Package ch.admin.bit.jeap.crypto.s3

Class JeapCryptoS3Template

java.lang.Object
ch.admin.bit.jeap.crypto.s3.JeapCryptoS3Template
public class JeapCryptoS3Template extends Object
The JeapCryptoS3Template can be used to put or get objects to/from S3 without concerning about encryption or decryption.

  • Constructor Summary

    Constructors
    Constructor
    Description
    JeapCryptoS3Template(software.amazon.awssdk.services.s3.S3Client s3Client, ch.admin.bit.jeap.crypto.api.CryptoService cryptoService)
    Construct a new JeapCryptoS3Template, given a AmazonS3-Client and a CryptoService.
    JeapCryptoS3Template(software.amazon.awssdk.services.s3.S3Client s3Client, ch.admin.bit.jeap.crypto.api.KeyReferenceCryptoService keyReferenceCryptoService, ch.admin.bit.jeap.crypto.api.KeyReference keyReference)
    Construct a new JeapCryptoS3Template, given a AmazonS3-Client and a KeyReferenceCryptoService.

  • Method Summary

    Modifier and Type
    Method
    Description
    JeapDecryptedS3Object
    getObject(String bucketName, String keyName)
    Retrieves objects from S3 and decrypt the content if userMetaData 'is_encrypted: true' is set.
    JeapDecryptedS3Object
    getObject(String bucketName, String keyName, String versionId)
    Retrieves objects from S3 and decrypt the content if userMetaData 'is_encrypted: true' is set.
    void
    putObject(String bucketName, String objectKey, byte[] plainTextByteArray)
    Uploads a new object to the specified Amazon S3 bucket.
    void
    putObject(String bucketName, String keyName, byte[] plainTextByteArray, Map<String,String> userMetaDataMap)
    Uploads a new object to the specified Amazon S3 bucket.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • JeapCryptoS3Template

      public JeapCryptoS3Template(software.amazon.awssdk.services.s3.S3Client s3Client, ch.admin.bit.jeap.crypto.api.KeyReferenceCryptoService keyReferenceCryptoService, ch.admin.bit.jeap.crypto.api.KeyReference keyReference)
      Construct a new JeapCryptoS3Template, given a AmazonS3-Client and a KeyReferenceCryptoService. Implementations will typically store a reference to the used encryption key together with the ciphertext. As S3 objects are usually not sensitive to a few more bytes being stored, prefer this constructor as it provides the benefit of additional safety concerning decryption in a disaster-recovery scenario where the information about the key used for encryption might be damaged.
      Parameters:
      s3Client - the AmazonS3-Client where the Objects are stored
      keyReferenceCryptoService - handles the encryption and decryption
      keyReference - the key to use for encryption

    • JeapCryptoS3Template

      public JeapCryptoS3Template(software.amazon.awssdk.services.s3.S3Client s3Client, ch.admin.bit.jeap.crypto.api.CryptoService cryptoService)
      Construct a new JeapCryptoS3Template, given a AmazonS3-Client and a CryptoService.
      Parameters:
      s3Client - the AmazonS3-Client where the Objects are stored
      cryptoService - which handles the encryption and decryption

  • Method Details

    • putObject

      public void putObject(String bucketName, String objectKey, byte[] plainTextByteArray)
      Uploads a new object to the specified Amazon S3 bucket. Encrypts the Content and set a userMetaData 'is_encrypted: true'.
      Parameters:
      bucketName - - The name of an existing bucket, to which you have Permission.Write permission
      objectKey - - The key under which to store the specified file.
      plainTextByteArray - - Plaintext as byte[], which will be encrypted

    • putObject

      public void putObject(String bucketName, String keyName, byte[] plainTextByteArray, Map<String,String> userMetaDataMap)
      Uploads a new object to the specified Amazon S3 bucket. Encrypts the Content and add the userMetaDataMap to the userMetaData. additionally the userMetaData 'is_encrypted: true' is set.
      Parameters:
      bucketName - - The name of an existing bucket, to which you have Permission.Write permission
      keyName - - The key under which to store the specified file.
      plainTextByteArray - - Plaintext as byte[], which will be encrypted
      userMetaDataMap - Additional metaData as Mapinvalid input: '<'String, String>. For example 'author'

    • getObject

      public JeapDecryptedS3Object getObject(String bucketName, String keyName)
      Retrieves objects from S3 and decrypt the content if userMetaData 'is_encrypted: true' is set. If userMetaData 'is_encrypted: true' is not set, the content will not be decrypted.
      Parameters:
      bucketName - - The name of the bucket containing the object to retrieve.
      keyName - - The key of the object to retrieve.
      Returns:
      JeapDecryptedS3Object - holds the decrypted content of an object

    • getObject

      public JeapDecryptedS3Object getObject(String bucketName, String keyName, String versionId)
      Retrieves objects from S3 and decrypt the content if userMetaData 'is_encrypted: true' is set. If userMetaData 'is_encrypted: true' is not set, the content will not be decrypted.
      Parameters:
      bucketName - - The name of the bucket containing the object to retrieve.
      keyName - - The key of the object to retrieve.
      versionId - - The versionId of the object to retrieve.
      Returns:
      JeapDecryptedS3Object - holds the decrypted content of an object