|
| 1 | +/* |
| 2 | + * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. |
| 3 | + * |
| 4 | + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except |
| 5 | + * in compliance with the License. A copy of the License is located at |
| 6 | + * |
| 7 | + * http://aws.amazon.com/apache2.0 |
| 8 | + * |
| 9 | + * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, |
| 10 | + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
| 11 | + * specific language governing permissions and limitations under the License. |
| 12 | + */ |
| 13 | + |
| 14 | +package com.amazonaws.encryptionsdk; |
| 15 | + |
| 16 | +import com.amazonaws.encryptionsdk.caching.CachingCryptoMaterialsManager; |
| 17 | +import com.amazonaws.encryptionsdk.exception.BadCiphertextException; |
| 18 | +import com.amazonaws.encryptionsdk.internal.MessageCryptoHandler; |
| 19 | + |
| 20 | +import java.io.IOException; |
| 21 | +import java.io.OutputStream; |
| 22 | + |
| 23 | +/** |
| 24 | + * An AwsCryptoOutputStream is a subclass of java.io.OutputStream. It performs cryptographic |
| 25 | + * transformation of the bytes passing through it. |
| 26 | + * |
| 27 | + * <p> |
| 28 | + * The AwsCryptoOutputStream wraps a provided OutputStream object and performs cryptographic |
| 29 | + * transformation of the bytes written to it. The transformed bytes are then written to the wrapped |
| 30 | + * OutputStream. It uses the cryptography handler provided during construction to invoke methods |
| 31 | + * that perform the cryptographic transformations. |
| 32 | + * |
| 33 | + * <p> |
| 34 | + * In short, writing to the AwsCryptoOutputStream results in those bytes being cryptographically |
| 35 | + * transformed and written to the wrapped OutputStream. |
| 36 | + * |
| 37 | + * <p> |
| 38 | + * For example, if the crypto handler provides methods for decryption, the AwsCryptoOutputStream will |
| 39 | + * decrypt the provided ciphertext bytes and write the plaintext bytes to the wrapped OutputStream. |
| 40 | + * |
| 41 | + * <p> |
| 42 | + * This class adheres strictly to the semantics, especially the failure semantics, of its ancestor |
| 43 | + * class java.io.OutputStream. This class overrides all the methods specified in its ancestor class. |
| 44 | + * |
| 45 | + * <p> |
| 46 | + * To instantiate an instance of this class, please see {@link AwsCrypto}. |
| 47 | + * |
| 48 | + */ |
| 49 | +public class AwsCryptoOutputStream extends OutputStream { |
| 50 | + |
| 51 | + private final CryptoOutputStream<?> cryptoOutputStream; |
| 52 | + |
| 53 | + /** |
| 54 | + * Constructs an AwsCryptoOutputStream that wraps the provided OutputStream object. It performs |
| 55 | + * cryptographic transformation of the bytes written to it using the methods provided in the |
| 56 | + * provided CryptoHandler implementation. The transformed bytes are then written to the wrapped |
| 57 | + * OutputStream. |
| 58 | + * |
| 59 | + * @param outputStream |
| 60 | + * the outputStream object to be wrapped. |
| 61 | + * @param cryptoHandler |
| 62 | + * the cryptoHandler implementation that provides the methods to use in performing |
| 63 | + * cryptographic transformation of the bytes written to this stream. |
| 64 | + */ |
| 65 | + AwsCryptoOutputStream(final OutputStream outputStream, final MessageCryptoHandler cryptoHandler) { |
| 66 | + cryptoOutputStream = new CryptoOutputStream<>(outputStream, cryptoHandler); |
| 67 | + } |
| 68 | + |
| 69 | + /** |
| 70 | + * {@inheritDoc} |
| 71 | + * |
| 72 | + * @throws BadCiphertextException |
| 73 | + * This is thrown only during decryption if b contains invalid or corrupt |
| 74 | + * ciphertext. |
| 75 | + */ |
| 76 | + @Override |
| 77 | + public void write(final byte[] b) throws IllegalArgumentException, IOException, BadCiphertextException { |
| 78 | + cryptoOutputStream.write(b); |
| 79 | + } |
| 80 | + |
| 81 | + /** |
| 82 | + * {@inheritDoc} |
| 83 | + * |
| 84 | + * @throws BadCiphertextException |
| 85 | + * This is thrown only during decryption if b contains invalid or corrupt |
| 86 | + * ciphertext. |
| 87 | + */ |
| 88 | + @Override |
| 89 | + public void write(final byte[] b, final int off, final int len) throws IllegalArgumentException, IOException, |
| 90 | + BadCiphertextException { |
| 91 | + cryptoOutputStream.write(b, off, len); |
| 92 | + } |
| 93 | + |
| 94 | + /** |
| 95 | + * {@inheritDoc} |
| 96 | + * |
| 97 | + * @throws BadCiphertextException |
| 98 | + * This is thrown only during decryption if b contains invalid or corrupt |
| 99 | + * ciphertext. |
| 100 | + */ |
| 101 | + @Override |
| 102 | + public void write(int b) throws IOException, BadCiphertextException { |
| 103 | + cryptoOutputStream.write(b); |
| 104 | + } |
| 105 | + |
| 106 | + /** |
| 107 | + * Closes this output stream and releases any system resources associated |
| 108 | + * with this stream. |
| 109 | + * |
| 110 | + * <p> |
| 111 | + * This method writes any final bytes to the underlying stream that complete |
| 112 | + * the cryptographic transformation of the written bytes. It also calls close |
| 113 | + * on the wrapped OutputStream. |
| 114 | + * |
| 115 | + * @throws IOException |
| 116 | + * if an I/O error occurs. |
| 117 | + * @throws BadCiphertextException |
| 118 | + * This is thrown only during decryption if b contains invalid |
| 119 | + * or corrupt ciphertext. |
| 120 | + */ |
| 121 | + @Override |
| 122 | + public void close() throws IOException, BadCiphertextException { |
| 123 | + cryptoOutputStream.close(); |
| 124 | + } |
| 125 | + |
| 126 | + /** |
| 127 | + * Sets an upper bound on the size of the input data. This method should be called before writing any data to the |
| 128 | + * stream. If this method is not called prior to writing data, performance may be reduced (notably, it will not |
| 129 | + * be possible to cache data keys when encrypting). |
| 130 | + * |
| 131 | + * Among other things, this size is used to enforce limits configured on the {@link CachingCryptoMaterialsManager}. |
| 132 | + * |
| 133 | + * If the size set here is exceeded, an exception will be thrown, and the encryption or decryption will fail. |
| 134 | + * |
| 135 | + * @param size Maximum input size. |
| 136 | + */ |
| 137 | + public void setMaxInputLength(long size) { |
| 138 | + cryptoOutputStream.setMaxInputLength(size); |
| 139 | + } |
| 140 | + |
| 141 | + /** |
| 142 | + * Gets the {@link AwsCryptoResult}. |
| 143 | + * |
| 144 | + * @return The {@link AwsCryptoResult} |
| 145 | + */ |
| 146 | + public AwsCryptoResult<AwsCryptoOutputStream> getAwsCryptoResult() { |
| 147 | + return cryptoOutputStream.getAwsCryptoResult(this); |
| 148 | + } |
| 149 | + |
| 150 | + CryptoOutputStream<?> toCryptoOutputStream() { |
| 151 | + return cryptoOutputStream; |
| 152 | + } |
| 153 | +} |
0 commit comments