com.qcloud.cos.internal.crypto.COSCryptoModuleAEStrict Maven / Gradle / Ivy
/*
* Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
* According to cos feature, we modify some class,comment, field name, etc.
*/
package com.qcloud.cos.internal.crypto;
import static com.qcloud.cos.internal.crypto.CryptoMode.StrictAuthenticatedEncryption;
import com.qcloud.cos.auth.COSCredentialsProvider;
import com.qcloud.cos.internal.COSDirect;
/**
* Strict Authenticated encryption (AE) cryptographic module for the COS encryption client.
*/
public class COSCryptoModuleAEStrict extends COSCryptoModuleAE {
/**
* @param cryptoConfig a read-only copy of the crypto configuration.
*/
COSCryptoModuleAEStrict(QCLOUDKMS kms, COSDirect cos,
COSCredentialsProvider credentialsProvider,
EncryptionMaterialsProvider encryptionMaterialsProvider,
CryptoConfiguration cryptoConfig) {
super(kms, cos, credentialsProvider, encryptionMaterialsProvider, cryptoConfig);
if (cryptoConfig.getCryptoMode() != StrictAuthenticatedEncryption)
throw new IllegalArgumentException();
}
protected final boolean isStrict() {
return true;
}
protected void securityCheck(ContentCryptoMaterial cekMaterial, COSObjectWrapper retrieved) {
if (!ContentCryptoScheme.AES_GCM.equals(cekMaterial.getContentCryptoScheme())) {
throw new SecurityException("COS object [bucket: " + retrieved.getBucketName()
+ ", key: " + retrieved.getKey()
+ "] not encrypted using authenticated encryption");
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy