public static MasterKeyProvider createMasterKeyProvider()

in TestVectors/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/encryptionsdk/wrapped/KeyringToMasterKeyProvider.java [62:182]

• 106 lines of code
• 17 McCabe index (conditional complexity)

  public static MasterKeyProvider<?> createMasterKeyProvider(IKeyring keyring) {
    if (keyring == null) {
      throw new IllegalArgumentException("Keyring cannot be null");
    }

    if (keyring instanceof AwsKmsKeyring) {
      // TODO: Get KMS Client if present for later
      // TODO: Get Grant Token if present for later
      AwsKmsKeyring kmsKeyring = (AwsKmsKeyring) keyring;
      String kmsKeyArn = String(kmsKeyring.awsKmsKey());
      return KmsMasterKeyProvider.builder().buildStrict(kmsKeyArn);
    } else if (keyring instanceof AwsKmsMrkKeyring) {
      // TODO: Get KMS Client if present for later
      // TODO: Get Grant Token if present for later
      AwsKmsMrkKeyring mrkKeyring = (AwsKmsMrkKeyring) keyring;
      String kmsKeyArn = String(mrkKeyring.awsKmsKey());
      return AwsKmsMrkAwareMasterKeyProvider
        .builder()
        .buildStrict(Collections.singletonList(kmsKeyArn));
    } else if (keyring instanceof AwsKmsDiscoveryKeyring) {
      AwsKmsDiscoveryKeyring discoveryKeyring =
        (AwsKmsDiscoveryKeyring) keyring;
      // TODO: Why is there always a discovery filter? Is there always a Discovery Filter?
      if (discoveryKeyring.discoveryFilter().is_Some()) {
        software.amazon.cryptography.materialproviders.model.DiscoveryFilter mplFilter =
          ToNative.DiscoveryFilter(
            discoveryKeyring.discoveryFilter().dtor_value()
          );
        return KmsMasterKeyProvider
          .builder()
          .buildDiscovery(
            new DiscoveryFilter(mplFilter.partition(), mplFilter.accountIds())
          );
      }
      return KmsMasterKeyProvider.builder().buildDiscovery();
    } else if (keyring instanceof AwsKmsMrkDiscoveryKeyring) {
      AwsKmsMrkDiscoveryKeyring mrkDiscoveryKeyring =
        (AwsKmsMrkDiscoveryKeyring) keyring;
      String mrkRegion = String(mrkDiscoveryKeyring.region());
      if (mrkDiscoveryKeyring.discoveryFilter().is_Some()) {
        software.amazon.cryptography.materialproviders.model.DiscoveryFilter mplFilter =
          ToNative.DiscoveryFilter(
            mrkDiscoveryKeyring.discoveryFilter().dtor_value()
          );
        return AwsKmsMrkAwareMasterKeyProvider
          .builder()
          .discoveryMrkRegion(Region.of(mrkRegion))
          .buildDiscovery(
            new DiscoveryFilter(mplFilter.partition(), mplFilter.accountIds())
          );
      }
      return AwsKmsMrkAwareMasterKeyProvider
        .builder()
        .discoveryMrkRegion(Region.of(mrkRegion))
        .buildDiscovery();
    } else if (keyring instanceof RawAESKeyring) {
      RawAESKeyring aesKeyring = (RawAESKeyring) keyring;
      ByteBuffer keyByteBuffer = ByteBuffer(aesKeyring.wrappingKey());
      ByteBuffer provider = ByteBuffer(aesKeyring.keyNamespace());
      ByteBuffer keyId = ByteBuffer(aesKeyring.keyName());

      return JceMasterKey.getInstance(
        new SecretKeySpec(keyByteBuffer.array(), "AES"),
        new String(provider.array(), StandardCharsets.UTF_8),
        new String(keyId.array(), StandardCharsets.UTF_8),
        "AES/GCM/NOPADDING"
      );
    } else if (keyring instanceof RawRSAKeyring) {
      RawRSAKeyring rsaKeyring = (RawRSAKeyring) keyring;

      PublicKey wrappingKey = null;
      PrivateKey unwrappingKey = null;
      ByteBuffer provider = ByteBuffer(rsaKeyring.keyNamespace());
      ByteBuffer keyId = ByteBuffer(rsaKeyring.keyName());
      if (rsaKeyring.publicKey().is_Some()) {
        wrappingKey =
          getPublicKeyFromPEM(ByteBuffer(rsaKeyring.publicKey().dtor_value()));
      }
      if (rsaKeyring.privateKey().is_Some()) {
        unwrappingKey =
          getPrivateKeyFromPEM(
            ByteBuffer(rsaKeyring.privateKey().dtor_value())
          );
      }
      String rsaWrappingAlg = getRsaWrappingAlg(rsaKeyring.paddingScheme());
      if (wrappingKey == null && unwrappingKey == null) {
        throw new NoSuchMasterKeyException(
          "No Public Key or Private found to encrypt/decrypt with Master Key."
        );
      }

      return JceMasterKey.getInstance(
        wrappingKey,
        unwrappingKey,
        new String(provider.array(), StandardCharsets.UTF_8),
        new String(keyId.array(), StandardCharsets.UTF_8),
        rsaWrappingAlg
      );
    } else if (keyring instanceof MultiKeyring) {
      MultiKeyring multiKeyring = (MultiKeyring) keyring;
      List<MasterKeyProvider<?>> providers = new ArrayList<>();

      // Convert generator keyring if present
      if (multiKeyring.generatorKeyring().is_Some()) {
        providers.add(
          createMasterKeyProvider(multiKeyring.generatorKeyring().dtor_value())
        );
      }

      // Convert child keyrings
      for (IKeyring child : multiKeyring.childKeyrings()) {
        providers.add(createMasterKeyProvider(child));
      }
      return MultipleProviderFactory.buildMultiProvider(providers);
    } else {
      // Log keyring that are not supported by Master Key Provider (MKP)
      // These keyring will be skipped from conversion.
      System.out.println("Keyring: " + keyring.getClass().getName());
      return null;
    }
  }