in src/main/java/com/amazonaws/encryptionsdk/kmssdkv2/KmsMasterKey.java [83:114]
public DataKey<KmsMasterKey> generateDataKey(
final CryptoAlgorithm algorithm, final Map<String, String> encryptionContext) {
final GenerateDataKeyResponse gdkResponse =
clientSupplier_
.get()
.generateDataKey(
GenerateDataKeyRequest.builder()
.overrideConfiguration(API_NAME_INTERCEPTOR)
.keyId(getKeyId())
.numberOfBytes(algorithm.getDataKeyLength())
.encryptionContext(encryptionContext)
.grantTokens(grantTokens_)
.build());
final ByteBuffer plaintextBuffer = gdkResponse.plaintext().asByteBuffer();
if (plaintextBuffer.limit() != algorithm.getDataKeyLength()) {
throw new IllegalStateException("Received an unexpected number of bytes from KMS");
}
final byte[] rawKey = new byte[algorithm.getDataKeyLength()];
plaintextBuffer.get(rawKey);
final ByteBuffer ciphertextBlobBuffer = gdkResponse.ciphertextBlob().asByteBuffer();
final byte[] encryptedKey = new byte[ciphertextBlobBuffer.remaining()];
ciphertextBlobBuffer.get(encryptedKey);
final String gdkResponseKeyId = gdkResponse.keyId();
final SecretKeySpec key = new SecretKeySpec(rawKey, algorithm.getDataKeyAlgo());
return new DataKey<>(
key, encryptedKey, gdkResponseKeyId.getBytes(StandardCharsets.UTF_8), this);
}