src/main/java/com/amazonaws/encryptionsdk/kms/AwsKmsMrkAwareMasterKey.java [75:150]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - final MasterKeyProvider provider) { // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.6 // # The AWS KMS key identifier MUST NOT be null or empty. // // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.6 // # The AWS KMS // # key identifier MUST be a valid identifier (aws-kms-key-arn.md#a- // # valid-aws-kms-identifier). validAwsKmsIdentifier(awsKmsIdentifier); // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.6 // # The AWS KMS SDK client MUST not be null. if (kmsClient == null) { throw new IllegalArgumentException( "AwsKmsMrkAwareMasterKey must be configured with an AWS KMS client."); } if (provider == null) { throw new IllegalArgumentException( "AwsKmsMrkAwareMasterKey must be configured with a source provider."); } kmsClient_ = kmsClient; awsKmsIdentifier_ = awsKmsIdentifier; sourceProvider_ = provider; } @Override public String getProviderId() { return sourceProvider_.getDefaultProviderId(); } @Override public String getKeyId() { return awsKmsIdentifier_; } // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.6 // # The master key MUST be able to be configured with an optional list of // # Grant Tokens. // // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.6 // = type=exception // # This configuration SHOULD be on initialization and // # SHOULD be immutable. // The existing KMS Master Key // sets grants in this way, so we continue this interface. /** Clears and sets all grant tokens on this instance. This is not thread safe. */ @Override public void setGrantTokens(final List grantTokens) { grantTokens_.clear(); grantTokens_.addAll(grantTokens); } @Override public List getGrantTokens() { return grantTokens_; } @Override public void addGrantToken(final String grantToken) { grantTokens_.add(grantToken); } // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.10 // # The inputs MUST be the same as the Master Key Generate Data Key // # (../master-key-interface.md#generate-data-key) interface. /** * This is identical behavior to * * @see KmsMasterKey#generateDataKey(CryptoAlgorithm, Map) */ @Override public DataKey generateDataKey( final CryptoAlgorithm algorithm, final Map encryptionContext) { - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - src/main/java/com/amazonaws/encryptionsdk/kmssdkv2/AwsKmsMrkAwareMasterKey.java [73:149]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - final MasterKeyProvider provider) { // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.6 // # The AWS KMS key identifier MUST NOT be null or empty. // // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.6 // # The AWS KMS // # key identifier MUST be a valid identifier (aws-kms-key-arn.md#a- // # valid-aws-kms-identifier). validAwsKmsIdentifier(awsKmsIdentifier); // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.6 // # The AWS KMS SDK client MUST not be null. if (kmsClient == null) { throw new IllegalArgumentException( "AwsKmsMrkAwareMasterKey must be configured with an AWS KMS client."); } /* Precondition: A provider is required. */ if (provider == null) { throw new IllegalArgumentException( "AwsKmsMrkAwareMasterKey must be configured with a source provider."); } kmsClient_ = kmsClient; awsKmsIdentifier_ = awsKmsIdentifier; sourceProvider_ = provider; } @Override public String getProviderId() { return sourceProvider_.getDefaultProviderId(); } @Override public String getKeyId() { return awsKmsIdentifier_; } // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.6 // # The master key MUST be able to be configured with an optional list of // # Grant Tokens. // // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.6 // = type=exception // # This configuration SHOULD be on initialization and // # SHOULD be immutable. // The existing KMS Master Key // sets grants in this way, so we continue this interface. /** Clears and sets all grant tokens on this instance. This is not thread safe. */ @Override public void setGrantTokens(final List grantTokens) { grantTokens_.clear(); grantTokens_.addAll(grantTokens); } @Override public List getGrantTokens() { return grantTokens_; } @Override public void addGrantToken(final String grantToken) { grantTokens_.add(grantToken); } // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.10 // # The inputs MUST be the same as the Master Key Generate Data Key // # (../master-key-interface.md#generate-data-key) interface. /** * This is identical behavior to * * @see KmsMasterKey#generateDataKey(CryptoAlgorithm, Map) */ @Override public DataKey generateDataKey( final CryptoAlgorithm algorithm, final Map encryptionContext) { - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -