Allow overriding KMS encryption context.

Marston · SalusaSecondus · commit c2fd000f42e3 · 2019-10-09T09:06:38.000-07:00
diff --git a/sdk1/src/main/java/com/amazonaws/services/dynamodbv2/datamodeling/encryption/providers/DirectKmsMaterialProvider.java b/sdk1/src/main/java/com/amazonaws/services/dynamodbv2/datamodeling/encryption/providers/DirectKmsMaterialProvider.java
@@ -254,7 +254,8 @@ protected GenerateDataKeyResult generateDataKey(final GenerateDataKeyRequest req
 
     /**
      * Extracts relevant information from {@code context} and uses it to populate fields in
-     * {@code kmsEc}. Currently, these fields are:
+     * {@code kmsEc}. Subclass can override the default implementation to provide an alternative
+     * encryption context in calls to KMS. Currently, the default implementation includes these fields:
      * <dl>
      * <dt>{@code HashKeyName}</dt>
      * <dd>{@code HashKeyValue}</dd>
@@ -263,7 +264,7 @@ protected GenerateDataKeyResult generateDataKey(final GenerateDataKeyRequest req
      * <dt>{@link #TABLE_NAME_EC_KEY}</dt>
      * <dd>{@code TableName}</dd>
      */
-    private static void populateKmsEcFromEc(EncryptionContext context, Map<String, String> kmsEc) {
+    protected void populateKmsEcFromEc(EncryptionContext context, Map<String, String> kmsEc) {
         final String hashKeyName = context.getHashKeyName();
         if (hashKeyName != null) {
             final AttributeValue hashKey = context.getAttributeValues().get(hashKeyName);
diff --git a/sdk2/src/main/java/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/DirectKmsMaterialsProvider.java b/sdk2/src/main/java/software/amazon/cryptools/dynamodbencryptionclientsdk2/encryption/providers/DirectKmsMaterialsProvider.java
@@ -246,7 +246,8 @@ protected GenerateDataKeyResponse generateDataKey(final GenerateDataKeyRequest r
 
     /**
      * Extracts relevant information from {@code context} and uses it to populate fields in
-     * {@code kmsEc}. Currently, these fields are:
+     * {@code kmsEc}. Subclass can override the default implementation to provide an alternative
+     * encryption context in calls to KMS. Currently, the default implementation includes these fields:
      * <dl>
      * <dt>{@code HashKeyName}</dt>
      * <dd>{@code HashKeyValue}</dd>
@@ -255,7 +256,7 @@ protected GenerateDataKeyResponse generateDataKey(final GenerateDataKeyRequest r
      * <dt>{@link #TABLE_NAME_EC_KEY}</dt>
      * <dd>{@code TableName}</dd>
      */
-    private static void populateKmsEcFromEc(EncryptionContext context, Map<String, String> kmsEc) {
+    protected void populateKmsEcFromEc(EncryptionContext context, Map<String, String> kmsEc) {
         final String hashKeyName = context.getHashKeyName();
         if (hashKeyName != null) {
             final AttributeValue hashKey = context.getAttributeValues().get(hashKeyName);
