Skip to content

Merge keyring branch into master #173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 20 commits into from
Apr 13, 2020
Merged

Merge keyring branch into master #173

merged 20 commits into from
Apr 13, 2020

Conversation

WesleyRosenblum
Copy link
Contributor

Issue #, if available: #102

Description of changes: Merging keyring branch into master in preparation for release

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

Legacy examples were moved to the legacy directory. I've confirmed with @juneb this does not break any hyperlinks in the AWS docs.

WesleyRosenblum and others added 20 commits October 30, 2019 10:17
@WesleyRosenblum
Create keyring trace and add to encryption and decryption materials. (#…
9307933 
…134)

* Create keyring trace and add to encryption and decryption materials.

*Issue #, if available:* #102

*Description of changes:*

Creating a keyring trace and adding to encryption and decryption materials to allow for auditing actions a keyring has taken on encryption materials.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

# Check any applicable:
- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.
@WesleyRosenblum
Merge head of master into keyring (#141)
282cd6f 
*Description of changes:*

Merge head of master into keyring

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

# Check any applicable:
- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.
@WesleyRosenblum
Defining Keyring interface, RawAesKeyring and RawRsaKeyring. (#142)
36958b8 
* Defining Keyring interface, RawAesKeyring and RawRsaKeyring.

*Issue #, if available:* #102

*Description of changes:*

This change defines the Keyring interface, RawAesKeyring and RawRsaKeyring.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

# Check any applicable:
- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

* Moving factory methods to StandardKeyrings and correcting RawAes trace.

* Adding additional tests for RawAesKeyring and RawRsaKeyring

* Creating separate Encryption/Decryption materials for Keyring usage

To maintain backward compatibility with MasterKey/MasterKeyProviders,
new EncryptionMaterials and DecryptionMaterials classes are defined for
use in Keyrings, so they can include names inline with the spec and
additional validation. This change also adds test dependencies for
JUnit5.

* Minor formatting fixes

* Fixing comments and migrating KeyringTraceTest to JUnit5

* Renaming algorithm to algorithmSuite

* Making optional materials properties throw exceptions if not populated.

* Using Objects.requireNonNull and renaming builder methods
@WesleyRosenblum
Define the MultiKeyring (#148)
b75027d 
* Define the MultiKeyring

* Making defensive copy of child keyrings and adding convienance factory method
@WesleyRosenblum
Defining the KMS Keyring (#147)
77f46c2 
* Defining the KMS Keyring.

* Adding test for MismatchedDataKey and updating StandardKeyrings

* Adding builder for KmsClientSupplier to support easy client setup

* Support raw key IDs in KmsMasterKey

* Reducing visibility of KmsKeyring

* Don't attempt encryption with a null generator

* Make MismatchedDataKeyException an AwsCryptoException

* Optimizing O(n^2) operation in onDecrypt

* Making defensive copy of keyIds

* Skip malformed arns in OnDecrypt instead of failing
@WesleyRosenblum
Define the MasterKeyProvider Keyring. (#149)
a6893b6
@WesleyRosenblum
Using original Materials classes instead of new Keyring classes (#152)
1ee9643 
* Using original Materials classes instead of new Keyring classes

Since the CryptoMaterialsManager interface uses the original
EncryptionMaterials and DecryptionMaterials, we would force customers
to update their code once we deprecate those materials in favor of the
new Keyring versions. To avoid this, Keyrings will now use modified
versions of the original Materials classes, with certain methods
deprecated.

In addition, this commit removed the MasterKeyProviderKeyring, which
was found to not be feasible for the Java ESDK since MasterKeys are
provided in the result object, which would force MasterKeys to be
incorporated into Keyrings.

* Adding back hasCleartextDataKey methods
@WesleyRosenblum
Incorporate Keyrings into AwsCrypto and deprecate MasterKeyProviders. (
8bdb1d4 
…#151)

* Incorporate Keyrings into AwsCrypto and deprecate MasterKeyProviders.

* Update example code to use keyrings

* Using try-with-resources for AwsCrypto streams

* Splitting MKP and keyring unit tests

* Making decryptData with ParsedCiphertext public

* Mark KeyStoreProvider as deprecated

* Reword some comments on the Basic Encryption example

* Add test for compability of Keyrings with MasterKeyProviders

* Create individual request types for each AwsCrypto method

* Make EncryptionMaterials, DecryptionMaterials and KeyringTrace immutable

* Rename KmsKeying and related classes to AwsKmsKeyring

* Create builders for the standard keyrings

* Create AwsKmsCmkId type to represent AWS KMS Key Ids

* Add factory methods to Keyring builders

* Add comment on not making a defensive copy of plaintext/ciphertext

* Limit ability to create discovery AWS KMS Keyrings to explicit creation

* Add withKeyring to CachingCMM builder

* Fix DecryptRequestTest

* Fix Junit 4 assertions in JUnit5 tests

* Renaming StaticKeyring to TestKeyring

* Adding convenience methods the create builders internally

* Updating wording and adding more Deprecated annotations

* Enable AwsKms Client Caching by default to match KmsMasterKeyProvider

* Making tests opt-out instead of opt-in and update TestVectorRunner (#154)

* Making tests opt-out instead of opt-in and update TestVectorRunner

JUnit5 doesn't support test suites yet
(see junit-team/junit5#744) and the existing
test suites do not support the new JUnit5 tests that are being used for
keyrings. This change removes the test suites, and configures Maven to
include all tests except those marked with certain JUnit tags.

Additionally, this change updates the TestVectorRunner to also test
Keyrings and removes the redundant XCompat tests.

* Client caching is now enabled by default in AwsKmsClientSupplier

* Rename slow tag to ad_hoc and fix TestVectorRunner

* Renaming StandardKeyring builder methods and other minors changes

* Fixing test

* Updating tests to use assertThrows

* Additional example code for Keyrings (#155)

* Additional example code for Keyrings

* Updating wording

* Remove AWS from AWS KMS keyring and make keyring lowercase
@WesleyRosenblum
Update Readme for Keyrings (#156)
8705f16 
* Update Readme for Keyrings
@WesleyRosenblum
Adding a simple example of data key caching (#158)
f4973ec
@SalusaSecondus
Have Lambda example cache data keys in a static field.
d15f988
@WesleyRosenblum
Define an enum for the RSA padding scheme (#162)
2055728 
* Define an enum for the RSA padding scheme

* Making RsaPaddingScheme an inner class of RawRsaKeyringBuilder

* Updated comment regarding transformation
@WesleyRosenblum
Making client suppliers composable (#163)
c60ad59 
* Make client suppliers composable

* Refactor to move suppliers to StandardAwsKmsClientSuppliers class

* Using ConcurrentHashMap for the client cache to be thread safe
@WesleyRosenblum
Adding new examples and example test runner (#165)
2d025a8 
* Adding new examples and example test runner to follow the format set
in aws/aws-encryption-sdk-python#219

* Updated wording and copyright notice

* Adding periods

* Adding NIST recommendation for RSA

* Adding example for DER formatted RSA keys

* Wording changes based on feedback
@WesleyRosenblum
Add master key provider examples (#168)
b893a0e 
* Add master key provider examples

* Updating example intro and adding links in readme

* Fixing indentation of comments
@WesleyRosenblum @SalusaSecondus
Merge head of master into keyring (#169)
ebda774 
* Add a basic example for encrypting and decrypting with a KMS CMK (#136)

* *Issue #, if available:* #108

*Description of changes:*

Add a basic example for encrypting and decrypting with a KMS CMK.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

# Check any applicable:
- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

* Add test and Maven plugin to include examples directory as test source

* Update docs in prep for 1.6.1 (#133)

* Update docs in prep for 1.6.1
* Actually bump version for release

* Fix for new versions of gpg

* Refactor JceMasterKey to extract logic to be shared by raw keyrings. (#139)

* Refactor JceMasterKey to extract logic to be shared by raw keyrings.

*Issue #, if available:* #102

*Description of changes:*

In anticipation of the RawAesKeyring and RawRsaKeyring needing logic currently embedded in the JceMasterKey, this change extracts that logic into the JceKeyCipher class so it may be shared.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

* fix: The final frame can not be larger than the Frame Length (#166)

* Add validation to ensure the length of the final frame in the final
frame header does not exceed the frame size specified in the message
header.

* Validate that frame length is positive for framed data

* Reverting removal of variable frame length code

* Reverting removal of variable frame length code

* Fix spacing after if

Co-authored-by: SalusaSecondus <[email protected]>
Co-authored-by: Greg Rubin <[email protected]>
@WesleyRosenblum
add CMM examples (#170)
b16af24
@WesleyRosenblum
Remove inline example code from readme and reset version number (#171)
a9a6abd
@WesleyRosenblum
Merge branch 'master' into keyring-master-merge
b355858
@WesleyRosenblum
Merge pull request #172 from aws/keyring-master-merge
5cf7e0c 
Merge branch 'master' into keyring-master-merge
@WesleyRosenblum WesleyRosenblum changed the title Keyring Merge keyring branch into master Apr 13, 2020
SalusaSecondus
SalusaSecondus approved these changes Apr 13, 2020
View reviewed changes
Copy link
Contributor

@SalusaSecondus SalusaSecondus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As all changes to keyring have already been approved, this roll-up PR to master is also fine.

@WesleyRosenblum WesleyRosenblum merged commit 015fc3c into master Apr 13, 2020
@mattsb42-aws mattsb42-aws mentioned this pull request Apr 15, 2020
Open
15 tasks
@WesleyRosenblum WesleyRosenblum deleted the keyring branch April 21, 2020 02:40
acioc added a commit that referenced this pull request Aug 6, 2020
@acioc @mattsb42-aws @WesleyRosenblum
fix: Merge mainline into keyrings, revert the keyring reverts (#209)
4442958 
* Revert "Merge pull request #173 from aws/keyring"

This reverts commit 015fc3c, reversing
changes made to dcbc562.

* Revert "Add an example for replicating the behavior of the AWS KMS MKP with the AWS KMS keyring (#178)"

This reverts commit 676407a.

* Revert "Updating changelog for version 1.7.0 (#174)"

This reverts commit f18c383.

* Updating Changelog for version 1.6.2

*Description of changes:*

Updating Changelog for version 1.6.2

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

# Check any applicable:
- [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

* fix: validate entire ciphertext has been processed before returning (#191)

* fix: validate entire ciphertext has been processed before returning

* Updating changelog

* Updating version for 1.6.2 release (#192)

* Revert "Merge pull request #189 from mattsb42-aws/revert"

This reverts commit bd4da5b, reversing
changes made to d88fe8b.

* Replace failing Assert.fails with assertThrows per earlier PR changes

Co-authored-by: mattsb42-aws <[email protected]>
Co-authored-by: Wesley Rosenblum <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SalusaSecondus SalusaSecondus SalusaSecondus approved these changes

@mattsb42-aws mattsb42-aws mattsb42-aws approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@WesleyRosenblum @SalusaSecondus @mattsb42-aws