Rename KmsKeying and related classes to AwsKmsKeyring

Author: WesleyRosenblum

src/examples/java/com/amazonaws/crypto/examples/BasicEncryptionExample.java

@@ -24,7 +24,7 @@
 import com.amazonaws.encryptionsdk.EncryptRequest;
 import com.amazonaws.encryptionsdk.keyrings.Keyring;
 import com.amazonaws.encryptionsdk.keyrings.StandardKeyrings;
-import com.amazonaws.encryptionsdk.kms.KmsClientSupplier;
+import com.amazonaws.encryptionsdk.kms.AwsKmsClientSupplier;
 
 import static java.util.Collections.emptyList;
 
@@ -53,15 +53,15 @@ static void encryptAndDecrypt(final String keyArn) {
         // 1. Instantiate the SDK
         final AwsCrypto crypto = new AwsCrypto();
 
-        // 2. Instantiate a KMS Client Supplier. This example uses the default client supplier but you can
+        // 2. Instantiate an AWS KMS Client Supplier. This example uses the default client supplier but you can
         //    also configure the credentials provider, client configuration and other settings as necessary
-        final KmsClientSupplier clientSupplier = KmsClientSupplier.builder().build();
+        final AwsKmsClientSupplier clientSupplier = AwsKmsClientSupplier.builder().build();
 
-        // 3. Instantiate a KMS Keyring, supplying the key ARN as the generator for generating a data key. While using
-        //    a key ARN is a best practice, for encryption operations it is also acceptable to use a CMK alias or an
-        //    alias ARN. For this example, empty lists are provided for grant tokens and additional keys to encrypt
+        // 3. Instantiate an AWS KMS Keyring, supplying the key ARN as the generator for generating a data key. While
+        //    using a key ARN is a best practice, for encryption operations it is also acceptable to use a CMK alias or
+        //    an alias ARN. For this example, empty lists are provided for grant tokens and additional keys to encrypt
         //    the data key with, but those can be supplied as necessary.
-        final Keyring keyring = StandardKeyrings.kms(clientSupplier, emptyList(), emptyList(), keyArn);
+        final Keyring keyring = StandardKeyrings.awsKms(clientSupplier, emptyList(), emptyList(), keyArn);
 
         // 4. Create an encryption context
         //

src/examples/java/com/amazonaws/crypto/examples/EscrowedEncryptExample.java

@@ -18,7 +18,7 @@
 import com.amazonaws.encryptionsdk.EncryptRequest;
 import com.amazonaws.encryptionsdk.keyrings.Keyring;
 import com.amazonaws.encryptionsdk.keyrings.StandardKeyrings;
-import com.amazonaws.encryptionsdk.kms.KmsClientSupplier;
+import com.amazonaws.encryptionsdk.kms.AwsKmsClientSupplier;
 
 import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
@@ -88,16 +88,16 @@ private static byte[] standardEncrypt(final String kmsArn, final PublicKey publi
         // 1. Instantiate the SDK
         final AwsCrypto crypto = new AwsCrypto();
 
-        // 2. Instantiate a KMS Client Supplier. This example uses the default client supplier but you can
+        // 2. Instantiate an AWS KMS Client Supplier. This example uses the default client supplier but you can
         //    also configure the credentials provider, client configuration and other settings as necessary
-        final KmsClientSupplier clientSupplier = KmsClientSupplier.builder().build();
+        final AwsKmsClientSupplier clientSupplier = AwsKmsClientSupplier.builder().build();
 
-        // 3. Instantiate a KMS Keyring, supplying the keyArn as the generator for generating a data key.
+        // 3. Instantiate an AWS KMS Keyring, supplying the keyArn as the generator for generating a data key.
         //    For this example, empty lists are provided for grant tokens and additional keys to encrypt the data
         //    key with, but those can be supplied as necessary.
-        final Keyring kmsKeyring = StandardKeyrings.kms(clientSupplier, emptyList(), emptyList(), kmsArn);
+        final Keyring kmsKeyring = StandardKeyrings.awsKms(clientSupplier, emptyList(), emptyList(), kmsArn);
 
-        // 4. Instantiate an RawRsaKeyring
+        // 4. Instantiate a RawRsaKeyring
         //    Because the user does not have access to the private escrow key,
         //    they pass in "null" for the private key parameter.
         final Keyring rsaKeyring = StandardKeyrings.rawRsa("Escrow", "Escrow",
@@ -121,14 +121,14 @@ private static byte[] standardDecrypt(final String kmsArn, final byte[] cipherTe
         // 1. Instantiate the SDK
         final AwsCrypto crypto = new AwsCrypto();
 
-        // 2. Instantiate a KMS Client Supplier. This example uses the default client supplier but you can
+        // 2. Instantiate an AWS KMS Client Supplier. This example uses the default client supplier but you can
         //    also configure the credentials provider, client configuration and other settings as necessary
-        final KmsClientSupplier clientSupplier = KmsClientSupplier.builder().build();
+        final AwsKmsClientSupplier clientSupplier = AwsKmsClientSupplier.builder().build();
 
-        // 3. Instantiate a KMS Keyring, supplying the keyArn as the generator for generating a data key.
+        // 3. Instantiate an AWS KMS Keyring, supplying the keyArn as the generator for generating a data key.
         //    For this example, empty lists are provided for grant tokens and additional keys to encrypt the data
         //    key with, but those can be supplied as necessary.
-        final Keyring kmsKeyring = StandardKeyrings.kms(clientSupplier, emptyList(), emptyList(), kmsArn);
+        final Keyring kmsKeyring = StandardKeyrings.awsKms(clientSupplier, emptyList(), emptyList(), kmsArn);
 
         // 4. Decrypt the data with the keyring.
         //    To simplify the code, we omit the encryption context. Production code should always

src/main/java/com/amazonaws/encryptionsdk/exception/UnsupportedRegionException.java

@@ -15,7 +15,7 @@
 
 /**
  * This exception is thrown when a region that is not allowed to be used by
- * a given KmsClientSupplier is specified.
+ * a given AwsKmsClientSupplier is specified.
  */
 public class UnsupportedRegionException extends AwsCryptoException {
 

src/main/java/com/amazonaws/encryptionsdk/keyrings/KmsKeyring.java renamed to src/main/java/com/amazonaws/encryptionsdk/keyrings/AwsKmsKeyring.java

@@ -39,16 +39,16 @@
 
 /**
  * A keyring which interacts with AWS Key Management Service (KMS) to create,
- * encrypt, and decrypt data keys using KMS defined Customer Master Keys (CMKs).
+ * encrypt, and decrypt data keys using AWS KMS defined Customer Master Keys (CMKs).
  */
-class KmsKeyring implements Keyring {
+class AwsKmsKeyring implements Keyring {
 
     private final DataKeyEncryptionDao dataKeyEncryptionDao;
     private final List<String> keyIds;
     private final String generatorKeyId;
     private final boolean isDiscovery;
 
-    KmsKeyring(DataKeyEncryptionDao dataKeyEncryptionDao, List<String> keyIds, String generatorKeyId) {
+    AwsKmsKeyring(DataKeyEncryptionDao dataKeyEncryptionDao, List<String> keyIds, String generatorKeyId) {
         requireNonNull(dataKeyEncryptionDao, "dataKeyEncryptionDao is required");
         this.dataKeyEncryptionDao = dataKeyEncryptionDao;
         this.keyIds = keyIds == null ? emptyList() : unmodifiableList(new ArrayList<>(keyIds));

src/main/java/com/amazonaws/encryptionsdk/keyrings/StandardKeyrings.java

@@ -14,7 +14,7 @@
 package com.amazonaws.encryptionsdk.keyrings;
 
 import com.amazonaws.encryptionsdk.kms.DataKeyEncryptionDao;
-import com.amazonaws.encryptionsdk.kms.KmsClientSupplier;
+import com.amazonaws.encryptionsdk.kms.AwsKmsClientSupplier;
 
 import javax.crypto.SecretKey;
 import java.security.PrivateKey;
@@ -61,19 +61,19 @@ public static Keyring rawRsa(String keyNamespace, String keyName, PublicKey publ
 
     /**  
      * Constructs a {@code Keyring} which interacts with AWS Key Management Service (KMS) to create,
-     * encrypt, and decrypt data keys using KMS defined Customer Master Keys (CMKs).
+     * encrypt, and decrypt data keys using AWS KMS defined Customer Master Keys (CMKs).
      *
-     * @param clientSupplier    A function that returns a KMS client that can make GenerateDataKey,
+     * @param clientSupplier    A function that returns an AWS KMS client that can make GenerateDataKey,
      *                          Encrypt, and Decrypt calls in a particular AWS region.
      * @param grantTokens       A list of string grant tokens to be included in all KMS calls.
-     * @param keyIds            A list of strings identifying KMS CMKs used for encrypting and decrypting data keys in
-     *                          ARN, CMK Alias, or ARN Alias format.
-     * @param generatorKeyId    A string that identifies a KMS CMK responsible for generating a data key,
+     * @param keyIds            A list of strings identifying AWS KMS CMKs used for encrypting and decrypting data keys
+     *                          in ARN, CMK Alias, or ARN Alias format.
+     * @param generatorKeyId    A string that identifies a AWS KMS CMK responsible for generating a data key,
      *                          as well as encrypting and decrypting data keys in ARN, CMK Alias, or ARN Alias format.
      * @return The {@code Keyring}
      */
-    public static Keyring kms(KmsClientSupplier clientSupplier, List<String> grantTokens, List<String> keyIds, String generatorKeyId) {
-        return new KmsKeyring(DataKeyEncryptionDao.kms(clientSupplier, grantTokens), keyIds, generatorKeyId);
+    public static Keyring awsKms(AwsKmsClientSupplier clientSupplier, List<String> grantTokens, List<String> keyIds, String generatorKeyId) {
+        return new AwsKmsKeyring(DataKeyEncryptionDao.awsKms(clientSupplier, grantTokens), keyIds, generatorKeyId);
     }
 
     /**

src/main/java/com/amazonaws/encryptionsdk/kms/KmsClientSupplier.java renamed to src/main/java/com/amazonaws/encryptionsdk/kms/AwsKmsClientSupplier.java

@@ -38,7 +38,7 @@
  * function should be able to handle when the region is null.
  */
 @FunctionalInterface
-public interface KmsClientSupplier {
+public interface AwsKmsClientSupplier {
 
     /**
      * Gets an {@code AWSKMS} client for the given regionId.
@@ -51,7 +51,7 @@ public interface KmsClientSupplier {
     AWSKMS getClient(@Nullable String regionId) throws UnsupportedRegionException;
 
     /**
-     * Gets a Builder for constructing a KmsClientSupplier
+     * Gets a Builder for constructing an AwsKmsClientSupplier
      *
      * @return The builder
      */
@@ -60,7 +60,7 @@ static Builder builder() {
     }
 
     /**
-     * Builder to construct a KmsClientSupplier given various
+     * Builder to construct an AwsKmsClientSupplier given various
      * optional settings.
      */
     class Builder {
@@ -71,20 +71,20 @@ class Builder {
         private Set<String> excludedRegions = Collections.emptySet();
         private boolean clientCachingEnabled = false;
         private final Map<String, AWSKMS> clientsCache = new HashMap<>();
-        private static final Set<String> KMS_METHODS = new HashSet<>();
-        private AWSKMSClientBuilder kmsClientBuilder;
+        private static final Set<String> AWSKMS_METHODS = new HashSet<>();
+        private AWSKMSClientBuilder awsKmsClientBuilder;
 
         static {
-            KMS_METHODS.add("generateDataKey");
-            KMS_METHODS.add("encrypt");
-            KMS_METHODS.add("decrypt");
+            AWSKMS_METHODS.add("generateDataKey");
+            AWSKMS_METHODS.add("encrypt");
+            AWSKMS_METHODS.add("decrypt");
         }
 
-        Builder(AWSKMSClientBuilder kmsClientBuilder) {
-            this.kmsClientBuilder = kmsClientBuilder;
+        Builder(AWSKMSClientBuilder awsKmsClientBuilder) {
+            this.awsKmsClientBuilder = awsKmsClientBuilder;
         }
 
-        public KmsClientSupplier build() {
+        public AwsKmsClientSupplier build() {
             isTrue(allowedRegions.isEmpty() || excludedRegions.isEmpty(),
                     "Either allowed regions or excluded regions may be set, not both.");
 
@@ -104,18 +104,18 @@ public KmsClientSupplier build() {
                 }
 
                 if (credentialsProvider != null) {
-                    kmsClientBuilder = kmsClientBuilder.withCredentials(credentialsProvider);
+                    awsKmsClientBuilder = awsKmsClientBuilder.withCredentials(credentialsProvider);
                 }
 
                 if (clientConfiguration != null) {
-                    kmsClientBuilder = kmsClientBuilder.withClientConfiguration(clientConfiguration);
+                    awsKmsClientBuilder = awsKmsClientBuilder.withClientConfiguration(clientConfiguration);
                 }
 
                 if (regionId != null) {
-                    kmsClientBuilder = kmsClientBuilder.withRegion(regionId);
+                    awsKmsClientBuilder = awsKmsClientBuilder.withRegion(regionId);
                 }
 
-                AWSKMS client = kmsClientBuilder.build();
+                AWSKMS client = awsKmsClientBuilder.build();
 
                 if (clientCachingEnabled) {
                     client = newCachingProxy(client, regionId);
@@ -179,7 +179,7 @@ public Builder clientCaching(boolean enabled) {
 
         /**
          * Creates a proxy for the AWSKMS client that will populate the client into the client cache
-         * after a KMS method successfully completes or a KMS exception occurs. This is to prevent a
+         * after an AWS KMS method successfully completes or an AWS KMS exception occurs. This is to prevent a
          * a malicious user from causing a local resource DOS by sending ciphertext with a large number
          * of spurious regions, thereby filling the cache with regions and exhausting resources.
          *
@@ -194,13 +194,13 @@ private AWSKMS newCachingProxy(AWSKMS client, String regionId) {
                     (proxy, method, methodArgs) -> {
                         try {
                             final Object result = method.invoke(client, methodArgs);
-                            if (KMS_METHODS.contains(method.getName())) {
+                            if (AWSKMS_METHODS.contains(method.getName())) {
                                 clientsCache.put(regionId, client);
                             }
                             return result;
                         } catch (InvocationTargetException e) {
                             if (e.getTargetException() instanceof AWSKMSException &&
-                                    KMS_METHODS.contains(method.getName())) {
+                                    AWSKMS_METHODS.contains(method.getName())) {
                                 clientsCache.put(regionId, client);
                             }
 

src/main/java/com/amazonaws/encryptionsdk/kms/KmsDataKeyEncryptionDao.java renamed to src/main/java/com/amazonaws/encryptionsdk/kms/AwsKmsDataKeyEncryptionDao.java

@@ -46,12 +46,12 @@
  * generation, encryption, and decryption of data keys. The KmsMethods interface is implemented
  * to allow usage in KmsMasterKey.
  */
-class KmsDataKeyEncryptionDao implements DataKeyEncryptionDao, KmsMethods {
+class AwsKmsDataKeyEncryptionDao implements DataKeyEncryptionDao, KmsMethods {
 
-    private final KmsClientSupplier clientSupplier;
+    private final AwsKmsClientSupplier clientSupplier;
     private List<String> grantTokens;
 
-    KmsDataKeyEncryptionDao(KmsClientSupplier clientSupplier, List<String> grantTokens) {
+    AwsKmsDataKeyEncryptionDao(AwsKmsClientSupplier clientSupplier, List<String> grantTokens) {
         requireNonNull(clientSupplier, "clientSupplier is required");
 
         this.clientSupplier = clientSupplier;

src/main/java/com/amazonaws/encryptionsdk/kms/DataKeyEncryptionDao.java

@@ -61,8 +61,8 @@ public interface DataKeyEncryptionDao {
      * @param grantTokens A list of grant tokens to supply to KMS
      * @return The DataKeyEncryptionDao
      */
-    static DataKeyEncryptionDao kms(KmsClientSupplier clientSupplier, List<String> grantTokens) {
-        return new KmsDataKeyEncryptionDao(clientSupplier, grantTokens);
+    static DataKeyEncryptionDao awsKms(AwsKmsClientSupplier clientSupplier, List<String> grantTokens) {
+        return new AwsKmsDataKeyEncryptionDao(clientSupplier, grantTokens);
     }
 
     class GenerateDataKeyResult {

src/main/java/com/amazonaws/encryptionsdk/kms/KmsMasterKey.java

@@ -43,7 +43,7 @@
  */
 @Deprecated
 public final class KmsMasterKey extends MasterKey<KmsMasterKey> implements KmsMethods {
-    private final KmsDataKeyEncryptionDao dataKeyEncryptionDao_;
+    private final AwsKmsDataKeyEncryptionDao dataKeyEncryptionDao_;
     private final MasterKeyProvider<KmsMasterKey> sourceProvider_;
     private final String id_;
 
@@ -67,10 +67,10 @@ public static KmsMasterKey getInstance(final AWSCredentialsProvider creds, final
 
     static KmsMasterKey getInstance(final Supplier<AWSKMS> kms, final String id,
             final MasterKeyProvider<KmsMasterKey> provider) {
-        return new KmsMasterKey(new KmsDataKeyEncryptionDao(s -> kms.get(), emptyList()), id, provider);
+        return new KmsMasterKey(new AwsKmsDataKeyEncryptionDao(s -> kms.get(), emptyList()), id, provider);
     }
 
-    KmsMasterKey(final KmsDataKeyEncryptionDao dataKeyEncryptionDao, final String id, final MasterKeyProvider<KmsMasterKey> provider) {
+    KmsMasterKey(final AwsKmsDataKeyEncryptionDao dataKeyEncryptionDao, final String id, final MasterKeyProvider<KmsMasterKey> provider) {
         dataKeyEncryptionDao_ = dataKeyEncryptionDao;
         id_ = id;
         sourceProvider_ = provider;

src/main/java/com/amazonaws/encryptionsdk/kms/KmsUtils.java

@@ -35,7 +35,7 @@ public class KmsUtils {
      * @return AWSKMS The client
      * @throws MalformedArnException if the arn is malformed
      */
-    public static AWSKMS getClientByArn(String arn, KmsClientSupplier clientSupplier) throws MalformedArnException {
+    public static AWSKMS getClientByArn(String arn, AwsKmsClientSupplier clientSupplier) throws MalformedArnException {
         if (isKeyAlias(arn)) {
             return clientSupplier.getClient(null);
         }