diff options
author | juerg <juerg@google.com> | 2023-07-25 07:03:44 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-07-25 07:05:19 -0700 |
commit | dc2e793e8fe2639adce99c190653b47c4671815c (patch) | |
tree | e706eed5410077f691892bdf8e0d1049916e52c4 | |
parent | d83f95a3651c83bb44155e8ca363a60ce4aa1979 (diff) | |
download | tink-dc2e793e8fe2639adce99c190653b47c4671815c.tar.gz |
Rewrite EnvelopeAeadExample.java so that it doesn't register the kms client.
PiperOrigin-RevId: 550875209
-rw-r--r-- | java_src/examples/envelopeaead/BUILD.bazel | 7 | ||||
-rw-r--r-- | java_src/examples/envelopeaead/EnvelopeAeadExample.java | 24 |
2 files changed, 12 insertions, 19 deletions
diff --git a/java_src/examples/envelopeaead/BUILD.bazel b/java_src/examples/envelopeaead/BUILD.bazel index a3fbedfcb..7aa0b7d9a 100644 --- a/java_src/examples/envelopeaead/BUILD.bazel +++ b/java_src/examples/envelopeaead/BUILD.bazel @@ -8,10 +8,11 @@ java_binary( main_class = "envelopeaead.EnvelopeAeadExample", deps = [ "@tink_java//src/main/java/com/google/crypto/tink:aead", - "@tink_java//src/main/java/com/google/crypto/tink:key_templates", - "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster", + "@tink_java//src/main/java/com/google/crypto/tink:kms_client", "@tink_java//src/main/java/com/google/crypto/tink/aead:aead_config", - "@tink_java//src/main/java/com/google/crypto/tink/aead:kms_envelope_aead_key_manager", + "@tink_java//src/main/java/com/google/crypto/tink/aead:aead_key_templates", + "@tink_java//src/main/java/com/google/crypto/tink/aead:kms_envelope_aead", + "@tink_java//src/main/java/com/google/crypto/tink/aead:predefined_aead_parameters", "@tink_java//src/main/java/com/google/crypto/tink/integration/gcpkms:gcp_kms_client", ], ) diff --git a/java_src/examples/envelopeaead/EnvelopeAeadExample.java b/java_src/examples/envelopeaead/EnvelopeAeadExample.java index 4a77e2def..dde2e81df 100644 --- a/java_src/examples/envelopeaead/EnvelopeAeadExample.java +++ b/java_src/examples/envelopeaead/EnvelopeAeadExample.java @@ -17,17 +17,16 @@ package envelopeaead; import static java.nio.charset.StandardCharsets.UTF_8; import com.google.crypto.tink.Aead; -import com.google.crypto.tink.KeyTemplates; -import com.google.crypto.tink.KeysetHandle; +import com.google.crypto.tink.KmsClient; import com.google.crypto.tink.aead.AeadConfig; -import com.google.crypto.tink.aead.KmsEnvelopeAeadKeyManager; +import com.google.crypto.tink.aead.KmsEnvelopeAead; +import com.google.crypto.tink.aead.PredefinedAeadParameters; import com.google.crypto.tink.integration.gcpkms.GcpKmsClient; import java.io.File; import java.io.FileOutputStream; import java.nio.file.Files; import java.nio.file.Paths; import java.security.GeneralSecurityException; -import java.util.Optional; /** * A command-line utility for encrypting small files with envelope encryption. @@ -67,25 +66,18 @@ public final class EnvelopeAeadExample { // Initialise Tink: register all AEAD key types with the Tink runtime AeadConfig.register(); - // Read the GCP credentials and set up client + // Read the GCP credentials and create a remote AEAD object. + Aead remoteAead = null; try { - GcpKmsClient.register(Optional.of(kekUri), Optional.of(gcpCredentialFilename)); + KmsClient kmsClient = new GcpKmsClient().withCredentials(gcpCredentialFilename); + remoteAead = kmsClient.getAead(kekUri); } catch (GeneralSecurityException ex) { System.err.println("Error initializing GCP client: " + ex); System.exit(1); } // Create envelope AEAD primitive using AES256 GCM for encrypting the data - Aead aead = null; - try { - KeysetHandle handle = - KeysetHandle.generateNew( - KmsEnvelopeAeadKeyManager.createKeyTemplate(kekUri, KeyTemplates.get("AES256_GCM"))); - aead = handle.getPrimitive(Aead.class); - } catch (GeneralSecurityException ex) { - System.err.println("Error creating primitive: %s " + ex); - System.exit(1); - } + Aead aead = KmsEnvelopeAead.create(PredefinedAeadParameters.AES256_GCM, remoteAead); // Use the primitive to encrypt/decrypt files. if (MODE_ENCRYPT.equals(mode)) { |