chore(Java): Examples for Mutations

aws · Sep 20, 2024 · d720a61 · d720a61
1 parent ac3c491
commit d720a61
Show file tree

Hide file tree

Showing 7 changed files with 232 additions and 63 deletions.
diff --git a/AwsCryptographicMaterialProviders/runtimes/java/build.gradle.kts b/AwsCryptographicMaterialProviders/runtimes/java/build.gradle.kts
@@ -27,8 +27,8 @@ sourceSets {
         runtimeClasspath += sourceSets.main.get().output
     }
     create("testExamples") {
-        compileClasspath += sourceSets.test.get().output + sourceSets["examples"].output
-        runtimeClasspath += sourceSets.test.get().output + sourceSets["examples"].output
+        compileClasspath += sourceSets.test.get().output + sourceSets["examples"].output + sourceSets.main.get().output
+        runtimeClasspath += sourceSets.test.get().output + sourceSets["examples"].output + sourceSets.main.get().output
     }
 }
 val examplesImplementation by configurations.getting{

diff --git a/.../java/src/examples/java/software/amazon/cryptography/example/hierarchy/AdminProvider.java b/.../java/src/examples/java/software/amazon/cryptography/example/hierarchy/AdminProvider.java
@@ -1,7 +1,10 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 package software.amazon.cryptography.example.hierarchy;
 
+import java.util.List;
+import java.util.stream.Collectors;
 import javax.annotation.Nullable;
-
 import software.amazon.awssdk.services.dynamodb.DynamoDbClient;
 import software.amazon.awssdk.services.kms.KmsClient;
 import software.amazon.cryptography.keystore.model.AwsKms;
@@ -10,56 +13,64 @@
 import software.amazon.cryptography.keystoreadmin.KeyStoreAdmin;
 import software.amazon.cryptography.keystoreadmin.model.KeyManagementStrategy;
 import software.amazon.cryptography.keystoreadmin.model.KeyStoreAdminConfig;
+import software.amazon.cryptography.keystoreadmin.model.MutatedBranchKeyItem;
 
 public class AdminProvider {
+
   public static KeyStoreAdmin admin(
     String keyStoreTableName,
     String logicalKeyStoreName,
     @Nullable DynamoDbClient dynamoDbClient
   ) {
-
-    DynamoDBTable table = DynamoDBTable.builder()
+    DynamoDBTable table = DynamoDBTable
+      .builder()
       .ddbClient(dynamoDbClient)
       .ddbTableName(keyStoreTableName)
       .build();
-    Storage storage = Storage.builder()
-      .ddb(table).build();
+    Storage storage = Storage.builder().ddb(table).build();
 
-    KeyStoreAdminConfig config = KeyStoreAdminConfig.builder()
+    KeyStoreAdminConfig config = KeyStoreAdminConfig
+      .builder()
       .logicalKeyStoreName(logicalKeyStoreName)
-      .storage(storage).build();
-
-    return KeyStoreAdmin.builder()
-      .KeyStoreAdminConfig(config)
+      .storage(storage)
       .build();
+
+    return KeyStoreAdmin.builder().KeyStoreAdminConfig(config).build();
   }
 
-  public static KeyManagementStrategy strategy(
-    @Nullable KmsClient kmsClient
-  ){
+  public static KeyManagementStrategy strategy(@Nullable KmsClient kmsClient) {
     kmsClient = kms(kmsClient);
-    return KeyManagementStrategy.builder()
-      .AwsKmsReEncrypt(
-        AwsKms.builder().kmsClient(kmsClient).build()
-      ).build();
+    return KeyManagementStrategy
+      .builder()
+      .AwsKmsReEncrypt(AwsKms.builder().kmsClient(kmsClient).build())
+      .build();
   }
 
+  @SuppressWarnings("resource")
   public static DynamoDbClient dynamoDB(
-    @Nullable DynamoDbClient dynamoDbClient)
-  {
+    @Nullable DynamoDbClient dynamoDbClient
+  ) {
     if (dynamoDbClient == null) {
       dynamoDbClient = DynamoDbClient.create();
     }
     return dynamoDbClient;
   }
 
-  public static KmsClient kms(
-    @Nullable KmsClient kmsClient)
-  {
+  @SuppressWarnings("resource")
+  public static KmsClient kms(@Nullable KmsClient kmsClient) {
     if (kmsClient == null) {
       kmsClient = KmsClient.create();
     }
     return kmsClient;
   }
-
+
+  public static String mutatedItemsToString(
+    List<MutatedBranchKeyItem> mutatedItems
+  ) {
+    return mutatedItems
+      .stream()
+      .map(item -> String.format("%s : %s", item.itemType(), item.description())
+      )
+      .collect(Collectors.joining(",\n "));
+  }
 }
diff --git a/...va/src/examples/java/software/amazon/cryptography/example/hierarchy/CreateKeyExample.java b/...va/src/examples/java/software/amazon/cryptography/example/hierarchy/CreateKeyExample.java
@@ -3,14 +3,13 @@
 package software.amazon.cryptography.example.hierarchy;
 
 import javax.annotation.Nullable;
-
 import software.amazon.awssdk.services.dynamodb.DynamoDbClient;
 import software.amazon.awssdk.services.kms.KmsClient;
 import software.amazon.cryptography.keystore.model.AwsKms;
 import software.amazon.cryptography.keystoreadmin.KeyStoreAdmin;
+import software.amazon.cryptography.keystoreadmin.model.CreateKeyInput;
 import software.amazon.cryptography.keystoreadmin.model.KMSIdentifier;
 import software.amazon.cryptography.keystoreadmin.model.KeyManagementStrategy;
-import software.amazon.cryptography.keystoreadmin.model.CreateKeyInput;
 
 /*
   The Hierarchical Keyring Example and Searchable Encryption Examples
@@ -52,15 +51,18 @@ public static String CreateKey(
 
     final String branchKeyId = admin
       .CreateKey(
-        CreateKeyInput.builder()
-        .kmsArn(
-          KMSIdentifier.builder().kmsKeyArn(kmsKeyArn).build())
-        .strategy(
-          KeyManagementStrategy.builder()
-            .AwsKmsReEncrypt(
-              AwsKms.builder().kmsClient(kmsClient).build()
-            ).build()
-        ).build()).branchKeyIdentifier();
+        CreateKeyInput
+          .builder()
+          .kmsArn(KMSIdentifier.builder().kmsKeyArn(kmsKeyArn).build())
+          .strategy(
+            KeyManagementStrategy
+              .builder()
+              .AwsKmsReEncrypt(AwsKms.builder().kmsClient(kmsClient).build())
+              .build()
+          )
+          .build()
+      )
+      .branchKeyIdentifier();
 
     return branchKeyId;
   }

diff --git a/...ava/src/examples/java/software/amazon/cryptography/example/hierarchy/MutationExample.java b/...ava/src/examples/java/software/amazon/cryptography/example/hierarchy/MutationExample.java
@@ -3,9 +3,7 @@
 package software.amazon.cryptography.example.hierarchy;
 
 import java.util.HashMap;
-
 import javax.annotation.Nullable;
-
 import software.amazon.awssdk.services.dynamodb.DynamoDbClient;
 import software.amazon.awssdk.services.kms.KmsClient;
 import software.amazon.cryptography.keystoreadmin.KeyStoreAdmin;
@@ -20,7 +18,7 @@
 
 public class MutationExample {
 
-  public static void End2End(
+  public static String End2End(
     String keyStoreTableName,
     String logicalKeyStoreName,
     String kmsKeyArnOriginal,
@@ -46,42 +44,58 @@ public static void End2End(
     System.out.println("BranchKey ID to mutate: " + branchKeyId);
     HashMap<String, String> terminalEC = new HashMap<>();
     terminalEC.put("Robbie", "is a dog.");
-    Mutations mutations = Mutations.builder()
+    Mutations mutations = Mutations
+      .builder()
       .terminalEncryptionContext(terminalEC)
       .terminalKmsArn(kmsKeyArnTerminal)
       .build();
 
-    InitializeMutationInput initInput = InitializeMutationInput.builder()
+    InitializeMutationInput initInput = InitializeMutationInput
+      .builder()
       .mutations(mutations)
       .branchKeyIdentifier(branchKeyId)
-      .strategy(strategy).build();
+      .strategy(strategy)
+      .build();
 
     InitializeMutationOutput initOutput = admin.InitializeMutation(initInput);
 
     MutationToken token = initOutput.mutationToken();
-    System.out.println("InitLogs: " + initOutput.mutatedBranchKeyItems());
+    System.out.println(
+      "InitLogs: " +
+      branchKeyId +
+      " items: \n" +
+      AdminProvider.mutatedItemsToString(initOutput.mutatedBranchKeyItems())
+    );
     boolean done = false;
     int limitLoop = 10;
 
     while (!done) {
-      ApplyMutationInput applyInput = ApplyMutationInput.builder()
-        .mutationToken(token).pageSize(98).strategy(strategy).build();
+      ApplyMutationInput applyInput = ApplyMutationInput
+        .builder()
+        .mutationToken(token)
+        .pageSize(98)
+        .strategy(strategy)
+        .build();
       ApplyMutationOutput applyOutput = admin.ApplyMutation(applyInput);
       ApplyMutationResult result = applyOutput.result();
 
-      System.out.println("ApplyLogs: " + applyOutput.mutatedBranchKeyItems());
+      System.out.println(
+        "ApplyLogs: " +
+        branchKeyId +
+        " items: \n" +
+        AdminProvider.mutatedItemsToString(applyOutput.mutatedBranchKeyItems())
+      );
 
-      if (result.continueMutation() != null)
-        token = result.continueMutation();
-      if (result.completeMutation() != null)
-        done = true;
-      if (limitLoop == 0)
-        done = true;
+      if (result.continueMutation() != null) token = result.continueMutation();
+      if (result.completeMutation() != null) done = true;
+      if (limitLoop == 0) done = true;
 
       limitLoop--;
     }
 
     System.out.println("Done with Mutation: " + branchKeyId);
+
+    return branchKeyId;
   }
 
   public static void main(final String[] args) {
@@ -94,6 +108,13 @@ public static void main(final String[] args) {
     final String logicalKeyStoreName = args[1];
     final String kmsKeyArnOriginal = args[2];
     final String kmsKeyArnTerminal = args[3];
-    End2End(keyStoreTableName, logicalKeyStoreName, kmsKeyArnOriginal, kmsKeyArnTerminal, null, null);
+    End2End(
+      keyStoreTableName,
+      logicalKeyStoreName,
+      kmsKeyArnOriginal,
+      kmsKeyArnTerminal,
+      null,
+      null
+    );
   }
 }
diff --git a/...s/runtimes/java/src/testExamples/java/software/amazon/cryptography/example/TestUtils.java b/...s/runtimes/java/src/testExamples/java/software/amazon/cryptography/example/TestUtils.java
@@ -1,26 +1,30 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
 package software.amazon.cryptography.example;
 
 import java.time.Duration;
-
+import java.util.HashMap;
+import java.util.Map;
+import javax.annotation.Nullable;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
 import software.amazon.awssdk.http.SdkHttpClient;
 import software.amazon.awssdk.http.apache.ApacheHttpClient;
 import software.amazon.awssdk.services.dynamodb.DynamoDbClient;
+import software.amazon.awssdk.services.dynamodb.model.AttributeValue;
+import software.amazon.awssdk.services.dynamodb.model.GetItemResponse;
 import software.amazon.awssdk.services.kms.KmsClient;
+import software.amazon.cryptography.example.hierarchy.AdminProvider;
 
 public class TestUtils {
 
   public static final String TEST_KEYSTORE_NAME = "KeyStoreDdbTable";
   public static final String TEST_LOGICAL_KEYSTORE_NAME = "KeyStoreDdbTable";
 
   public static final String POSTAL_HORN_KEY_ARN =
-  "arn:aws:kms:us-west-2:370957321024:key/bc127593-f7da-452c-a1f3-cd34c46f81f8";
+    "arn:aws:kms:us-west-2:370957321024:key/bc127593-f7da-452c-a1f3-cd34c46f81f8";
   public static final String KEYSTORE_KMS_ARN =
     "arn:aws:kms:us-west-2:370957321024:key/9d989aa2-2f9c-438c-a745-cc57d3ad0126";
-  // Our tests require access to DDB Table with this name
-  public static final String TEST_DDB_TABLE_NAME =
-    "DynamoDbEncryptionInterceptorTestTable";
 
   public static final AwsCredentialsProvider defaultCreds =
     DefaultCredentialsProvider.create();
@@ -29,8 +33,49 @@ public class TestUtils {
     .connectionTimeToLive(Duration.ofSeconds(5))
     .build();
   public static final DynamoDbClient dynamoDbClient = DynamoDbClient
-    .builder().httpClient(httpClient).credentialsProvider(defaultCreds).build();
-  public static final KmsClient kmsClient = KmsClient.builder()
-    .httpClient(httpClient).credentialsProvider(defaultCreds).build();
+    .builder()
+    .httpClient(httpClient)
+    .credentialsProvider(defaultCreds)
+    .build();
+  public static final KmsClient kmsClient = KmsClient
+    .builder()
+    .httpClient(httpClient)
+    .credentialsProvider(defaultCreds)
+    .build();
+
+  public static void deleteKeyStoreDdbItem(
+    final String branchKeyId,
+    final String branchKeyType,
+    final String physicalName,
+    @Nullable DynamoDbClient dynamoDbClient
+  ) {
+    Map<String, AttributeValue> ddbKey = new HashMap<>(3);
+    ddbKey.put(
+      "branch-key-id",
+      AttributeValue.builder().s(branchKeyId).build()
+    );
+    ddbKey.put("type", AttributeValue.builder().s(branchKeyType).build());
+    dynamoDbClient = AdminProvider.dynamoDB(dynamoDbClient);
+    dynamoDbClient.deleteItem(builder ->
+      builder.tableName(physicalName).key(ddbKey)
+    );
+  }
 
+  public static GetItemResponse getKeyStoreDdbItem(
+    final String branchKeyId,
+    final String branchKeyType,
+    final String physicalName,
+    @Nullable DynamoDbClient dynamoDbClient
+  ) {
+    Map<String, AttributeValue> ddbKey = new HashMap<>(3);
+    ddbKey.put(
+      "branch-key-id",
+      AttributeValue.builder().s(branchKeyId).build()
+    );
+    ddbKey.put("type", AttributeValue.builder().s(branchKeyType).build());
+    dynamoDbClient = AdminProvider.dynamoDB(dynamoDbClient);
+    return dynamoDbClient.getItem(builder ->
+      builder.tableName(physicalName).key(ddbKey)
+    );
+  }
 }