Add factory methods to Keyring builders

WesleyRosenblum · WesleyRosenblum · commit 6396c6c7c89e · 2020-01-30T19:24:13.000-08:00
diff --git a/src/main/java/com/amazonaws/encryptionsdk/keyrings/AwsKmsKeyringBuilder.java b/src/main/java/com/amazonaws/encryptionsdk/keyrings/AwsKmsKeyringBuilder.java
@@ -25,8 +25,17 @@ public class AwsKmsKeyringBuilder {
     private List<AwsKmsCmkId> keyIds;
     private AwsKmsCmkId generatorKeyId;
 
-    AwsKmsKeyringBuilder() {
-        // Use StandardKeyrings.awsKms() to instantiate
+    private AwsKmsKeyringBuilder() {
+        // Use AwsKmsKeyringBuilder.standard() or StandardKeyrings.awsKms() to instantiate
+    }
+
+    /**
+     * Constructs a new instance of {@code AwsKmsKeyringBuilder}
+     *
+     * @return The {@code AwsKmsKeyringBuilder}
+     */
+    public static AwsKmsKeyringBuilder standard() {
+        return new AwsKmsKeyringBuilder();
     }
 
     /**
diff --git a/src/main/java/com/amazonaws/encryptionsdk/keyrings/RawAesKeyringBuilder.java b/src/main/java/com/amazonaws/encryptionsdk/keyrings/RawAesKeyringBuilder.java
@@ -20,8 +20,17 @@ public class RawAesKeyringBuilder {
     private String keyName;
     private SecretKey wrappingKey;
 
-    RawAesKeyringBuilder() {
-        // Use StandardKeyrings.rawAes() to instantiate
+    private RawAesKeyringBuilder() {
+        // Use RawAesKeyringBuilder.standard() or StandardKeyrings.rawAes() to instantiate
+    }
+
+    /**
+     * Constructs a new instance of {@code RawAesKeyringBuilder}
+     *
+     * @return The {@code RawAesKeyringBuilder}
+     */
+    public static RawAesKeyringBuilder standard() {
+        return new RawAesKeyringBuilder();
     }
 
     /**
diff --git a/src/main/java/com/amazonaws/encryptionsdk/keyrings/RawRsaKeyringBuilder.java b/src/main/java/com/amazonaws/encryptionsdk/keyrings/RawRsaKeyringBuilder.java
@@ -23,8 +23,17 @@ public class RawRsaKeyringBuilder {
     private PrivateKey privateKey;
     private String wrappingAlgorithm;
 
-    RawRsaKeyringBuilder() {
-        // Use StandardKeyrings.rawRsa() to instantiate
+    private RawRsaKeyringBuilder() {
+        // Use RawRsaKeyringBuilder.standard() or StandardKeyrings.rawRsa() to instantiate
+    }
+
+    /**
+     * Constructs a new instance of {@code RawRsaKeyringBuilder}
+     *
+     * @return The {@code RawRsaKeyringBuilder}
+     */
+    public static RawRsaKeyringBuilder standard() {
+        return new RawRsaKeyringBuilder();
     }
 
     /**
diff --git a/src/main/java/com/amazonaws/encryptionsdk/keyrings/StandardKeyrings.java b/src/main/java/com/amazonaws/encryptionsdk/keyrings/StandardKeyrings.java
@@ -13,6 +13,7 @@
 
 package com.amazonaws.encryptionsdk.keyrings;
 
+import com.amazonaws.encryptionsdk.kms.AwsKmsClientSupplier;
 import com.amazonaws.encryptionsdk.kms.AwsKmsCmkId;
 
 import java.util.Arrays;
@@ -33,7 +34,7 @@ private StandardKeyrings() {
      * @return The {@link RawAesKeyringBuilder}
      */
     public static RawAesKeyringBuilder rawAes() {
-        return new RawAesKeyringBuilder();
+        return RawAesKeyringBuilder.standard();
     }
 
     /**
@@ -44,7 +45,7 @@ public static RawAesKeyringBuilder rawAes() {
      * @return The {@link RawRsaKeyringBuilder}
      */
     public static RawRsaKeyringBuilder rawRsa() {
-        return new RawRsaKeyringBuilder();
+        return RawRsaKeyringBuilder.standard();
     }
       
     /**  
@@ -58,7 +59,7 @@ public static RawRsaKeyringBuilder rawRsa() {
      * @return The {@code Keyring}
      */
     public static Keyring awsKms(AwsKmsCmkId generatorKeyId) {
-        return new AwsKmsKeyringBuilder()
+        return AwsKmsKeyringBuilder.standard()
                 .generatorKeyId(generatorKeyId)
                 .build();
     }
@@ -71,17 +72,29 @@ public static Keyring awsKms(AwsKmsCmkId generatorKeyId) {
      * @return The {@link AwsKmsKeyringBuilder}
      */
     public static AwsKmsKeyringBuilder awsKms() {
-        return new AwsKmsKeyringBuilder();
+        return AwsKmsKeyringBuilder.standard();
     }
 
     /**
      * Constructs a {@code Keyring} which interacts with AWS Key Management Service (KMS) to attempt to
      * decrypt all data keys provided to it. AWS KMS Discovery keyrings do not perform encryption.
+     * <p></p>
+     * To create an AWS KMS Regional Discovery Keyring, use {@link #awsKms()} and the
+     * {@link AwsKmsClientSupplier#builder()} to specify which regions to include/exclude.
+     * <p></p>
+     * For example, to include only CMKs in the us-east-1 region:
+     * <pre>
+     * StandardKeyrings.awsKms()
+     *             .awsKmsClientSupplier(
+     *                     AwsKmsClientSupplier.builder()
+     *                     .allowedRegions(Collections.singleton("us-east-1")).build())
+     *             .build();
+     * </pre>
      *
      * @return The {@code Keyring}
      */
     public static Keyring awsKmsDiscovery() {
-        return new AwsKmsKeyringBuilder().build();
+        return AwsKmsKeyringBuilder.standard().build();
     }
 
     /**
