1 /*
2  * Copyright (C) 2024 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.apksig.kms.aws;
18 
19 import static com.android.apksig.internal.util.Resources.FIRST_RSA_2048_SIGNER_RESOURCE_NAME;
20 import static com.android.apksig.internal.util.Resources.SECOND_RSA_2048_SIGNER_RESOURCE_NAME;
21 import static com.android.apksig.kms.KeyWrapper.wrapKeyForImport;
22 
23 import software.amazon.awssdk.services.kms.model.AlgorithmSpec;
24 import software.amazon.awssdk.services.kms.model.GetParametersForImportResponse;
25 import software.amazon.awssdk.services.kms.model.KeyMetadata;
26 import software.amazon.awssdk.services.kms.model.KeySpec;
27 import software.amazon.awssdk.services.kms.model.WrappingKeySpec;
28 
29 /** Supplies data for tests involving AWS KMS */
30 public class AwsTestData {
31     /** Creates the test data. This should be run ONCE. */
main(String[] args)32     public static void main(String[] args) throws Exception {
33         importRsa2048Sha256(FIRST_RSA_2048_SIGNER_RESOURCE_NAME);
34         importRsa2048Sha256(SECOND_RSA_2048_SIGNER_RESOURCE_NAME);
35     }
36 
importRsa2048Sha256(String privateKeyNameInResources)37     private static void importRsa2048Sha256(String privateKeyNameInResources) throws Exception {
38         try (KeyAliasClient keyAliasClient = new KeyAliasClient()) {
39             KeyMetadata keyMetadata =
40                     keyAliasClient
41                             .getKeyForAlias(privateKeyNameInResources)
42                             .orElseGet(
43                                     () ->
44                                             keyAliasClient.createKeyForImport(
45                                                     privateKeyNameInResources, KeySpec.RSA_2048));
46 
47             GetParametersForImportResponse importParameters =
48                     keyAliasClient.getParametersForImport(
49                             WrappingKeySpec.RSA_4096,
50                             AlgorithmSpec.RSA_AES_KEY_WRAP_SHA_1,
51                             keyMetadata.keyId());
52 
53             byte[] wrappedKey =
54                     wrapKeyForImport(
55                             privateKeyNameInResources, importParameters.publicKey().asByteArray());
56 
57             keyAliasClient.importKeyMaterial(
58                     keyMetadata.keyId(), importParameters.importToken(), wrappedKey);
59         }
60     }
61 }
62