Skip to content

Allow overriding KMS encryption context. #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 9, 2019
Merged

Allow overriding KMS encryption context. #102

merged 1 commit into from
Oct 9, 2019

Conversation

mmarston
Copy link

@mmarston mmarston commented Oct 9, 2019
edited
Loading

Description of changes:

We have a need to provide our own encryption context for calls to KMS. This change makes the populateKmsEcFromEc method of DirectKmsMaterialsProvider protected so we can override it.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

@codecov-io
Copy link

codecov-io commented Oct 9, 2019
edited
Loading

Codecov Report

Merging #102 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master     #102   +/-   ##
=========================================
  Coverage     87.89%   87.89%           
  Complexity      709      709           
=========================================
  Files            52       52           
  Lines          2661     2661           
  Branches        298      298           
=========================================
  Hits           2339     2339           
  Misses          229      229           
  Partials         93       93
Impacted Files Coverage Δ Complexity Δ
...cryption/providers/DirectKmsMaterialsProvider.java 85% <ø> (ø) 20 <0> (ø) ⬇️
...ncryption/providers/DirectKmsMaterialProvider.java 85.71% <ø> (ø) 24 <0> (ø) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 18cf54b...e706f38. Read the comment docs.

SalusaSecondus
SalusaSecondus approved these changes Oct 9, 2019
View reviewed changes
Copy link
Contributor

@SalusaSecondus SalusaSecondus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@SalusaSecondus SalusaSecondus merged commit c2fd000 into aws:master Oct 9, 2019
seebees pushed a commit that referenced this pull request Dec 12, 2023
@WesleyRosenblum
Create keyring trace and add to encryption and decryption materials. (#…
9307933 
…134)

* Create keyring trace and add to encryption and decryption materials.

*Issue #, if available:* #102

*Description of changes:*

Creating a keyring trace and adding to encryption and decryption materials to allow for auditing actions a keyring has taken on encryption materials.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

# Check any applicable:
- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.
seebees pushed a commit that referenced this pull request Dec 12, 2023
@WesleyRosenblum
Refactor JceMasterKey to extract logic to be shared by raw keyrings. (#…
4fdc309 
…139)

* Refactor JceMasterKey to extract logic to be shared by raw keyrings.

*Issue #, if available:* #102

*Description of changes:*

In anticipation of the RawAesKeyring and RawRsaKeyring needing logic currently embedded in the JceMasterKey, this change extracts that logic into the JceKeyCipher class so it may be shared.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.
seebees pushed a commit that referenced this pull request Dec 12, 2023
@WesleyRosenblum
Defining Keyring interface, RawAesKeyring and RawRsaKeyring. (#142)
36958b8 
* Defining Keyring interface, RawAesKeyring and RawRsaKeyring.

*Issue #, if available:* #102

*Description of changes:*

This change defines the Keyring interface, RawAesKeyring and RawRsaKeyring.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

# Check any applicable:
- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

* Moving factory methods to StandardKeyrings and correcting RawAes trace.

* Adding additional tests for RawAesKeyring and RawRsaKeyring

* Creating separate Encryption/Decryption materials for Keyring usage

To maintain backward compatibility with MasterKey/MasterKeyProviders,
new EncryptionMaterials and DecryptionMaterials classes are defined for
use in Keyrings, so they can include names inline with the spec and
additional validation. This change also adds test dependencies for
JUnit5.

* Minor formatting fixes

* Fixing comments and migrating KeyringTraceTest to JUnit5

* Renaming algorithm to algorithmSuite

* Making optional materials properties throw exceptions if not populated.

* Using Objects.requireNonNull and renaming builder methods
seebees pushed a commit that referenced this pull request Dec 12, 2023
@WesleyRosenblum @SalusaSecondus
Merge head of master into keyring (#169)
ebda774 
* Add a basic example for encrypting and decrypting with a KMS CMK (#136)

* *Issue #, if available:* #108

*Description of changes:*

Add a basic example for encrypting and decrypting with a KMS CMK.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

# Check any applicable:
- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

* Add test and Maven plugin to include examples directory as test source

* Update docs in prep for 1.6.1 (#133)

* Update docs in prep for 1.6.1
* Actually bump version for release

* Fix for new versions of gpg

* Refactor JceMasterKey to extract logic to be shared by raw keyrings. (#139)

* Refactor JceMasterKey to extract logic to be shared by raw keyrings.

*Issue #, if available:* #102

*Description of changes:*

In anticipation of the RawAesKeyring and RawRsaKeyring needing logic currently embedded in the JceMasterKey, this change extracts that logic into the JceKeyCipher class so it may be shared.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

* fix: The final frame can not be larger than the Frame Length (#166)

* Add validation to ensure the length of the final frame in the final
frame header does not exceed the frame size specified in the message
header.

* Validate that frame length is positive for framed data

* Reverting removal of variable frame length code

* Reverting removal of variable frame length code

* Fix spacing after if

Co-authored-by: SalusaSecondus <[email protected]>
Co-authored-by: Greg Rubin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SalusaSecondus SalusaSecondus SalusaSecondus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mmarston @codecov-io @SalusaSecondus