欢迎您来到腾讯云!积分商城
开启辅助访问

 找回密码
 立即注册
忘了密码?

扫一扫,访问微社区

快捷导航
搜索
腾讯云官方论坛»论坛 产品专区 对象存储服务COS COS兼容aws java sdk客户端加密操作指导
返回列表 发新帖
查看: 588|回复: 0

[经验分享] COS兼容aws java sdk客户端加密操作指导

[复制链接]
COS

8

主题

0

好友

380

积分

程序猿[LV2]

Rank: 2Rank: 2

云币
1000
威望
380
发表于 2017-11-30 19:47:26 |显示全部楼层 |未分类
1.SDK 名称版本:
aws-java-sdk-v1.11.156
2.接口兼容概述
使用 java sdk 进行客户端加密,首先需要对sdk进行兼容设置。cos 后台有条件兼容了 aws sdk,一般 sdk 需要做以下四个方面的修改,而 java 默认就使用了 virtual style,因此只需要修改下面的1和3部分;
1. 使用 aws v2 签名
2. 使用 virtual style 而非 path style
3. 设置 cos 的 endpoint
4. bucket 名字为 bucket-appid

例如生成一个 aws client 对象的代码如下:
  1.     String sk = "ciivKvnnrMvSvQpMAWuIz12pThGGlWRW";
  2.     String ak = "AKID15IsskiBQKTZbAo6WhgcBqVls9SmuG00";
  3.     BasicAWSCredentials cred = new BasicAWSCredentials(ak, sk);
  4.     ClientConfiguration config = new ClientConfiguration();
  5.     // 设置aws v2签名
  6.     config.setSignerOverride("S3SignerType");
  7.     AmazonS3 s3client = new AmazonS3Client(cred, config);
  8.     // 设置cos的endpoint,以华东(cn-east)举例
  9.     s3client.setEndpoint("cn-east.myqcloud.com");
复制代码
3.客户端加密使用示例
3.1.获取 aws-java-sdk-v1.11.156
下载并安装 aws-java-sdk-v1.11.156。
代码路径:
https://github.com/aws/aws-sdk-java

3.2.使用示例
使用sdk进行客户端数据加密上传和下载
  • CryptoDemo.java源码
  1. package crypto_test;
  2. import java.io.ByteArrayInputStream;
  3. import java.util.Arrays;
  4. import java.util.Iterator;
  5. import java.util.UUID;
  6. import javax.crypto.SecretKey;
  7. import org.apache.commons.io.IOUtils;
  8. import org.joda.time.DateTime;
  9. import org.joda.time.format.DateTimeFormat;
  10. import org.junit.Assert;
  11. import com.amazonaws.auth.BasicAWSCredentials;
  12. import com.amazonaws.auth.profile.ProfileCredentialsProvider;
  13. import com.amazonaws.services.s3.AmazonS3;
  14. import com.amazonaws.services.s3.AmazonS3EncryptionClient;
  15. import com.amazonaws.services.s3.model.EncryptionMaterials;
  16. import com.amazonaws.services.s3.model.ListVersionsRequest;
  17. import com.amazonaws.services.s3.model.ObjectListing;
  18. import com.amazonaws.services.s3.model.ObjectMetadata;
  19. import com.amazonaws.services.s3.model.PutObjectRequest;
  20. import com.amazonaws.services.s3.model.S3Object;
  21. import com.amazonaws.services.s3.model.S3ObjectSummary;
  22. import com.amazonaws.services.s3.model.S3VersionSummary;
  23. import com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider;
  24. import com.amazonaws.services.s3.model.VersionListing;

  26. public class CryptoDemo {
  27.     private static final String masterKeyDir = System.getProperty("java.io.tmpdir");
  28.     private static final String bucketName = "s3bucket-1253666666";
  29.     private static final String objectKey = "encrypted.data";

  31.     public static void main(String[] args) throws Exception {
  32.         SecretKey mySymmetricKey = GenerateSymmetricMasterKey
  33.                 .loadSymmetricAESKey(masterKeyDir, "AES");

  35.         EncryptionMaterials encryptionMaterials = new EncryptionMaterials(
  36.                 mySymmetricKey);
  37.         String sk = "BasdfSBpasdfgCGasdfIQIasdpsdfkz";
  38.         String ak = "AsdfsdfsdHi3gwsdfsdfAiTsdfsdfBsdfsdf5zsdfsE";
  39.         BasicAWSCredentials credentials = new BasicAWSCredentials(ak, sk);
  40.         AmazonS3EncryptionClient encryptionClient = new AmazonS3EncryptionClient(
  41.                         credentials,
  42.                 new StaticEncryptionMaterialsProvider(encryptionMaterials));
  43.         encryptionClient.setEndpoint("cn-east.myqcloud.com");
  44.         // Create the bucket
  45.         //encryptionClient.createBucket(bucketName);
  46.         System.out.println("bucket already created: " +bucketName);
  47.         
  48.         // Upload object using the encryption client.
  49.         byte[] plaintext = "Hello World, S3 Client-side Encryption Using Symmetric Master Key!"
  50.                 .getBytes();
  51.         System.out.println("plaintext's length: " + plaintext.length);
  52.         encryptionClient.putObject(new PutObjectRequest(bucketName, objectKey,
  53.                 new ByteArrayInputStream(plaintext), new ObjectMetadata()));

  55.         // Download the object.
  56.         S3Object downloadedObject = encryptionClient.getObject(bucketName,
  57.                 objectKey);
  58.         byte[] decrypted = IOUtils.toByteArray(downloadedObject
  59.                 .getObjectContent());
  60.         
  61.         // Verify same data.
  62.         Assert.assertTrue(Arrays.equals(plaintext, decrypted));
  63.         System.out.println("download file matched the plain text!");
  64.         deleteBucketAndAllContents(encryptionClient);
  65.     }

  67.     private static void deleteBucketAndAllContents(AmazonS3 client) {
  68.         System.out.println("Deleting S3 bucket: " + bucketName);
  69.         ObjectListing objectListing = client.listObjects(bucketName);

  71.         while (true) {
  72.             for ( Iterator<?> iterator = objectListing.getObjectSummaries().iterator(); iterator.hasNext(); ) {
  73.                 S3ObjectSummary objectSummary = (S3ObjectSummary) iterator.next();
  74.                 client.deleteObject(bucketName, objectSummary.getKey());
  75.             }

  77.             if (objectListing.isTruncated()) {
  78.                 objectListing = client.listNextBatchOfObjects(objectListing);
  79.             } else {
  80.                 break;
  81.             }
  82.         };
  83.         VersionListing list = client.listVersions(new ListVersionsRequest().withBucketName(bucketName));
  84.         for ( Iterator<?> iterator = list.getVersionSummaries().iterator(); iterator.hasNext(); ) {
  85.             S3VersionSummary s = (S3VersionSummary)iterator.next();
  86.             client.deleteVersion(bucketName, s.getKey(), s.getVersionId());
  87.         }
  88.         client.deleteBucket(bucketName);
  89.     }
  90. }
复制代码
  • GenerateSymmetricMasterKey.java源码
  1. package crypto_test;
  2. import java.io.File;
  3. import java.io.FileInputStream;
  4. import java.io.FileOutputStream;
  5. import java.io.IOException;
  6. import java.security.InvalidKeyException;
  7. import java.security.NoSuchAlgorithmException;
  8. import java.security.spec.InvalidKeySpecException;
  9. import java.security.spec.X509EncodedKeySpec;
  10. import java.util.Arrays;
  11. import javax.crypto.KeyGenerator;
  12. import javax.crypto.SecretKey;
  13. import javax.crypto.spec.SecretKeySpec;
  14. import javax.crypto.Cipher;
  15. import org.junit.Assert;

  17. public class GenerateSymmetricMasterKey {

  19.     private static final String keyDir  = System.getProperty("java.io.tmpdir");
  20.     private static final String keyName = "secret.key";
  21.    
  22.     public static void main(String[] args) throws Exception {
  23.             System.out.println("AES max key len:" + Cipher.getMaxAllowedKeyLength("AES"));
  24.         //Generate symmetric 256 bit AES key.
  25.         KeyGenerator symKeyGenerator = KeyGenerator.getInstance("AES");
  26.         symKeyGenerator.init(256);
  27.         SecretKey symKey = symKeyGenerator.generateKey();

  29.         //Save key.
  30.         saveSymmetricKey(keyDir, symKey);
  31.         
  32.         //Load key.
  33.         SecretKey symKeyLoaded = loadSymmetricAESKey(keyDir, "AES");           
  34.         Assert.assertTrue(Arrays.equals(symKey.getEncoded(), symKeyLoaded.getEncoded()));
  35.         System.out.println("symKey: " + (new String(symKey.getEncoded())));
  36.         System.out.println("symKeyLoaded:" + (new String(symKeyLoaded.getEncoded())));
  37.     }

  39.     public static void saveSymmetricKey(String path, SecretKey secretKey)
  40.         throws IOException {
  41.         X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(
  42.                 secretKey.getEncoded());
  43.         FileOutputStream keyfos = new FileOutputStream(path + "/" + keyName);
  44.         keyfos.write(x509EncodedKeySpec.getEncoded());
  45.         keyfos.close();
  46.     }
  47.    
  48.     public static SecretKey loadSymmetricAESKey(String path, String algorithm)
  49.         throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException{
  50.         //Read private key from file.
  51.         File keyFile = new File(path + "/" + keyName);
  52.         FileInputStream keyfis = new FileInputStream(keyFile);
  53.         byte[] encodedPrivateKey = new byte[(int)keyFile.length()];
  54.         keyfis.read(encodedPrivateKey);
  55.         keyfis.close();

  57.         //Generate secret key.
  58.         return new SecretKeySpec(encodedPrivateKey, "AES");
  59.     }
  60. }
复制代码
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册
您需要登录后才可以发帖 QQ登录

联系我们|腾讯云平台|积分商城|腾讯云官方论坛    

GMT+8, 2019-2-17 08:42 , Processed in 1.170829 second(s), 29 queries .

Powered by Discuz! X2.5

© 2001-2012 Comsenz Inc.

回顶部