chore: Add format check to CI and format (#146)

buildspec.yml

@@ -23,3 +23,8 @@ batch:
       env:
         env:
         image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
+    - identifier: static_analysis
+      buildspec: codebuild/static-analysis.yml
+      env:
+        env:
+        image: aws/codebuild/amazonlinux2-x86_64-standard:3.0

codebuild/static-analysis.yml

@@ -0,0 +1,9 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      java: corretto11
+  build:
+    commands:
+      - mvn com.coveo:fmt-maven-plugin:check

examples/src/main/java/com/amazonaws/examples/AsymmetricEncryptedItem.java

@@ -14,6 +14,11 @@
  */
 package com.amazonaws.examples;
 
+import com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor;
+import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionContext;
+import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionFlags;
+import com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.WrappedMaterialsProvider;
+import com.amazonaws.services.dynamodbv2.model.AttributeValue;
 import java.nio.ByteBuffer;
 import java.security.GeneralSecurityException;
 import java.security.KeyPair;
@@ -23,15 +28,9 @@
 import java.util.Map;
 import java.util.Set;
 
-import com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor;
-import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionContext;
-import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionFlags;
-import com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.WrappedMaterialsProvider;
-import com.amazonaws.services.dynamodbv2.model.AttributeValue;
-
 /**
- * Example showing use of RSA keys for encryption and signing.
- * For ease of the example, we create new random ones every time.
+ * Example showing use of RSA keys for encryption and signing. For ease of the example, we create
+ * new random ones every time.
  */
 public class AsymmetricEncryptedItem {
   private static final String STRING_FIELD_NAME = "example";
@@ -50,7 +49,8 @@ public static void main(String[] args) throws GeneralSecurityException {
     encryptRecord(tableName, wrappingKeys, signingKeys);
   }
 
-  public static void encryptRecord(String tableName, KeyPair wrappingKeys, KeyPair signingKeys) throws GeneralSecurityException {
+  public static void encryptRecord(String tableName, KeyPair wrappingKeys, KeyPair signingKeys)
+      throws GeneralSecurityException {
     // Sample record to be encrypted
     final String partitionKeyName = "partition_attribute";
     final String sortKeyName = "sort_attribute";
@@ -59,25 +59,34 @@ public static void encryptRecord(String tableName, KeyPair wrappingKeys, KeyPair
     record.put(sortKeyName, new AttributeValue().withN("55"));
     record.put(STRING_FIELD_NAME, new AttributeValue().withS("data"));
     record.put(NUMBER_FIELD_NAME, new AttributeValue().withN("99"));
-    record.put(BINARY_FIELD_NAME, new AttributeValue().withB(ByteBuffer.wrap(new byte[]{0x00, 0x01, 0x02})));
-    record.put(IGNORED_FIELD_NAME, new AttributeValue().withS("alone")); // We want to ignore this attribute
+    record.put(
+        BINARY_FIELD_NAME,
+        new AttributeValue().withB(ByteBuffer.wrap(new byte[] {0x00, 0x01, 0x02})));
+    record.put(
+        IGNORED_FIELD_NAME,
+        new AttributeValue().withS("alone")); // We want to ignore this attribute
 
-    // Set up our configuration and clients. All of this is thread-safe and can be reused across calls.
+    // Set up our configuration and clients. All of this is thread-safe and can be reused across
+    // calls.
     // Provider Configuration
-    final WrappedMaterialsProvider cmp = new WrappedMaterialsProvider(wrappingKeys.getPublic(), wrappingKeys.getPrivate(), signingKeys);
+    final WrappedMaterialsProvider cmp =
+        new WrappedMaterialsProvider(
+            wrappingKeys.getPublic(), wrappingKeys.getPrivate(), signingKeys);
     // Encryptor creation
     final DynamoDBEncryptor encryptor = DynamoDBEncryptor.getInstance(cmp);
 
     // Information about the context of our data (normally just Table information)
-    final EncryptionContext encryptionContext = new EncryptionContext.Builder()
-        .withTableName(tableName)
-        .withHashKeyName(partitionKeyName)
-        .withRangeKeyName(sortKeyName)
-        .build();
+    final EncryptionContext encryptionContext =
+        new EncryptionContext.Builder()
+            .withTableName(tableName)
+            .withHashKeyName(partitionKeyName)
+            .withRangeKeyName(sortKeyName)
+            .build();
 
     // Describe what actions need to be taken for each attribute
     final EnumSet<EncryptionFlags> signOnly = EnumSet.of(EncryptionFlags.SIGN);
-    final EnumSet<EncryptionFlags> encryptAndSign = EnumSet.of(EncryptionFlags.ENCRYPT, EncryptionFlags.SIGN);
+    final EnumSet<EncryptionFlags> encryptAndSign =
+        EnumSet.of(EncryptionFlags.ENCRYPT, EncryptionFlags.SIGN);
     final Map<String, Set<EncryptionFlags>> actions = new HashMap<>();
     for (final String attributeName : record.keySet()) {
       switch (attributeName) {
@@ -98,13 +107,22 @@ public static void encryptRecord(String tableName, KeyPair wrappingKeys, KeyPair
     // End set-up
 
     // Encrypt the plaintext record directly
-    final Map<String, AttributeValue> encrypted_record = encryptor.encryptRecord(record, actions, encryptionContext);
+    final Map<String, AttributeValue> encrypted_record =
+        encryptor.encryptRecord(record, actions, encryptionContext);
 
     // Encrypted record fields change as expected
-    assert encrypted_record.get(STRING_FIELD_NAME).getB() != null; // the encrypted string is stored as bytes
-    assert encrypted_record.get(NUMBER_FIELD_NAME).getB() != null; // the encrypted number is stored as bytes
-    assert !record.get(BINARY_FIELD_NAME).getB().equals(encrypted_record.get(BINARY_FIELD_NAME).getB()); // the encrypted bytes have updated
-    assert record.get(IGNORED_FIELD_NAME).getS().equals(encrypted_record.get(IGNORED_FIELD_NAME).getS()); // ignored field is left as is
+    assert encrypted_record.get(STRING_FIELD_NAME).getB()
+        != null; // the encrypted string is stored as bytes
+    assert encrypted_record.get(NUMBER_FIELD_NAME).getB()
+        != null; // the encrypted number is stored as bytes
+    assert !record
+        .get(BINARY_FIELD_NAME)
+        .getB()
+        .equals(encrypted_record.get(BINARY_FIELD_NAME).getB()); // the encrypted bytes have updated
+    assert record
+        .get(IGNORED_FIELD_NAME)
+        .getS()
+        .equals(encrypted_record.get(IGNORED_FIELD_NAME).getS()); // ignored field is left as is
 
     // We could now put the encrypted item to DynamoDB just as we would any other item.
     // We're skipping it to to keep the example simpler.
@@ -113,12 +131,22 @@ public static void encryptRecord(String tableName, KeyPair wrappingKeys, KeyPair
     System.out.println("Encrypted Record: " + encrypted_record);
 
     // Decryption is identical. We'll pretend that we retrieved the record from DynamoDB.
-    final Map<String, AttributeValue> decrypted_record = encryptor.decryptRecord(encrypted_record, actions, encryptionContext);
+    final Map<String, AttributeValue> decrypted_record =
+        encryptor.decryptRecord(encrypted_record, actions, encryptionContext);
     System.out.println("Decrypted Record: " + decrypted_record);
 
     // The decrypted fields match the original fields before encryption
-    assert record.get(STRING_FIELD_NAME).getS().equals(decrypted_record.get(STRING_FIELD_NAME).getS());
-    assert record.get(NUMBER_FIELD_NAME).getN().equals(decrypted_record.get(NUMBER_FIELD_NAME).getN());
-    assert record.get(BINARY_FIELD_NAME).getB().equals(decrypted_record.get(BINARY_FIELD_NAME).getB());
+    assert record
+        .get(STRING_FIELD_NAME)
+        .getS()
+        .equals(decrypted_record.get(STRING_FIELD_NAME).getS());
+    assert record
+        .get(NUMBER_FIELD_NAME)
+        .getN()
+        .equals(decrypted_record.get(NUMBER_FIELD_NAME).getN());
+    assert record
+        .get(BINARY_FIELD_NAME)
+        .getB()
+        .equals(decrypted_record.get(BINARY_FIELD_NAME).getB());
   }
 }

examples/src/main/java/com/amazonaws/examples/AwsKmsEncryptedItem.java

@@ -14,24 +14,21 @@
  */
 package com.amazonaws.examples;
 
-import java.nio.ByteBuffer;
-import java.security.GeneralSecurityException;
-import java.util.EnumSet;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
 import com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor;
 import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionContext;
 import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionFlags;
 import com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.DirectKmsMaterialProvider;
 import com.amazonaws.services.dynamodbv2.model.AttributeValue;
 import com.amazonaws.services.kms.AWSKMS;
 import com.amazonaws.services.kms.AWSKMSClientBuilder;
+import java.nio.ByteBuffer;
+import java.security.GeneralSecurityException;
+import java.util.EnumSet;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
 
-/**
- * Example showing use of AWS KMS CMP with record encryption functions directly.
- */
+/** Example showing use of AWS KMS CMP with record encryption functions directly. */
 public class AwsKmsEncryptedItem {
   private static final String STRING_FIELD_NAME = "example";
   private static final String BINARY_FIELD_NAME = "and some binary";
@@ -54,7 +51,9 @@ public static void main(String[] args) throws GeneralSecurityException {
     }
   }
 
-  public static void encryptRecord(final String tableName, final String cmkArn, final AWSKMS kmsClient) throws GeneralSecurityException {
+  public static void encryptRecord(
+      final String tableName, final String cmkArn, final AWSKMS kmsClient)
+      throws GeneralSecurityException {
     // Sample record to be encrypted
     final String partitionKeyName = "partition_attribute";
     final String sortKeyName = "sort_attribute";
@@ -63,26 +62,33 @@ public static void encryptRecord(final String tableName, final String cmkArn, fi
     record.put(sortKeyName, new AttributeValue().withN("55"));
     record.put(STRING_FIELD_NAME, new AttributeValue().withS("data"));
     record.put(NUMBER_FIELD_NAME, new AttributeValue().withN("99"));
-    record.put(BINARY_FIELD_NAME, new AttributeValue().withB(ByteBuffer.wrap(new byte[]{0x00, 0x01, 0x02})));
-    record.put(IGNORED_FIELD_NAME, new AttributeValue().withS("alone")); // We want to ignore this attribute
+    record.put(
+        BINARY_FIELD_NAME,
+        new AttributeValue().withB(ByteBuffer.wrap(new byte[] {0x00, 0x01, 0x02})));
+    record.put(
+        IGNORED_FIELD_NAME,
+        new AttributeValue().withS("alone")); // We want to ignore this attribute
 
-    // Set up our configuration and clients. All of this is thread-safe and can be reused across calls.
+    // Set up our configuration and clients. All of this is thread-safe and can be reused across
+    // calls.
     // This example assumes we already have a AWS KMS client `kmsClient`
     // Provider Configuration
     final DirectKmsMaterialProvider cmp = new DirectKmsMaterialProvider(kmsClient, cmkArn);
     // Encryptor creation
     final DynamoDBEncryptor encryptor = DynamoDBEncryptor.getInstance(cmp);
 
     // Information about the context of our data (normally just Table information)
-    final EncryptionContext encryptionContext = new EncryptionContext.Builder()
-        .withTableName(tableName)
-        .withHashKeyName(partitionKeyName)
-        .withRangeKeyName(sortKeyName)
-        .build();
+    final EncryptionContext encryptionContext =
+        new EncryptionContext.Builder()
+            .withTableName(tableName)
+            .withHashKeyName(partitionKeyName)
+            .withRangeKeyName(sortKeyName)
+            .build();
 
     // Describe what actions need to be taken for each attribute
     final EnumSet<EncryptionFlags> signOnly = EnumSet.of(EncryptionFlags.SIGN);
-    final EnumSet<EncryptionFlags> encryptAndSign = EnumSet.of(EncryptionFlags.ENCRYPT, EncryptionFlags.SIGN);
+    final EnumSet<EncryptionFlags> encryptAndSign =
+        EnumSet.of(EncryptionFlags.ENCRYPT, EncryptionFlags.SIGN);
     final Map<String, Set<EncryptionFlags>> actions = new HashMap<>();
     for (final String attributeName : record.keySet()) {
       switch (attributeName) {
@@ -103,13 +109,22 @@ public static void encryptRecord(final String tableName, final String cmkArn, fi
     // End set-up
 
     // Encrypt the plaintext record directly
-    final Map<String, AttributeValue> encrypted_record = encryptor.encryptRecord(record, actions, encryptionContext);
+    final Map<String, AttributeValue> encrypted_record =
+        encryptor.encryptRecord(record, actions, encryptionContext);
 
     // Encrypted record fields change as expected
-    assert encrypted_record.get(STRING_FIELD_NAME).getB() != null; // the encrypted string is stored as bytes
-    assert encrypted_record.get(NUMBER_FIELD_NAME).getB() != null; // the encrypted number is stored as bytes
-    assert !record.get(BINARY_FIELD_NAME).getB().equals(encrypted_record.get(BINARY_FIELD_NAME).getB()); // the encrypted bytes have updated
-    assert record.get(IGNORED_FIELD_NAME).getS().equals(encrypted_record.get(IGNORED_FIELD_NAME).getS()); // ignored field is left as is
+    assert encrypted_record.get(STRING_FIELD_NAME).getB()
+        != null; // the encrypted string is stored as bytes
+    assert encrypted_record.get(NUMBER_FIELD_NAME).getB()
+        != null; // the encrypted number is stored as bytes
+    assert !record
+        .get(BINARY_FIELD_NAME)
+        .getB()
+        .equals(encrypted_record.get(BINARY_FIELD_NAME).getB()); // the encrypted bytes have updated
+    assert record
+        .get(IGNORED_FIELD_NAME)
+        .getS()
+        .equals(encrypted_record.get(IGNORED_FIELD_NAME).getS()); // ignored field is left as is
 
     // We could now put the encrypted item to DynamoDB just as we would any other item.
     // We're skipping it to to keep the example simpler.
@@ -118,12 +133,22 @@ public static void encryptRecord(final String tableName, final String cmkArn, fi
     System.out.println("Encrypted Record: " + encrypted_record);
 
     // Decryption is identical. We'll pretend that we retrieved the record from DynamoDB.
-    final Map<String, AttributeValue> decrypted_record = encryptor.decryptRecord(encrypted_record, actions, encryptionContext);
+    final Map<String, AttributeValue> decrypted_record =
+        encryptor.decryptRecord(encrypted_record, actions, encryptionContext);
     System.out.println("Decrypted Record: " + decrypted_record);
 
     // The decrypted fields match the original fields before encryption
-    assert record.get(STRING_FIELD_NAME).getS().equals(decrypted_record.get(STRING_FIELD_NAME).getS());
-    assert record.get(NUMBER_FIELD_NAME).getN().equals(decrypted_record.get(NUMBER_FIELD_NAME).getN());
-    assert record.get(BINARY_FIELD_NAME).getB().equals(decrypted_record.get(BINARY_FIELD_NAME).getB());
+    assert record
+        .get(STRING_FIELD_NAME)
+        .getS()
+        .equals(decrypted_record.get(STRING_FIELD_NAME).getS());
+    assert record
+        .get(NUMBER_FIELD_NAME)
+        .getN()
+        .equals(decrypted_record.get(NUMBER_FIELD_NAME).getN());
+    assert record
+        .get(BINARY_FIELD_NAME)
+        .getB()
+        .equals(decrypted_record.get(BINARY_FIELD_NAME).getB());
   }
 }