256
阿里云
JAVA SDK样例代码__SDK 参考_密钥管理服务-阿里云
样例代码
package com.alibaba.samples;import java.util.*;import java.util.List;import com.aliyuncs.DefaultAcsClient;import com.aliyuncs.exceptions.ClientException;import com.aliyuncs.http.FormatType;import com.aliyuncs.http.MethodType;import com.aliyuncs.http.ProtocolType;//Current KMS SDK version:2016-01-20import com.aliyuncs.kms.model.v20160120.CreateKeyRequest;import com.aliyuncs.kms.model.v20160120.CreateKeyResponse;import com.aliyuncs.kms.model.v20160120.DecryptRequest;import com.aliyuncs.kms.model.v20160120.DecryptResponse;import com.aliyuncs.kms.model.v20160120.DescribeKeyRequest;import com.aliyuncs.kms.model.v20160120.DescribeKeyResponse;import com.aliyuncs.kms.model.v20160120.EncryptRequest;import com.aliyuncs.kms.model.v20160120.EncryptResponse;import com.aliyuncs.kms.model.v20160120.GenerateDataKeyRequest;import com.aliyuncs.kms.model.v20160120.GenerateDataKeyResponse;import com.aliyuncs.kms.model.v20160120.ListKeysRequest;import com.aliyuncs.kms.model.v20160120.ListKeysResponse;import com.aliyuncs.kms.model.v20160120.ListKeysResponse.Key;import com.aliyuncs.profile.DefaultProfile;import com.aliyuncs.profile.IClientProfile;public class kmsSample{static DefaultAcsClient kmsClient;private static DefaultAcsClient kmsClient(String regionId, String accessKeyId, String accessKeySecret) {/*** Construct an Aliyun Client:* Set RegionId, AccessKeyId and AccessKeySecret*/IClientProfile profile = DefaultProfile.getProfile(regionId, accessKeyId, accessKeySecret);DefaultAcsClient client = new DefaultAcsClient(profile);return client;}private static CreateKeyResponse CreateKey(String keyDesc, String keyUsage) throws ClientException {final CreateKeyRequest ckReq = new CreateKeyRequest();ckReq.setProtocol(ProtocolType.HTTPS);ckReq.setAcceptFormat(FormatType.JSON);ckReq.setMethod(MethodType.POST);ckReq.setDescription(keyDesc);ckReq.setKeyUsage(keyUsage);final CreateKeyResponse response = kmsClient.getAcsResponse(ckReq);return response;}private static DescribeKeyResponse DescribeKey(String keyId) throws ClientException {final DescribeKeyRequest decKeyReq = new DescribeKeyRequest();decKeyReq.setProtocol(ProtocolType.HTTPS);decKeyReq.setAcceptFormat(FormatType.JSON);decKeyReq.setMethod(MethodType.POST);decKeyReq.setKeyId(keyId);final DescribeKeyResponse decKeyRes = kmsClient.getAcsResponse(decKeyReq);return decKeyRes;}private static ListKeysResponse ListKey(int pageNumber, int pageSize) throws ClientException {final ListKeysRequest listKeysReq = new ListKeysRequest();listKeysReq.setProtocol(ProtocolType.HTTPS);listKeysReq.setAcceptFormat(FormatType.JSON);listKeysReq.setMethod(MethodType.POST);listKeysReq.setPageNumber(pageNumber);listKeysReq.setPageSize(pageSize);final ListKeysResponse listKeysRes = kmsClient.getAcsResponse(listKeysReq);return listKeysRes;}private static GenerateDataKeyResponse GenerateDataKey(String keyId, String keyDesc, int numOfBytes) throws ClientException {final GenerateDataKeyRequest genDKReq = new GenerateDataKeyRequest();genDKReq.setProtocol(ProtocolType.HTTPS);genDKReq.setAcceptFormat(FormatType.JSON);genDKReq.setMethod(MethodType.POST);/*** Set parameter according to KMS openAPI document:* 1.KeyId* 2.KeyDescription* 3.NumberOfBytes*/genDKReq.setKeySpec(keyDesc);genDKReq.setKeyId(keyId);genDKReq.setNumberOfBytes(numOfBytes);final GenerateDataKeyResponse genDKRes = kmsClient.getAcsResponse(genDKReq);return genDKRes;}private static EncryptResponse Encrypt(String keyId, String plainText) throws ClientException {final EncryptRequest encReq = new EncryptRequest();encReq.setProtocol(ProtocolType.HTTPS);encReq.setAcceptFormat(FormatType.JSON);encReq.setMethod(MethodType.POST);encReq.setKeyId(keyId);encReq.setPlaintext(plainText);final EncryptResponse encResponse = kmsClient.getAcsResponse(encReq);return encResponse;}private static DecryptResponse Decrypt(String cipherBlob) throws ClientException {final DecryptRequest decReq = new DecryptRequest();decReq.setProtocol(ProtocolType.HTTPS);decReq.setAcceptFormat(FormatType.JSON);decReq.setMethod(MethodType.POST);decReq.setCiphertextBlob(cipherBlob);final DecryptResponse decResponse = kmsClient.getAcsResponse(decReq);return decResponse;}public static void main(String[] args) {System.out.println("===========================================");System.out.println("Getting Started with KMS Service");System.out.println("===========================================n");/*** RegionId: "cn-hangzhou" and "ap-southeast-1", eg. "cn-hangzhou"*/String regionId = "cn-hangzhou";String accessKeyId = "*** Provide your AccessKeyId ***";String accessKeySecret = "*** Provide your AccessKeySecret ***";kmsClient = kmsClient(regionId, accessKeyId, accessKeySecret);String keyId = null;String plainText = "hello world";String cipherBlob = null;// /*Create a Key*/// try {// final CreateKeyResponse response = CreateKey("testkey", "ENCRYPT/DECRYPT");//// /**// * Parse response and do more further// */// System.out.println(response.getKeyMetadata());// CreateKeyResponse.KeyMetadata meta = response.getKeyMetadata();//// System.out.println("CreateTime: " + meta.getCreationDate());// System.out.println("Description: " + meta.getDescription());// System.out.println("KeyId: " + meta.getKeyId());// keyId = meta.getKeyId();// System.out.println("KeyState: " + meta.getKeyState());// System.out.println("KeyUsage: " + meta.getKeyUsage());//// System.out.println("===========================================");// System.out.println("Create MasterKey Success!");// System.out.println("===========================================n");// } catch (ClientException eResponse) {// System.out.println("Failed.");// System.out.println("Error code: " + eResponse.getErrCode());// System.out.println("Error message: " + eResponse.getErrMsg());// }///*List all MasterKeys in your account*/try {final ListKeysResponse listKeysRes = ListKey(1, 100);/*** Parse response and do more further*/System.out.println("TotalCount: " + listKeysRes.getTotalCount());System.out.println("PageNumber: " + listKeysRes.getPageNumber());System.out.println("PageSize: " + listKeysRes.getPageSize());List<Key> keys = listKeysRes.getKeys();Iterator<Key> iterator = keys.iterator();while (iterator.hasNext()) {keyId = iterator.next().getKeyId();System.out.println("KeyId: " + keyId);}System.out.println("===========================================");System.out.println("List All MasterKeys success!n");System.out.println("===========================================n");} catch (ClientException eResponse) {System.out.println("Failed.");System.out.println("Error code: " + eResponse.getErrCode());System.out.println("Error message: " + eResponse.getErrMsg());}/*Describe the Key */try {final DescribeKeyResponse decKeyRes = DescribeKey(keyId);/*** Parse response and do more further*/System.out.println("DescribeKey Response: ");DescribeKeyResponse.KeyMetadata meta = decKeyRes.getKeyMetadata();System.out.println("KeyId: " + meta.getKeyId());System.out.println("Description: " + meta.getDescription());System.out.println("KeyState: " + meta.getKeyState());System.out.println("KeyUsage: " + meta.getKeyUsage());System.out.println("===========================================");System.out.println("Describe the MasterKey success!");System.out.println("===========================================n");} catch (ClientException eResponse) {System.out.println("Failed.");System.out.println("Error code: " + eResponse.getErrCode());System.out.println("Error message: " + eResponse.getErrMsg());}/*Generate DataKey*//*** Request and got response*/try {final GenerateDataKeyResponse genDKResponse = GenerateDataKey(keyId, "AES_256", 64);/*** Parse response and do more further*/System.out.println("CiphertextBlob: " + genDKResponse.getCiphertextBlob());System.out.println("KeyId: " + genDKResponse.getKeyId());System.out.println("Plaintext: " + genDKResponse.getPlaintext());System.out.println("===========================================");System.out.println("Generate DataKey success!");System.out.println("===========================================n");} catch (ClientException eResponse) {System.out.println("Failed.");System.out.println("Error code: " + eResponse.getErrCode());System.out.println("Error message: " + eResponse.getErrMsg());}/*** Encrypt the plain text and got a cipher one*/try {EncryptResponse encResponse = Encrypt(keyId, plainText);cipherBlob = encResponse.getCiphertextBlob();System.out.println("CiphertextBlob: " + cipherBlob);System.out.println("KeyId: " + encResponse.getKeyId());System.out.println("===========================================");System.out.println("Encrypt the plain text success!");System.out.println("===========================================n");} catch (ClientException eResponse) {System.out.println("Failed.");System.out.println("Error code: " + eResponse.getErrCode());System.out.println("Error message: " + eResponse.getErrMsg());}/*** Decrypt the cipher text and verify result with original plain text.*/try {DecryptResponse decResponse = Decrypt(cipherBlob);System.out.println("Plaintext: " + decResponse.getPlaintext());String verifyPlainText = decResponse.getPlaintext();int isMatch = verifyPlainText.compareTo(plainText);System.out.println("KeyId: " + decResponse.getKeyId());System.out.println("===========================================");System.out.printf("Decrypt the cipher text success, result " + (isMatch == 0 ? "match" : "mismatch" + "n"));System.out.println("===========================================n");} catch (ClientException eResponse) {System.out.println("Failed.");System.out.println("Error code: " + eResponse.getErrCode());System.out.println("Error message: " + eResponse.getErrMsg());}}}
在VPC环境中访问KMS服务
需要添加指向vpc内域名的自定义endpoint。并在后续访问KMS过程中,指定使用这个endpoint。
DefaultProfile.addEndpoint("cn-hangzhou-vpc", "cn-hangzhou-vpc", "Kms", "kms-vpc.cn-hangzhou.aliyuncs.com"); //添加自定义endpoint。
KMS endpoint列表详见:KMS部署情况
最后更新:2016-11-24 11:23:49
上一篇: 用户主密钥(CMK)的状态(KeyState)对API调用的影响__API 参考_密钥管理服务-阿里云
下一篇: 购买指导___视频点播-阿里云
- Oracle到PPAS不停机数据迁移__数据迁移_用户指南_数据传输-阿里云
- 视频播放__使用手册_视频点播-阿里云
- HLS封装接口__Media-C-SDK_SDK 参考_对象存储 OSS-阿里云
- 万网接入__CNAME绑定教程_用户指南_CDN-阿里云
- 编辑账号信息__账号管理类 API_Open API 参考_企业级分布式应用服务 EDAS-阿里云
- 统计aggregate子句__搜索子句介绍_API参考手册_开放搜索-阿里云
- 单边固定缩略__图片缩放_老版图片服务手册_对象存储 OSS-阿里云
- 阿里云携Rokid推全栈语音开放平台
- 安装 EDAS Agent__快速开始_企业级分布式应用服务 EDAS-阿里云
- 代金券发放方式、适用范围说明___代金券_代金券及推荐码_财务-阿里云
相关内容
- 常见错误说明__附录_大数据计算服务-阿里云
- 发送短信接口__API使用手册_短信服务-阿里云
- 接口文档__Android_安全组件教程_移动安全-阿里云
- 运营商错误码(联通)__常见问题_短信服务-阿里云
- 设置短信模板__使用手册_短信服务-阿里云
- OSS 权限问题及排查__常见错误及排除_最佳实践_对象存储 OSS-阿里云
- 消息通知__操作指南_批量计算-阿里云
- 设备端快速接入(MQTT)__快速开始_阿里云物联网套件-阿里云
- 查询API调用流量数据__API管理相关接口_API_API 网关-阿里云
- 使用STS访问__JavaScript-SDK_SDK 参考_对象存储 OSS-阿里云