Path: blob/master/code_examples/java_examples/S3Examples/UploadObjectKMSKey.java
4084 views
// Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.1// SPDX-License-Identifier: MIT-0 (For details, see https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/LICENSE-SAMPLECODE.)23import java.io.ByteArrayOutputStream;4import java.io.IOException;56import com.amazonaws.AmazonServiceException;7import com.amazonaws.SdkClientException;8import com.amazonaws.auth.profile.ProfileCredentialsProvider;9import com.amazonaws.regions.RegionUtils;10import com.amazonaws.services.kms.AWSKMS;11import com.amazonaws.services.kms.AWSKMSClientBuilder;12import com.amazonaws.services.kms.model.CreateKeyResult;13import com.amazonaws.services.s3.AmazonS3Encryption;14import com.amazonaws.services.s3.AmazonS3EncryptionClientBuilder;15import com.amazonaws.services.s3.model.CryptoConfiguration;16import com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider;17import com.amazonaws.services.s3.model.S3Object;18import com.amazonaws.services.s3.model.S3ObjectInputStream;1920public class UploadObjectKMSKey {2122public static void main(String[] args) throws IOException {23String bucketName = "*** Bucket name ***";24String keyName = "*** Object key name ***";25String clientRegion = "*** Client region ***";26String kms_cmk_id = "***AWS KMS customer master key ID***";27int readChunkSize = 4096;2829try {30// Optional: If you don't have a KMS key (or need another one),31// create one. This example creates a key with AWS-created32// key material.33AWSKMS kmsClient = AWSKMSClientBuilder.standard()34.withCredentials(new ProfileCredentialsProvider())35.withRegion(clientRegion)36.build();37CreateKeyResult keyResult = kmsClient.createKey();38kms_cmk_id = keyResult.getKeyMetadata().getKeyId();3940// Create the encryption client.41KMSEncryptionMaterialsProvider materialProvider = new KMSEncryptionMaterialsProvider(kms_cmk_id);42CryptoConfiguration cryptoConfig = new CryptoConfiguration()43.withAwsKmsRegion(RegionUtils.getRegion(clientRegion));44AmazonS3Encryption encryptionClient = AmazonS3EncryptionClientBuilder.standard()45.withCredentials(new ProfileCredentialsProvider())46.withEncryptionMaterials(materialProvider)47.withCryptoConfiguration(cryptoConfig)48.withRegion(clientRegion).build();4950// Upload an object using the encryption client.51String origContent = "S3 Encrypted Object Using KMS-Managed Customer Master Key.";52int origContentLength = origContent.length();53encryptionClient.putObject(bucketName, keyName, origContent);5455// Download the object. The downloaded object is still encrypted.56S3Object downloadedObject = encryptionClient.getObject(bucketName, keyName);57S3ObjectInputStream input = downloadedObject.getObjectContent();5859// Decrypt and read the object and close the input stream.60byte[] readBuffer = new byte[readChunkSize];61ByteArrayOutputStream baos = new ByteArrayOutputStream(readChunkSize);62int bytesRead = 0;63int decryptedContentLength = 0;6465while ((bytesRead = input.read(readBuffer)) != -1) {66baos.write(readBuffer, 0, bytesRead);67decryptedContentLength += bytesRead;68}69input.close();7071// Verify that the original and decrypted contents are the same size.72System.out.println("Original content length: " + origContentLength);73System.out.println("Decrypted content length: " + decryptedContentLength);74}75catch(AmazonServiceException e) {76// The call was transmitted successfully, but Amazon S3 couldn't process77// it, so it returned an error response.78e.printStackTrace();79}80catch(SdkClientException e) {81// Amazon S3 couldn't be contacted for a response, or the client82// couldn't parse the response from Amazon S3.83e.printStackTrace();84}85}86}8788