean verify(byte[] dataToSign, byte[] signature, String algorithm);
157+
}

0 commit comments

Comments
 (0)