com.google.crypto.tink

Class KmsClients

java.lang.Object

com.google.crypto.tink.KmsClients

public final class KmsClients
extends Object

A container for KmsClient-objects that are needed by KeyManager-objects for primitives that use KMS-managed keys.

This class consists exclusively of static methods that register and load KmsClient-objects.

Since:

1.0.0

Method Summary

Modifier and Type	Method and Description
static void	add(KmsClient client) Adds a client to the list of known KmsClient-objects.
static KmsClient	get(String keyUri) Returns the first KmsClient registered with add(com.google.crypto.tink.KmsClient) that supports keyUri.
static KmsClient	getAutoLoaded(String keyUri) Returns the first KmsClient automatically loaded with ServiceLoader that supports keyUri.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

add

public static void add(KmsClient client)

Adds a client to the list of known KmsClient-objects.

get

public static KmsClient get(String keyUri)
                     throws GeneralSecurityException

Returns the first KmsClient registered with add(com.google.crypto.tink.KmsClient) that supports keyUri.

Throws:

GeneralSecurityException - if cannot found any KMS clients that support keyUri

getAutoLoaded

public static KmsClient getAutoLoaded(String keyUri)
                               throws GeneralSecurityException

Returns the first KmsClient automatically loaded with ServiceLoader that supports keyUri.

Warning This method searches over the classpath for all implementations of KmsClient. An attacker that can insert a class in your classpath (e.g., someone controlling a library that you're using) could provide a fake KmsClient that steal your keys. For this reason Tink does not use this method. It is used by Tinkey which needs to talk to custom, in-house key management systems.

Throws:

GeneralSecurityException - if cannot found any KMS clients that support keyUri