下面列出了java.security.KeyStore.SecretKeyEntry#com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMappingException 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) {
CurrentMaterials materials = currMaterials.get();
if (context.getMaterialDescription().entrySet().containsAll(description.entrySet())) {
if (materials.encryptionEntry instanceof SecretKeyEntry) {
return materials.symRawMaterials;
} else {
try {
return makeAsymMaterials(materials, context.getMaterialDescription());
} catch (GeneralSecurityException ex) {
throw new DynamoDBMappingException("Unable to decrypt envelope key", ex);
}
}
} else {
return null;
}
}
@Test(expectedExceptions = DynamoDBMappingException.class)
public void encryptionKeyIdMismatch() throws GeneralSecurityException {
DirectKmsMaterialProvider directProvider = new DirectKmsMaterialProvider(kms, keyId);
String customKeyId = kms.createKey().getKeyMetadata().getKeyId();
Map<String, AttributeValue> attrVals = new HashMap<>();
attrVals.put("hk", new AttributeValue().withN("10"));
attrVals.put("rk", new AttributeValue().withN("20"));
attrVals.put("encryptionKeyId", new AttributeValue().withS(customKeyId));
ctx = new EncryptionContext.Builder().withHashKeyName("hk").withRangeKeyName("rk")
.withTableName("KmsTableName").withAttributeValues(attrVals).build();
EncryptionMaterials eMat = directProvider.getEncryptionMaterials(ctx);
EncryptionContext dCtx = new EncryptionContext.Builder(ctx(eMat)).withHashKeyName("hk")
.withRangeKeyName("rk").withTableName("KmsTableName").withAttributeValues(attrVals)
.build();
ExtendedKmsMaterialProvider extendedProvider = new ExtendedKmsMaterialProvider(kms, keyId, "encryptionKeyId");
extendedProvider.getDecryptionMaterials(dCtx);
}
@Test
public void twoDifferentMaterials() {
assertEquals(-1, store.getMaxVersion(MATERIAL_NAME));
final EncryptionMaterialsProvider prov1 = store.newProvider(MATERIAL_NAME);
assertEquals(0, store.getMaxVersion(MATERIAL_NAME));
final EncryptionMaterialsProvider prov2 = store.newProvider(MATERIAL_NAME);
assertEquals(1, store.getMaxVersion(MATERIAL_NAME));
final EncryptionMaterials eMat = prov1.getEncryptionMaterials(ctx);
assertEquals(0, store.getVersionFromMaterialDescription(eMat.getMaterialDescription()));
final SecretKey encryptionKey = eMat.getEncryptionKey();
assertNotNull(encryptionKey);
try {
prov2.getDecryptionMaterials(ctx(eMat));
fail("Missing expected exception");
} catch (final DynamoDBMappingException ex) {
// Expected Exception
}
final EncryptionMaterials eMat2 = prov2.getEncryptionMaterials(ctx);
assertEquals(1, store.getVersionFromMaterialDescription(eMat2.getMaterialDescription()));
}
/**
* Tests that a key-only object could be saved with
* UPDATE configuration, even when the key has already existed in the table.
*/
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testDefaultWithOnlyKeyAttributesSpecifiedRecordInTable()
throws Exception {
/* First put a new item (with non-key attribute)*/
TestItem testItem = putRandomUniqueItem("foo", null);
/* Put an key-only object with the same key */
testItem.setNonKeyAttribute(null);
dynamoMapper.save(testItem, defaultConfig);
/* The non-key attribute should be nulled out. */
TestItem returnedObject = (TestItem) dynamoMapper.load(testItem);
assertNotNull(returnedObject);
assertEquals(testItem.getHashKey(), returnedObject.getHashKey());
assertEquals(testItem.getRangeKey(), returnedObject.getRangeKey());
assertNull(returnedObject.getNonKeyAttribute());
}
/**
* Tests an edge case that we have fixed according a forum bug report. If
* the object is only specified with key attributes, and such key is not
* present in the table, we should add this object by a key-only put
* request even if it is using UPDATE configuration.
*/
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testDefaultWithOnlyKeyAttributesSpecifiedRecordNotInTable()
throws Exception {
TestItem testItem = new TestItem();
testItem.setHashKey(UUID.randomUUID().toString());
testItem.setRangeKey(System.currentTimeMillis());
dynamoMapper.save(testItem, defaultConfig);
TestItem returnedObject = (TestItem) dynamoMapper.load(testItem);
assertNotNull(returnedObject);
assertEquals(testItem.getHashKey(), returnedObject.getHashKey());
assertEquals(testItem.getRangeKey(), returnedObject.getRangeKey());
assertNull(returnedObject.getNonKeyAttribute());
}
/**
* Use UPDATE to put a new item in the table.
*/
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testDefaultWithKeyAndNonKeyAttributesSpecifiedRecordNotInTable()
throws Exception {
TestItem testItem = new TestItem();
testItem.setHashKey(UUID.randomUUID().toString());
testItem.setRangeKey(System.currentTimeMillis());
testItem.setNonKeyAttribute("new item");
dynamoMapper.save(testItem, defaultConfig);
TestItem returnedObject = (TestItem) dynamoMapper.load(testItem);
assertNotNull(returnedObject);
assertEquals(testItem.getHashKey(), returnedObject.getHashKey());
assertEquals(testItem.getRangeKey(), returnedObject.getRangeKey());
assertEquals(testItem.getNonKeyAttribute(), returnedObject.getNonKeyAttribute());
}
/**
* When using UPDATE_SKIP_NULL_ATTRIBUTES, key-only update on existing item
* should not affect the item at all, since all the null-valued non-key
* attributes are ignored.
*/
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testUpdateSkipNullWithOnlyKeyAttributesSpecifiedRecordInTable()
throws Exception {
/* First put a new item (with non-key attribute)*/
TestItem testItem = putRandomUniqueItem("foo", null);
/* Put an key-only object with the same key */
testItem.setNonKeyAttribute(null);
dynamoMapper.save(testItem, updateSkipNullConfig);
TestItem returnedObject = (TestItem) dynamoMapper.load(testItem);
/* The non-key attribute should not be removed */
assertNotNull(returnedObject);
assertEquals(testItem.getHashKey(), returnedObject.getHashKey());
assertEquals(testItem.getRangeKey(), returnedObject.getRangeKey());
assertEquals("foo", returnedObject.getNonKeyAttribute());
}
/**
* The behavior should be the same as UPDATE.
*/
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testUpdateSkipNullWithOnlyKeyAttributesSpecifiedRecordNotInTable()
throws Exception {
TestItem testItem = new TestItem();
testItem.setHashKey(UUID.randomUUID().toString());
testItem.setRangeKey(System.currentTimeMillis());
dynamoMapper.save(testItem, updateSkipNullConfig);
TestItem returnedObject = (TestItem) dynamoMapper.load(testItem);
assertNotNull(returnedObject);
assertEquals(testItem.getHashKey(), returnedObject.getHashKey());
assertEquals(testItem.getRangeKey(), returnedObject.getRangeKey());
assertNull(returnedObject.getNonKeyAttribute());
}
/**
* Use UPDATE_SKIP_NULL_ATTRIBUTES to put a new item in the table.
*/
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testUpdateSkipNullWithKeyAndNonKeyAttributesSpecifiedRecordNotInTable()
throws Exception {
TestItem testItem = new TestItem();
testItem.setHashKey(UUID.randomUUID().toString());
testItem.setRangeKey(System.currentTimeMillis());
testItem.setNonKeyAttribute("new item");
dynamoMapper.save(testItem, updateSkipNullConfig);
TestItem returnedObject = (TestItem) dynamoMapper.load(testItem);
assertNotNull(returnedObject);
assertEquals(testItem.getHashKey(), returnedObject.getHashKey());
assertEquals(testItem.getRangeKey(), returnedObject.getRangeKey());
assertEquals(testItem.getNonKeyAttribute(), returnedObject.getNonKeyAttribute());
}
/**
* The behavior should be the same as UPDATE_SKIP_NULL_ATTRIBUTES.
*/
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testAppendSetWithOnlyKeyAttributesSpecifiedRecordInTable()
throws Exception {
/* First put a new item (with non-key attributes)*/
Set<String> randomSet = generateRandomStringSet(3);
TestItem testItem = putRandomUniqueItem("foo", randomSet);
/* Put an key-only object with the same key */
testItem.setNonKeyAttribute(null);
testItem.setStringSetAttribute(null);
dynamoMapper.save(testItem, appendSetConfig);
TestItem returnedObject = (TestItem) dynamoMapper.load(testItem);
/* The non-key attribute should not be removed */
assertNotNull(returnedObject);
assertEquals(testItem.getHashKey(), returnedObject.getHashKey());
assertEquals(testItem.getRangeKey(), returnedObject.getRangeKey());
assertEquals("foo", returnedObject.getNonKeyAttribute());
assertTrue(assertSetEquals(randomSet, returnedObject.getStringSetAttribute()));
}
/**
* The behavior should be the same as UPDATE and UPDATE_SKIP_NULL_ATTRIBUTES.
*/
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testAppendSetWithOnlyKeyAttributesSpecifiedRecordNotInTable()
throws Exception {
TestItem testItem = new TestItem();
testItem.setHashKey(UUID.randomUUID().toString());
testItem.setRangeKey(System.currentTimeMillis());
dynamoMapper.save(testItem, appendSetConfig);
TestItem returnedObject = (TestItem) dynamoMapper.load(testItem);
assertNotNull(returnedObject);
assertEquals(testItem.getHashKey(), returnedObject.getHashKey());
assertEquals(testItem.getRangeKey(), returnedObject.getRangeKey());
assertNull(returnedObject.getNonKeyAttribute());
assertNull(returnedObject.getStringSetAttribute());
}
/**
* Use APPEND_SET to put a new item in the table.
*/
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testAppendSetWithKeyAndNonKeyAttributesSpecifiedRecordNotInTable()
throws Exception {
TestItem testItem = new TestItem();
testItem.setHashKey(UUID.randomUUID().toString());
testItem.setRangeKey(System.currentTimeMillis());
testItem.setNonKeyAttribute("new item");
testItem.setStringSetAttribute(generateRandomStringSet(3));
dynamoMapper.save(testItem, appendSetConfig);
TestItem returnedObject = (TestItem) dynamoMapper.load(testItem);
assertNotNull(returnedObject);
assertEquals(testItem.getHashKey(), returnedObject.getHashKey());
assertEquals(testItem.getRangeKey(), returnedObject.getRangeKey());
assertEquals(testItem.getNonKeyAttribute(), returnedObject.getNonKeyAttribute());
assertEquals(testItem.getStringSetAttribute(), returnedObject.getStringSetAttribute());
}
@Override
public String getTableName(Class<?> clazz, DynamoDBMapperConfig config) {
String environmentVariableName = "DynamoDb" + clazz.getSimpleName() + "Table";
String tableName = System.getenv(environmentVariableName);
if (tableName == null) {
throw new DynamoDBMappingException("DynamoDB table name for " + clazz + " cannot be determined. " + environmentVariableName + " environment variable should be set.");
}
return tableName;
}
@Override
public String getTableName(Class<?> clazz, DynamoDBMapperConfig config) {
String environmentVariableName = "DynamoDb" + clazz.getSimpleName() + "Table";
String tableName = System.getenv(environmentVariableName);
if (tableName == null) {
throw new DynamoDBMappingException("DynamoDB table name for " + clazz + " cannot be determined. " + environmentVariableName + " environment variable should be set.");
}
return tableName;
}
@Override
public String getTableName(Class<?> clazz, DynamoDBMapperConfig config) {
String environmentVariableName = "DynamoDb" + clazz.getSimpleName() + "Table";
String tableName = System.getenv(environmentVariableName);
if (tableName == null) {
throw new DynamoDBMappingException("DynamoDB table name for " + clazz + " cannot be determined. " + environmentVariableName + " environment variable should be set.");
}
return tableName;
}
@Override
public String getTableName(Class<?> clazz, DynamoDBMapperConfig config) {
String environmentVariableName = "DynamoDb" + clazz.getSimpleName() + "Table";
String tableName = System.getenv(environmentVariableName);
if (tableName == null) {
throw new DynamoDBMappingException("DynamoDB table name for " + clazz + " cannot be determined. " + environmentVariableName + " environment variable should be set.");
}
return tableName;
}
@Override
public String getTableName(Class<?> clazz, DynamoDBMapperConfig config) {
String environmentVariableName = "DynamoDb" + clazz.getSimpleName() + "Table";
String tableName = System.getenv(environmentVariableName);
if (tableName == null) {
throw new DynamoDBMappingException("DynamoDB table name for " + clazz + " cannot be determined. " + environmentVariableName + " environment variable should be set.");
}
return tableName;
}
@Override
public EncryptionMaterials getEncryptionMaterials(EncryptionContext context) {
CurrentMaterials materials = currMaterials.get();
if (materials.encryptionEntry instanceof SecretKeyEntry) {
return materials.symRawMaterials;
} else {
try {
return makeAsymMaterials(materials, description);
} catch (GeneralSecurityException ex) {
throw new DynamoDBMappingException("Unable to encrypt envelope key", ex);
}
}
}
/**
* Reloads the keys from the underlying keystore by calling
* {@link KeyStore#getEntry(String, ProtectionParameter)} again for each of them.
*/
@Override
public void refresh() {
try {
loadKeys();
} catch (GeneralSecurityException ex) {
throw new DynamoDBMappingException("Unable to load keys from keystore", ex);
}
}
@Override
public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) {
try {
if (macKey != null) {
return new WrappedRawMaterials(wrappingKey, unwrappingKey, macKey, context.getMaterialDescription());
} else {
return new WrappedRawMaterials(wrappingKey, unwrappingKey, sigPair, context.getMaterialDescription());
}
} catch (GeneralSecurityException ex) {
throw new DynamoDBMappingException("Unable to decrypt envelope key", ex);
}
}
@Override
public EncryptionMaterials getEncryptionMaterials(EncryptionContext context) {
try {
if (macKey != null) {
return new WrappedRawMaterials(wrappingKey, unwrappingKey, macKey, description);
} else {
return new WrappedRawMaterials(wrappingKey, unwrappingKey, sigPair, description);
}
} catch (GeneralSecurityException ex) {
throw new DynamoDBMappingException("Unable to encrypt envelope key", ex);
}
}
@Override
public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) {
final Map<String, String> materialDescription = context.getMaterialDescription();
final Map<String, String> ec = new HashMap<>();
final String providedEncAlg = materialDescription.get(CONTENT_KEY_ALGORITHM);
final String providedSigAlg = materialDescription.get(SIGNING_KEY_ALGORITHM);
ec.put("*" + CONTENT_KEY_ALGORITHM + "*", providedEncAlg);
ec.put("*" + SIGNING_KEY_ALGORITHM + "*", providedSigAlg);
populateKmsEcFromEc(context, ec);
DecryptRequest request = appendUserAgent(new DecryptRequest());
request.setCiphertextBlob(ByteBuffer.wrap(Base64.decode(materialDescription.get(ENVELOPE_KEY))));
request.setEncryptionContext(ec);
final DecryptResult decryptResult = decrypt(request, context);
validateEncryptionKeyId(decryptResult.getKeyId(), context);
final Hkdf kdf;
try {
kdf = Hkdf.getInstance(KDF_ALG);
} catch (NoSuchAlgorithmException e) {
throw new DynamoDBMappingException(e);
}
kdf.init(toArray(decryptResult.getPlaintext()));
final String[] encAlgParts = providedEncAlg.split("/", 2);
int encLength = encAlgParts.length == 2 ? Integer.parseInt(encAlgParts[1]) : 256;
final String[] sigAlgParts = providedSigAlg.split("/", 2);
int sigLength = sigAlgParts.length == 2 ? Integer.parseInt(sigAlgParts[1]) : 256;
final SecretKey encryptionKey = new SecretKeySpec(kdf.deriveKey(KDF_ENC_INFO, encLength / 8), encAlgParts[0]);
final SecretKey macKey = new SecretKeySpec(kdf.deriveKey(KDF_SIG_INFO, sigLength / 8), sigAlgParts[0]);
return new SymmetricRawMaterials(encryptionKey, macKey, materialDescription);
}
@Test(expectedExceptions = DynamoDBMappingException.class)
public void missingEncryptionKeyId() throws GeneralSecurityException {
ExtendedKmsMaterialProvider prov = new ExtendedKmsMaterialProvider(kms, keyId, "encryptionKeyId");
Map<String, AttributeValue> attrVals = new HashMap<>();
attrVals.put("hk", new AttributeValue().withN("10"));
attrVals.put("rk", new AttributeValue().withN("20"));
ctx = new EncryptionContext.Builder().withHashKeyName("hk").withRangeKeyName("rk")
.withTableName("KmsTableName").withAttributeValues(attrVals).build();
prov.getEncryptionMaterials(ctx);
}
@Override
protected String selectEncryptionKeyId(EncryptionContext context) throws DynamoDBMappingException {
if (!context.getAttributeValues().containsKey(encryptionKeyIdAttributeName)) {
throw new DynamoDBMappingException("encryption key attribute is not provided");
}
return context.getAttributeValues().get(encryptionKeyIdAttributeName).getS();
}
@Override
protected void validateEncryptionKeyId(String encryptionKeyId, EncryptionContext context)
throws DynamoDBMappingException {
if (!context.getAttributeValues().containsKey(encryptionKeyIdAttributeName)) {
throw new DynamoDBMappingException("encryption key attribute is not provided");
}
String customEncryptionKeyId = context.getAttributeValues().get(encryptionKeyIdAttributeName).getS();
if (!customEncryptionKeyId.equals(encryptionKeyId)) {
throw new DynamoDBMappingException("encryption key ids do not match.");
}
}
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testNoDefaultConstructor() {
DynamoDBMapper util = TestDynamoDBMapperFactory.createDynamoDBMapper(dynamo);
NoDefaultConstructor obj = new NoDefaultConstructor("" + startKey++, "abc");
util.save(obj);
util.load(NoDefaultConstructor.class, obj.getKey());
}
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testPrivateKeySetterLoad() throws Exception {
Map<String, AttributeValue> attr = new HashMap<String, AttributeValue>();
attr.put(KEY_NAME, new AttributeValue().withS("abc"));
dynamo.putItem(new PutItemRequest().withTableName(TABLE_NAME).withItem(attr));
DynamoDBMapper util = TestDynamoDBMapperFactory.createDynamoDBMapper(dynamo);
util.load(PrivateKeySetter.class, "abc");
}
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testPrivateSetterLoad() throws Exception {
DynamoDBMapper util = TestDynamoDBMapperFactory.createDynamoDBMapper(dynamo);
PrivateSetter object = new PrivateSetter();
object.setStringProperty("value");
util.save(object);
util.load(PrivateSetter.class, object.getKey());
}
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testOverloadedSetter() {
OverloadedSetter obj = new OverloadedSetter();
obj.setKey("" + startKey++);
obj.setAttribute("abc", "123");
DynamoDBMapper mapper = TestDynamoDBMapperFactory.createDynamoDBMapper(dynamo);
mapper.save(obj);
mapper.load(OverloadedSetter.class, obj.getKey());
}
@Test(expectedExceptions = DynamoDBMappingException.class)
public void testWrongTypeForSetter() {
WrongTypeForSetter obj = new WrongTypeForSetter();
obj.setKey("" + startKey++);
obj.setAttribute(123);
DynamoDBMapper mapper = TestDynamoDBMapperFactory.createDynamoDBMapper(dynamo);
mapper.save(obj);
mapper.load(WrongTypeForSetter.class, obj.getKey());
}