Partager via


EncryptedBlobClientBuilder Class

  • java.lang.Object
    • com.azure.storage.blob.specialized.cryptography.EncryptedBlobClientBuilder

Implements

public final class EncryptedBlobClientBuilder
implements TokenCredentialTrait<EncryptedBlobClientBuilder>, ConnectionStringTrait<EncryptedBlobClientBuilder>, AzureNamedKeyCredentialTrait<EncryptedBlobClientBuilder>, AzureSasCredentialTrait<EncryptedBlobClientBuilder>, HttpTrait<EncryptedBlobClientBuilder>, ConfigurationTrait<EncryptedBlobClientBuilder>, EndpointTrait<EncryptedBlobClientBuilder>

This class provides a fluent builder API to help aid the configuration and instantiation of Storage Blob clients.

The following information must be provided on this builder:

Once all the configurations are set on this builder use the following mapping to construct the given client:

Constructor Summary

Constructor Description
EncryptedBlobClientBuilder()

Deprecated

Creates a new instance of the EncryptedBlobClientBuilder

EncryptedBlobClientBuilder(EncryptionVersion version)

Creates a new instance of the EncryptedBlobClientbuilder.

Method Summary

Modifier and Type Method and Description
EncryptedBlobClientBuilder addPolicy(HttpPipelinePolicy pipelinePolicy)

Adds a HttpPipelinePolicy to apply on each request sent.

EncryptedBlobClientBuilder blobAsyncClient(BlobAsyncClient blobAsyncClient)

Configures the builder based on the passed BlobAsyncClient.

EncryptedBlobClientBuilder blobClient(BlobClient blobClient)

Configures the builder based on the passed BlobClient.

EncryptedBlobClientBuilder blobName(String blobName)

Sets the name of the blob.

EncryptedBlobAsyncClient buildEncryptedBlobAsyncClient()

Creates a EncryptedBlobAsyncClient based on options set in the Builder.

EncryptedBlobClient buildEncryptedBlobClient()

Creates a EncryptedBlobClient based on options set in the Builder.

EncryptedBlobClientBuilder clientOptions(ClientOptions clientOptions)

Allows for setting common properties such as application ID, headers, proxy configuration, etc.

EncryptedBlobClientBuilder clientSideEncryptionOptions(BlobClientSideEncryptionOptions clientSideEncryptionOptions)

Sets the encryption options for the blob.

EncryptedBlobClientBuilder configuration(Configuration configuration)

Sets the configuration object used to retrieve environment configuration values during building of the client.

EncryptedBlobClientBuilder connectionString(String connectionString)

Sets the connection string to connect to the service.

EncryptedBlobClientBuilder containerName(String containerName)

Sets the name of the container that contains the blob.

EncryptedBlobClientBuilder credential(AzureNamedKeyCredential credential)

Sets the AzureNamedKeyCredential used to authorize requests sent to the service.

EncryptedBlobClientBuilder credential(AzureSasCredential credential)

Sets the AzureSasCredential used to authorize requests sent to the service.

EncryptedBlobClientBuilder credential(TokenCredential credential)

Sets the TokenCredential used to authorize requests sent to the service.

EncryptedBlobClientBuilder credential(StorageSharedKeyCredential credential)

Sets the StorageSharedKeyCredential used to authorize requests sent to the service.

EncryptedBlobClientBuilder customerProvidedKey(CustomerProvidedKey customerProvidedKey)

Sets the CustomerProvidedKey that is used to encrypt blob contents on the server.

EncryptedBlobClientBuilder encryptionScope(String encryptionScope)

Sets the encryption scope that is used to encrypt blob contents on the server.

EncryptedBlobClientBuilder endpoint(String endpoint)

Sets the service endpoint, additionally parses it for information (SAS token, container name, blob name)

static HttpLogOptions getDefaultHttpLogOptions()

Gets the default Storage allowlist log headers and query parameters.

EncryptedBlobClientBuilder httpClient(HttpClient httpClient)

Sets the HttpClient to use for sending and receiving requests to and from the service.

EncryptedBlobClientBuilder httpLogOptions(HttpLogOptions logOptions)

Sets the HttpLogOptions to use when sending and receiving requests to and from the service.

EncryptedBlobClientBuilder key(AsyncKeyEncryptionKey key, String keyWrapAlgorithm)

Sets the encryption key parameters for the client

EncryptedBlobClientBuilder keyResolver(AsyncKeyEncryptionKeyResolver keyResolver)

Sets the encryption parameters for this client

EncryptedBlobClientBuilder pipeline(HttpPipeline httpPipeline)

Sets the HttpPipeline to use for the service client.

EncryptedBlobClientBuilder requiresEncryption(boolean requiresEncryption)

Sets the requires encryption option.

EncryptedBlobClientBuilder retryOptions(RetryOptions retryOptions)

Sets the RetryOptions for all the requests made through the client.

EncryptedBlobClientBuilder retryOptions(RequestRetryOptions retryOptions)

Sets the request retry options for all the requests made through the client.

EncryptedBlobClientBuilder sasToken(String sasToken)

Sets the SAS token used to authorize requests sent to the service.

EncryptedBlobClientBuilder serviceVersion(BlobServiceVersion version)

Sets the BlobServiceVersion that is used when making API requests.

EncryptedBlobClientBuilder setAnonymousAccess()

Clears the credential used to authorize the request.

EncryptedBlobClientBuilder snapshot(String snapshot)

Sets the snapshot identifier of the blob.

EncryptedBlobClientBuilder versionId(String versionId)

Sets the version identifier of the blob.

Methods inherited from java.lang.Object

Constructor Details

EncryptedBlobClientBuilder

@Deprecated
public EncryptedBlobClientBuilder()

Deprecated

Creates a new instance of the EncryptedBlobClientBuilder

EncryptedBlobClientBuilder

public EncryptedBlobClientBuilder(EncryptionVersion version)

Creates a new instance of the EncryptedBlobClientbuilder.

Parameters:

version - The version of the client side encryption protocol to use. It is highly recommended that v2 be preferred for security reasons, though v1 continues to be supported for compatibility reasons. Note that even a client configured to encrypt using v2 can decrypt blobs that use the v1 protocol.

Method Details

addPolicy

public EncryptedBlobClientBuilder addPolicy(HttpPipelinePolicy pipelinePolicy)

Adds a HttpPipelinePolicy to apply on each request sent.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

pipelinePolicy - A HttpPipelinePolicy.

Returns:

the updated EncryptedBlobClientBuilder object

blobAsyncClient

public EncryptedBlobClientBuilder blobAsyncClient(BlobAsyncClient blobAsyncClient)

Configures the builder based on the passed BlobAsyncClient. This will set the HttpPipeline, URL and BlobServiceVersion that are used to interact with the service. Note that the underlying pipeline should not already be configured for encryption/decryption.

If pipeline is set, all other settings are ignored, aside from endpoint(String endpoint) and serviceVersion(BlobServiceVersion version).

Note that for security reasons, this method does not copy over the CustomerProvidedKey and encryption scope properties from the provided client. To set CPK, please use customerProvidedKey(CustomerProvidedKey customerProvidedKey).

Parameters:

blobAsyncClient - BlobAsyncClient used to configure the builder.

Returns:

the updated EncryptedBlobClientBuilder object

blobClient

public EncryptedBlobClientBuilder blobClient(BlobClient blobClient)

Configures the builder based on the passed BlobClient. This will set the HttpPipeline, URL and BlobServiceVersion that are used to interact with the service. Note that the underlying pipeline should not already be configured for encryption/decryption.

If pipeline is set, all other settings are ignored, aside from endpoint(String endpoint) and serviceVersion(BlobServiceVersion version).

Note that for security reasons, this method does not copy over the CustomerProvidedKey and encryption scope properties from the provided client. To set CPK, please use customerProvidedKey(CustomerProvidedKey customerProvidedKey).

Parameters:

blobClient - BlobClient used to configure the builder.

Returns:

the updated EncryptedBlobClientBuilder object

blobName

public EncryptedBlobClientBuilder blobName(String blobName)

Sets the name of the blob.

Parameters:

blobName - Name of the blob. If the blob name contains special characters, pass in the url encoded version of the blob name.

Returns:

the updated EncryptedBlobClientBuilder object

buildEncryptedBlobAsyncClient

public EncryptedBlobAsyncClient buildEncryptedBlobAsyncClient()

Creates a EncryptedBlobAsyncClient based on options set in the Builder.

Code Samples

EncryptedBlobClient client = new EncryptedBlobClientBuilder()
     .key(key, keyWrapAlgorithm)
     .keyResolver(keyResolver)
     .connectionString(connectionString)
     .containerName("<YOUR CONTAINER NAME>")
     .blobName("<YOUR BLOB NAME>")
     .buildEncryptedBlobClient();

Returns:

a EncryptedBlobAsyncClient created from the configurations in this builder.

buildEncryptedBlobClient

public EncryptedBlobClient buildEncryptedBlobClient()

Creates a EncryptedBlobClient based on options set in the Builder.

Code Samples

EncryptedBlobAsyncClient client = new EncryptedBlobClientBuilder()
     .key(key, keyWrapAlgorithm)
     .keyResolver(keyResolver)
     .connectionString(connectionString)
     .containerName("<YOUR CONTAINER NAME>")
     .blobName("<YOUR BLOB NAME>")
     .buildEncryptedBlobAsyncClient();

Returns:

a EncryptedBlobClient created from the configurations in this builder.

clientOptions

public EncryptedBlobClientBuilder clientOptions(ClientOptions clientOptions)

Allows for setting common properties such as application ID, headers, proxy configuration, etc. Note that it is recommended that this method be called with an instance of the HttpClientOptions class (a subclass of the ClientOptions base class). The HttpClientOptions subclass provides more configuration options suitable for HTTP clients, which is applicable for any class that implements this HttpTrait interface.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

clientOptions - A configured instance of HttpClientOptions.

Returns:

the updated EncryptedBlobClientBuilder object

clientSideEncryptionOptions

public EncryptedBlobClientBuilder clientSideEncryptionOptions(BlobClientSideEncryptionOptions clientSideEncryptionOptions)

Sets the encryption options for the blob.

Parameters:

clientSideEncryptionOptions - The BlobClientSideEncryptionOptions for the blob.

Returns:

the updated EncryptedBlobClientBuilder object

configuration

public EncryptedBlobClientBuilder configuration(Configuration configuration)

Sets the configuration object used to retrieve environment configuration values during building of the client.

Parameters:

configuration - Configuration store used to retrieve environment configurations.

Returns:

the updated EncryptedBlobClientBuilder object

connectionString

public EncryptedBlobClientBuilder connectionString(String connectionString)

Sets the connection string to connect to the service.

Parameters:

connectionString - Connection string of the storage account.

Returns:

the updated EncryptedBlobClientBuilder

containerName

public EncryptedBlobClientBuilder containerName(String containerName)

Sets the name of the container that contains the blob.

Parameters:

containerName - Name of the container. If the value null or empty the root container, $root, will be used.

Returns:

the updated EncryptedBlobClientBuilder object

credential

public EncryptedBlobClientBuilder credential(AzureNamedKeyCredential credential)

Sets the AzureNamedKeyCredential used to authorize requests sent to the service.

Parameters:

credential - AzureNamedKeyCredential.

Returns:

the updated EncryptedBlobClientBuilder

credential

public EncryptedBlobClientBuilder credential(AzureSasCredential credential)

Sets the AzureSasCredential used to authorize requests sent to the service.

Parameters:

credential - AzureSasCredential used to authorize requests sent to the service.

Returns:

the updated EncryptedBlobClientBuilder

credential

public EncryptedBlobClientBuilder credential(TokenCredential credential)

Sets the TokenCredential used to authorize requests sent to the service. Refer to the Azure SDK for Java identity and authentication documentation for more details on proper usage of the TokenCredential type.

Parameters:

credential - TokenCredential used to authorize requests sent to the service.

Returns:

the updated EncryptedBlobClientBuilder

credential

public EncryptedBlobClientBuilder credential(StorageSharedKeyCredential credential)

Sets the StorageSharedKeyCredential used to authorize requests sent to the service.

Parameters:

Returns:

the updated EncryptedBlobClientBuilder

customerProvidedKey

public EncryptedBlobClientBuilder customerProvidedKey(CustomerProvidedKey customerProvidedKey)

Sets the CustomerProvidedKey that is used to encrypt blob contents on the server.

Parameters:

customerProvidedKey - CustomerProvidedKey

Returns:

the updated EncryptedBlobClientBuilder object

encryptionScope

public EncryptedBlobClientBuilder encryptionScope(String encryptionScope)

Sets the encryption scope that is used to encrypt blob contents on the server.

Parameters:

encryptionScope - Encryption scope containing the encryption key information.

Returns:

the updated EncryptedBlobClientBuilder object

endpoint

public EncryptedBlobClientBuilder endpoint(String endpoint)

Sets the service endpoint, additionally parses it for information (SAS token, container name, blob name)

If the endpoint is to a blob in the root container, this method will fail as it will interpret the blob name as the container name. With only one path element, it is impossible to distinguish between a container name and a blob in the root container, so it is assumed to be the container name as this is much more common. When working with blobs in the root container, it is best to set the endpoint to the account url and specify the blob name separately using the blobName(String blobName) method.

Parameters:

endpoint - URL of the service

Returns:

the updated EncryptedBlobClientBuilder object

getDefaultHttpLogOptions

public static HttpLogOptions getDefaultHttpLogOptions()

Gets the default Storage allowlist log headers and query parameters.

Returns:

the default http log options.

httpClient

public EncryptedBlobClientBuilder httpClient(HttpClient httpClient)

Sets the HttpClient to use for sending and receiving requests to and from the service.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

httpClient - The HttpClient to use for requests.

Returns:

the updated EncryptedBlobClientBuilder object

httpLogOptions

public EncryptedBlobClientBuilder httpLogOptions(HttpLogOptions logOptions)

Sets the HttpLogOptions to use when sending and receiving requests to and from the service. If a logLevel is not provided, default value of HttpLogDetailLevel#NONE is set.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Parameters:

logOptions - The HttpLogOptions to use when sending and receiving requests to and from the service.

Returns:

the updated EncryptedBlobClientBuilder object

key

public EncryptedBlobClientBuilder key(AsyncKeyEncryptionKey key, String keyWrapAlgorithm)

Sets the encryption key parameters for the client

Parameters:

key - An object of type AsyncKeyEncryptionKey that is used to wrap/unwrap the content encryption key
keyWrapAlgorithm - The String used to wrap the key.

Returns:

the updated EncryptedBlobClientBuilder object

keyResolver

public EncryptedBlobClientBuilder keyResolver(AsyncKeyEncryptionKeyResolver keyResolver)

Sets the encryption parameters for this client

Parameters:

keyResolver - The key resolver used to select the correct key for decrypting existing blobs.

Returns:

the updated EncryptedBlobClientBuilder object

pipeline

public EncryptedBlobClientBuilder pipeline(HttpPipeline httpPipeline)

Sets the HttpPipeline to use for the service client.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

The endpoint(String endpoint) and customerProvidedKey(CustomerProvidedKey customerProvidedKey) are not ignored when pipeline is set.

Parameters:

httpPipeline

Returns:

the updated EncryptedBlobClientBuilder object

requiresEncryption

public EncryptedBlobClientBuilder requiresEncryption(boolean requiresEncryption)

Sets the requires encryption option.

Parameters:

requiresEncryption - Whether encryption is enforced by this client. Client will throw if data is downloaded and it is not encrypted.

Returns:

the updated EncryptedBlobClientBuilder object

retryOptions

public EncryptedBlobClientBuilder retryOptions(RetryOptions retryOptions)

Sets the RetryOptions for all the requests made through the client.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Setting this is mutually exclusive with using retryOptions(RequestRetryOptions retryOptions). Consider using retryOptions(RequestRetryOptions retryOptions) to also set storage specific options.

Parameters:

retryOptions - The RetryOptions to use for all the requests made through the client.

Returns:

the updated EncryptedBlobClientBuilder object

retryOptions

public EncryptedBlobClientBuilder retryOptions(RequestRetryOptions retryOptions)

Sets the request retry options for all the requests made through the client.

Setting this is mutually exclusive with using retryOptions(RetryOptions retryOptions).

Parameters:

retryOptions - RequestRetryOptions.

Returns:

the updated EncryptedBlobClientBuilder object.

sasToken

public EncryptedBlobClientBuilder sasToken(String sasToken)

Sets the SAS token used to authorize requests sent to the service.

Parameters:

sasToken - The SAS token to use for authenticating requests. This string should only be the query parameters (with or without a leading '?') and not a full url.

Returns:

the updated EncryptedBlobClientBuilder

serviceVersion

public EncryptedBlobClientBuilder serviceVersion(BlobServiceVersion version)

Sets the BlobServiceVersion that is used when making API requests.

If a service version is not provided, the service version that will be used will be the latest known service version based on the version of the client library being used. If no service version is specified, updating to a newer version of the client library will have the result of potentially moving to a newer service version.

Targeting a specific service version may also mean that the service will return an error for newer APIs.

Parameters:

version - BlobServiceVersion of the service to be used when making requests.

Returns:

the updated EncryptedBlobClientBuilder object

setAnonymousAccess

public EncryptedBlobClientBuilder setAnonymousAccess()

Clears the credential used to authorize the request.

This is for blobs that are publicly accessible.

Returns:

the updated EncryptedBlobClientBuilder

snapshot

public EncryptedBlobClientBuilder snapshot(String snapshot)

Sets the snapshot identifier of the blob.

Parameters:

snapshot - Snapshot identifier for the blob.

Returns:

the updated EncryptedBlobClientBuilder object

versionId

public EncryptedBlobClientBuilder versionId(String versionId)

Sets the version identifier of the blob.

Parameters:

versionId - Version identifier for the blob, pass null to interact with the latest blob version.

Returns:

the updated EncryptedBlobClientBuilder object

Applies to