Google/Tink:使用 AWS KMS 密钥加密密钥 material 但出现 NullPointerException
Google/Tink: Use AWS KMS Key encrypt key material but get NullPointerException
当我使用follow demo加密密钥material时,我在AwsKmsClient().getAead()方法中得到了NullPointerException。
String masterKeyUri = "aws-kms://arn:aws:kms:us-east-1:007084425826:key/84a65985-f868-4bfc-83c2-366618acf147";
KeysetHandle keysetHandle = KeysetHandle.read(
JsonKeysetReader.withFile(new File(keysetFilename)),
new AwsKmsClient().getAead(masterKeyUri));
调试发现AwsKmsClient中的AWSKMS client(this.client)是null。
public Aead getAead(String uri) throws GeneralSecurityException {
if (this.keyUri != null && !this.keyUri.equals(uri)) {
throw new GeneralSecurityException(String.format("this client is bound to %s, cannot load keys bound to %s", this.keyUri, uri));
} else {
return new AwsKmsAead(this.client, Validators.validateKmsKeyUriAndRemovePrefix("aws-kms://", uri));
}
}
你知道如何处理这个问题吗?或者如何正确使用 AWS KMS?
提前致谢。
抱歉回复缓慢。您好像忘记添加凭据了?
请试试这个,如果有效请告诉我:
String masterKeyUri = "aws-kms://arn:aws:kms:us-east-1:007084425826:key/84a65985-f868-4bfc-83c2-366618acf147";
KeysetHandle keysetHandle = KeysetHandle.read(
JsonKeysetReader.withFile(new File(keysetFilename)),
new AwsKmsClient().withDefaultCredentials().getAead(masterKeyUri))
不过 API 可以改进。我会看看如何做到这一点。
当我使用follow demo加密密钥material时,我在AwsKmsClient().getAead()方法中得到了NullPointerException。
String masterKeyUri = "aws-kms://arn:aws:kms:us-east-1:007084425826:key/84a65985-f868-4bfc-83c2-366618acf147";
KeysetHandle keysetHandle = KeysetHandle.read(
JsonKeysetReader.withFile(new File(keysetFilename)),
new AwsKmsClient().getAead(masterKeyUri));
调试发现AwsKmsClient中的AWSKMS client(this.client)是null。
public Aead getAead(String uri) throws GeneralSecurityException {
if (this.keyUri != null && !this.keyUri.equals(uri)) {
throw new GeneralSecurityException(String.format("this client is bound to %s, cannot load keys bound to %s", this.keyUri, uri));
} else {
return new AwsKmsAead(this.client, Validators.validateKmsKeyUriAndRemovePrefix("aws-kms://", uri));
}
}
你知道如何处理这个问题吗?或者如何正确使用 AWS KMS? 提前致谢。
抱歉回复缓慢。您好像忘记添加凭据了?
请试试这个,如果有效请告诉我:
String masterKeyUri = "aws-kms://arn:aws:kms:us-east-1:007084425826:key/84a65985-f868-4bfc-83c2-366618acf147";
KeysetHandle keysetHandle = KeysetHandle.read(
JsonKeysetReader.withFile(new File(keysetFilename)),
new AwsKmsClient().withDefaultCredentials().getAead(masterKeyUri))
不过 API 可以改进。我会看看如何做到这一点。