src/main/java/software/amazon/encryption/s3/S3AsyncEncryptionClient.java [330:541]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - return this; } /** * Specifies the {@link CryptographicMaterialsManager} to use for managing key wrapping keys. * @param cryptoMaterialsManager the CMM to use * @return Returns a reference to this object so that method calls can be chained together. */ public Builder cryptoMaterialsManager(CryptographicMaterialsManager cryptoMaterialsManager) { this._cryptoMaterialsManager = cryptoMaterialsManager; checkKeyOptions(); return this; } /** * Specifies the {@link Keyring} to use for key wrapping and unwrapping. * @param keyring the Keyring instance to use * @return Returns a reference to this object so that method calls can be chained together. */ public Builder keyring(Keyring keyring) { this._keyring = keyring; checkKeyOptions(); return this; } /** * Specifies a "raw" AES key to use for key wrapping/unwrapping. * @param aesKey the AES key as a {@link SecretKey} instance * @return Returns a reference to this object so that method calls can be chained together. */ public Builder aesKey(SecretKey aesKey) { this._aesKey = aesKey; checkKeyOptions(); return this; } /** * Specifies a "raw" RSA key pair to use for key wrapping/unwrapping. * @param rsaKeyPair the RSA key pair as a {@link KeyPair} instance * @return Returns a reference to this object so that method calls can be chained together. */ public Builder rsaKeyPair(KeyPair rsaKeyPair) { this._rsaKeyPair = new PartialRsaKeyPair(rsaKeyPair); checkKeyOptions(); return this; } /** * Specifies a "raw" RSA key pair to use for key wrapping/unwrapping. * This option takes a {@link PartialRsaKeyPair} instance, which allows * either a public key (decryption only) or private key (encryption only) * rather than requiring both parts. * @param partialRsaKeyPair the RSA key pair as a {@link PartialRsaKeyPair} instance * @return Returns a reference to this object so that method calls can be chained together. */ public Builder rsaKeyPair(PartialRsaKeyPair partialRsaKeyPair) { this._rsaKeyPair = partialRsaKeyPair; checkKeyOptions(); return this; } /** * Specifies a KMS key to use for key wrapping/unwrapping. Any valid KMS key * identifier (including the full ARN or an alias ARN) is permitted. When * decrypting objects, the key referred to by this KMS key identifier is * always used. * @param kmsKeyId the KMS key identifier as a {@link String} instance * @return Returns a reference to this object so that method calls can be chained together. */ public Builder kmsKeyId(String kmsKeyId) { this._kmsKeyId = kmsKeyId; checkKeyOptions(); return this; } // We only want one way to use a key, if more than one is set, throw an error private void checkKeyOptions() { if (onlyOneNonNull(_cryptoMaterialsManager, _keyring, _aesKey, _rsaKeyPair, _kmsKeyId)) { return; } throw new S3EncryptionClientException("Only one may be set of: crypto materials manager, keyring, AES key, RSA key pair, KMS key id"); } private boolean onlyOneNonNull(Object... values) { boolean haveOneNonNull = false; for (Object o : values) { if (o != null) { if (haveOneNonNull) { return false; } haveOneNonNull = true; } } return haveOneNonNull; } /** * When set to true, decryption of objects using legacy key wrapping * modes is enabled. * @param shouldEnableLegacyWrappingAlgorithms true to enable legacy wrapping algorithms * @return Returns a reference to this object so that method calls can be chained together. */ public Builder enableLegacyWrappingAlgorithms(boolean shouldEnableLegacyWrappingAlgorithms) { this._enableLegacyWrappingAlgorithms = shouldEnableLegacyWrappingAlgorithms; return this; } /** * When set to true, decryption of content using legacy encryption algorithms * is enabled. This includes use of GetObject requests with a range, as this * mode is not authenticated. * @param shouldEnableLegacyUnauthenticatedModes true to enable legacy content algorithms * @return Returns a reference to this object so that method calls can be chained together. */ public Builder enableLegacyUnauthenticatedModes(boolean shouldEnableLegacyUnauthenticatedModes) { this._enableLegacyUnauthenticatedModes = shouldEnableLegacyUnauthenticatedModes; return this; } /** * When set to true, authentication of streamed objects is delayed until the * entire object is read from the stream. When this mode is enabled, the consuming * application must support a way to invalidate any data read from the stream as * the tag will not be validated until the stream is read to completion, as the * integrity of the data cannot be ensured. See the AWS Documentation for more * information. * @param shouldEnableDelayedAuthenticationMode true to enable delayed authentication * @return Returns a reference to this object so that method calls can be chained together. */ public Builder enableDelayedAuthenticationMode(boolean shouldEnableDelayedAuthenticationMode) { this._enableDelayedAuthenticationMode = shouldEnableDelayedAuthenticationMode; return this; } /** * When set to true, the putObject method will use multipart upload to perform * the upload. Disabled by default. * @param _enableMultipartPutObject true enables the multipart upload implementation of putObject * @return Returns a reference to this object so that method calls can be chained together. */ public Builder enableMultipartPutObject(boolean _enableMultipartPutObject) { this._enableMultipartPutObject = _enableMultipartPutObject; return this; } /** * Sets the buffer size for safe authentication used when delayed authentication mode is disabled. * If buffer size is not given during client configuration, default buffer size is set to 64MiB. * @param bufferSize the desired buffer size in Bytes. * @return Returns a reference to this object so that method calls can be chained together. * @throws S3EncryptionClientException if the specified buffer size is outside the allowed bounds */ public Builder setBufferSize(long bufferSize) { if (bufferSize < MIN_ALLOWED_BUFFER_SIZE_BYTES || bufferSize > MAX_ALLOWED_BUFFER_SIZE_BYTES) { throw new S3EncryptionClientException("Invalid buffer size: " + bufferSize + " Bytes. Buffer size must be between " + MIN_ALLOWED_BUFFER_SIZE_BYTES + " and " + MAX_ALLOWED_BUFFER_SIZE_BYTES + " Bytes."); } this._bufferSize = bufferSize; return this; } /** * Allows the user to pass an instance of {@link Provider} to be used * for cryptographic operations. By default, the S3 Encryption Client * will use the first compatible {@link Provider} in the chain. When this option * is used, the given provider will be used for all cryptographic operations. * If the provider is missing a required algorithm suite, e.g. AES-GCM, then * operations may fail. * Advanced option. Users who configure a {@link Provider} are responsible * for the security and correctness of the provider. * @param cryptoProvider the {@link Provider to always use} * @return Returns a reference to this object so that method calls can be chained together. */ public Builder cryptoProvider(Provider cryptoProvider) { this._cryptoProvider = cryptoProvider; return this; } /** * Allows the user to pass an instance of {@link SecureRandom} to be used * for generating keys and IVs. Advanced option. Users who provide a {@link SecureRandom} * are responsible for the security and correctness of the {@link SecureRandom} implementation. * @param secureRandom the {@link SecureRandom} instance to use * @return Returns a reference to this object so that method calls can be chained together. */ public Builder secureRandom(SecureRandom secureRandom) { if (secureRandom == null) { throw new S3EncryptionClientException("SecureRandom provided to S3EncryptionClient cannot be null"); } _secureRandom = secureRandom; return this; } /** * Sets the Instruction File configuration for the S3 Encryption Client. * The InstructionFileConfig can be used to specify an S3 client to use for retrieval of Instruction files, * or to disable GetObject requests for the instruction file. * @param instructionFileConfig * @return */ public Builder instructionFileConfig(InstructionFileConfig instructionFileConfig) { _instructionFileConfig = instructionFileConfig; return this; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java [594:805]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - return this; } /** * Specifies the {@link CryptographicMaterialsManager} to use for managing key wrapping keys. * @param cryptoMaterialsManager the CMM to use * @return Returns a reference to this object so that method calls can be chained together. */ public Builder cryptoMaterialsManager(CryptographicMaterialsManager cryptoMaterialsManager) { this._cryptoMaterialsManager = cryptoMaterialsManager; checkKeyOptions(); return this; } /** * Specifies the {@link Keyring} to use for key wrapping and unwrapping. * @param keyring the Keyring instance to use * @return Returns a reference to this object so that method calls can be chained together. */ public Builder keyring(Keyring keyring) { this._keyring = keyring; checkKeyOptions(); return this; } /** * Specifies a "raw" AES key to use for key wrapping/unwrapping. * @param aesKey the AES key as a {@link SecretKey} instance * @return Returns a reference to this object so that method calls can be chained together. */ public Builder aesKey(SecretKey aesKey) { this._aesKey = aesKey; checkKeyOptions(); return this; } /** * Specifies a "raw" RSA key pair to use for key wrapping/unwrapping. * @param rsaKeyPair the RSA key pair as a {@link KeyPair} instance * @return Returns a reference to this object so that method calls can be chained together. */ public Builder rsaKeyPair(KeyPair rsaKeyPair) { this._rsaKeyPair = new PartialRsaKeyPair(rsaKeyPair); checkKeyOptions(); return this; } /** * Specifies a "raw" RSA key pair to use for key wrapping/unwrapping. * This option takes a {@link PartialRsaKeyPair} instance, which allows * either a public key (decryption only) or private key (encryption only) * rather than requiring both parts. * @param partialRsaKeyPair the RSA key pair as a {@link PartialRsaKeyPair} instance * @return Returns a reference to this object so that method calls can be chained together. */ public Builder rsaKeyPair(PartialRsaKeyPair partialRsaKeyPair) { this._rsaKeyPair = partialRsaKeyPair; checkKeyOptions(); return this; } /** * Specifies a KMS key to use for key wrapping/unwrapping. Any valid KMS key * identifier (including the full ARN or an alias ARN) is permitted. When * decrypting objects, the key referred to by this KMS key identifier is * always used. * @param kmsKeyId the KMS key identifier as a {@link String} instance * @return Returns a reference to this object so that method calls can be chained together. */ public Builder kmsKeyId(String kmsKeyId) { this._kmsKeyId = kmsKeyId; checkKeyOptions(); return this; } // We only want one way to use a key, if more than one is set, throw an error private void checkKeyOptions() { if (onlyOneNonNull(_cryptoMaterialsManager, _keyring, _aesKey, _rsaKeyPair, _kmsKeyId)) { return; } throw new S3EncryptionClientException("Only one may be set of: crypto materials manager, keyring, AES key, RSA key pair, KMS key id"); } private boolean onlyOneNonNull(Object... values) { boolean haveOneNonNull = false; for (Object o : values) { if (o != null) { if (haveOneNonNull) { return false; } haveOneNonNull = true; } } return haveOneNonNull; } /** * When set to true, decryption of objects using legacy key wrapping * modes is enabled. * @param shouldEnableLegacyWrappingAlgorithms true to enable legacy wrapping algorithms * @return Returns a reference to this object so that method calls can be chained together. */ public Builder enableLegacyWrappingAlgorithms(boolean shouldEnableLegacyWrappingAlgorithms) { this._enableLegacyWrappingAlgorithms = shouldEnableLegacyWrappingAlgorithms; return this; } /** * When set to true, decryption of content using legacy encryption algorithms * is enabled. This includes use of GetObject requests with a range, as this * mode is not authenticated. * @param shouldEnableLegacyUnauthenticatedModes true to enable legacy content algorithms * @return Returns a reference to this object so that method calls can be chained together. */ public Builder enableLegacyUnauthenticatedModes(boolean shouldEnableLegacyUnauthenticatedModes) { this._enableLegacyUnauthenticatedModes = shouldEnableLegacyUnauthenticatedModes; return this; } /** * When set to true, authentication of streamed objects is delayed until the * entire object is read from the stream. When this mode is enabled, the consuming * application must support a way to invalidate any data read from the stream as * the tag will not be validated until the stream is read to completion, as the * integrity of the data cannot be ensured. See the AWS Documentation for more * information. * @param shouldEnableDelayedAuthenticationMode true to enable delayed authentication * @return Returns a reference to this object so that method calls can be chained together. */ public Builder enableDelayedAuthenticationMode(boolean shouldEnableDelayedAuthenticationMode) { this._enableDelayedAuthenticationMode = shouldEnableDelayedAuthenticationMode; return this; } /** * When set to true, the putObject method will use multipart upload to perform * the upload. Disabled by default. * @param _enableMultipartPutObject true enables the multipart upload implementation of putObject * @return Returns a reference to this object so that method calls can be chained together. */ public Builder enableMultipartPutObject(boolean _enableMultipartPutObject) { this._enableMultipartPutObject = _enableMultipartPutObject; return this; } /** * Sets the buffer size for safe authentication used when delayed authentication mode is disabled. * If buffer size is not given during client configuration, default buffer size is set to 64MiB. * @param bufferSize the desired buffer size in Bytes. * @return Returns a reference to this object so that method calls can be chained together. * @throws S3EncryptionClientException if the specified buffer size is outside the allowed bounds */ public Builder setBufferSize(long bufferSize) { if (bufferSize < MIN_ALLOWED_BUFFER_SIZE_BYTES || bufferSize > MAX_ALLOWED_BUFFER_SIZE_BYTES) { throw new S3EncryptionClientException("Invalid buffer size: " + bufferSize + " Bytes. Buffer size must be between " + MIN_ALLOWED_BUFFER_SIZE_BYTES + " and " + MAX_ALLOWED_BUFFER_SIZE_BYTES + " Bytes."); } this._bufferSize = bufferSize; return this; } /** * Allows the user to pass an instance of {@link Provider} to be used * for cryptographic operations. By default, the S3 Encryption Client * will use the first compatible {@link Provider} in the chain. When this option * is used, the given provider will be used for all cryptographic operations. * If the provider is missing a required algorithm suite, e.g. AES-GCM, then * operations may fail. * Advanced option. Users who configure a {@link Provider} are responsible * for the security and correctness of the provider. * @param cryptoProvider the {@link Provider to always use} * @return Returns a reference to this object so that method calls can be chained together. */ public Builder cryptoProvider(Provider cryptoProvider) { this._cryptoProvider = cryptoProvider; return this; } /** * Allows the user to pass an instance of {@link SecureRandom} to be used * for generating keys and IVs. Advanced option. Users who provide a {@link SecureRandom} * are responsible for the security and correctness of the {@link SecureRandom} implementation. * @param secureRandom the {@link SecureRandom} instance to use * @return Returns a reference to this object so that method calls can be chained together. */ public Builder secureRandom(SecureRandom secureRandom) { if (secureRandom == null) { throw new S3EncryptionClientException("SecureRandom provided to S3EncryptionClient cannot be null"); } _secureRandom = secureRandom; return this; } /** * Sets the Instruction File configuration for the S3 Encryption Client. * The InstructionFileConfig can be used to specify an S3 client to use for retrieval of Instruction files, * or to disable GetObject requests for the instruction file. * @param instructionFileConfig * @return */ public Builder instructionFileConfig(InstructionFileConfig instructionFileConfig) { _instructionFileConfig = instructionFileConfig; return this; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -