Create individual request types for each AwsCrypto method

Author: WesleyRosenblum

src/examples/java/com/amazonaws/crypto/examples/BasicEncryptionExample.java

@@ -19,8 +19,9 @@
 import java.util.Map;
 
 import com.amazonaws.encryptionsdk.AwsCrypto;
-import com.amazonaws.encryptionsdk.AwsCrypto.AwsCryptoConfig;
 import com.amazonaws.encryptionsdk.AwsCryptoResult;
+import com.amazonaws.encryptionsdk.DecryptRequest;
+import com.amazonaws.encryptionsdk.EncryptRequest;
 import com.amazonaws.encryptionsdk.keyrings.Keyring;
 import com.amazonaws.encryptionsdk.keyrings.StandardKeyrings;
 import com.amazonaws.encryptionsdk.kms.KmsClientSupplier;
@@ -71,36 +72,37 @@ static void encryptAndDecrypt(final String keyArn) {
         //    blogs.aws.amazon.com/security/post/Tx2LZ6WBJJANTNW/How-to-Protect-the-Integrity-of-Your-Encrypted-Data-by-Using-AWS-Key-Management
         final Map<String, String> encryptionContext = Collections.singletonMap("ExampleContextKey", "ExampleContextValue");
 
-        // 5. Instantiate the AwsCryptoConfig input to AwsCrypto with the keyring and encryption context
-        final AwsCryptoConfig config = AwsCryptoConfig.builder()
-                .keyring(keyring)
-                .encryptionContext(encryptionContext)
-                .build();
-
-        // 6. Encrypt the data
-        final AwsCryptoResult<byte[]> encryptResult = crypto.encryptData(config, EXAMPLE_DATA);
+        // 5. Encrypt the data with the keyring and encryption context
+        final AwsCryptoResult<byte[]> encryptResult = crypto.encrypt(
+                EncryptRequest.builder()
+                    .keyring(keyring)
+                    .encryptionContext(encryptionContext)
+                    .plaintext(EXAMPLE_DATA).build());
         final byte[] ciphertext = encryptResult.getResult();
 
-        // 7. Decrypt the data. The same keyring may be used to encrypt and decrypt, but for decryption
+        // 6. Decrypt the data. The same keyring may be used to encrypt and decrypt, but for decryption
         //    the key IDs must be in the key ARN format.
-        final AwsCryptoResult<byte[]> decryptResult = crypto.decryptData(config, ciphertext);
+        final AwsCryptoResult<byte[]> decryptResult = crypto.decrypt(
+                DecryptRequest.builder()
+                        .keyring(keyring)
+                        .ciphertext(ciphertext).build());
 
-        // 8. Before verifying the plaintext, inspect the Keyring Trace to verify that the CMK used
+        // 7. Before verifying the plaintext, inspect the Keyring Trace to verify that the CMK used
         //    to decrypt the encrypted data key was the CMK in the encryption keyring.
         if(!decryptResult.getKeyringTrace().getEntries().get(0).getKeyName().equals(keyArn)) {
             throw new IllegalStateException("Wrong key ID!");
         }
 
-        // 9. Also, verify that the encryption context in the result contains the
-        // encryption context supplied to the encryptData method. Because the
-        // SDK can add values to the encryption context, don't require that
-        // the entire context matches.
+        // 8. Also, verify that the encryption context in the result contains the
+        //    encryption context supplied to the encryptData method. Because the
+        //    SDK can add values to the encryption context, don't require that
+        //    the entire context matches.
         if (!encryptionContext.entrySet().stream()
                 .allMatch(e -> e.getValue().equals(decryptResult.getEncryptionContext().get(e.getKey())))) {
             throw new IllegalStateException("Wrong Encryption Context!");
         }
 
-        // 10. Verify that the decrypted plaintext matches the original plaintext
+        // 9. Verify that the decrypted plaintext matches the original plaintext
         assert Arrays.equals(decryptResult.getResult(), EXAMPLE_DATA);
     }
 }

src/examples/java/com/amazonaws/crypto/examples/EscrowedEncryptExample.java

@@ -14,7 +14,8 @@
 package com.amazonaws.crypto.examples;
 
 import com.amazonaws.encryptionsdk.AwsCrypto;
-import com.amazonaws.encryptionsdk.AwsCrypto.AwsCryptoConfig;
+import com.amazonaws.encryptionsdk.DecryptRequest;
+import com.amazonaws.encryptionsdk.EncryptRequest;
 import com.amazonaws.encryptionsdk.keyrings.Keyring;
 import com.amazonaws.encryptionsdk.keyrings.StandardKeyrings;
 import com.amazonaws.encryptionsdk.kms.KmsClientSupplier;
@@ -48,7 +49,7 @@
  * so that either key alone can decrypt it. You might commonly use the KMS CMK for decryption. However,
  * at any time, you can use the private RSA key to decrypt the ciphertext independent of KMS.
  *
- * This sample uses an RawRsaKeyring to generate a RSA public-private key pair
+ * This sample uses a RawRsaKeyring to generate a RSA public-private key pair
  * and saves the key pair in memory. In practice, you would store the private key in a secure offline
  * location, such as an offline HSM, and distribute the public key to your development team.
  *
@@ -105,15 +106,13 @@ private static byte[] standardEncrypt(final String kmsArn, final PublicKey publi
         // 5. Combine the providers into a single MultiKeyring
         final Keyring keyring = StandardKeyrings.multi(kmsKeyring, rsaKeyring);
 
-        // 6. Instantiate the AwsCryptoConfig input to AwsCrypto with the keyring
+        // 6. Encrypt the data with the keyring.
         //    To simplify the code, we omit the encryption context. Production code should always
         //    use an encryption context. For an example, see the other SDK samples.
-        final AwsCryptoConfig config = AwsCryptoConfig.builder()
+        return crypto.encrypt(EncryptRequest.builder()
                 .keyring(keyring)
-                .build();
-
-        // 7. Encrypt the data
-        return crypto.encryptData(config, EXAMPLE_DATA).getResult();
+                .plaintext(EXAMPLE_DATA).build())
+                .getResult();
     }
 
     private static byte[] standardDecrypt(final String kmsArn, final byte[] cipherText) {
@@ -131,15 +130,12 @@ private static byte[] standardDecrypt(final String kmsArn, final byte[] cipherTe
         //    key with, but those can be supplied as necessary.
         final Keyring kmsKeyring = StandardKeyrings.kms(clientSupplier, emptyList(), emptyList(), kmsArn);
 
-        // 4. Instantiate the AwsCryptoConfig input to AwsCrypto with the keyring
+        // 4. Decrypt the data with the keyring.
         //    To simplify the code, we omit the encryption context. Production code should always
         //    use an encryption context. For an example, see the other SDK samples.
-        final AwsCryptoConfig config = AwsCryptoConfig.builder()
+        return crypto.decrypt(DecryptRequest.builder()
                 .keyring(kmsKeyring)
-                .build();
-
-        // 5. Decrypt the data
-        return crypto.decryptData(config, cipherText).getResult();
+                .ciphertext(cipherText).build()).getResult();
     }
 
     private static byte[] escrowDecrypt(final byte[] cipherText, final PublicKey publicEscrowKey, final PrivateKey privateEscrowKey) {
@@ -153,15 +149,12 @@ private static byte[] escrowDecrypt(final byte[] cipherText, final PublicKey pub
         final Keyring rsaKeyring = StandardKeyrings.rawRsa("Escrow", "Escrow",
                 publicEscrowKey, privateEscrowKey, "RSA/ECB/OAEPWithSHA-512AndMGF1Padding");
 
-        // 3. Instantiate the AwsCryptoConfig input to AwsCrypto with the keyring
+        // 3. Decrypt the data with the keyring
         //    To simplify the code, we omit the encryption context. Production code should always
         //    use an encryption context. For an example, see the other SDK samples.
-        final AwsCryptoConfig config = AwsCryptoConfig.builder()
+        return crypto.decrypt(DecryptRequest.builder()
                 .keyring(rsaKeyring)
-                .build();
-
-        // 4. Decrypt the data
-        return crypto.decryptData(config, cipherText).getResult();
+                .ciphertext(cipherText).build()).getResult();
     }
 
     private static KeyPair generateEscrowKeyPair() throws GeneralSecurityException {

src/examples/java/com/amazonaws/crypto/examples/FileStreamingExample.java

@@ -14,8 +14,9 @@
 package com.amazonaws.crypto.examples;
 
 import com.amazonaws.encryptionsdk.AwsCrypto;
-import com.amazonaws.encryptionsdk.AwsCrypto.AwsCryptoConfig;
 import com.amazonaws.encryptionsdk.AwsCryptoInputStream;
+import com.amazonaws.encryptionsdk.CreateDecryptingInputStreamRequest;
+import com.amazonaws.encryptionsdk.CreateEncryptingInputStreamRequest;
 import com.amazonaws.encryptionsdk.keyrings.Keyring;
 import com.amazonaws.encryptionsdk.keyrings.StandardKeyrings;
 import com.amazonaws.util.IOUtils;
@@ -78,40 +79,40 @@ static void encryptAndDecrypt(final File srcFile, final File encryptedFile, fina
         //    blogs.aws.amazon.com/security/post/Tx2LZ6WBJJANTNW/How-to-Protect-the-Integrity-of-Your-Encrypted-Data-by-Using-AWS-Key-Management
         final Map<String, String> encryptionContext = Collections.singletonMap("Example", "FileStreaming");
 
-        // 5. Instantiate the AwsCryptoConfig input to AwsCrypto with the keyring and encryption context
-        final AwsCryptoConfig config = AwsCryptoConfig.builder()
-                .keyring(keyring)
-                .encryptionContext(encryptionContext)
-                .build();
-
-        // 6. Create the encrypting stream. Because the file might be too large to load into memory,
+        // 5. Create the encrypting input stream with the keyring and encryption context.
+        //    Because the file might be too large to load into memory,
         //    we stream the data, instead of loading it all at once.
-        try (final AwsCryptoInputStream encryptingStream =
-                crypto.createEncryptingStream(config, new FileInputStream(srcFile))) {
+        try (final AwsCryptoInputStream encryptingStream = crypto.createEncryptingInputStream(
+                CreateEncryptingInputStreamRequest.builder()
+                        .keyring(keyring)
+                        .encryptionContext(encryptionContext)
+                        .inputStream(new FileInputStream(srcFile)).build())) {
 
-            // 7. Copy the encrypted data into the encrypted file.
+            // 6. Copy the encrypted data into the encrypted file.
             try (FileOutputStream out = new FileOutputStream(encryptedFile)) {
                 IOUtils.copy(encryptingStream, out);
             }
         }
 
-        // 8. Create the decrypting stream.
-        try(final AwsCryptoInputStream decryptingStream =
-                crypto.createDecryptingStream(config, new FileInputStream(encryptedFile))) {
+        // 7. Create the decrypting input stream with the keyring.
+        try(final AwsCryptoInputStream decryptingStream = crypto.createDecryptingInputStream(
+                CreateDecryptingInputStreamRequest.builder()
+                        .keyring(keyring)
+                        .inputStream(new FileInputStream(encryptedFile)).build())) {
 
-            // 9. Verify that the encryption context in the result contains the
+            // 8. Verify that the encryption context in the result contains the
             //    encryption context supplied to the createEncryptingStream method.
             if (!"FileStreaming".equals(decryptingStream.getAwsCryptoResult().getEncryptionContext().get("Example"))) {
                 throw new IllegalStateException("Bad encryption context");
             }
 
-            // 10. Copy the plaintext data to a file
+            // 9. Copy the plaintext data to a file
             try (FileOutputStream out = new FileOutputStream(decryptedFile)) {
                 IOUtils.copy(decryptingStream, out);
             }
         }
 
-        // 11. Compare the decrypted file to the original
+        // 10. Compare the decrypted file to the original
         compareFiles(decryptedFile, srcFile);
     }