Fatal编程技术网
  • java/
  • Java 使用Amazon KMS上载服务器端加密的S3对象时出错

Java 使用Amazon KMS上载服务器端加密的S3对象时出错

java encryption amazon-web-services amazon-s3

Java 使用Amazon KMS上载服务器端加密的S3对象时出错,java,encryption,amazon-web-services,amazon-s3,Java,Encryption,Amazon Web Services,Amazon S3,我在尝试复制Amazon提供的用于上载S3对象的示例代码时遇到以下异常,这些对象将使用Amazon KMS(密钥管理服务)进行服务器端加密: 使用的代码是: public void uploadServerSideEncryptedFileToS3( String bucketName , String key , String sourceFilePath , String masterKey ) { awsCredentials = new BasicAWSCredentials(

我在尝试复制Amazon提供的用于上载S3对象的示例代码时遇到以下异常,这些对象将使用Amazon KMS(密钥管理服务)进行服务器端加密:

使用的代码是:

public void uploadServerSideEncryptedFileToS3( String bucketName , String key , String sourceFilePath , String masterKey ) {

    awsCredentials = new BasicAWSCredentials( awsAccessKey, awsSecretKey );
    PutObjectRequest putObjectRequest = new PutObjectRequest( bucketName,
                key , new File( sourceFilePath ) ).withSSEAwsKeyManagementParams( new SSEAwsKeyManagementParams( masterKey ) );

    ClientConfiguration clientConfiguration = new ClientConfiguration();
    clientConfiguration.setProtocol( Protocol.HTTPS );

    AmazonS3 connection = new AmazonS3Client( awsCredentials , clientConfiguration );
    connection.setRegion( com.amazonaws.regions.Region.getRegion( Regions.US_EAST_1 ) );
    PutObjectResult response = connection.putObject( putObjectRequest );
}
下面是我用于S3上传的代码

    @Test
public void testNoMetaData() {
    AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
    AmazonS3 amazonS3 = new AmazonS3Client(awsCredentials);
    amazonS3.setRegion(Region.getRegion(region));

    byte[] bytes = content.getBytes(StandardCharsets.UTF_8);
    ObjectMetadata metadata = new ObjectMetadata();
    metadata.setSSEAlgorithm(SSEAlgorithm.KMS.getAlgorithm());
    InputStream inputStream = new ByteArrayInputStream(bytes);
    PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, key, inputStream, metadata);

    putObjectRequest.withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(awsKmsKeyId));
    amazonS3.putObject(putObjectRequest);
}
我认为错误是说你使用了错误的区域,你在硬编码我们东1,而它显然期待着其他东西。我猜你不在美国东海岸。到目前为止,我所做的一切都是在美国东部地区(我的S3存储桶、EC2存储桶和使用的任何其他端点)可能需要clientConfiguration。setSignerOverride(“AWSS3V4SignerType”);谢谢成功了。awsKmsKeyId在哪里? 
    @Test
public void testNoMetaData() {
    AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
    AmazonS3 amazonS3 = new AmazonS3Client(awsCredentials);
    amazonS3.setRegion(Region.getRegion(region));

    byte[] bytes = content.getBytes(StandardCharsets.UTF_8);
    ObjectMetadata metadata = new ObjectMetadata();
    metadata.setSSEAlgorithm(SSEAlgorithm.KMS.getAlgorithm());
    InputStream inputStream = new ByteArrayInputStream(bytes);
    PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, key, inputStream, metadata);

    putObjectRequest.withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(awsKmsKeyId));
    amazonS3.putObject(putObjectRequest);
}