aws · mattsb42-aws · May 21, 2020 · May 21, 2020 · May 21, 2020 · May 21, 2020
@@ -1,35 +1,5 @@
 # Changelog
 
-## 1.7.0 -- unreleased
-
-### Deprecation Warnings
-* Deprecated `MasterKey` and `MasterKeyProvider`. Replace your usage of these classes with `Keyring`. See `StandardKeyrings` 
-for the built-in keyrings that replace `KmsMasterKeyProvider`, `JceMasterKey`, and `MultiProviderFactory`. 
-We still support using master key providers and are not removing them yet. 
-When we decide to remove them, we will communicate that as defined in our versioning policy.
-* Deprecated `encryptData`, `decryptData` and related methods in `AwsCrypto`. Replace your calls to these methods with
-calls to `AwsCrypto.encrypt(EncryptRequest)` and `AwsCrypto.decrypt(DecryptRequest)`.
-
-### Major Changes
-* Introduce `Keyring` interface, built in Keyring implementations, and 
- methods in AwsCrypto that use keyrings [PR #173](https://github.com/aws/aws-encryption-sdk-java/pull/173)
-
-### Patches
-* Validate final frame length does not exceed the frame size in the message header [PR #166](https://github.com/aws/aws-encryption-sdk-java/pull/166)
-
-### Maintenance
-* Update AWS Java SDK version from 1.11.561 to 1.11.677. [PR #147](https://github.com/aws/aws-encryption-sdk-java/pull/147)
-* Upgrade JUnit from 4.12 to 5.5.2 [PR #151](https://github.com/aws/aws-encryption-sdk-java/pull/151)
-* Upgrade Mockito from 2.28.1 to 3.1.0 [PR #142](https://github.com/aws/aws-encryption-sdk-java/pull/142)
-* Upgrade Bouncy Castle from 1.61 to 1.65 [PR #179](https://github.com/aws/aws-encryption-sdk-java/pull/179)
-
-### Documentation
-* Added new examples demonstrating how to use
-  APIs, keyrings, cryptographic materials managers, and master key providers. PRs
-   [#165](https://github.com/aws/aws-encryption-sdk-java/pull/165),
-   [#168](https://github.com/aws/aws-encryption-sdk-java/pull/168),
-   and [#170](https://github.com/aws/aws-encryption-sdk-java/pull/170).
-
 ## 1.6.1 -- 2019-10-29
 
 ### Deprecation Warnings

@@ -1,8 +1,8 @@
 # AWS Encryption SDK for Java
 
-The AWS Encryption SDK is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It enables you to focus on the core functionality of your application, rather than on how to best encrypt and decrypt your data.
+The AWS Encryption SDK enables secure client-side encryption. It uses cryptography best practices to protect your data and the encryption keys used to protect that data. Each data object is protected with a unique data encryption key (DEK), and the DEK is protected with a key encryption key (KEK) called a *master key*. The encrypted DEK is combined with the encrypted data into a single [encrypted message](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html), so you don't need to keep track of the DEKs for your data. The SDK supports master keys in [AWS Key Management Service](https://aws.amazon.com/kms/) (KMS), and it also provides APIs to define and use other master key providers. The SDK provides methods for encrypting and decrypting strings, byte arrays, and byte streams. For details, see the [example code][examples] and the [Javadoc](https://aws.github.io/aws-encryption-sdk-java/javadoc/).
 
-For details about the design, architecture and usage of the SDK, see the [official documentation](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/), [example code][examples] and the [Javadoc](https://aws.github.io/aws-encryption-sdk-java/javadoc/).
+For more details about the design and architecture of the SDK, see the [official documentation](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/).
 
 [Security issue notifications](./CONTRIBUTING.md#security-issue-notifications)
 
@@ -60,9 +60,75 @@ You can get the latest release from Maven:
 </dependency>
 ```
 
-### Sample Code
+### Get Started
+
+The following code sample demonstrates how to get started:
+
+1. Instantiate the SDK.
+2. Define the master key provider.
+3. Encrypt and decrypt data.
+
+```java
+// This sample code encrypts and then decrypts a string using a KMS CMK.
+// You provide the KMS key ARN and plaintext string as arguments.
+package com.amazonaws.crypto.examples;
+
+import java.util.Collections;
+import java.util.Map;
+
+import com.amazonaws.encryptionsdk.AwsCrypto;
+import com.amazonaws.encryptionsdk.CryptoResult;
+import com.amazonaws.encryptionsdk.kms.KmsMasterKey;
+import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider;
+
+public class StringExample {
+    private static String keyArn;
+    private static String data;
+
+    public static void main(final String[] args) {
+        keyArn = args[0];
+        data = args[1];
+
+        // Instantiate the SDK
+        final AwsCrypto crypto = new AwsCrypto();
+
+        // Set up the master key provider
+        final KmsMasterKeyProvider prov = new KmsMasterKeyProvider(keyArn);
+
+        // Encrypt the data
+        //
+        // NOTE: Encrypted data should have associated encryption context
+        // to protect integrity. For this example, just use a placeholder
+        // value. For more information about encryption context, see
+        // https://amzn.to/1nSbe9X (blogs.aws.amazon.com)
+        final Map<String, String> context = Collections.singletonMap("Example", "String");
+
+        final String ciphertext = crypto.encryptString(prov, data, context).getResult();
+        System.out.println("Ciphertext: " + ciphertext);
+
+        // Decrypt the data
+        final CryptoResult<String, KmsMasterKey> decryptResult = crypto.decryptString(prov, ciphertext);
+        // Check the encryption context (and ideally the master key) to
+        // ensure this is the expected ciphertext
+        if (!decryptResult.getMasterKeyIds().get(0).equals(keyArn)) {
+            throw new IllegalStateException("Wrong key id!");
+        }
+
+        // The SDK may add information to the encryption context, so check to
+        // ensure all of the values are present
+        for (final Map.Entry<String, String> e : context.entrySet()) {
+            if (!e.getValue().equals(decryptResult.getEncryptionContext().get(e.getKey()))) {
+                throw new IllegalStateException("Wrong Encryption Context!");
+            }
+        }
+
+        // The data is correct, so output it.
+        System.out.println("Decrypted: " + decryptResult.getResult());
+    }
+}
+```
 
-You can find sample code in the [examples directory][examples].
+You can find more examples in the [examples directory][examples].
 
 ## Public API
 

@@ -53,23 +53,16 @@
         </dependency>
 
         <dependency>
-            <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter</artifactId>
-            <version>5.5.2</version>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.junit.vintage</groupId>
-            <artifactId>junit-vintage-engine</artifactId>
-            <version>5.5.2</version>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <version>2.28.1</version>
             <scope>test</scope>
         </dependency>
 
         <dependency>
-            <groupId>org.mockito</groupId>
-            <artifactId>mockito-junit-jupiter</artifactId>
-            <version>3.1.0</version>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.12</version>
             <scope>test</scope>
         </dependency>
 
@@ -80,19 +73,6 @@
             <scope>test</scope>
         </dependency>
 
-        <dependency>
-            <groupId>com.amazonaws</groupId>
-            <artifactId>aws-lambda-java-core</artifactId>
-            <version>1.2.0</version>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>com.amazonaws</groupId>
-            <artifactId>aws-lambda-java-events</artifactId>
-            <version>2.2.7</version>
-            <scope>test</scope>
-        </dependency>
 
         <dependency>
             <groupId>com.google.code.findbugs</groupId>
@@ -210,7 +190,7 @@
         </profile>
 
         <profile>
-            <id>test-suite</id>
+            <id>full-test-suite</id>
             <activation>
                 <activeByDefault>true</activeByDefault>
             </activation>
@@ -221,50 +201,30 @@
                         <artifactId>maven-surefire-plugin</artifactId>
                         <version>2.22.0</version>
                         <configuration>
-                            <excludedGroups>ad_hoc</excludedGroups>
+                            <includes>
+                                <include>**/AllTestsSuite.java</include>
+                            </includes>
                         </configuration>
                     </plugin>
                 </plugins>
             </build>
         </profile>
 
-        <!-- This test profile is intended to assist in rapid development; it filters out some of the slower,
-             more exhaustive tests in the overall test suite to allow for a rapid edit-test cycle. -->
         <profile>
             <id>fast-tests-only</id>
+            <activation>
+                <activeByDefault>false</activeByDefault>
+            </activation>
             <build>
                 <plugins>
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-surefire-plugin</artifactId>
                         <version>2.22.0</version>
                         <configuration>
-                            <excludedGroups>ad_hoc, integration</excludedGroups>
-                            <systemPropertyVariables>
-                                <fastTestsOnly>true</fastTestsOnly>
-                            </systemPropertyVariables>
-                            <!-- Require that this fast suite completes relatively quickly. If you're seeing
-                            this timeout get hit, it's time to pare down tests some more. As a general rule of
-                            thumb, we should avoid any single test taking more than 10s, and try to keep the
-                            number of such slow tests to a minimum. -->
-                            <forkedProcessTimeoutInSeconds>120</forkedProcessTimeoutInSeconds>
-                        </configuration>
-                    </plugin>
-                </plugins>
-            </build>
-        </profile>
-
-        <!-- This test profile will run only the integration tests. -->
-        <profile>
-            <id>integration</id>
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-surefire-plugin</artifactId>
-                        <version>2.22.0</version>
-                        <configuration>
-                            <groups>integration</groups>
+                            <includes>
+                                <include>**/FastTestsOnlySuite.java</include>
+                            </includes>
                         </configuration>
                     </plugin>
                 </plugins>