Moving factory methods to StandardKeyrings and correcting RawAes trace.

Author: WesleyRosenblum

src/main/java/com/amazonaws/encryptionsdk/keyrings/Keyring.java

@@ -42,32 +42,4 @@ public interface Keyring {
      */
     void onDecrypt(DecryptionMaterials decryptionMaterials, List<? extends EncryptedDataKey> encryptedDataKeys);
 
-    /**
-     * Constructs a {@code Keyring} which does local AES-GCM encryption
-     * decryption of data keys using the provided wrapping key.
-     *
-     * @param keyNamespace A UTF-8 encoded value that, together with the key name, identifies the wrapping key.
-     * @param keyName      A UTF-8 encoded value that, together with the key namespace, identifies the wrapping key.
-     * @param wrappingKey  The AES key input to AES-GCM to encrypt plaintext data keys.
-     * @return The {@link Keyring}
-     */
-    static Keyring rawAes(String keyNamespace, String keyName, SecretKey wrappingKey) {
-        return new RawAesKeyring(keyNamespace, keyName, wrappingKey);
-    }
-
-    /**
-     * Constructs a {@code Keyring} which does local RSA encryption and decryption of data keys using the
-     * provided public and private keys. If {@code privateKey} is {@code null} then the returned {@code Keyring}
-     * can only be used for encryption.
-     *
-     * @param keyNamespace      A UTF-8 encoded value that, together with the key name, identifies the wrapping key.
-     * @param keyName           A UTF-8 encoded value that, together with the key namespace, identifies the wrapping key.
-     * @param publicKey         The RSA public key used by this keyring to encrypt data keys.
-     * @param privateKey        The RSA private key used by this keyring to decrypt data keys.
-     * @param wrappingAlgorithm The RSA algorithm to use with this keyring.
-     * @return The {@link Keyring}
-     */
-    static Keyring rawRsa(String keyNamespace, String keyName, PublicKey publicKey, PrivateKey privateKey, String wrappingAlgorithm) {
-        return new RawRsaKeyring(keyNamespace, keyName, publicKey, privateKey, wrappingAlgorithm);
-    }
 }

src/main/java/com/amazonaws/encryptionsdk/keyrings/RawAesKeyring.java

@@ -23,7 +23,7 @@
  * A {@code Keyring} which does local AES-GCM encryption
  * decryption of data keys using the provided wrapping key.
  *
- * Instantiate by using the {@code Keyring.rawAes(...)} factory method.
+ * Instantiate by using the {@code StandardKeyrings.rawAes(...)} factory method.
  */
 class RawAesKeyring extends RawKeyring {
 
@@ -53,15 +53,13 @@ boolean validToDecrypt(EncryptedDataKey encryptedDataKey) {
     void traceOnEncrypt(KeyringTrace keyringTrace) {
         keyringTrace.add(keyNamespace, keyName,
                 KeyringTraceFlag.ENCRYPTED_DATA_KEY,
-                KeyringTraceFlag.SIGNED_ENCRYPTION_CONTEXT,
-                KeyringTraceFlag.VERIFIED_ENCRYPTION_CONTEXT);
+                KeyringTraceFlag.SIGNED_ENCRYPTION_CONTEXT);
     }
 
     @Override
     void traceOnDecrypt(KeyringTrace keyringTrace) {
         keyringTrace.add(keyNamespace, keyName,
                 KeyringTraceFlag.DECRYPTED_DATA_KEY,
-                KeyringTraceFlag.SIGNED_ENCRYPTION_CONTEXT,
                 KeyringTraceFlag.VERIFIED_ENCRYPTION_CONTEXT);
     }
 }

src/main/java/com/amazonaws/encryptionsdk/keyrings/RawRsaKeyring.java

@@ -24,7 +24,7 @@
  * A {@link Keyring} which does local RSA encryption and decryption of data keys using the
  * provided public and private keys.
  *
- * Instantiate by using the {@code Keyring.rawRsa(...)} factory method.
+ * Instantiate by using the {@code StandardKeyrings.rawRsa(...)} factory method.
  */
 class RawRsaKeyring extends RawKeyring {
 

src/main/java/com/amazonaws/encryptionsdk/keyrings/StandardKeyrings.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except
+ * in compliance with the License. A copy of the License is located at
+ *
+ * http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.amazonaws.encryptionsdk.keyrings;
+
+import javax.crypto.SecretKey;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+/**
+ * Factory methods for instantiating the standard {@code Keyring}s provided by the AWS Encryption SDK.
+ */
+public class StandardKeyrings {
+
+    private StandardKeyrings() {
+    }
+
+    /**
+     * Constructs a {@code Keyring} which does local AES-GCM encryption
+     * decryption of data keys using the provided wrapping key.
+     *
+     * @param keyNamespace A UTF-8 encoded value that, together with the key name, identifies the wrapping key.
+     * @param keyName      A UTF-8 encoded value that, together with the key namespace, identifies the wrapping key.
+     * @param wrappingKey  The AES key input to AES-GCM to encrypt plaintext data keys.
+     * @return The {@link Keyring}
+     */
+    public static Keyring rawAes(String keyNamespace, String keyName, SecretKey wrappingKey) {
+        return new RawAesKeyring(keyNamespace, keyName, wrappingKey);
+    }
+
+    /**
+     * Constructs a {@code Keyring} which does local RSA encryption and decryption of data keys using the
+     * provided public and private keys. If {@code privateKey} is {@code null} then the returned {@code Keyring}
+     * can only be used for encryption.
+     *
+     * @param keyNamespace      A UTF-8 encoded value that, together with the key name, identifies the wrapping key.
+     * @param keyName           A UTF-8 encoded value that, together with the key namespace, identifies the wrapping key.
+     * @param publicKey         The RSA public key used by this keyring to encrypt data keys.
+     * @param privateKey        The RSA private key used by this keyring to decrypt data keys.
+     * @param wrappingAlgorithm The RSA algorithm to use with this keyring.
+     * @return The {@link Keyring}
+     */
+    public static Keyring rawRsa(String keyNamespace, String keyName, PublicKey publicKey, PrivateKey privateKey, String wrappingAlgorithm) {
+        return new RawRsaKeyring(keyNamespace, keyName, publicKey, privateKey, wrappingAlgorithm);
+    }
+}

src/test/java/com/amazonaws/encryptionsdk/keyrings/RawAesKeyringTest.java

@@ -61,10 +61,9 @@ public void testTraceOnEncrypt() {
         assertEquals(1, trace.getEntries().size());
         assertEquals(KEYNAME, trace.getEntries().get(0).getKeyName());
         assertEquals(KEYNAMESPACE, trace.getEntries().get(0).getKeyNamespace());
-        assertEquals(3, trace.getEntries().get(0).getFlags().size());
+        assertEquals(2, trace.getEntries().get(0).getFlags().size());
         assertTrue(trace.getEntries().get(0).getFlags().contains(KeyringTraceFlag.ENCRYPTED_DATA_KEY));
         assertTrue(trace.getEntries().get(0).getFlags().contains(KeyringTraceFlag.SIGNED_ENCRYPTION_CONTEXT));
-        assertTrue(trace.getEntries().get(0).getFlags().contains(KeyringTraceFlag.VERIFIED_ENCRYPTION_CONTEXT));
     }
 
     @Test
@@ -77,9 +76,8 @@ public void testTraceOnDecrypt() {
         assertEquals(1, trace.getEntries().size());
         assertEquals(KEYNAME, trace.getEntries().get(0).getKeyName());
         assertEquals(KEYNAMESPACE, trace.getEntries().get(0).getKeyNamespace());
-        assertEquals(3, trace.getEntries().get(0).getFlags().size());
+        assertEquals(2, trace.getEntries().get(0).getFlags().size());
         assertTrue(trace.getEntries().get(0).getFlags().contains(KeyringTraceFlag.DECRYPTED_DATA_KEY));
-        assertTrue(trace.getEntries().get(0).getFlags().contains(KeyringTraceFlag.SIGNED_ENCRYPTION_CONTEXT));
         assertTrue(trace.getEntries().get(0).getFlags().contains(KeyringTraceFlag.VERIFIED_ENCRYPTION_CONTEXT));
     }