src/main/java/com/amazonaws/encryptionsdk/kms/AwsKmsMrkAwareMasterKeyProvider.java [207:248]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - defaultRegion_, // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.6 // # The key id list MUST be empty in discovery mode. emptyList(), emptyList(), isDiscovery, discoveryFilter_, // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.6 // # In // # discovery mode if a default MRK Region is not configured the AWS SDK // # Default Region MUST be used. discoveryMrkRegion_ == null ? defaultRegion_ : discoveryMrkRegion_); } /** * Builds the master key provider in Discovery Mode with a {@link DiscoveryFilter}. In Discovery * Mode the KMS Master Key Provider will attempt to decrypt using any key identifier it * discovers in the encrypted message that is accepted by the {@code filter}. KMS Master Key * Providers in Discovery Mode will not encrypt data keys. * * @see KmsMasterKeyProvider.Builder#buildDiscovery(DiscoveryFilter) */ public AwsKmsMrkAwareMasterKeyProvider buildDiscovery(DiscoveryFilter filter) { discoveryFilter_ = filter; return buildDiscovery(); } /** * Builds the master key provider in Strict Mode. KMS Master Key Providers in Strict Mode will * only attempt to decrypt using key ARNs listed in {@code keyIds}. KMS Master Key Providers in * Strict Mode will encrypt data keys using the keys listed in {@code keyIds} * *

In Strict Mode, one or more CMKs must be provided. For Master Key Providers that will only * be used for encryption, you can use any valid KMS key identifier. For providers that will be * used for decryption, you must use the key ARN; key ids, alias names, and alias ARNs are not * supported. * * @see KmsMasterKeyProvider.Builder#buildStrict(List) */ public AwsKmsMrkAwareMasterKeyProvider buildStrict(List keyIds) { final boolean isDiscovery = false; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - src/main/java/com/amazonaws/encryptionsdk/kmssdkv2/AwsKmsMrkAwareMasterKeyProvider.java [174:215]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - defaultRegion_, // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.6 // # The key id list MUST be empty in discovery mode. emptyList(), emptyList(), isDiscovery, discoveryFilter_, // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt#2.6 // # In // # discovery mode if a default MRK Region is not configured the AWS SDK // # Default Region MUST be used. discoveryMrkRegion_ == null ? defaultRegion_ : discoveryMrkRegion_); } /** * Builds the master key provider in Discovery Mode with a {@link DiscoveryFilter}. In Discovery * Mode the KMS Master Key Provider will attempt to decrypt using any key identifier it * discovers in the encrypted message that is accepted by the {@code filter}. KMS Master Key * Providers in Discovery Mode will not encrypt data keys. * * @see KmsMasterKeyProvider.Builder#buildDiscovery(DiscoveryFilter) */ public AwsKmsMrkAwareMasterKeyProvider buildDiscovery(DiscoveryFilter filter) { discoveryFilter_ = filter; return buildDiscovery(); } /** * Builds the master key provider in Strict Mode. KMS Master Key Providers in Strict Mode will * only attempt to decrypt using key ARNs listed in {@code keyIds}. KMS Master Key Providers in * Strict Mode will encrypt data keys using the keys listed in {@code keyIds} * *

In Strict Mode, one or more CMKs must be provided. For Master Key Providers that will only * be used for encryption, you can use any valid KMS key identifier. For providers that will be * used for decryption, you must use the key ARN; key ids, alias names, and alias ARNs are not * supported. * * @see KmsMasterKeyProvider.Builder#buildStrict(List) */ public AwsKmsMrkAwareMasterKeyProvider buildStrict(List keyIds) { final boolean isDiscovery = false; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -