public class CryptoConfigurationV2 extends Object implements Cloneable, Serializable
AmazonS3EncryptionClientV2
.
Note: The withAwsKmsRegion(Region)
parameter only affects the internally instantiated KMS client that
is created by default, not an external client added through AmazonS3EncryptionClientV2Builder.withKmsClient(AWSKMS)
.
The internal KMS client is instantiated even if the user supply their own encryption materials and do not call KMS.
Constructor and Description |
---|
CryptoConfigurationV2()
Creates a new CryptoConfiguration object with default crypto mode,
CryptoMode.StrictAuthenticatedEncryption . |
CryptoConfigurationV2(CryptoMode cryptoMode)
Creates a new CryptoConfiguration object with default storage mode and
crypto provider settings.
|
Modifier and Type | Method and Description |
---|---|
CryptoConfigurationV2 |
clone() |
boolean |
getAlwaysUseCryptoProvider()
Returns true if the specified crypto provider should be used in all cases.
|
Region |
getAwsKmsRegion()
Returns the the KMS region explicitly specified for the Amazon Web Services KMS client
when such client is internally instantiated; or null if no explicit KMS
region is specified.
|
CryptoMode |
getCryptoMode()
Returns the optionally specified crypto mode applicable only to the S3
encryption client; or null.
|
Provider |
getCryptoProvider()
Returns the crypto provider whose encryption implementation will be used
to encrypt and decrypt data.
|
CryptoRangeGetMode |
getRangeGetMode() |
SecureRandom |
getSecureRandom()
Returns the SecureRandom instance that will be used to generate
cryptographic parameters.
|
CryptoStorageMode |
getStorageMode()
Returns the current storage mode of a CryptoConfiguration object.
|
boolean |
isReadOnly() |
boolean |
isUnsafeUndecryptableObjectPassthrough()
Returns true to pass through (download) an encrypted object without decrypting
it during a GET operation, if no encryption metadata is found for the object; false otherwise.
|
CryptoConfigurationV2 |
readOnly()
Returns a read-only copy of this configuration.
|
void |
setAlwaysUseCryptoProvider(boolean value)
Sets whether the specified crypto provider should be used in all cases.
|
void |
setAwsKmsRegion(Region awsKmsRegion)
Sets the KMS region for the Amazon Web Services KMS client when such client is internally
instantiated instead of externally passed in by users; or null if no
explicit KMS region is explicitly configured.This KMS region parameter is
ignored when the Amazon Web Services KMS client of the S3 encryption client is explicitly
passed in by the users, instead of being implicitly created.
|
void |
setCryptoMode(CryptoMode cryptoMode)
Sets the crypto mode; applicable only to the S3 encryption client.
|
void |
setCryptoProvider(Provider cryptoProvider)
Sets the crypto provider to the specified provider.
|
void |
setRangeGetMode(CryptoRangeGetMode rangeGetMode)
An optional parameter specifying the behavior of the client when a GetObjectRequest is made that includes a range
or part number.
|
void |
setSecureRandom(SecureRandom secureRandom)
Sets the secure random instance to use for generating cryptographic
parameters.
|
void |
setStorageMode(CryptoStorageMode storageMode)
Sets the storage mode to the specified mode.
|
void |
setUnsafeUndecryptableObjectPassthrough(boolean unsafeUndecryptableObjectPassthrough)
Set the property to to pass through (download) an encrypted object without decrypting
it during a GET operation, if no encryption metadata is found for the object.
|
CryptoConfigurationV2 |
withAlwaysUseCryptoProvider(boolean value)
Sets whether the specified crypto provider should be used in all cases.
|
CryptoConfigurationV2 |
withAwsKmsRegion(Region awsKmsRegion)
Fluent API for setting the KMS region for the Amazon Web Services KMS client when such
client is internally instantiated instead of externally passed in by
users; or null if no explicit KMS region is explicitly configured.This
KMS region parameter is ignored when the Amazon Web Services KMS client of the S3
encryption client is explicitly passed in by the users, instead of being
implicitly created.
|
CryptoConfigurationV2 |
withCryptoMode(CryptoMode cryptoMode)
Fluent API to set the crypto mode; applicable only to the S3 encryption
client.
|
CryptoConfigurationV2 |
withCryptoProvider(Provider cryptoProvider)
Sets the crypto provider to the specified provider, and returns the
updated CryptoConfiguration object.
|
CryptoConfigurationV2 |
withRangeGetMode(CryptoRangeGetMode rangeGetMode)
An optional parameter specifying the behavior of the client a GetObjectRequest is made for only part of an object.
|
CryptoConfigurationV2 |
withSecureRandom(SecureRandom secureRandom)
Sets the secure random instance to use for generating cryptographic
parameters, and returns this object.
|
CryptoConfigurationV2 |
withStorageMode(CryptoStorageMode storageMode)
Sets the storage mode to the specified mode, and returns the updated
CryptoConfiguration object.
|
CryptoConfigurationV2 |
withUnsafeUndecryptableObjectPassthrough(boolean unsafeUndecryptableObjectPassthrough)
Fluent API to set the property to to pass through (download) an encrypted object without decrypting
it during a GET operation, if no encryption metadata is found for the object.
|
public CryptoConfigurationV2()
CryptoMode.StrictAuthenticatedEncryption
.public CryptoConfigurationV2(CryptoMode cryptoMode)
CryptoMode.EncryptionOnly
. Attempts to use that mode will result in
an exception.cryptoMode
- cryptographic mode to be usedUnsupportedOperationException
- if the necessary security provider cannot be found, the
necessary cryptographic operations are not supported for the
specified crypto mode or an unsupported crypto mode is suppliedpublic void setStorageMode(CryptoStorageMode storageMode)
storageMode
- The storage mode to be used for storing encryption
information.public CryptoConfigurationV2 withStorageMode(CryptoStorageMode storageMode)
storageMode
- The storage mode to be used for storing encryption
information.public CryptoStorageMode getStorageMode()
public void setCryptoProvider(Provider cryptoProvider)
cryptoProvider
- The crypto provider whose encryption implementation will be
used to encrypt and decrypt data.public CryptoConfigurationV2 withCryptoProvider(Provider cryptoProvider)
cryptoProvider
- The crypto provider whose encryption implementation will be
used to encrypt and decrypt data.public Provider getCryptoProvider()
public void setAlwaysUseCryptoProvider(boolean value)
public CryptoConfigurationV2 withAlwaysUseCryptoProvider(boolean value)
public boolean getAlwaysUseCryptoProvider()
public SecureRandom getSecureRandom()
public void setSecureRandom(SecureRandom secureRandom)
public CryptoConfigurationV2 withSecureRandom(SecureRandom secureRandom)
public CryptoMode getCryptoMode()
public void setCryptoMode(CryptoMode cryptoMode) throws UnsupportedOperationException
UnsupportedOperationException
- if the necessary security provider cannot be found, the
necessary cryptographic operations are not supported for the
specified crypto mode or an unsupported crypto mode is supplied.public CryptoConfigurationV2 withCryptoMode(CryptoMode cryptoMode) throws UnsupportedOperationException
CryptoMode.EncryptionOnly
. Attempts to use that mode will result in
an exception.UnsupportedOperationException
- if the necessary security provider cannot be found, the
necessary cryptographic operations are not supported for the
specified crypto mode or an unsupported crypto mode is supplied.public boolean isUnsafeUndecryptableObjectPassthrough()
public void setUnsafeUndecryptableObjectPassthrough(boolean unsafeUndecryptableObjectPassthrough)
CryptoMode.StrictAuthenticatedEncryption
crypto mode configured.unsafeUndecryptableObjectPassthrough
- unsafeUndecryptableObjectPassthrough to setpublic CryptoConfigurationV2 withUnsafeUndecryptableObjectPassthrough(boolean unsafeUndecryptableObjectPassthrough)
CryptoMode.StrictAuthenticatedEncryption
crypto mode configured.public Region getAwsKmsRegion()
public void setAwsKmsRegion(Region awsKmsRegion)
public CryptoConfigurationV2 withAwsKmsRegion(Region awsKmsRegion)
public CryptoConfigurationV2 withRangeGetMode(CryptoRangeGetMode rangeGetMode)
Range gets do not provide authenticated encryption properties even when used with an authenticated mode (AES-GCM).
By default, range gets are disabled.
rangeGetMode
- The range get mode.public void setRangeGetMode(CryptoRangeGetMode rangeGetMode)
Range gets do not provide authenticated encryption properties even when used with an authenticated mode (AES-GCM).
By default, range gets are disabled.
rangeGetMode
- The range get mode.public CryptoRangeGetMode getRangeGetMode()
public boolean isReadOnly()
public CryptoConfigurationV2 readOnly()
public CryptoConfigurationV2 clone()