com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider#com.amazonaws.services.s3.model.CryptoConfiguration源码实例Demo

下面列出了com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider#com.amazonaws.services.s3.model.CryptoConfiguration 实例代码，或者点击链接到github查看源代码，也可以在右侧发表评论。

源代码1 项目： nifi 文件： ClientSideKMSEncryptionStrategy.java

/**
 * Create an encryption client.
 *
 * @param credentialsProvider AWS credentials provider.
 * @param clientConfiguration Client configuration
 * @param kmsRegion AWS KMS region
 * @param keyIdOrMaterial KMS key id
 * @return AWS S3 client
 */
@Override
public AmazonS3Client createEncryptionClient(AWSCredentialsProvider credentialsProvider, ClientConfiguration clientConfiguration, String kmsRegion, String keyIdOrMaterial) {
    KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(keyIdOrMaterial);
    boolean haveKmsRegion = StringUtils.isNotBlank(kmsRegion);

    CryptoConfiguration cryptoConfig = new CryptoConfiguration();
    if (haveKmsRegion) {
        Region awsRegion = Region.getRegion(Regions.fromName(kmsRegion));
        cryptoConfig.setAwsKmsRegion(awsRegion);
    }

    AmazonS3EncryptionClient client = new AmazonS3EncryptionClient(credentialsProvider, materialProvider, cryptoConfig);

    return client;
}

源代码2 项目： camel-quarkus 文件： AwsS3Processor.java

@BuildStep
RuntimeInitializedClassBuildItem cryptoConfiguration() {
    return new RuntimeInitializedClassBuildItem(CryptoConfiguration.class.getCanonicalName());
}

源代码3 项目： snowflake-jdbc 文件： SnowflakeS3Client.java

private void setupSnowflakeS3Client(Map<?, ?> stageCredentials,
                                    ClientConfiguration clientConfig,
                                    RemoteStoreFileEncryptionMaterial encMat,
                                    String stageRegion,
                                    String stageEndPoint)
throws SnowflakeSQLException
{
  // Save the client creation parameters so that we can reuse them,
  // to reset the AWS client. We won't save the awsCredentials since
  // we will be refreshing that, every time we reset the AWS client
  this.clientConfig = clientConfig;
  this.stageRegion = stageRegion;
  this.encMat = encMat;
  this.stageEndPoint = stageEndPoint; // FIPS endpoint, if needed

  logger.debug("Setting up AWS client ");

  // Retrieve S3 stage credentials
  String awsID = (String) stageCredentials.get("AWS_KEY_ID");
  String awsKey = (String) stageCredentials.get("AWS_SECRET_KEY");
  String awsToken = (String) stageCredentials.get("AWS_TOKEN");

  // initialize aws credentials
  AWSCredentials awsCredentials = (awsToken != null) ?
                                  new BasicSessionCredentials(awsID, awsKey, awsToken)
                                                     : new BasicAWSCredentials(awsID, awsKey);


  clientConfig.withSignerOverride("AWSS3V4SignerType");
  clientConfig.getApacheHttpClientConfig().setSslSocketFactory(
      getSSLConnectionSocketFactory());
  HttpUtil.setProxyForS3(clientConfig);
  AmazonS3Builder<?, ?> amazonS3Builder = AmazonS3Client.builder();
  if (encMat != null)
  {
    byte[] decodedKey = Base64.decode(encMat.getQueryStageMasterKey());
    encryptionKeySize = decodedKey.length * 8;

    if (encryptionKeySize == 256)
    {
      SecretKey queryStageMasterKey =
          new SecretKeySpec(decodedKey, 0, decodedKey.length, AES);
      EncryptionMaterials encryptionMaterials =
          new EncryptionMaterials(queryStageMasterKey);
      encryptionMaterials.addDescription("queryId",
                                         encMat.getQueryId());
      encryptionMaterials.addDescription("smkId",
                                         Long.toString(encMat.getSmkId()));
      CryptoConfiguration cryptoConfig =
          new CryptoConfiguration(CryptoMode.EncryptionOnly);

      amazonS3Builder = AmazonS3EncryptionClient.encryptionBuilder()
          .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
          .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(encryptionMaterials))
          .withClientConfiguration(clientConfig)
          .withCryptoConfiguration(cryptoConfig);

    }
    else if (encryptionKeySize == 128)
    {
      amazonS3Builder = AmazonS3Client.builder()
          .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
          .withClientConfiguration(clientConfig);
    }
    else
    {
      throw new SnowflakeSQLException(SqlState.INTERNAL_ERROR,
                                      ErrorCode.INTERNAL_ERROR.getMessageCode(),
                                      "unsupported key size", encryptionKeySize);
    }
  }
  else
  {
    amazonS3Builder = AmazonS3Client.builder()
        .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
        .withClientConfiguration(clientConfig);
  }

  if (stageRegion != null)
  {
    Region region = RegionUtils.getRegion(stageRegion);
    if (region != null)
    {
      amazonS3Builder.withRegion(region.getName());
    }
  }
  // Explicitly force to use virtual address style
  amazonS3Builder.withPathStyleAccessEnabled(false);

  amazonClient = (AmazonS3) amazonS3Builder.build();
  if (this.stageEndPoint != null && this.stageEndPoint != "")
  {
    // Set the FIPS endpoint if we need it. GS will tell us if we do by
    // giving us an endpoint to use if required and supported by the region.
    amazonClient.setEndpoint(this.stageEndPoint);
  }
}

方法所在类

com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider