-
Notifications
You must be signed in to change notification settings - Fork 122
/
Copy pathEncryptionMaterials.java
194 lines (165 loc) · 5.92 KB
/
EncryptionMaterials.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
package com.amazonaws.encryptionsdk.model;
import com.amazonaws.encryptionsdk.CryptoAlgorithm;
import com.amazonaws.encryptionsdk.MasterKey;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.crypto.SecretKey;
/**
* Contains the cryptographic materials needed for an encryption operation.
*
* @see
* com.amazonaws.encryptionsdk.CryptoMaterialsManager#getMaterialsForEncrypt(EncryptionMaterialsRequest)
*/
public final class EncryptionMaterials {
private final CryptoAlgorithm algorithm;
private final Map<String, String> encryptionContext;
private final List<KeyBlob> encryptedDataKeys;
private final SecretKey cleartextDataKey;
private final PrivateKey trailingSignatureKey;
private final List<MasterKey> masterKeys;
private EncryptionMaterials(Builder b) {
this.algorithm = b.algorithm;
this.encryptionContext = b.encryptionContext;
this.encryptedDataKeys = b.encryptedDataKeys;
this.cleartextDataKey = b.cleartextDataKey;
this.trailingSignatureKey = b.trailingSignatureKey;
this.masterKeys = b.getMasterKeys();
}
public Builder toBuilder() {
return new Builder(this);
}
public static Builder newBuilder() {
return new Builder();
}
/**
* The algorithm to use for this encryption operation. Must match the algorithm in
* EncryptionMaterialsRequest, if that algorithm was non-null.
*/
public CryptoAlgorithm getAlgorithm() {
return algorithm;
}
/**
* The encryption context to use for the encryption operation. Does not need to match the
* EncryptionMaterialsRequest.
*/
public Map<String, String> getEncryptionContext() {
return encryptionContext;
}
/** The KeyBlobs to serialize (in cleartext) into the encrypted message. */
public List<KeyBlob> getEncryptedDataKeys() {
return encryptedDataKeys;
}
/**
* The cleartext data key to use for encrypting this message. Note that this is the data key prior
* to any key derivation required by the crypto algorithm in use.
*/
public SecretKey getCleartextDataKey() {
return cleartextDataKey;
}
/**
* The private key to be used to sign the message trailer. Must be present if any only if required
* by the crypto algorithm, and the key type must likewise match the algorithm in use.
*
* <p>Note that it's the {@link com.amazonaws.encryptionsdk.CryptoMaterialsManager}'s
* responsibility to find a place to put the public key; typically, this will be in the encryption
* context, to improve cross-compatibility, but this is not a strict requirement.
*/
public PrivateKey getTrailingSignatureKey() {
return trailingSignatureKey;
}
/** Contains a list of all MasterKeys that could decrypt this message. */
@Deprecated
public List<MasterKey> getMasterKeys() {
return masterKeys;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
EncryptionMaterials that = (EncryptionMaterials) o;
return algorithm == that.algorithm
&& Objects.equals(encryptionContext, that.encryptionContext)
&& Objects.equals(encryptedDataKeys, that.encryptedDataKeys)
&& Objects.equals(cleartextDataKey, that.cleartextDataKey)
&& Objects.equals(trailingSignatureKey, that.trailingSignatureKey)
&& Objects.equals(masterKeys, that.masterKeys);
}
@Override
public int hashCode() {
return Objects.hash(
algorithm,
encryptionContext,
encryptedDataKeys,
cleartextDataKey,
trailingSignatureKey,
masterKeys);
}
public static class Builder {
private CryptoAlgorithm algorithm;
private Map<String, String> encryptionContext = Collections.emptyMap();
private List<KeyBlob> encryptedDataKeys = null;
private SecretKey cleartextDataKey;
private PrivateKey trailingSignatureKey;
private List<MasterKey> masterKeys = Collections.emptyList();
private Builder() {}
private Builder(EncryptionMaterials r) {
algorithm = r.algorithm;
encryptionContext = r.encryptionContext;
encryptedDataKeys = r.encryptedDataKeys;
cleartextDataKey = r.cleartextDataKey;
trailingSignatureKey = r.trailingSignatureKey;
setMasterKeys(r.masterKeys);
}
public EncryptionMaterials build() {
return new EncryptionMaterials(this);
}
public CryptoAlgorithm getAlgorithm() {
return algorithm;
}
public Builder setAlgorithm(CryptoAlgorithm algorithm) {
this.algorithm = algorithm;
return this;
}
public Map<String, String> getEncryptionContext() {
return encryptionContext;
}
public Builder setEncryptionContext(Map<String, String> encryptionContext) {
this.encryptionContext = Collections.unmodifiableMap(new HashMap<>(encryptionContext));
return this;
}
public List<KeyBlob> getEncryptedDataKeys() {
return encryptedDataKeys;
}
public Builder setEncryptedDataKeys(List<KeyBlob> encryptedDataKeys) {
this.encryptedDataKeys = Collections.unmodifiableList(new ArrayList<>(encryptedDataKeys));
return this;
}
public SecretKey getCleartextDataKey() {
return cleartextDataKey;
}
public Builder setCleartextDataKey(SecretKey cleartextDataKey) {
this.cleartextDataKey = cleartextDataKey;
return this;
}
public PrivateKey getTrailingSignatureKey() {
return trailingSignatureKey;
}
public Builder setTrailingSignatureKey(PrivateKey trailingSignatureKey) {
this.trailingSignatureKey = trailingSignatureKey;
return this;
}
@Deprecated
public List<MasterKey> getMasterKeys() {
return masterKeys;
}
public Builder setMasterKeys(List<MasterKey> masterKeys) {
this.masterKeys = Collections.unmodifiableList(new ArrayList<>(masterKeys));
return this;
}
}
}