Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awsdocs
GitHub Repository: awsdocs/amazon-s3-developer-guide
 Path: blob/master/code_examples/java_examples/S3Examples/ServerSideEncryptionUsingClientSideEncryptionKey.java
4084 views
1
// Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.

2
// SPDX-License-Identifier: MIT-0 (For details, see https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/LICENSE-SAMPLECODE.)

3


4
import java.io.BufferedReader;

5
import java.io.File;

6
import java.io.IOException;

7
import java.io.InputStreamReader;

8
import java.security.NoSuchAlgorithmException;

9
import java.security.SecureRandom;

10


11
import javax.crypto.KeyGenerator;

12


13
import com.amazonaws.AmazonServiceException;

14
import com.amazonaws.SdkClientException;

15
import com.amazonaws.auth.profile.ProfileCredentialsProvider;

16
import com.amazonaws.services.s3.AmazonS3;

17
import com.amazonaws.services.s3.AmazonS3ClientBuilder;

18
import com.amazonaws.services.s3.model.CopyObjectRequest;

19
import com.amazonaws.services.s3.model.GetObjectMetadataRequest;

20
import com.amazonaws.services.s3.model.GetObjectRequest;

21
import com.amazonaws.services.s3.model.ObjectMetadata;

22
import com.amazonaws.services.s3.model.PutObjectRequest;

23
import com.amazonaws.services.s3.model.S3Object;

24
import com.amazonaws.services.s3.model.S3ObjectInputStream;

25
import com.amazonaws.services.s3.model.SSECustomerKey;

26


27
public class ServerSideEncryptionUsingClientSideEncryptionKey {

28
    private static SSECustomerKey SSE_KEY;

29
    private static AmazonS3 S3_CLIENT;

30
    private static KeyGenerator KEY_GENERATOR;

31


32
    public static void main(String[] args) throws IOException, NoSuchAlgorithmException {

33
        String clientRegion = "*** Client region ***";

34
        String bucketName = "*** Bucket name ***";

35
        String keyName = "*** Key name ***";

36
        String uploadFileName = "*** File path ***";

37
        String targetKeyName = "*** Target key name ***";

38
        

39
        // Create an encryption key.

40
        KEY_GENERATOR = KeyGenerator.getInstance("AES");

41
        KEY_GENERATOR.init(256, new SecureRandom());

42
        SSE_KEY = new SSECustomerKey(KEY_GENERATOR.generateKey());

43


44
        try {

45
            S3_CLIENT = AmazonS3ClientBuilder.standard()

46
                    .withCredentials(new ProfileCredentialsProvider())

47
                    .withRegion(clientRegion)

48
                    .build();

49


50
            // Upload an object.

51
            uploadObject(bucketName, keyName, new File(uploadFileName));

52
    

53
            // Download the object.

54
            downloadObject(bucketName, keyName);

55
    

56
            // Verify that the object is properly encrypted by attempting to retrieve it

57
            // using the encryption key.

58
            retrieveObjectMetadata(bucketName, keyName);

59
    

60
            // Copy the object into a new object that also uses SSE-C.

61
            copyObject(bucketName, keyName, targetKeyName);

62
        }

63
        catch(AmazonServiceException e) {

64
            // The call was transmitted successfully, but Amazon S3 couldn't process 

65
            // it, so it returned an error response.

66
            e.printStackTrace();

67
        }

68
        catch(SdkClientException e) {

69
            // Amazon S3 couldn't be contacted for a response, or the client

70
            // couldn't parse the response from Amazon S3.

71
            e.printStackTrace();

72
        }

73
    }

74


75
    private static void uploadObject(String bucketName, String keyName, File file) {

76
        PutObjectRequest putRequest = new PutObjectRequest(bucketName, keyName, file).withSSECustomerKey(SSE_KEY);

77
        S3_CLIENT.putObject(putRequest);

78
        System.out.println("Object uploaded");

79
    }

80


81
    private static void downloadObject(String bucketName, String keyName) throws IOException {

82
        GetObjectRequest getObjectRequest = new GetObjectRequest(bucketName, keyName).withSSECustomerKey(SSE_KEY);

83
        S3Object object = S3_CLIENT.getObject(getObjectRequest);

84


85
        System.out.println("Object content: ");

86
        displayTextInputStream(object.getObjectContent());

87
    }

88


89
    private static void retrieveObjectMetadata(String bucketName, String keyName) {

90
        GetObjectMetadataRequest getMetadataRequest = new GetObjectMetadataRequest(bucketName, keyName)

91
                                                                .withSSECustomerKey(SSE_KEY);

92
        ObjectMetadata objectMetadata = S3_CLIENT.getObjectMetadata(getMetadataRequest);

93
        System.out.println("Metadata retrieved. Object size: " + objectMetadata.getContentLength());

94
    }

95
    

96
    private static void copyObject(String bucketName, String keyName, String targetKeyName)

97
            throws NoSuchAlgorithmException {

98
        // Create a new encryption key for target so that the target is saved using SSE-C.

99
        SSECustomerKey newSSEKey = new SSECustomerKey(KEY_GENERATOR.generateKey());

100


101
        CopyObjectRequest copyRequest = new CopyObjectRequest(bucketName, keyName, bucketName, targetKeyName)

102
                .withSourceSSECustomerKey(SSE_KEY)

103
				.withDestinationSSECustomerKey(newSSEKey);

104


105
        S3_CLIENT.copyObject(copyRequest);

106
        System.out.println("Object copied");

107
    }

108


109
    private static void displayTextInputStream(S3ObjectInputStream input) throws IOException {

110
        // Read one line at a time from the input stream and display each line.

111
        BufferedReader reader = new BufferedReader(new InputStreamReader(input));

112
        String line;

113
        while ((line = reader.readLine()) != null) {

114
            System.out.println(line);

115
        }

116
        System.out.println();

117
    }

118
}

119


120