feat: Configurable SecureRandom #40

lucasmcdonald3 · 2022-11-08T21:11:24Z

Issue #, if available:

Description of changes:

S3EncryptionClient builder takes in a SecureRandom
- Provided SecureRandom will be used in content encryption strategies
- Provided SecureRandom will be used in keyring if customer does not provide their own keyring or CMM
  - If customer does provide their own keyring, S3EncryptionClient will not necessarily use the SecureRandom it was provided in that keyring. The keyring will use the SecureRandom the customer provided in the keyring's construction. This may or may not be the same SecureRandom that was provided to S3EncryptionClient.
If no SecureRandom is provided at instantiation time, S3EncryptionClient will create a client-scoped SecureRandom and pass it through to keyring and content encryption strategies. (Again, if the customer provides their own keyring, that keyring will use its own SecureRandom.)
Tests: Validate a SecureRandom passed into S3EncryptionClient is actually called in content encryption and in data key encryption.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

src/main/java/software/amazon/encryption/s3/internal/PutEncryptedObjectPipeline.java

src/test/java/software/amazon/encryption/s3/S3EncryptionClientTest.java

## 1.0.0 (2022-12-02) ### Features * Adds CBC stream decryption ([#25](#25)) ([9970104](9970104)) * Configurable SecureRandom ([#40](#40)) ([90cab2d](90cab2d)) * Implement Ranged-Get ([#31](#31)) ([65331fb](65331fb)) * Introduce delayed authentication ([#23](#23)) ([b8eedac](b8eedac)) ### Fixes * Guard against using another S3EC as wrappedClient ([#36](#36)) ([30cf9b1](30cf9b1)) ### Maintenance * Add staging release and validation ([1e0c4cd](1e0c4cd))

## 1.0.0 (2023-02-18) ### Features * Adds Async client, starting with DeleteObject(s) ([#54](#54)) ([c7120e1](c7120e1)) * Adds CBC stream decryption ([#25](#25)) ([9970104](9970104)) * Configurable SecureRandom ([#40](#40)) ([90cab2d](90cab2d)) * implement AES-GCM streaming ([#45](#45)) ([d0bcd38](d0bcd38)) * implement CBC decryption in async getObject ([#59](#59)) ([4fd2fa8](4fd2fa8)) * implement getObject async ([#56](#56)) ([b9834ce](b9834ce)) * implement putObject in Async client ([#57](#57)) ([f233d72](f233d72)) * Implement Ranged-Get ([#31](#31)) ([65331fb](65331fb)) * Introduce delayed authentication ([#23](#23)) ([b8eedac](b8eedac)) * multi-part putObject ([#53](#53)) ([281f383](281f383)) * Multipart Upload ([#43](#43)) ([7e42811](7e42811)) ### Maintenance * Create workflow to release S3EC to Github ([#52](#52)) ([ef8effb](ef8effb)) ### Fixes * add instruction file support in getObject async ([#69](#69)) ([ee61abd](ee61abd)) * address some edge cases to fix async CBC ranged gets ([#70](#70)) ([1da1cae](1da1cae)) * Guard against using another S3EC as wrappedClient ([#36](#36)) ([30cf9b1](30cf9b1))

## 1.0.0 (2023-02-20) ### Features * Adds Async client, starting with DeleteObject(s) ([#54](#54)) ([c7120e1](c7120e1)) * Adds CBC stream decryption ([#25](#25)) ([9970104](9970104)) * Configurable SecureRandom ([#40](#40)) ([90cab2d](90cab2d)) * implement AES-GCM streaming ([#45](#45)) ([d0bcd38](d0bcd38)) * implement CBC decryption in async getObject ([#59](#59)) ([4fd2fa8](4fd2fa8)) * implement getObject async ([#56](#56)) ([b9834ce](b9834ce)) * implement putObject in Async client ([#57](#57)) ([f233d72](f233d72)) * Implement Ranged-Get ([#31](#31)) ([65331fb](65331fb)) * Introduce delayed authentication ([#23](#23)) ([b8eedac](b8eedac)) * multi-part putObject ([#53](#53)) ([281f383](281f383)) * Multipart Upload ([#43](#43)) ([7e42811](7e42811)) ### Maintenance * Create workflow to release S3EC to Github ([#52](#52)) ([ef8effb](ef8effb)) ### Fixes * add instruction file support in getObject async ([#69](#69)) ([ee61abd](ee61abd)) * address some edge cases to fix async CBC ranged gets ([#70](#70)) ([1da1cae](1da1cae)) * Guard against using another S3EC as wrappedClient ([#36](#36)) ([30cf9b1](30cf9b1))

Lucas McDonald added 8 commits November 7, 2022 16:15

feat: Allow configuring SecureRandom from client

4cbc38c

Add AES test

ee4d2e2

Add SecureRandom tests

2c3a882

Cleanup

92561d3

Cleanup

2e6197c

Cleanup

a781781

Cleanup

9f8387e

Cleanup

5c2bb61

justplaz requested changes Nov 8, 2022

View reviewed changes

src/main/java/software/amazon/encryption/s3/internal/PutEncryptedObjectPipeline.java Outdated Show resolved Hide resolved

src/test/java/software/amazon/encryption/s3/S3EncryptionClientTest.java Outdated Show resolved Hide resolved

Lucas McDonald added 2 commits November 8, 2022 16:04

fix: Improve portability of new tests

de94349

remove inaccurate comment

843a8e1

justplaz self-requested a review November 9, 2022 22:23

justplaz approved these changes Nov 9, 2022

View reviewed changes

add mock parameters

94df6c9

lucasmcdonald3 merged commit 90cab2d into main Nov 10, 2022

lucasmcdonald3 deleted the secure_random branch November 17, 2022 22:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Configurable SecureRandom #40

feat: Configurable SecureRandom #40

lucasmcdonald3 commented Nov 8, 2022

feat: Configurable SecureRandom #40

feat: Configurable SecureRandom #40

Conversation

lucasmcdonald3 commented Nov 8, 2022