- 云币
- 1000
- 威望
- 380
- 最后登录
- 2018-7-24
- 积分
- 380
- 注册时间
- 2017-11-16
- 帖子
- 8
 
- 云币
- 1000
- 威望
- 380
|
1.SDK 名称版本:
aws-java-sdk-v1.11.156
2.接口兼容概述
使用 java sdk 进行客户端加密,首先需要对sdk进行兼容设置。cos 后台有条件兼容了 aws sdk,一般 sdk 需要做以下四个方面的修改,而 java 默认就使用了 virtual style,因此只需要修改下面的1和3部分;
1. 使用 aws v2 签名
2. 使用 virtual style 而非 path style
3. 设置 cos 的 endpoint
4. bucket 名字为 bucket-appid
例如生成一个 aws client 对象的代码如下:- String sk = "ciivKvnnrMvSvQpMAWuIz12pThGGlWRW";
- String ak = "AKID15IsskiBQKTZbAo6WhgcBqVls9SmuG00";
- BasicAWSCredentials cred = new BasicAWSCredentials(ak, sk);
- ClientConfiguration config = new ClientConfiguration();
- // 设置aws v2签名
- config.setSignerOverride("S3SignerType");
- AmazonS3 s3client = new AmazonS3Client(cred, config);
- // 设置cos的endpoint,以华东(cn-east)举例
- s3client.setEndpoint("cn-east.myqcloud.com");
复制代码 3.客户端加密使用示例
3.1.获取 aws-java-sdk-v1.11.156
下载并安装 aws-java-sdk-v1.11.156。
代码路径:
https://github.com/aws/aws-sdk-java
3.2.使用示例
使用sdk进行客户端数据加密上传和下载
- package crypto_test;
- import java.io.ByteArrayInputStream;
- import java.util.Arrays;
- import java.util.Iterator;
- import java.util.UUID;
- import javax.crypto.SecretKey;
- import org.apache.commons.io.IOUtils;
- import org.joda.time.DateTime;
- import org.joda.time.format.DateTimeFormat;
- import org.junit.Assert;
- import com.amazonaws.auth.BasicAWSCredentials;
- import com.amazonaws.auth.profile.ProfileCredentialsProvider;
- import com.amazonaws.services.s3.AmazonS3;
- import com.amazonaws.services.s3.AmazonS3EncryptionClient;
- import com.amazonaws.services.s3.model.EncryptionMaterials;
- import com.amazonaws.services.s3.model.ListVersionsRequest;
- import com.amazonaws.services.s3.model.ObjectListing;
- import com.amazonaws.services.s3.model.ObjectMetadata;
- import com.amazonaws.services.s3.model.PutObjectRequest;
- import com.amazonaws.services.s3.model.S3Object;
- import com.amazonaws.services.s3.model.S3ObjectSummary;
- import com.amazonaws.services.s3.model.S3VersionSummary;
- import com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider;
- import com.amazonaws.services.s3.model.VersionListing;
- public class CryptoDemo {
- private static final String masterKeyDir = System.getProperty("java.io.tmpdir");
- private static final String bucketName = "s3bucket-1253666666";
- private static final String objectKey = "encrypted.data";
- public static void main(String[] args) throws Exception {
- SecretKey mySymmetricKey = GenerateSymmetricMasterKey
- .loadSymmetricAESKey(masterKeyDir, "AES");
- EncryptionMaterials encryptionMaterials = new EncryptionMaterials(
- mySymmetricKey);
- String sk = "BasdfSBpasdfgCGasdfIQIasdpsdfkz";
- String ak = "AsdfsdfsdHi3gwsdfsdfAiTsdfsdfBsdfsdf5zsdfsE";
- BasicAWSCredentials credentials = new BasicAWSCredentials(ak, sk);
- AmazonS3EncryptionClient encryptionClient = new AmazonS3EncryptionClient(
- credentials,
- new StaticEncryptionMaterialsProvider(encryptionMaterials));
- encryptionClient.setEndpoint("cn-east.myqcloud.com");
- // Create the bucket
- //encryptionClient.createBucket(bucketName);
- System.out.println("bucket already created: " +bucketName);
-
- // Upload object using the encryption client.
- byte[] plaintext = "Hello World, S3 Client-side Encryption Using Symmetric Master Key!"
- .getBytes();
- System.out.println("plaintext's length: " + plaintext.length);
- encryptionClient.putObject(new PutObjectRequest(bucketName, objectKey,
- new ByteArrayInputStream(plaintext), new ObjectMetadata()));
- // Download the object.
- S3Object downloadedObject = encryptionClient.getObject(bucketName,
- objectKey);
- byte[] decrypted = IOUtils.toByteArray(downloadedObject
- .getObjectContent());
-
- // Verify same data.
- Assert.assertTrue(Arrays.equals(plaintext, decrypted));
- System.out.println("download file matched the plain text!");
- deleteBucketAndAllContents(encryptionClient);
- }
- private static void deleteBucketAndAllContents(AmazonS3 client) {
- System.out.println("Deleting S3 bucket: " + bucketName);
- ObjectListing objectListing = client.listObjects(bucketName);
- while (true) {
- for ( Iterator<?> iterator = objectListing.getObjectSummaries().iterator(); iterator.hasNext(); ) {
- S3ObjectSummary objectSummary = (S3ObjectSummary) iterator.next();
- client.deleteObject(bucketName, objectSummary.getKey());
- }
- if (objectListing.isTruncated()) {
- objectListing = client.listNextBatchOfObjects(objectListing);
- } else {
- break;
- }
- };
- VersionListing list = client.listVersions(new ListVersionsRequest().withBucketName(bucketName));
- for ( Iterator<?> iterator = list.getVersionSummaries().iterator(); iterator.hasNext(); ) {
- S3VersionSummary s = (S3VersionSummary)iterator.next();
- client.deleteVersion(bucketName, s.getKey(), s.getVersionId());
- }
- client.deleteBucket(bucketName);
- }
- }
复制代码- GenerateSymmetricMasterKey.java源码
- package crypto_test;
- import java.io.File;
- import java.io.FileInputStream;
- import java.io.FileOutputStream;
- import java.io.IOException;
- import java.security.InvalidKeyException;
- import java.security.NoSuchAlgorithmException;
- import java.security.spec.InvalidKeySpecException;
- import java.security.spec.X509EncodedKeySpec;
- import java.util.Arrays;
- import javax.crypto.KeyGenerator;
- import javax.crypto.SecretKey;
- import javax.crypto.spec.SecretKeySpec;
- import javax.crypto.Cipher;
- import org.junit.Assert;
- public class GenerateSymmetricMasterKey {
- private static final String keyDir = System.getProperty("java.io.tmpdir");
- private static final String keyName = "secret.key";
-
- public static void main(String[] args) throws Exception {
- System.out.println("AES max key len:" + Cipher.getMaxAllowedKeyLength("AES"));
- //Generate symmetric 256 bit AES key.
- KeyGenerator symKeyGenerator = KeyGenerator.getInstance("AES");
- symKeyGenerator.init(256);
- SecretKey symKey = symKeyGenerator.generateKey();
- //Save key.
- saveSymmetricKey(keyDir, symKey);
-
- //Load key.
- SecretKey symKeyLoaded = loadSymmetricAESKey(keyDir, "AES");
- Assert.assertTrue(Arrays.equals(symKey.getEncoded(), symKeyLoaded.getEncoded()));
- System.out.println("symKey: " + (new String(symKey.getEncoded())));
- System.out.println("symKeyLoaded:" + (new String(symKeyLoaded.getEncoded())));
- }
- public static void saveSymmetricKey(String path, SecretKey secretKey)
- throws IOException {
- X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(
- secretKey.getEncoded());
- FileOutputStream keyfos = new FileOutputStream(path + "/" + keyName);
- keyfos.write(x509EncodedKeySpec.getEncoded());
- keyfos.close();
- }
-
- public static SecretKey loadSymmetricAESKey(String path, String algorithm)
- throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException{
- //Read private key from file.
- File keyFile = new File(path + "/" + keyName);
- FileInputStream keyfis = new FileInputStream(keyFile);
- byte[] encodedPrivateKey = new byte[(int)keyFile.length()];
- keyfis.read(encodedPrivateKey);
- keyfis.close();
- //Generate secret key.
- return new SecretKeySpec(encodedPrivateKey, "AES");
- }
- }
复制代码 |
|