Class CryptoConfiguration

java.lang.Object
com.amazonaws.services.s3.model.CryptoConfiguration
All Implemented Interfaces:
Serializable, Cloneable

public class CryptoConfiguration extends Object implements Cloneable, Serializable
Stores configuration parameters that will be used during encryption and decryption by the Amazon S3 Encryption Client. With this object, you can set the encryption client to use Instruction Files or Object Metadata for storing encryption information. You can also specify your own crypto provider to be used during encryption and decryption.
See Also:
  • Constructor Details

    • CryptoConfiguration

      public CryptoConfiguration()
      Creates a new CryptoConfiguration object with default storage mode and crypto provider settings. The default storage mode is the Object Metadata storage mode, and the default crypto provider is the JCE provider.
    • CryptoConfiguration

      public CryptoConfiguration(CryptoMode cryptoMode)
      Parameters:
      cryptoMode - cryptographic mode to be used
      Throws:
      UnsupportedOperationException - if the necessary security provider cannot be found or the necessary cryptographic operations are not supported for the specified crypto mode.
  • Method Details

    • setStorageMode

      public void setStorageMode(CryptoStorageMode storageMode)
      Sets the storage mode to the specified mode.
      Parameters:
      storageMode - The storage mode to be used for storing encryption information.
    • withStorageMode

      public CryptoConfiguration withStorageMode(CryptoStorageMode storageMode)
      Sets the storage mode to the specified mode, and returns the updated CryptoConfiguration object.
      Parameters:
      storageMode - The storage mode to be used for storing encryption information.
      Returns:
      The updated CryptoConfiguration object.
    • getStorageMode

      public CryptoStorageMode getStorageMode()
      Returns the current storage mode of a CryptoConfiguration object.
      Returns:
      The storage mode to be used for storing encryption information.
    • setCryptoProvider

      public void setCryptoProvider(Provider cryptoProvider)
      Sets the crypto provider to the specified provider.
      Parameters:
      cryptoProvider - The crypto provider whose encryption implementation will be used to encrypt and decrypt data.
    • withCryptoProvider

      public CryptoConfiguration withCryptoProvider(Provider cryptoProvider)
      Sets the crypto provider to the specified provider, and returns the updated CryptoConfiguration object.
      Parameters:
      cryptoProvider - The crypto provider whose encryption implementation will be used to encrypt and decrypt data.
      Returns:
      The updated CryptoConfiguration object.
    • getCryptoProvider

      public Provider getCryptoProvider()
      Returns the crypto provider whose encryption implementation will be used to encrypt and decrypt data.
      Returns:
      the crypto provider whose encryption implementation will be used to encrypt and decrypt data.
    • getCryptoMode

      public CryptoMode getCryptoMode()
      Returns the optionally specified crypto mode applicable only to the S3 encryption client; or null. This attribute is ignored if the S3 encryption client is not in use.
    • setCryptoMode

      public void setCryptoMode(CryptoMode cryptoMode) throws UnsupportedOperationException
      Sets the crypto mode; applicable only to the S3 encryption client.
      Throws:
      UnsupportedOperationException - if the necessary security provider cannot be found or the necessary cryptographic operations are not supported for the specified crypto mode. Note the crypto mode can and will still (intentionally) be set in such case, and it's up to the caller to decide what to do about it.
    • withCryptoMode

      public CryptoConfiguration withCryptoMode(CryptoMode cryptoMode) throws UnsupportedOperationException
      Fluent API to set the crypto mode; applicable only to the S3 encryption client.
      Throws:
      UnsupportedOperationException - if the necessary security provider cannot be found or the necessary cryptographic operations are not supported for the specified crypto mode.Note the crypto mode can and will still (intentionally) be set in such case, and it's up to the caller to decide what to do about it.
    • isIgnoreMissingInstructionFile

      public boolean isIgnoreMissingInstructionFile()
      Returns true to ignore instruction file that cannot be found during a GET operation; false otherwise. Default is true. This property is ignored if the crypto mode is CryptoMode.StrictAuthenticatedEncryption where missing instruction file would always cause security exception.
    • setIgnoreMissingInstructionFile

      public void setIgnoreMissingInstructionFile(boolean ignoreMissingInstructionFile)
      Parameters:
      ignoreMissingInstructionFile - true to ignore instruction file that cannot be found during a GET operation; false otherwise. Default is true. This property is ignored if the crypto mode is CryptoMode.StrictAuthenticatedEncryption where missing instruction file would always cause security exception.
    • withIgnoreMissingInstructionFile

      public CryptoConfiguration withIgnoreMissingInstructionFile(boolean ignoreMissingInstructionFile)
      Fluent API to set the property to ignore instruction file that cannot be found during a GET operation.
    • isReadOnly

      public boolean isReadOnly()
    • readOnly

      public CryptoConfiguration readOnly()
      Returns a read-only copy of this configuration.
    • clone

      public CryptoConfiguration clone()
      Overrides:
      clone in class Object
    • getKmsRegion

      @Deprecated public Regions getKmsRegion()
      Deprecated.
      Returns the the KMS region explicitly specified for the AWS KMS client when such client is internally instantiated; or null if no explicit KMS region is specified. This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
    • setKmsRegion

      @Deprecated public void setKmsRegion(Regions kmsRegion)
      Deprecated.
      Sets the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
    • withKmsRegion

      @Deprecated public CryptoConfiguration withKmsRegion(Regions kmsRegion)
      Deprecated.
      Fluent API for setting the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
    • getAwsKmsRegion

      public Region getAwsKmsRegion()
      Returns the the KMS region explicitly specified for the AWS KMS client when such client is internally instantiated; or null if no explicit KMS region is specified. This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
    • setAwsKmsRegion

      public void setAwsKmsRegion(Region awsKmsRegion)
      Sets the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
    • withAwsKmsRegion

      public CryptoConfiguration withAwsKmsRegion(Region awsKmsRegion)
      Fluent API for setting the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.