src/main/java/com/amazonaws/encryptionsdk/kms/AwsKmsMrkAwareMasterKey.java [254:294]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - throw new AwsCryptoException(asex); } } /** * Will attempt to decrypt if awsKmsArnMatchForDecrypt returns true in {@link * AwsKmsMrkAwareMasterKey#filterEncryptedDataKeys(String, AwsKmsCmkArnInfo, EncryptedDataKey)}. * An extension of {@link KmsMasterKey#decryptDataKey(CryptoAlgorithm, Collection, Map)} but with * an awareness of the properties of multi-Region keys. */ @Override // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.9 // # The inputs MUST be the same as the Master Key Decrypt Data Key // # (../master-key-interface.md#decrypt-data-key) interface. public DataKey decryptDataKey( final CryptoAlgorithm algorithm, final Collection encryptedDataKeys, final Map encryptionContext) throws AwsCryptoException { final List exceptions = new ArrayList<>(); final String providerId = this.getProviderId(); return encryptedDataKeys.stream() // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.9 // # The set of encrypted data keys MUST first be filtered to match this // # master key's configuration. .filter(edk -> filterEncryptedDataKeys(providerId, awsKmsIdentifier_, edk)) // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.9 // # For each encrypted data key in the filtered set, one at a time, the // # master key MUST attempt to decrypt the data key. .map( edk -> { try { return decryptSingleEncryptedDataKey( this, kmsClient_, awsKmsIdentifier_, grantTokens_, algorithm, edk, encryptionContext); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - src/main/java/com/amazonaws/encryptionsdk/kmssdkv2/AwsKmsMrkAwareMasterKey.java [263:303]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - throw new AwsCryptoException(asex); } } /** * Will attempt to decrypt if awsKmsArnMatchForDecrypt returns true in {@link * AwsKmsMrkAwareMasterKey#filterEncryptedDataKeys(String, String, EncryptedDataKey)}. An * extension of {@link KmsMasterKey#decryptDataKey(CryptoAlgorithm, Collection, Map)} but with an * awareness of the properties of multi-Region keys. */ @Override // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.9 // # The inputs MUST be the same as the Master Key Decrypt Data Key // # (../master-key-interface.md#decrypt-data-key) interface. public DataKey decryptDataKey( final CryptoAlgorithm algorithm, final Collection encryptedDataKeys, final Map encryptionContext) throws AwsCryptoException { final List exceptions = new ArrayList<>(); final String providerId = this.getProviderId(); return encryptedDataKeys.stream() // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.9 // # The set of encrypted data keys MUST first be filtered to match this // # master key's configuration. .filter(edk -> filterEncryptedDataKeys(providerId, awsKmsIdentifier_, edk)) // = compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.9 // # For each encrypted data key in the filtered set, one at a time, the // # master key MUST attempt to decrypt the data key. .map( edk -> { try { return decryptSingleEncryptedDataKey( this, kmsClient_, awsKmsIdentifier_, grantTokens_, algorithm, edk, encryptionContext); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -