Creating KMS code samples for the Java AWS SDK v1

keonjeo · Apr 10, 2019 · 619395a · 619395a
1 parent 65b8aed
commit 619395a
Show file tree

Hide file tree

Showing 10 changed files with 299 additions and 1 deletion.
diff --git a/java/example_code/kms/src/main/java/aws/example/kms/CreateCustomerMasterKey.java b/java/example_code/kms/src/main/java/aws/example/kms/CreateCustomerMasterKey.java
@@ -0,0 +1,31 @@
+//snippet-sourcedescription:[CreateCustomerMasterKey.java demonstrates how to create a customer master key (CMK).]
+//snippet-keyword:[Java]
+//snippet-keyword:[Code Sample]
+//snippet-keyword:[Amazon KMS]
+//snippet-service:[kms]
+//snippet-sourcetype:[full-example]
+//snippet-sourcedate:[2019-04-08]
+//snippet-sourceauthor:[AWS]
+
+package aws.example.kms;
+
+import com.amazonaws.services.kms.AWSKMS;
+import com.amazonaws.services.kms.AWSKMSClientBuilder;
+import com.amazonaws.services.kms.model.CreateKeyRequest;
+import com.amazonaws.services.kms.model.CreateKeyResult;
+
+public class CreateCustomerMasterKey {
+    public static void main(String[] args) {
+        AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
+
+        // Create a CMK
+//
+        String desc = "Key for protecting critical data";
+
+        CreateKeyRequest req = new CreateKeyRequest().withDescription(desc);
+        CreateKeyResult result = kmsClient.createKey(req);
+
+    }
+
+}
+
diff --git a/java/example_code/kms/src/main/java/aws/example/kms/DisableCustomerMasterKey.java b/java/example_code/kms/src/main/java/aws/example/kms/DisableCustomerMasterKey.java
@@ -0,0 +1,29 @@
+//snippet-sourcedescription:[DisableCustomerMasterKey.java demonstrates how to disable a different customer master key (CMK).]
+//snippet-keyword:[Java]
+//snippet-keyword:[Code Sample]
+//snippet-keyword:[Amazon KMS]
+//snippet-service:[kms]
+//snippet-sourcetype:[full-example]
+//snippet-sourcedate:[2019-04-08]
+//snippet-sourceauthor:[AWS]
+
+package aws.example.kms;
+
+import com.amazonaws.services.kms.AWSKMS;
+import com.amazonaws.services.kms.AWSKMSClientBuilder;
+import com.amazonaws.services.kms.model.DisableKeyRequest;
+
+public class DisableCustomerMasterKey {
+    public static void main(String[] args) {
+        AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
+        // Disable a CMK
+        //
+        // Replace the following fictitious CMK ARN with a valid CMK ID or ARN
+        String keyId = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab";
+
+        DisableKeyRequest req = new DisableKeyRequest().withKeyId(keyId);
+        kmsClient.disableKey(req);
+
+    }
+}
+
diff --git a/java/example_code/kms/src/main/java/aws/example/kms/EnableCustomerMasterKeys.java b/java/example_code/kms/src/main/java/aws/example/kms/EnableCustomerMasterKeys.java
@@ -0,0 +1,29 @@
+//snippet-sourcedescription:[EnableCustomerMasterKeys.java demonstrates how to enable a disabled customer master key (CMK).]
+//snippet-keyword:[Java]
+//snippet-keyword:[Code Sample]
+//snippet-keyword:[Amazon KMS]
+//snippet-service:[kms]
+//snippet-sourcetype:[full-example]
+//snippet-sourcedate:[2019-04-08]
+//snippet-sourceauthor:[AWS]
+
+package aws.example.kms;
+
+import com.amazonaws.services.kms.AWSKMS;
+import com.amazonaws.services.kms.AWSKMSClientBuilder;
+import com.amazonaws.services.kms.model.EnableKeyRequest;
+
+public class EnableCustomerMasterKeys {
+    public static void main(String[] args) {
+        AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
+        // Enable a CMK
+        //
+        // Replace the following fictitious CMK ARN with a valid CMK ID or ARN
+        String keyId = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab";
+
+        EnableKeyRequest req = new EnableKeyRequest().withKeyId(keyId);
+        kmsClient.enableKey(req);
+
+    }
+}
+
diff --git a/java/example_code/kms/src/main/java/aws/example/kms/EncryptDataKey.java b/java/example_code/kms/src/main/java/aws/example/kms/EncryptDataKey.java
@@ -24,7 +24,7 @@ public static void main(String[] args) {
         //
         // Replace the following fictitious CMK ARN with a valid CMK ID or ARN
         String keyId = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab";
-        ByteBuffer plaintext = ByteBuffer.wrap(new byte[]{1,2,3,4,5,6,7,8,9,0});
+        ByteBuffer plaintext = ByteBuffer.wrap(new byte[]{1, 2, 3, 4, 5, 6, 7, 8, 9, 0});
 
         EncryptRequest req = new EncryptRequest().withKeyId(keyId).withPlaintext(plaintext);
         ByteBuffer ciphertext = kmsClient.encrypt(req).getCiphertextBlob();

diff --git a/java/example_code/kms/src/main/java/aws/example/kms/GenerateDataKey.java b/java/example_code/kms/src/main/java/aws/example/kms/GenerateDataKey.java
@@ -0,0 +1,41 @@
+//snippet-sourcedescription:[GenerateDataKey.java demonstrates how to generate a data key for KMS. This operation returns plaintext and encrypted copies of the data key that it creates.]
+//snippet-keyword:[Java]
+//snippet-keyword:[Code Sample]
+//snippet-keyword:[Amazon KMS]
+//snippet-service:[kms]
+//snippet-sourcetype:[full-example]
+//snippet-sourcedate:[2019-04-08]
+//snippet-sourceauthor:[AWS]
+
+package aws.example.kms;
+
+import com.amazonaws.services.kms.AWSKMS;
+import com.amazonaws.services.kms.AWSKMSClientBuilder;
+import com.amazonaws.services.kms.model.GenerateDataKeyRequest;
+import com.amazonaws.services.kms.model.GenerateDataKeyResult;
+
+import java.nio.ByteBuffer;
+
+public class GenerateDataKey {
+    public static void main(String[] args) {
+        AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
+
+        // Generate a data key
+        //
+        // Replace the following fictitious CMK ARN with a valid CMK ID or ARN
+        String keyId = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab";
+
+        GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest();
+        dataKeyRequest.setKeyId(keyId);
+        dataKeyRequest.setKeySpec("AES_256");
+
+        GenerateDataKeyResult dataKeyResult = kmsClient.generateDataKey(dataKeyRequest);
+
+        ByteBuffer plaintextKey = dataKeyResult.getPlaintext();
+
+        ByteBuffer encryptedKey = dataKeyResult.getCiphertextBlob();
+
+    }
+
+}
+
diff --git a/java/example_code/kms/src/main/java/aws/example/kms/GetKeyPolicy.java b/java/example_code/kms/src/main/java/aws/example/kms/GetKeyPolicy.java
@@ -0,0 +1,31 @@
+//snippet-sourcedescription:[GetKeyPolicy.java demonstrates how to get the key policy for a customer master key (CMK).]
+//snippet-keyword:[Java]
+//snippet-keyword:[Code Sample]
+//snippet-keyword:[Amazon KMS]
+//snippet-service:[kms]
+//snippet-sourcetype:[full-example]
+//snippet-sourcedate:[2019-04-08]
+//snippet-sourceauthor:[AWS]
+
+package aws.example.kms;
+
+import com.amazonaws.services.kms.AWSKMS;
+import com.amazonaws.services.kms.AWSKMSClientBuilder;
+import com.amazonaws.services.kms.model.GetKeyPolicyRequest;
+import com.amazonaws.services.kms.model.GetKeyPolicyResult;
+
+public class GetKeyPolicy {
+    public static void main(String[] args) {
+        AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
+        // Get the policy for a CMK
+        //
+        // Replace the following fictitious CMK ARN with a valid CMK ID or ARN
+        String keyId = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab";
+        String policyName = "default";
+
+        GetKeyPolicyRequest req = new GetKeyPolicyRequest().withKeyId(keyId).withPolicyName(policyName);
+        GetKeyPolicyResult result = kmsClient.getKeyPolicy(req);
+
+    }
+}
+
diff --git a/java/example_code/kms/src/main/java/aws/example/kms/ListCustomerMasterKeys.java b/java/example_code/kms/src/main/java/aws/example/kms/ListCustomerMasterKeys.java
@@ -0,0 +1,30 @@
+//snippet-sourcedescription:[ListCustomerMasterKeys.java demonstrates how to get the IDs and ARNs of the customer master keys (CMK).]
+//snippet-keyword:[Java]
+//snippet-keyword:[Code Sample]
+//snippet-keyword:[Amazon KMS]
+//snippet-service:[kms]
+//snippet-sourcetype:[full-example]
+//snippet-sourcedate:[2019-04-08]
+//snippet-sourceauthor:[AWS]
+
+package aws.example.kms;
+
+import com.amazonaws.services.kms.AWSKMS;
+import com.amazonaws.services.kms.AWSKMSClientBuilder;
+import com.amazonaws.services.kms.model.ListKeysRequest;
+import com.amazonaws.services.kms.model.ListKeysResult;
+
+public class ListCustomerMasterKeys {
+    public static void main(String[] args) {
+        AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
+
+        // List CMKs in this account
+
+        Integer limit = 10;
+
+        ListKeysRequest req = new ListKeysRequest().withLimit(limit);
+        ListKeysResult result = kmsClient.listKeys(req);
+
+    }
+}
+
diff --git a/java/example_code/kms/src/main/java/aws/example/kms/ListKeyPolicies.java b/java/example_code/kms/src/main/java/aws/example/kms/ListKeyPolicies.java
@@ -0,0 +1,30 @@
+//snippet-sourcedescription:[ListKeyPolicies.java demonstrates how to dget the names of key policies for a customer master key.]
+//snippet-keyword:[Java]
+//snippet-keyword:[Code Sample]
+//snippet-keyword:[Amazon KMS]
+//snippet-service:[kms]
+//snippet-sourcetype:[full-example]
+//snippet-sourcedate:[2019-04-08]
+//snippet-sourceauthor:[AWS]
+
+package aws.example.kms;
+
+import com.amazonaws.services.kms.AWSKMS;
+import com.amazonaws.services.kms.AWSKMSClientBuilder;
+import com.amazonaws.services.kms.model.ListKeyPoliciesRequest;
+import com.amazonaws.services.kms.model.ListKeyPoliciesResult;
+
+public class ListKeyPolicies {
+    public static void main(String[] args) {
+        AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
+
+        // List key policies
+//
+// Replace the following fictitious CMK ARN with a valid CMK ID or ARN
+        String keyId = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab";
+
+        ListKeyPoliciesRequest req = new ListKeyPoliciesRequest().withKeyId(keyId);
+        ListKeyPoliciesResult result = kmsClient.listKeyPolicies(req);
+
+    }
+}
diff --git a/java/example_code/kms/src/main/java/aws/example/kms/SetKeyPolicy.java b/java/example_code/kms/src/main/java/aws/example/kms/SetKeyPolicy.java
@@ -0,0 +1,47 @@
+//snippet-sourcedescription:[SetKeyPolicy.java demonstrates how to establish or change a key policy for a CMK.]
+//snippet-keyword:[Java]
+//snippet-keyword:[Code Sample]
+//snippet-keyword:[Amazon KMS]
+//snippet-service:[kms]
+//snippet-sourcetype:[full-example]
+//snippet-sourcedate:[2019-04-08]
+//snippet-sourceauthor:[AWS]
+
+package aws.example.kms;
+
+import com.amazonaws.services.kms.AWSKMS;
+import com.amazonaws.services.kms.AWSKMSClientBuilder;
+import com.amazonaws.services.kms.model.PutKeyPolicyRequest;
+
+public class SetKeyPolicy {
+    public static void main(String[] args) {
+        AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
+        // Set a key policy for a CMK
+        //
+        // Replace the following fictitious CMK ARN with a valid CMK ID or ARN
+        String keyId = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab";
+        String policyName = "default";
+        String policy = "{" +
+                "  \"Version\": \"2012-10-17\"," +
+                "  \"Statement\": [{" +
+                "    \"Sid\": \"Allow access for ExampleUser\"," +
+                "    \"Effect\": \"Allow\"," +
+                // Replace the following user ARN with one for a real user.
+                "    \"Principal\": {\"AWS\": \"arn:aws:iam::111122223333:user/ExampleUser\"}," +
+                "    \"Action\": [" +
+                "      \"kms:Encrypt\"," +
+                "      \"kms:GenerateDataKey*\"," +
+                "      \"kms:Decrypt\"," +
+                "      \"kms:DescribeKey\"," +
+                "      \"kms:ReEncrypt*\"" +
+                "    ]," +
+                "    \"Resource\": \"*\"" +
+                "  }]" +
+                "}";
+
+        PutKeyPolicyRequest req = new PutKeyPolicyRequest().withKeyId(keyId).withPolicy(policy).withPolicyName(policyName);
+        kmsClient.putKeyPolicy(req);
+
+    }
+}
+
diff --git a/java/example_code/kms/src/main/java/aws/example/kms/ViewCustomerMasterKey.java b/java/example_code/kms/src/main/java/aws/example/kms/ViewCustomerMasterKey.java
@@ -0,0 +1,30 @@
+//snippet-sourcedescription:[ViewCustomerMasterKey.java demonstrates get detailed information about a customer master key (CMK).]
+//snippet-keyword:[Java]
+//snippet-keyword:[Code Sample]
+//snippet-keyword:[Amazon KMS]
+//snippet-service:[kms]
+//snippet-sourcetype:[full-example]
+//snippet-sourcedate:[2019-04-08]
+//snippet-sourceauthor:[AWS]
+
+package aws.example.kms;
+
+import com.amazonaws.services.kms.AWSKMS;
+import com.amazonaws.services.kms.AWSKMSClientBuilder;
+import com.amazonaws.services.kms.model.DescribeKeyRequest;
+import com.amazonaws.services.kms.model.DescribeKeyResult;
+
+public class ViewCustomerMasterKey {
+    public static void main(String[] args) {
+        AWSKMS kmsClient = AWSKMSClientBuilder.standard().build();
+        // Describe a CMK
+        //
+        // Replace the following fictitious CMK ARN with a valid CMK ID or ARN
+        String keyId = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab";
+
+        DescribeKeyRequest req = new DescribeKeyRequest().withKeyId(keyId);
+        DescribeKeyResult result = kmsClient.describeKey(req);
+
+    }
+}
+