Package com.amazonaws.services.s3.model
Class CryptoConfiguration
- java.lang.Object
-
- com.amazonaws.services.s3.model.CryptoConfiguration
-
- All Implemented Interfaces:
Serializable
,Cloneable
public class CryptoConfiguration extends Object implements Cloneable, Serializable
Stores configuration parameters that will be used during encryption and decryption by the Amazon S3 Encryption Client. With this object, you can set the encryption client to use Instruction Files or Object Metadata for storing encryption information. You can also specify your own crypto provider to be used during encryption and decryption.- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description CryptoConfiguration()
Creates a new CryptoConfiguration object with default storage mode and crypto provider settings.CryptoConfiguration(CryptoMode cryptoMode)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description CryptoConfiguration
clone()
Region
getAwsKmsRegion()
Returns the the KMS region explicitly specified for the AWS KMS client when such client is internally instantiated; or null if no explicit KMS region is specified.CryptoMode
getCryptoMode()
Returns the optionally specified crypto mode applicable only to the S3 encryption client; or null.Provider
getCryptoProvider()
Returns the crypto provider whose encryption implementation will be used to encrypt and decrypt data.Regions
getKmsRegion()
Deprecated.CryptoStorageMode
getStorageMode()
Returns the current storage mode of a CryptoConfiguration object.boolean
isIgnoreMissingInstructionFile()
Returns true to ignore instruction file that cannot be found during a GET operation; false otherwise.boolean
isReadOnly()
CryptoConfiguration
readOnly()
Returns a read-only copy of this configuration.void
setAwsKmsRegion(Region awsKmsRegion)
Sets the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.void
setCryptoMode(CryptoMode cryptoMode)
Sets the crypto mode; applicable only to the S3 encryption client.void
setCryptoProvider(Provider cryptoProvider)
Sets the crypto provider to the specified provider.void
setIgnoreMissingInstructionFile(boolean ignoreMissingInstructionFile)
void
setKmsRegion(Regions kmsRegion)
Deprecated.void
setStorageMode(CryptoStorageMode storageMode)
Sets the storage mode to the specified mode.CryptoConfiguration
withAwsKmsRegion(Region awsKmsRegion)
Fluent API for setting the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.CryptoConfiguration
withCryptoMode(CryptoMode cryptoMode)
Fluent API to set the crypto mode; applicable only to the S3 encryption client.CryptoConfiguration
withCryptoProvider(Provider cryptoProvider)
Sets the crypto provider to the specified provider, and returns the updated CryptoConfiguration object.CryptoConfiguration
withIgnoreMissingInstructionFile(boolean ignoreMissingInstructionFile)
Fluent API to set the property to ignore instruction file that cannot be found during a GET operation.CryptoConfiguration
withKmsRegion(Regions kmsRegion)
Deprecated.CryptoConfiguration
withStorageMode(CryptoStorageMode storageMode)
Sets the storage mode to the specified mode, and returns the updated CryptoConfiguration object.
-
-
-
Constructor Detail
-
CryptoConfiguration
public CryptoConfiguration()
Creates a new CryptoConfiguration object with default storage mode and crypto provider settings. The default storage mode is the Object Metadata storage mode, and the default crypto provider is the JCE provider.
-
CryptoConfiguration
public CryptoConfiguration(CryptoMode cryptoMode)
- Parameters:
cryptoMode
- cryptographic mode to be used- Throws:
UnsupportedOperationException
- if the necessary security provider cannot be found or the necessary cryptographic operations are not supported for the specified crypto mode.
-
-
Method Detail
-
setStorageMode
public void setStorageMode(CryptoStorageMode storageMode)
Sets the storage mode to the specified mode.- Parameters:
storageMode
- The storage mode to be used for storing encryption information.
-
withStorageMode
public CryptoConfiguration withStorageMode(CryptoStorageMode storageMode)
Sets the storage mode to the specified mode, and returns the updated CryptoConfiguration object.- Parameters:
storageMode
- The storage mode to be used for storing encryption information.- Returns:
- The updated CryptoConfiguration object.
-
getStorageMode
public CryptoStorageMode getStorageMode()
Returns the current storage mode of a CryptoConfiguration object.- Returns:
- The storage mode to be used for storing encryption information.
-
setCryptoProvider
public void setCryptoProvider(Provider cryptoProvider)
Sets the crypto provider to the specified provider.- Parameters:
cryptoProvider
- The crypto provider whose encryption implementation will be used to encrypt and decrypt data.
-
withCryptoProvider
public CryptoConfiguration withCryptoProvider(Provider cryptoProvider)
Sets the crypto provider to the specified provider, and returns the updated CryptoConfiguration object.- Parameters:
cryptoProvider
- The crypto provider whose encryption implementation will be used to encrypt and decrypt data.- Returns:
- The updated CryptoConfiguration object.
-
getCryptoProvider
public Provider getCryptoProvider()
Returns the crypto provider whose encryption implementation will be used to encrypt and decrypt data.- Returns:
- the crypto provider whose encryption implementation will be used to encrypt and decrypt data.
-
getCryptoMode
public CryptoMode getCryptoMode()
Returns the optionally specified crypto mode applicable only to the S3 encryption client; or null. This attribute is ignored if the S3 encryption client is not in use.
-
setCryptoMode
public void setCryptoMode(CryptoMode cryptoMode) throws UnsupportedOperationException
Sets the crypto mode; applicable only to the S3 encryption client.- Throws:
UnsupportedOperationException
- if the necessary security provider cannot be found or the necessary cryptographic operations are not supported for the specified crypto mode. Note the crypto mode can and will still (intentionally) be set in such case, and it's up to the caller to decide what to do about it.
-
withCryptoMode
public CryptoConfiguration withCryptoMode(CryptoMode cryptoMode) throws UnsupportedOperationException
Fluent API to set the crypto mode; applicable only to the S3 encryption client.- Throws:
UnsupportedOperationException
- if the necessary security provider cannot be found or the necessary cryptographic operations are not supported for the specified crypto mode.Note the crypto mode can and will still (intentionally) be set in such case, and it's up to the caller to decide what to do about it.
-
isIgnoreMissingInstructionFile
public boolean isIgnoreMissingInstructionFile()
Returns true to ignore instruction file that cannot be found during a GET operation; false otherwise. Default is true. This property is ignored if the crypto mode isCryptoMode.StrictAuthenticatedEncryption
where missing instruction file would always cause security exception.
-
setIgnoreMissingInstructionFile
public void setIgnoreMissingInstructionFile(boolean ignoreMissingInstructionFile)
- Parameters:
ignoreMissingInstructionFile
- true to ignore instruction file that cannot be found during a GET operation; false otherwise. Default is true. This property is ignored if the crypto mode isCryptoMode.StrictAuthenticatedEncryption
where missing instruction file would always cause security exception.
-
withIgnoreMissingInstructionFile
public CryptoConfiguration withIgnoreMissingInstructionFile(boolean ignoreMissingInstructionFile)
Fluent API to set the property to ignore instruction file that cannot be found during a GET operation.
-
isReadOnly
public boolean isReadOnly()
-
readOnly
public CryptoConfiguration readOnly()
Returns a read-only copy of this configuration.
-
clone
public CryptoConfiguration clone()
-
getKmsRegion
@Deprecated public Regions getKmsRegion()
Deprecated.Returns the the KMS region explicitly specified for the AWS KMS client when such client is internally instantiated; or null if no explicit KMS region is specified. This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
-
setKmsRegion
@Deprecated public void setKmsRegion(Regions kmsRegion)
Deprecated.Sets the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
-
withKmsRegion
@Deprecated public CryptoConfiguration withKmsRegion(Regions kmsRegion)
Deprecated.Fluent API for setting the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
-
getAwsKmsRegion
public Region getAwsKmsRegion()
Returns the the KMS region explicitly specified for the AWS KMS client when such client is internally instantiated; or null if no explicit KMS region is specified. This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
-
setAwsKmsRegion
public void setAwsKmsRegion(Region awsKmsRegion)
Sets the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
-
withAwsKmsRegion
public CryptoConfiguration withAwsKmsRegion(Region awsKmsRegion)
Fluent API for setting the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
-
-