diff --git a/.github/workflows/pull.yml b/.github/workflows/pull.yml index 3f237ee0d0..7038076c45 100644 --- a/.github/workflows/pull.yml +++ b/.github/workflows/pull.yml @@ -1,6 +1,10 @@ # This workflow runs for every pull request name: PR CI +permissions: + contents: read + id-token: write + on: pull_request: diff --git a/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/InternalLegacyOverride.java b/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/InternalLegacyOverride.java index b7ee420dcc..a0c3eb05e9 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/InternalLegacyOverride.java +++ b/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/InternalLegacyOverride.java @@ -16,7 +16,6 @@ import StandardLibraryInternal.InternalResult; import Wrappers_Compile.Option; import Wrappers_Compile.Result; -import com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor; import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionContext; import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionFlags; import dafny.DafnyMap; @@ -28,38 +27,31 @@ import software.amazon.awssdk.core.SdkBytes; import software.amazon.cryptography.dbencryptionsdk.dynamodb.ILegacyDynamoDbEncryptor; import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.LegacyPolicy; -import software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.ToNative; import software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.types.Error; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoAction; public class InternalLegacyOverride extends _ExternBase_InternalLegacyOverride { - private DynamoDBEncryptor encryptor; - private Map> actions; - private EncryptionContext encryptionContext; - private LegacyPolicy _policy; - private DafnySequence materialDescriptionFieldName; - private DafnySequence signatureFieldName; + private final LegacyEncryptorAdapter _encryptorAdapter; + private final LegacyPolicy _policy; + private final DafnySequence materialDescriptionFieldNameDafny; + private final DafnySequence signatureFieldNameDafny; private InternalLegacyOverride( - DynamoDBEncryptor encryptor, - Map> actions, - EncryptionContext encryptionContext, + LegacyEncryptorAdapter encryptorAdapter, LegacyPolicy policy ) { - this.encryptor = encryptor; - this.actions = actions; - this.encryptionContext = encryptionContext; + this._encryptorAdapter = encryptorAdapter; this._policy = policy; // It is possible that these values // have been customized by the customer. - this.materialDescriptionFieldName = + this.materialDescriptionFieldNameDafny = software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence( - encryptor.getMaterialDescriptionFieldName() + encryptorAdapter.getMaterialDescriptionFieldName() ); - this.signatureFieldName = + this.signatureFieldNameDafny = software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence( - encryptor.getSignatureFieldName() + encryptorAdapter.getSignatureFieldName() ); } @@ -78,8 +70,8 @@ public boolean IsLegacyInput( //# attributes for the material description and the signature. return ( input.is_DecryptItemInput() && - input._encryptedItem.contains(materialDescriptionFieldName) && - input._encryptedItem.contains(signatureFieldName) + input._encryptedItem.contains(materialDescriptionFieldNameDafny) && + input._encryptedItem.contains(signatureFieldNameDafny) ); } @@ -111,17 +103,13 @@ > EncryptItem( final Map< String, - com.amazonaws.services.dynamodbv2.model.AttributeValue - > encryptedItem = encryptor.encryptRecord( - V2MapToV1Map(plaintextItem), - actions, - encryptionContext - ); + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > encryptedItem = _encryptorAdapter.encryptRecord(plaintextItem); final software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.model.EncryptItemOutput nativeOutput = software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.model.EncryptItemOutput .builder() - .encryptedItem(V1MapToV2Map(encryptedItem)) + .encryptedItem(encryptedItem) .build(); final software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.types.EncryptItemOutput dafnyOutput = software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.ToDafny.EncryptItemOutput( @@ -162,19 +150,15 @@ > DecryptItem( .DecryptItemInput(input) .encryptedItem(); - final Map< + Map< String, - com.amazonaws.services.dynamodbv2.model.AttributeValue - > plaintextItem = encryptor.decryptRecord( - V2MapToV1Map(encryptedItem), - actions, - encryptionContext - ); + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > plaintextItem = _encryptorAdapter.decryptRecord(encryptedItem); final software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.model.DecryptItemOutput nativeOutput = software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.model.DecryptItemOutput .builder() - .plaintextItem(V1MapToV2Map(plaintextItem)) + .plaintextItem(plaintextItem) .build(); final software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.types.DecryptItemOutput dafnyOutput = software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.ToDafny.DecryptItemOutput( @@ -224,11 +208,35 @@ public static Result, Error> Build( return CreateBuildFailure(maybeEncryptionContext.error()); } + final LegacyEncryptorAdapter encryptorAdapter; + if (maybeEncryptor instanceof com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor) { + encryptorAdapter = + new V1EncryptorAdapter( + (com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor) maybeEncryptor, + maybeActions.value(), + maybeEncryptionContext.value() + ); + } else if ( + maybeEncryptor instanceof + software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDBEncryptor + ) { + encryptorAdapter = + new V2EncryptorAdapter( + (software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDBEncryptor) maybeEncryptor, + convertActionsV1ToV2(maybeActions.value()), + convertEncryptionContextV1ToV2(maybeEncryptionContext.value()) + ); + } else { + return CreateBuildFailure( + createError( + "Unsupported encryptor type: " + maybeEncryptor.getClass().getName() + ) + ); + } + final InternalLegacyOverride internalLegacyOverride = new InternalLegacyOverride( - (DynamoDBEncryptor) maybeEncryptor, - maybeActions.value(), - maybeEncryptionContext.value(), + encryptorAdapter, legacyOverride.dtor_policy() ); @@ -250,7 +258,61 @@ public static Error createError(String message) { public static boolean isDynamoDBEncryptor( software.amazon.cryptography.dbencryptionsdk.dynamodb.ILegacyDynamoDbEncryptor maybe ) { - return maybe instanceof DynamoDBEncryptor; + return ( + maybe instanceof com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor || + maybe instanceof + software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDBEncryptor + ); + } + + // Convert SDK V1 EncryptionFlags to SDK V2 + private static Map< + String, + Set< + software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionFlags + > + > convertActionsV1ToV2(Map> v1Actions) { + Map< + String, + Set< + software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionFlags + > + > v2Actions = new HashMap<>(); + for (Map.Entry> entry : v1Actions.entrySet()) { + Set< + software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionFlags + > v2Flags = new HashSet<>(); + for (EncryptionFlags v1Flag : entry.getValue()) { + v2Flags.add( + software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionFlags.valueOf( + v1Flag.name() + ) + ); + } + v2Actions.put(entry.getKey(), v2Flags); + } + return v2Actions; + } + + // Convert SDK V1 EncryptionContext to SDK V2 + private static software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionContext convertEncryptionContextV1ToV2( + final EncryptionContext v1Context + ) { + final software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionContext.Builder builder = + software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionContext + .builder() + .tableName(v1Context.getTableName()) + .hashKeyName(v1Context.getHashKeyName()) + .rangeKeyName(v1Context.getRangeKeyName()) + .developerContext(v1Context.getDeveloperContext()); + + if (v1Context.getMaterialDescription() != null) { + builder.materialDescription(v1Context.getMaterialDescription()); + } + if (v1Context.getAttributeValues() != null) { + builder.attributeValues(V1MapToV2Map(v1Context.getAttributeValues())); + } + return builder.build(); } public static String ToNativeString(DafnySequence s) { @@ -377,10 +439,16 @@ public static com.amazonaws.services.dynamodbv2.model.AttributeValue V2Attribute case SS: return attribute.withSS(value.ss()); case UNKNOWN_TO_SDK_VERSION: - throw new IllegalArgumentException("omfg"); + throw new IllegalArgumentException( + "Unsupported AttributeValue type: UNKNOWN_TO_SDK_VERSION. This may indicate a newer DynamoDB attribute type that is not supported by this SDK version." + ); } - throw new IllegalArgumentException("omfg"); + throw new IllegalArgumentException( + "Unexpected AttributeValue type: " + + value.type() + + ". Unable to convert from SDK v2 to SDK v1 format." + ); } public static Map< @@ -392,6 +460,9 @@ > V2MapToV1Map( software.amazon.awssdk.services.dynamodb.model.AttributeValue > input ) { + if (input == null) { + return null; + } return input .entrySet() .stream() @@ -459,6 +530,9 @@ public static software.amazon.awssdk.services.dynamodb.model.AttributeValue V1At > V1MapToV2Map( Map input ) { + if (input == null) { + return null; + } return input .entrySet() .stream() diff --git a/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/LegacyEncryptorAdapter.java b/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/LegacyEncryptorAdapter.java new file mode 100644 index 0000000000..284f8d675f --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/LegacyEncryptorAdapter.java @@ -0,0 +1,27 @@ +package software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.legacy; + +import java.security.GeneralSecurityException; +import java.util.Map; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; + +public interface LegacyEncryptorAdapter { + Map encryptRecord( + Map< + String, + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > item + ) throws GeneralSecurityException; + + Map< + String, + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > decryptRecord( + Map< + String, + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > item + ) throws GeneralSecurityException; + + String getMaterialDescriptionFieldName(); + String getSignatureFieldName(); +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/V1EncryptorAdapter.java b/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/V1EncryptorAdapter.java new file mode 100644 index 0000000000..f563281495 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/V1EncryptorAdapter.java @@ -0,0 +1,68 @@ +package software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.legacy; + +import static software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.legacy.InternalLegacyOverride.V1MapToV2Map; +import static software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.legacy.InternalLegacyOverride.V2MapToV1Map; + +import com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor; +import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionContext; +import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionFlags; +import java.security.GeneralSecurityException; +import java.util.Map; +import java.util.Set; + +public class V1EncryptorAdapter implements LegacyEncryptorAdapter { + + private final DynamoDBEncryptor encryptor; + private final Map> actions; + private final EncryptionContext encryptionContext; + + V1EncryptorAdapter( + DynamoDBEncryptor encryptor, + Map> actions, + EncryptionContext encryptionContext + ) { + this.encryptor = encryptor; + this.actions = actions; + this.encryptionContext = encryptionContext; + } + + @Override + public Map< + String, + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > encryptRecord( + Map< + String, + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > item + ) throws GeneralSecurityException { + return V1MapToV2Map( + encryptor.encryptRecord(V2MapToV1Map(item), actions, encryptionContext) + ); + } + + @Override + public Map< + String, + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > decryptRecord( + Map< + String, + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > item + ) throws GeneralSecurityException { + return V1MapToV2Map( + encryptor.decryptRecord(V2MapToV1Map(item), actions, encryptionContext) + ); + } + + @Override + public String getMaterialDescriptionFieldName() { + return encryptor.getMaterialDescriptionFieldName(); + } + + @Override + public String getSignatureFieldName() { + return encryptor.getSignatureFieldName(); + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/V2EncryptorAdapter.java b/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/V2EncryptorAdapter.java new file mode 100644 index 0000000000..41622bd9f4 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/itemencryptor/internaldafny/legacy/V2EncryptorAdapter.java @@ -0,0 +1,61 @@ +package software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.legacy; + +import java.security.GeneralSecurityException; +import java.util.Map; +import java.util.Set; +import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDBEncryptor; +import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionContext; +import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionFlags; + +public class V2EncryptorAdapter implements LegacyEncryptorAdapter { + + private final DynamoDBEncryptor encryptor; + private final Map> actions; + private final EncryptionContext encryptionContext; + + V2EncryptorAdapter( + DynamoDBEncryptor encryptor, + Map> actions, + EncryptionContext encryptionContext + ) { + this.encryptor = encryptor; + this.actions = actions; + this.encryptionContext = encryptionContext; + } + + @Override + public Map< + String, + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > encryptRecord( + Map< + String, + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > item + ) throws GeneralSecurityException { + return encryptor.encryptRecord(item, actions, encryptionContext); + } + + @Override + public Map< + String, + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > decryptRecord( + Map< + String, + software.amazon.awssdk.services.dynamodb.model.AttributeValue + > item + ) throws GeneralSecurityException { + return encryptor.decryptRecord(item, actions, encryptionContext); + } + + @Override + public String getMaterialDescriptionFieldName() { + return encryptor.getMaterialDescriptionFieldName(); + } + + @Override + public String getSignatureFieldName() { + return encryptor.getSignatureFieldName(); + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DynamoDbEncryptor.java b/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DynamoDBEncryptor.java similarity index 98% rename from DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DynamoDbEncryptor.java rename to DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DynamoDBEncryptor.java index 95e6ec73c7..b52494e76e 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DynamoDbEncryptor.java +++ b/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DynamoDBEncryptor.java @@ -34,6 +34,7 @@ import software.amazon.awssdk.core.SdkBytes; import software.amazon.awssdk.services.dynamodb.model.AttributeValue; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.ILegacyDynamoDbEncryptor; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.exceptions.DynamoDbEncryptionException; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.materials.DecryptionMaterials; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.materials.EncryptionMaterials; @@ -48,7 +49,7 @@ * * @author Greg Rubin */ -public class DynamoDbEncryptor { +public class DynamoDBEncryptor implements ILegacyDynamoDbEncryptor { private static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA256withRSA"; private static final String DEFAULT_METADATA_FIELD = "*amzn-ddb-map-desc*"; private static final String DEFAULT_SIGNATURE_FIELD = "*amzn-ddb-map-sig*"; @@ -79,19 +80,19 @@ public class DynamoDbEncryptor { private Function encryptionContextOverrideOperator; - protected DynamoDbEncryptor(EncryptionMaterialsProvider provider, String descriptionBase) { + protected DynamoDBEncryptor(EncryptionMaterialsProvider provider, String descriptionBase) { this.encryptionMaterialsProvider = provider; this.descriptionBase = descriptionBase; symmetricEncryptionModeHeader = this.descriptionBase + "sym-mode"; signingAlgorithmHeader = this.descriptionBase + "signingAlg"; } - public static DynamoDbEncryptor getInstance( + public static DynamoDBEncryptor getInstance( EncryptionMaterialsProvider provider, String descriptionbase) { - return new DynamoDbEncryptor(provider, descriptionbase); + return new DynamoDBEncryptor(provider, descriptionbase); } - public static DynamoDbEncryptor getInstance(EncryptionMaterialsProvider provider) { + public static DynamoDBEncryptor getInstance(EncryptionMaterialsProvider provider) { return getInstance(provider, DEFAULT_DESCRIPTION_BASE); } @@ -454,7 +455,7 @@ private void actualEncryption(Map itemAttributes, * * @return the name of the DynamoDB field used to store the signature */ - String getSignatureFieldName() { + public String getSignatureFieldName() { return signatureFieldName; } @@ -474,7 +475,7 @@ void setSignatureFieldName(final String signatureFieldName) { * @return the name of the DynamoDB field used to store metadata used by the * DynamoDBEncryptedMapper */ - String getMaterialDescriptionFieldName() { + public String getMaterialDescriptionFieldName() { return materialDescriptionFieldName; } diff --git a/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/EncryptionContext.java b/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/EncryptionContext.java index 9a78ad9b04..f0ae27e26c 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/EncryptionContext.java +++ b/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/EncryptionContext.java @@ -83,7 +83,7 @@ public Map getAttributeValues() { /** * This object has no meaning (and will not be set or examined) by any core libraries. * It exists to allow custom object mappers and data access layers to pass - * data to {@link EncryptionMaterialsProvider}s through the {@link DynamoDbEncryptor}. + * data to {@link EncryptionMaterialsProvider}s through the {@link DynamoDBEncryptor}. */ public Object getDeveloperContext() { return developerContext; diff --git a/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/store/MetaStore.java b/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/store/MetaStore.java index c0fbe5e06f..9744061094 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/store/MetaStore.java +++ b/DynamoDbEncryption/runtimes/java/src/main/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/store/MetaStore.java @@ -44,7 +44,7 @@ import software.amazon.awssdk.services.dynamodb.model.PutItemRequest; import software.amazon.awssdk.services.dynamodb.model.QueryRequest; import software.amazon.awssdk.services.dynamodb.model.ScalarAttributeType; -import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDbEncryptor; +import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDBEncryptor; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionContext; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.providers.EncryptionMaterialsProvider; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.providers.WrappedMaterialsProvider; @@ -95,7 +95,7 @@ public class MetaStore extends ProviderStore { // private final DynamoDbEncryptionConfiguration encryptionConfiguration; private final String tableName; private final DynamoDbClient ddb; - private final DynamoDbEncryptor encryptor; + private final DynamoDBEncryptor encryptor; private final EncryptionContext ddbCtx; private final ExtraDataSupplier extraDataSupplier; @@ -129,7 +129,7 @@ public interface ExtraDataSupplier { * @param encryptor used to perform crypto operations on the record attributes. */ public MetaStore(final DynamoDbClient ddb, final String tableName, - final DynamoDbEncryptor encryptor) { + final DynamoDBEncryptor encryptor) { this(ddb, tableName, encryptor, EMPTY_EXTRA_DATA_SUPPLIER); } @@ -142,7 +142,7 @@ public MetaStore(final DynamoDbClient ddb, final String tableName, * @param extraDataSupplier provides extra data that should be stored along with the material. */ public MetaStore(final DynamoDbClient ddb, final String tableName, - final DynamoDbEncryptor encryptor, final ExtraDataSupplier extraDataSupplier) { + final DynamoDBEncryptor encryptor, final ExtraDataSupplier extraDataSupplier) { this.ddb = checkNotNull(ddb, "ddb must not be null"); this.tableName = checkNotNull(tableName, "tableName must not be null"); this.encryptor = checkNotNull(encryptor, "encryptor must not be null"); @@ -389,7 +389,7 @@ private EncryptionMaterialsProvider decryptProvider(final Map getPlainText(final Map encryptedRecord; Map> actions; EncryptionContext encryptionContext = @@ -690,7 +690,7 @@ private Map getItems(Map map, St private void assertVersionCompatibility(EncryptionMaterialsProvider provider, String tableName) throws GeneralSecurityException { - DynamoDbEncryptor encryptor = DynamoDbEncryptor.getInstance(provider); + DynamoDBEncryptor encryptor = DynamoDBEncryptor.getInstance(provider); Map response; Map decryptedRecord; EncryptionContext encryptionContext = @@ -805,7 +805,7 @@ private void assertVersionCompatibility(EncryptionMaterialsProvider provider, St private void assertVersionCompatibility_2(EncryptionMaterialsProvider provider, String tableName) throws GeneralSecurityException { - DynamoDbEncryptor encryptor = DynamoDbEncryptor.getInstance(provider); + DynamoDBEncryptor encryptor = DynamoDBEncryptor.getInstance(provider); Map response; Map decryptedRecord; EncryptionContext encryptionContext = diff --git a/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DelegatedEncryptionTest.java b/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DelegatedEncryptionTest.java index fd3bf37ace..b2f76bd374 100644 --- a/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DelegatedEncryptionTest.java +++ b/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DelegatedEncryptionTest.java @@ -54,7 +54,7 @@ public class DelegatedEncryptionTest { private static DelegatedKey macKey; private EncryptionMaterialsProvider prov; - private DynamoDbEncryptor encryptor; + private DynamoDBEncryptor encryptor; private Map attribs; private EncryptionContext context; @@ -71,7 +71,7 @@ public static void setupClass() { public void setUp() { prov = new SymmetricStaticProvider(encryptionKey, macKey, Collections.emptyMap()); - encryptor = DynamoDbEncryptor.getInstance(prov, "encryptor-"); + encryptor = DynamoDBEncryptor.getInstance(prov, "encryptor-"); attribs = new HashMap<>(); attribs.put("intValue", AttributeValue.builder().n("123").build()); @@ -189,7 +189,7 @@ public void signedOnly() throws GeneralSecurityException { @Test public void signedOnlyNullCryptoKey() throws GeneralSecurityException { prov = new SymmetricStaticProvider(null, macKey, Collections.emptyMap()); - encryptor = DynamoDbEncryptor.getInstance(prov, "encryptor-"); + encryptor = DynamoDBEncryptor.getInstance(prov, "encryptor-"); Map encryptedAttributes = encryptor.encryptAllFieldsExcept(attribs, context, attribs.keySet().toArray(new String[0])); assertThat(encryptedAttributes, AttrMatcher.invert(attribs)); @@ -234,7 +234,7 @@ public void RsaSignedOnly() throws GeneralSecurityException { rsaGen.initialize(2048, Utils.getRng()); KeyPair sigPair = rsaGen.generateKeyPair(); encryptor = - DynamoDbEncryptor.getInstance( + DynamoDBEncryptor.getInstance( new SymmetricStaticProvider( encryptionKey, sigPair, Collections.emptyMap()), "encryptor-" @@ -262,7 +262,7 @@ public void RsaSignedOnlyBadSignature() throws GeneralSecurityException { rsaGen.initialize(2048, Utils.getRng()); KeyPair sigPair = rsaGen.generateKeyPair(); encryptor = - DynamoDbEncryptor.getInstance( + DynamoDBEncryptor.getInstance( new SymmetricStaticProvider( encryptionKey, sigPair, Collections.emptyMap()), "encryptor-" diff --git a/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DelegatedEnvelopeEncryptionTest.java b/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DelegatedEnvelopeEncryptionTest.java index ce22c396fa..c052c6d1a8 100644 --- a/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DelegatedEnvelopeEncryptionTest.java +++ b/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DelegatedEnvelopeEncryptionTest.java @@ -55,7 +55,7 @@ public class DelegatedEnvelopeEncryptionTest { private static DelegatedKey macKey; private EncryptionMaterialsProvider prov; - private DynamoDbEncryptor encryptor; + private DynamoDBEncryptor encryptor; private Map attribs; private EncryptionContext context; @@ -73,7 +73,7 @@ public void setUp() throws Exception { prov = new WrappedMaterialsProvider( encryptionKey, encryptionKey, macKey, Collections.emptyMap()); - encryptor = DynamoDbEncryptor.getInstance(prov, "encryptor-"); + encryptor = DynamoDBEncryptor.getInstance(prov, "encryptor-"); attribs = new HashMap(); attribs.put("intValue", AttributeValue.builder().n("123").build()); @@ -174,7 +174,7 @@ public void badVersionNumber() throws GeneralSecurityException { @Test public void signedOnlyNullCryptoKey() throws GeneralSecurityException { prov = new SymmetricStaticProvider(null, macKey, Collections.emptyMap()); - encryptor = DynamoDbEncryptor.getInstance(prov, "encryptor-"); + encryptor = DynamoDBEncryptor.getInstance(prov, "encryptor-"); Map encryptedAttributes = encryptor.encryptAllFieldsExcept(attribs, context, attribs.keySet().toArray(new String[0])); assertThat(encryptedAttributes, AttrMatcher.invert(attribs)); @@ -218,7 +218,7 @@ public void RsaSignedOnly() throws GeneralSecurityException { rsaGen.initialize(2048, Utils.getRng()); KeyPair sigPair = rsaGen.generateKeyPair(); encryptor = - DynamoDbEncryptor.getInstance( + DynamoDBEncryptor.getInstance( new SymmetricStaticProvider( encryptionKey, sigPair, Collections.emptyMap()), "encryptor-"); @@ -246,7 +246,7 @@ public void RsaSignedOnlyBadSignature() throws GeneralSecurityException { rsaGen.initialize(2048, Utils.getRng()); KeyPair sigPair = rsaGen.generateKeyPair(); encryptor = - DynamoDbEncryptor.getInstance( + DynamoDBEncryptor.getInstance( new SymmetricStaticProvider( encryptionKey, sigPair, Collections.emptyMap()), "encryptor-"); diff --git a/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DynamoDbEncryptorTest.java b/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DynamoDbEncryptorTest.java index 87fb8353bb..b332e9c2d6 100644 --- a/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DynamoDbEncryptorTest.java +++ b/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/DynamoDbEncryptorTest.java @@ -64,7 +64,7 @@ public class DynamoDbEncryptorTest { private static SecretKey macKey; private InstrumentedEncryptionMaterialsProvider prov; - private DynamoDbEncryptor encryptor; + private DynamoDBEncryptor encryptor; private Map attribs; private EncryptionContext context; private static final String OVERRIDDEN_TABLE_NAME = "TheBestTableName"; @@ -85,7 +85,7 @@ public void setUp() { prov = new InstrumentedEncryptionMaterialsProvider( new SymmetricStaticProvider(encryptionKey, macKey, Collections.emptyMap())); - encryptor = DynamoDbEncryptor.getInstance(prov, "enryptor-"); + encryptor = DynamoDBEncryptor.getInstance(prov, "enryptor-"); attribs = new HashMap<>(); attribs.put("intValue", AttributeValue.builder().n("123").build()); @@ -255,7 +255,7 @@ public void signedOnlyNullCryptoKey() throws GeneralSecurityException { prov = new InstrumentedEncryptionMaterialsProvider( new SymmetricStaticProvider(null, macKey, Collections.emptyMap())); - encryptor = DynamoDbEncryptor.getInstance(prov, "encryptor-"); + encryptor = DynamoDBEncryptor.getInstance(prov, "encryptor-"); Map encryptedAttributes = encryptor.encryptAllFieldsExcept(attribs, context, attribs.keySet().toArray(new String[0])); assertThat(encryptedAttributes, AttrMatcher.invert(attribs)); @@ -299,7 +299,7 @@ public void RsaSignedOnly() throws GeneralSecurityException { rsaGen.initialize(2048, Utils.getRng()); KeyPair sigPair = rsaGen.generateKeyPair(); encryptor = - DynamoDbEncryptor.getInstance( + DynamoDBEncryptor.getInstance( new SymmetricStaticProvider( encryptionKey, sigPair, Collections.emptyMap()), "encryptor-"); @@ -327,7 +327,7 @@ public void RsaSignedOnlyBadSignature() throws GeneralSecurityException { rsaGen.initialize(2048, Utils.getRng()); KeyPair sigPair = rsaGen.generateKeyPair(); encryptor = - DynamoDbEncryptor.getInstance( + DynamoDBEncryptor.getInstance( new SymmetricStaticProvider( encryptionKey, sigPair, Collections.emptyMap()), "encryptor-"); @@ -347,7 +347,7 @@ public void RsaSignedOnlyBadSignature() throws GeneralSecurityException { */ @Test public void testNullEncryptionContextOperator() throws GeneralSecurityException { - DynamoDbEncryptor encryptor = DynamoDbEncryptor.getInstance(prov); + DynamoDBEncryptor encryptor = DynamoDBEncryptor.getInstance(prov); encryptor.setEncryptionContextOverrideOperator(null); encryptor.encryptAllFieldsExcept(attribs, context, Collections.emptyList()); } @@ -359,7 +359,7 @@ public void testNullEncryptionContextOperator() throws GeneralSecurityException public void testTableNameOverriddenEncryptionContextOperator() throws GeneralSecurityException { // Ensure that the table name is different from what we override the table to. assertThat(context.getTableName(), not(equalTo(OVERRIDDEN_TABLE_NAME))); - DynamoDbEncryptor encryptor = DynamoDbEncryptor.getInstance(prov); + DynamoDBEncryptor encryptor = DynamoDBEncryptor.getInstance(prov); encryptor.setEncryptionContextOverrideOperator( overrideEncryptionContextTableName(context.getTableName(), OVERRIDDEN_TABLE_NAME)); Map encryptedItems = @@ -378,8 +378,8 @@ public void testTableNameOverriddenEncryptionContextOperatorWithSecondEncryptor( throws GeneralSecurityException { // Ensure that the table name is different from what we override the table to. assertThat(context.getTableName(), not(equalTo(OVERRIDDEN_TABLE_NAME))); - DynamoDbEncryptor encryptor = DynamoDbEncryptor.getInstance(prov); - DynamoDbEncryptor encryptorWithoutOverride = DynamoDbEncryptor.getInstance(prov); + DynamoDBEncryptor encryptor = DynamoDBEncryptor.getInstance(prov); + DynamoDBEncryptor encryptorWithoutOverride = DynamoDBEncryptor.getInstance(prov); encryptor.setEncryptionContextOverrideOperator( overrideEncryptionContextTableName(context.getTableName(), OVERRIDDEN_TABLE_NAME)); Map encryptedItems = @@ -402,8 +402,8 @@ public void testTableNameOverriddenEncryptionContextOperatorWithSecondEncryptor( throws GeneralSecurityException { // Ensure that the table name is different from what we override the table to. assertThat(context.getTableName(), not(equalTo(OVERRIDDEN_TABLE_NAME))); - DynamoDbEncryptor encryptor = DynamoDbEncryptor.getInstance(prov); - DynamoDbEncryptor encryptorWithoutOverride = DynamoDbEncryptor.getInstance(prov); + DynamoDBEncryptor encryptor = DynamoDBEncryptor.getInstance(prov); + DynamoDBEncryptor encryptorWithoutOverride = DynamoDBEncryptor.getInstance(prov); encryptor.setEncryptionContextOverrideOperator( overrideEncryptionContextTableName(context.getTableName(), OVERRIDDEN_TABLE_NAME)); Map encryptedItems = @@ -418,7 +418,7 @@ public void testTableNameOverriddenEncryptionContextOperatorWithSecondEncryptor( @Test public void EcdsaSignedOnly() throws GeneralSecurityException { - encryptor = DynamoDbEncryptor.getInstance(getMaterialProviderwithECDSA()); + encryptor = DynamoDBEncryptor.getInstance(getMaterialProviderwithECDSA()); Map encryptedAttributes = encryptor.encryptAllFieldsExcept(attribs, context, attribs.keySet().toArray(new String[0])); @@ -440,7 +440,7 @@ public void EcdsaSignedOnly() throws GeneralSecurityException { @Test(expectedExceptions = SignatureException.class) public void EcdsaSignedOnlyBadSignature() throws GeneralSecurityException { - encryptor = DynamoDbEncryptor.getInstance(getMaterialProviderwithECDSA()); + encryptor = DynamoDBEncryptor.getInstance(getMaterialProviderwithECDSA()); Map encryptedAttributes = encryptor.encryptAllFieldsExcept(attribs, context, attribs.keySet().toArray(new String[0])); @@ -500,7 +500,7 @@ public void testDecryptWithPlainTextItemAndAdditionNewAttributeHavingEncryptionF private void assertToByteArray( final String msg, final byte[] expected, final ByteBuffer testValue) throws ReflectiveOperationException { - Method m = DynamoDbEncryptor.class.getDeclaredMethod("toByteArray", ByteBuffer.class); + Method m = DynamoDBEncryptor.class.getDeclaredMethod("toByteArray", ByteBuffer.class); m.setAccessible(true); int oldPosition = testValue.position(); @@ -537,7 +537,7 @@ private EncryptionMaterialsProvider getMaterialProviderwithECDSA() g.initialize(ecSpec, Utils.getRng()); KeyPair keypair = g.generateKeyPair(); Map description = new HashMap<>(); - description.put(DynamoDbEncryptor.DEFAULT_SIGNING_ALGORITHM_HEADER, "SHA384withECDSA"); + description.put(DynamoDBEncryptor.DEFAULT_SIGNING_ALGORITHM_HEADER, "SHA384withECDSA"); return new SymmetricStaticProvider(null, keypair, description); } diff --git a/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/CachingMostRecentProviderTests.java b/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/CachingMostRecentProviderTests.java index f286648332..e3b4078bc8 100644 --- a/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/CachingMostRecentProviderTests.java +++ b/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/CachingMostRecentProviderTests.java @@ -8,7 +8,7 @@ import static org.testng.AssertJUnit.assertTrue; import software.amazon.awssdk.services.dynamodb.DynamoDbClient; -import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDbEncryptor; +import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDBEncryptor; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionContext; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.materials.DecryptionMaterials; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.materials.EncryptionMaterials; @@ -40,7 +40,7 @@ public class CachingMostRecentProviderTests { new SecretKeySpec(new byte[] {0, 1, 2, 3, 4, 5, 6, 7}, "HmacSHA256"); private static final EncryptionMaterialsProvider BASE_PROVIDER = new SymmetricStaticProvider(AES_KEY, HMAC_KEY); - private static final DynamoDbEncryptor ENCRYPTOR = DynamoDbEncryptor.getInstance(BASE_PROVIDER); + private static final DynamoDBEncryptor ENCRYPTOR = DynamoDBEncryptor.getInstance(BASE_PROVIDER); private DynamoDbClient client; private Map methodCalls; diff --git a/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/store/MetaStoreTests.java b/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/store/MetaStoreTests.java index 3449908a6d..f98f807fda 100644 --- a/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/store/MetaStoreTests.java +++ b/DynamoDbEncryption/runtimes/java/src/test/sdkv2/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/store/MetaStoreTests.java @@ -28,7 +28,7 @@ import org.testng.annotations.BeforeMethod; import org.testng.annotations.Test; -import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDbEncryptor; +import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.DynamoDBEncryptor; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.EncryptionContext; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.exceptions.DynamoDbEncryptionException; import software.amazon.cryptools.dynamodbencryptionclientsdk2.encryption.materials.DecryptionMaterials; @@ -56,8 +56,8 @@ public class MetaStoreTests { 2, 4, 6, 8, 10, 12, 14 }, "HmacSHA256"); private static final EncryptionMaterialsProvider BASE_PROVIDER = new SymmetricStaticProvider(AES_KEY, HMAC_KEY); private static final EncryptionMaterialsProvider TARGET_BASE_PROVIDER = new SymmetricStaticProvider(TARGET_AES_KEY, TARGET_HMAC_KEY); - private static final DynamoDbEncryptor ENCRYPTOR = DynamoDbEncryptor.getInstance(BASE_PROVIDER); - private static final DynamoDbEncryptor TARGET_ENCRYPTOR = DynamoDbEncryptor.getInstance(TARGET_BASE_PROVIDER); + private static final DynamoDBEncryptor ENCRYPTOR = DynamoDBEncryptor.getInstance(BASE_PROVIDER); + private static final DynamoDBEncryptor TARGET_ENCRYPTOR = DynamoDBEncryptor.getInstance(TARGET_BASE_PROVIDER); private final LocalDynamoDb localDynamoDb = new LocalDynamoDb(); private final LocalDynamoDb targetLocalDynamoDb = new LocalDynamoDb();