Package ch.admin.bit.jeap.crypto.s3

Class JeapCryptoS3Template

java.lang.Object
ch.admin.bit.jeap.crypto.s3.JeapCryptoS3Template
public class JeapCryptoS3Template extends Object
The JeapCryptoS3Template can be used to put or get objects to/from S3 without concerning about encryption or decryption.

  • Constructor Details

    • JeapCryptoS3Template

      public JeapCryptoS3Template(software.amazon.awssdk.services.s3.S3Client s3Client, KeyReferenceCryptoService keyReferenceCryptoService, KeyReference keyReference)
      Construct a new JeapCryptoS3Template, given a AmazonS3-Client and a KeyReferenceCryptoService. Implementations will typically store a reference to the used encryption key together with the ciphertext. As S3 objects are usually not sensitive to a few more bytes being stored, prefer this constructor as it provides the benefit of additional safety concerning decryption in a disaster-recovery scenario where the information about the key used for encryption might be damaged.
      Parameters:
      s3Client - the AmazonS3-Client where the Objects are stored
      keyReferenceCryptoService - handles the encryption and decryption
      keyReference - the key to use for encryption

    • JeapCryptoS3Template

      public JeapCryptoS3Template(software.amazon.awssdk.services.s3.S3Client s3Client, CryptoService cryptoService)
      Construct a new JeapCryptoS3Template, given a AmazonS3-Client and a CryptoService.
      Parameters:
      s3Client - the AmazonS3-Client where the Objects are stored
      cryptoService - which handles the encryption and decryption

  • Method Details

    • putObject

      public void putObject(String bucketName, String objectKey, byte[] plainTextByteArray)
      Uploads a new object to the specified Amazon S3 bucket. Encrypts the Content and set a userMetaData 'is_encrypted: true'.
      Parameters:
      bucketName - - The name of an existing bucket, to which you have Permission.Write permission
      objectKey - - The key under which to store the specified file.
      plainTextByteArray - - Plaintext as byte[], which will be encrypted

    • putObject

      public void putObject(String bucketName, String keyName, byte[] plainTextByteArray, Map<String,String> userMetaDataMap)
      Uploads a new object to the specified Amazon S3 bucket. Encrypts the Content and add the userMetaDataMap to the userMetaData. additionally the userMetaData 'is_encrypted: true' is set.
      Parameters:
      bucketName - - The name of an existing bucket, to which you have Permission.Write permission
      keyName - - The key under which to store the specified file.
      plainTextByteArray - - Plaintext as byte[], which will be encrypted
      userMetaDataMap - Additional metaData as Mapinvalid input: '<'String, String>. For example 'author'

    • getObject

      public JeapDecryptedS3Object getObject(String bucketName, String keyName)
      Retrieves objects from S3 and decrypt the content if userMetaData 'is_encrypted: true' is set. If userMetaData 'is_encrypted: true' is not set, the content will not be decrypted.
      Parameters:
      bucketName - - The name of the bucket containing the object to retrieve.
      keyName - - The key of the object to retrieve.
      Returns:
      JeapDecryptedS3Object - holds the decrypted content of an object

    • getObject

      public JeapDecryptedS3Object getObject(String bucketName, String keyName, String versionId)
      Retrieves objects from S3 and decrypt the content if userMetaData 'is_encrypted: true' is set. If userMetaData 'is_encrypted: true' is not set, the content will not be decrypted.
      Parameters:
      bucketName - - The name of the bucket containing the object to retrieve.
      keyName - - The key of the object to retrieve.
      versionId - - The versionId of the object to retrieve.
      Returns:
      JeapDecryptedS3Object - holds the decrypted content of an object