simplified cipher decryption

Cloud-Architects · Dec 15, 2020 · eb46d8c · eb46d8c
1 parent ff34da7
commit eb46d8c
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 35 deletions.
diff --git a/aws-enclave-example/aws-enclave-example-enclave/pom.xml b/aws-enclave-example/aws-enclave-example-enclave/pom.xml
@@ -41,11 +41,6 @@
             <artifactId>aws-java-sdk-kms</artifactId>
             <version>${aws-java-v1-sdk.version}</version>
         </dependency>
-        <dependency>
-            <groupId>com.amazonaws</groupId>
-            <artifactId>aws-encryption-sdk-java</artifactId>
-            <version>2.0.0</version>
-        </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>

diff --git a/...in/java/solutions/cloudarchitects/awsenclave/example/enclave/ExampleProxyEnclaveMain.java b/...in/java/solutions/cloudarchitects/awsenclave/example/enclave/ExampleProxyEnclaveMain.java
@@ -6,18 +6,10 @@
 import com.amazonaws.auth.AWSStaticCredentialsProvider;
 import com.amazonaws.auth.BasicSessionCredentials;
 import com.amazonaws.client.builder.AwsClientBuilder;
-import com.amazonaws.encryptionsdk.AwsCrypto;
-import com.amazonaws.encryptionsdk.CommitmentPolicy;
-import com.amazonaws.encryptionsdk.CryptoResult;
-import com.amazonaws.encryptionsdk.kms.KmsMasterKey;
-import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider;
 import com.amazonaws.handlers.RequestHandler2;
 import com.amazonaws.services.kms.AWSKMS;
 import com.amazonaws.services.kms.AWSKMSClientBuilder;
-import com.amazonaws.services.kms.model.AliasListEntry;
-import com.amazonaws.services.kms.model.DescribeKeyRequest;
-import com.amazonaws.services.kms.model.DescribeKeyResult;
-import com.amazonaws.util.EC2MetadataUtils;
+import com.amazonaws.services.kms.model.DecryptRequest;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -27,12 +19,13 @@
 import solutions.cloudarchitects.vsockj.VSock;
 import solutions.cloudarchitects.vsockj.VSockAddress;
 
-import java.io.*;
-import java.net.*;
-import java.nio.charset.StandardCharsets;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.nio.ByteBuffer;
 import java.util.Base64;
-import java.util.Collections;
-import java.util.Map;
 
 @SuppressWarnings({"InfiniteLoopStatement", "ResultOfMethodCallIgnored", "MismatchedReadAndWriteOfArray"})
 public class ExampleProxyEnclaveMain {
@@ -69,8 +62,8 @@ public static void main(String[] args) throws IOException {
                     Request request = MAPPER.readValue(b, Request.class);
 
                     try {
-                        AWSKMSClientBuilder clientBuilder = getClientBuilder(loopbackAddress, request);
-                        byte[] decryptedSample = decryptSample(clientBuilder, request);
+                        AWSKMS kmsClient = getKmsClient(loopbackAddress, request);
+                        byte[] decryptedSample = decryptSample(kmsClient, request);
 
                         peerVSock.getOutputStream()
                                 .write(decryptedSample);
@@ -89,7 +82,7 @@ public static void main(String[] args) throws IOException {
         }
     }
 
-    private static AWSKMSClientBuilder getClientBuilder(InetAddress loopbackAddress, Request request) {
+    private static AWSKMS getKmsClient(InetAddress loopbackAddress, Request request) {
         return AWSKMSClientBuilder.standard()
                 .withClientConfiguration(new ClientConfiguration()
                         .withDnsResolver(new SystemDefaultDnsResolver() {
@@ -113,22 +106,17 @@ public AmazonWebServiceRequest beforeExecution(AmazonWebServiceRequest request)
                 })
                 .withCredentials(new AWSStaticCredentialsProvider(
                         new BasicSessionCredentials(request.getCredential().accessKeyId,
-                                request.getCredential().secretAccessKey, request.getCredential().token)));
-    }
+                                request.getCredential().secretAccessKey, request.getCredential().token)))
 
-    private static byte[] decryptSample(AWSKMSClientBuilder clientBuilder, Request request) {
-        final AwsCrypto crypto = AwsCrypto.builder()
-                .withCommitmentPolicy(CommitmentPolicy.RequireEncryptRequireDecrypt)
                 .build();
+    }
 
-        final KmsMasterKeyProvider keyProvider = KmsMasterKeyProvider.builder()
-                .withDefaultRegion(AWS_REGION)
-                .withClientBuilder(clientBuilder)
-                .buildStrict(request.getKeyId());
-        final Map<String, String> encryptionContext = Collections.singletonMap("enclaveName", "aws-enclave");
-        final CryptoResult<byte[], KmsMasterKey> decryptResult = crypto
-                .decryptData(keyProvider, Base64.getDecoder().decode(request.getEncryptedText()));
+    private static byte[] decryptSample(AWSKMS kmsClient, Request request) {
+        DecryptRequest req = new DecryptRequest()
+                .withCiphertextBlob(ByteBuffer.wrap(Base64.getDecoder().decode(request.getEncryptedText())))
+                .withKeyId(request.getKeyId());
+        ByteBuffer plainText = kmsClient.decrypt(req).getPlaintext();
 
-        return decryptResult.getResult();
+        return plainText.array();
     }
 }