11package software .amazon .cryptography .examples .searchableencryption ;
22
33import java .util .ArrayList ;
4+ import java .util .Arrays ;
45import java .util .List ;
56import java .util .HashMap ;
67import java .util .Map ;
1718import software .amazon .awssdk .services .dynamodb .model .QueryResponse ;
1819import software .amazon .awssdk .services .kms .KmsClient ;
1920import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .BeaconKeySource ;
21+ import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .BeaconStyle ;
2022import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .BeaconVersion ;
2123import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .CompoundBeacon ;
2224import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .Constructor ;
2325import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .ConstructorPart ;
2426import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .DynamoDbTableEncryptionConfig ;
2527import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .DynamoDbTablesEncryptionConfig ;
26- import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .SearchConfig ;
2728import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .EncryptedPart ;
29+ import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .PartOnly ;
30+ import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .SearchConfig ;
2831import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .SingleKeyStore ;
2932import software .amazon .cryptography .dbencryptionsdk .dynamodb .model .StandardBeacon ;
33+
3034import software .amazon .cryptography .dbencryptionsdk .dynamodb .transforms .DynamoDbEncryptionTransforms ;
3135import software .amazon .cryptography .dbencryptionsdk .dynamodb .transforms .model .ResolveAttributesInput ;
3236import software .amazon .cryptography .dbencryptionsdk .dynamodb .transforms .model .ResolveAttributesOutput ;
@@ -87,45 +91,65 @@ public static void PutItemQueryItemWithCompoundBeacon(String ddbTableName, Strin
8791 // While we will not directly query against these beacons,
8892 // you must create standard beacons on encrypted fields
8993 // that we wish to use in compound beacons.
90- List <StandardBeacon > standardBeaconList = new ArrayList <>();
91- StandardBeacon last4Beacon = StandardBeacon .builder ()
92- .name ("inspector_id_last4" )
93- .length (10 )
94- .build ();
95- standardBeaconList .add (last4Beacon );
96- StandardBeacon unitBeacon = StandardBeacon .builder ()
97- .name ("unit" )
98- .length (30 )
99- .build ();
100- standardBeaconList .add (unitBeacon );
94+ // We mark them both as PartOnly to enforce the fact that
95+ // we will not directly query against these beacons.
96+ List <StandardBeacon > standardBeaconList = Arrays .asList (
97+ StandardBeacon .builder ()
98+ .name ("inspector_id_last4" )
99+ .length (10 )
100+ .style (BeaconStyle .builder ().partOnly (PartOnly .builder ().build ()).build ())
101+ .build (),
102+ StandardBeacon .builder ()
103+ .name ("unit" )
104+ .length (30 )
105+ .style (BeaconStyle .builder ().partOnly (PartOnly .builder ().build ()).build ())
106+ .build ()
107+ );
101108
102109 // 2. Define encrypted parts.
103110 // Encrypted parts define the beacons that can be used to construct a compound beacon,
104111 // and how the compound beacon prefixes those beacon values.
105- List <EncryptedPart > encryptedPartList = new ArrayList <>();
106112 // A encrypted part must receive:
107113 // - name: Name of a standard beacon
108114 // - prefix: Any string. This is plaintext that prefixes the beaconized value in the compound beacon.
109115 // Prefixes must be unique across the configuration, and must not be a prefix of another prefix;
110116 // i.e. for all configured prefixes, the first N characters of a prefix must not equal another prefix.
111117 // In practice, it is suggested to have a short value distinguishable from other parts served on the prefix.
112- // For this example, we will choose "L-" as the prefix for "Last 4 digits of inspector ID".
113- // With this prefix and the standard beacon's bit length definition (10), the beaconized
114- // version of the inspector ID's last 4 digits will appear as
115- // `L-000` to `L-3ff` inside a compound beacon.
116- EncryptedPart last4EncryptedPart = EncryptedPart .builder ()
118+
119+ List <EncryptedPart > encryptedPartList = Arrays .asList (
120+ // For this example, we will choose "L-" as the prefix for "Last 4 digits of inspector ID".
121+ // With this prefix and the standard beacon's bit length definition (10), the beaconized
122+ // version of the inspector ID's last 4 digits will appear as
123+ // `L-000` to `L-3ff` inside a compound beacon.
124+ EncryptedPart .builder ()
125+ .name ("inspector_id_last4" )
126+ .prefix ("L-" )
127+ .build (),
128+
129+ // For this example, we will choose "U-" as the prefix for "unit".
130+ // With this prefix and the standard beacon's bit length definition (30), a unit beacon will appear
131+ // as `U-00000000` to `U-3fffffff` inside a compound beacon.
132+ EncryptedPart .builder ()
133+ .name ("unit" )
134+ .prefix ("U-" )
135+ .build ()
136+ );
137+
138+ List <ConstructorPart > constructorParts = Arrays .asList (
139+ ConstructorPart .builder ()
117140 .name ("inspector_id_last4" )
118- .prefix ("L-" )
119- .build ();
120- encryptedPartList .add (last4EncryptedPart );
121- // For this example, we will choose "U-" as the prefix for "unit".
122- // With this prefix and the standard beacon's bit length definition (30), a unit beacon will appear
123- // as `U-00000000` to `U-3fffffff` inside a compound beacon.
124- EncryptedPart unitEncryptedPart = EncryptedPart .builder ()
141+ .required (true )
142+ .build (),
143+ ConstructorPart .builder ()
144+ // This name comes from the "EmployeeID" standard beacon.
125145 .name ("unit" )
126- .prefix ("U-" )
127- .build ();
128- encryptedPartList .add (unitEncryptedPart );
146+ .required (true )
147+ .build ()
148+ );
149+ List <Constructor > constructors = Arrays .asList (
150+ Constructor .builder ()
151+ .parts (constructorParts )
152+ .build ());
129153
130154 // 3. Define compound beacon.
131155 // A compound beacon allows one to serve multiple beacons or attributes from a single index.
@@ -146,13 +170,13 @@ public static void PutItemQueryItemWithCompoundBeacon(String ddbTableName, Strin
146170 // - signed: A list of signed parts, i.e. plaintext attributes. This would be provided if we
147171 // wanted to use plaintext values as part of constructing our compound beacon. We do not
148172 // provide this here; see the Complex example for an example.
149- List <CompoundBeacon > compoundBeaconList = new ArrayList <>();
150- CompoundBeacon last4UnitCompoundBeacon = CompoundBeacon .builder ()
151- .name ("last4UnitCompound" )
152- . split ( "." )
153- . encrypted ( encryptedPartList )
154- .build ();
155- compoundBeaconList . add ( last4UnitCompoundBeacon );
173+ List <CompoundBeacon > compoundBeaconList = Arrays . asList (
174+ CompoundBeacon .builder ()
175+ .name ("last4UnitCompound" )
176+ . constructors ( constructors )
177+ . split ( "." )
178+ .build ()
179+ );
156180
157181 // 4. Configure the Keystore
158182 // These are the same constructions as in the Basic example, which describes these in more detail.
@@ -169,9 +193,9 @@ public static void PutItemQueryItemWithCompoundBeacon(String ddbTableName, Strin
169193 // 5. Create BeaconVersion.
170194 // This is similar to the Basic example, except we have also provided a compoundBeaconList.
171195 // We must also continue to provide all of the standard beacons that compose a compound beacon list.
172- List <BeaconVersion > beaconVersions = new ArrayList <>();
173- beaconVersions .add (
196+ List <BeaconVersion > beaconVersions = Arrays .asList (
174197 BeaconVersion .builder ()
198+ .encryptedParts (encryptedPartList )
175199 .standardBeacons (standardBeaconList )
176200 .compoundBeacons (compoundBeaconList )
177201 .version (1 ) // MUST be 1
0 commit comments