Package com.amazonaws.services.s3.model
Class CryptoConfiguration
java.lang.Object
com.amazonaws.services.s3.model.CryptoConfiguration
- All Implemented Interfaces:
Serializable
,Cloneable
Stores configuration parameters that will be used during encryption and
decryption by the Amazon S3 Encryption Client. With this object, you can set
the encryption client to use Instruction Files or Object Metadata for storing
encryption information. You can also specify your own crypto provider to be
used during encryption and decryption.
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionCreates a new CryptoConfiguration object with default storage mode and crypto provider settings.CryptoConfiguration
(CryptoMode cryptoMode) -
Method Summary
Modifier and TypeMethodDescriptionclone()
Returns the the KMS region explicitly specified for the AWS KMS client when such client is internally instantiated; or null if no explicit KMS region is specified.Returns the optionally specified crypto mode applicable only to the S3 encryption client; or null.Returns the crypto provider whose encryption implementation will be used to encrypt and decrypt data.Deprecated.Returns the current storage mode of a CryptoConfiguration object.boolean
Returns true to ignore instruction file that cannot be found during a GET operation; false otherwise.boolean
readOnly()
Returns a read-only copy of this configuration.void
setAwsKmsRegion
(Region awsKmsRegion) Sets the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.void
setCryptoMode
(CryptoMode cryptoMode) Sets the crypto mode; applicable only to the S3 encryption client.void
setCryptoProvider
(Provider cryptoProvider) Sets the crypto provider to the specified provider.void
setIgnoreMissingInstructionFile
(boolean ignoreMissingInstructionFile) void
setKmsRegion
(Regions kmsRegion) Deprecated.void
setStorageMode
(CryptoStorageMode storageMode) Sets the storage mode to the specified mode.withAwsKmsRegion
(Region awsKmsRegion) Fluent API for setting the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.withCryptoMode
(CryptoMode cryptoMode) Fluent API to set the crypto mode; applicable only to the S3 encryption client.withCryptoProvider
(Provider cryptoProvider) Sets the crypto provider to the specified provider, and returns the updated CryptoConfiguration object.withIgnoreMissingInstructionFile
(boolean ignoreMissingInstructionFile) Fluent API to set the property to ignore instruction file that cannot be found during a GET operation.withKmsRegion
(Regions kmsRegion) Deprecated.withStorageMode
(CryptoStorageMode storageMode) Sets the storage mode to the specified mode, and returns the updated CryptoConfiguration object.
-
Constructor Details
-
CryptoConfiguration
public CryptoConfiguration()Creates a new CryptoConfiguration object with default storage mode and crypto provider settings. The default storage mode is the Object Metadata storage mode, and the default crypto provider is the JCE provider. -
CryptoConfiguration
- Parameters:
cryptoMode
- cryptographic mode to be used- Throws:
UnsupportedOperationException
- if the necessary security provider cannot be found or the necessary cryptographic operations are not supported for the specified crypto mode.
-
-
Method Details
-
setStorageMode
Sets the storage mode to the specified mode.- Parameters:
storageMode
- The storage mode to be used for storing encryption information.
-
withStorageMode
Sets the storage mode to the specified mode, and returns the updated CryptoConfiguration object.- Parameters:
storageMode
- The storage mode to be used for storing encryption information.- Returns:
- The updated CryptoConfiguration object.
-
getStorageMode
Returns the current storage mode of a CryptoConfiguration object.- Returns:
- The storage mode to be used for storing encryption information.
-
setCryptoProvider
Sets the crypto provider to the specified provider.- Parameters:
cryptoProvider
- The crypto provider whose encryption implementation will be used to encrypt and decrypt data.
-
withCryptoProvider
Sets the crypto provider to the specified provider, and returns the updated CryptoConfiguration object.- Parameters:
cryptoProvider
- The crypto provider whose encryption implementation will be used to encrypt and decrypt data.- Returns:
- The updated CryptoConfiguration object.
-
getCryptoProvider
Returns the crypto provider whose encryption implementation will be used to encrypt and decrypt data.- Returns:
- the crypto provider whose encryption implementation will be used to encrypt and decrypt data.
-
getCryptoMode
Returns the optionally specified crypto mode applicable only to the S3 encryption client; or null. This attribute is ignored if the S3 encryption client is not in use. -
setCryptoMode
Sets the crypto mode; applicable only to the S3 encryption client.- Throws:
UnsupportedOperationException
- if the necessary security provider cannot be found or the necessary cryptographic operations are not supported for the specified crypto mode. Note the crypto mode can and will still (intentionally) be set in such case, and it's up to the caller to decide what to do about it.
-
withCryptoMode
public CryptoConfiguration withCryptoMode(CryptoMode cryptoMode) throws UnsupportedOperationException Fluent API to set the crypto mode; applicable only to the S3 encryption client.- Throws:
UnsupportedOperationException
- if the necessary security provider cannot be found or the necessary cryptographic operations are not supported for the specified crypto mode.Note the crypto mode can and will still (intentionally) be set in such case, and it's up to the caller to decide what to do about it.
-
isIgnoreMissingInstructionFile
public boolean isIgnoreMissingInstructionFile()Returns true to ignore instruction file that cannot be found during a GET operation; false otherwise. Default is true. This property is ignored if the crypto mode isCryptoMode.StrictAuthenticatedEncryption
where missing instruction file would always cause security exception. -
setIgnoreMissingInstructionFile
public void setIgnoreMissingInstructionFile(boolean ignoreMissingInstructionFile) - Parameters:
ignoreMissingInstructionFile
- true to ignore instruction file that cannot be found during a GET operation; false otherwise. Default is true. This property is ignored if the crypto mode isCryptoMode.StrictAuthenticatedEncryption
where missing instruction file would always cause security exception.
-
withIgnoreMissingInstructionFile
Fluent API to set the property to ignore instruction file that cannot be found during a GET operation. -
isReadOnly
public boolean isReadOnly() -
readOnly
Returns a read-only copy of this configuration. -
clone
-
getKmsRegion
Deprecated.Returns the the KMS region explicitly specified for the AWS KMS client when such client is internally instantiated; or null if no explicit KMS region is specified. This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created. -
setKmsRegion
Deprecated.Sets the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created. -
withKmsRegion
Deprecated.Fluent API for setting the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created. -
getAwsKmsRegion
Returns the the KMS region explicitly specified for the AWS KMS client when such client is internally instantiated; or null if no explicit KMS region is specified. This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created. -
setAwsKmsRegion
Sets the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created. -
withAwsKmsRegion
Fluent API for setting the KMS region for the AWS KMS client when such client is internally instantiated instead of externally passed in by users; or null if no explicit KMS region is explicitly configured.This KMS region parameter is ignored when the AWS KMS client of the S3 encryption client is explicitly passed in by the users, instead of being implicitly created.
-