Package com.azure.storage.blob.specialized.cryptography

Class EncryptedBlobClient

java.lang.Object
com.azure.storage.blob.specialized.BlobClientBase
com.azure.storage.blob.BlobClient
com.azure.storage.blob.specialized.cryptography.EncryptedBlobClient
public class EncryptedBlobClient extends BlobClient
This class provides a client side encryption client that contains generic blob operations for Azure Storage Blobs. Operations allowed by the client are uploading, downloading and copying a blob, retrieving and setting metadata, retrieving and setting HTTP headers, and deleting and un-deleting a blob. The upload and download operation allow for encryption and decryption of the data client side. Note: setting metadata in particular is unsafe and should only be done so with caution.

Please refer to the Azure Docs For Client-Side Encryption for more information.

This client is instantiated through EncryptedBlobClientBuilder

For operations on a specific blob type (i.e. append, block, or page) use getAppendBlobClient, getBlockBlobClient, or getPageBlobAsyncClient to construct a client that allows blob specific operations. Note, these types do not support client-side encryption, though decryption is possible in case the associated block/page/append blob contains encrypted data.

Please refer to the Azure Docs for more information.

  • Method Details

    • getEncryptionScopeClient

      public EncryptedBlobClient getEncryptionScopeClient(String encryptionScope)
      Creates a new EncryptedBlobClient with the specified encryptionScope.
      Overrides:
      getEncryptionScopeClient in class BlobClient
      Parameters:
      encryptionScope - the encryption scope for the blob, pass null to use no encryption scope.
      Returns:
      a EncryptedBlobClient with the specified encryptionScope.

    • getCustomerProvidedKeyClient

      public EncryptedBlobClient getCustomerProvidedKeyClient(CustomerProvidedKey customerProvidedKey)
      Creates a new EncryptedBlobClient with the specified customerProvidedKey.
      Overrides:
      getCustomerProvidedKeyClient in class BlobClient
      Parameters:
      customerProvidedKey - the CustomerProvidedKey for the blob, pass null to use no customer provided key.
      Returns:
      a EncryptedBlobClient with the specified customerProvidedKey.

    • getBlobOutputStream

      public BlobOutputStream getBlobOutputStream()
      Creates and opens an output stream to write data to the block blob.

      Note: We recommend you call write with reasonably sized buffers, you can do so by wrapping the BlobOutputStream obtained below with a BufferedOutputStream.

      Returns:
      A BlobOutputStream object used to write data to the blob.
      Throws:
      BlobStorageException - If a storage service error occurred.

    • getBlobOutputStream

      public BlobOutputStream getBlobOutputStream(boolean overwrite)
      Creates and opens an output stream to write data to the block blob.

      Note: We recommend you call write with reasonably sized buffers, you can do so by wrapping the BlobOutputStream obtained below with a BufferedOutputStream.

      Parameters:
      overwrite - Whether to overwrite, should data exist on the blob.
      Returns:
      A BlobOutputStream object used to write data to the blob.
      Throws:
      BlobStorageException - If a storage service error occurred.

    • getBlobOutputStream

      public BlobOutputStream getBlobOutputStream(ParallelTransferOptions parallelTransferOptions, BlobHttpHeaders headers, Map<String,String> metadata, AccessTier tier, BlobRequestConditions requestConditions)
      Creates and opens an output stream to write data to the block blob. If the blob already exists on the service, it will be overwritten.

      To avoid overwriting, pass "*" to BlobRequestConditions.setIfNoneMatch(String).

      Note: We recommend you call write with reasonably sized buffers, you can do so by wrapping the BlobOutputStream obtained below with a BufferedOutputStream.

      Parameters:
      parallelTransferOptions - ParallelTransferOptions used to configure buffered uploading.
      headers - BlobHttpHeaders
      metadata - Metadata to associate with the blob. If there is leading or trailing whitespace in any metadata key or value, it must be removed or encoded.
      tier - AccessTier for the destination blob.
      requestConditions - BlobRequestConditions
      Returns:
      A BlobOutputStream object used to write data to the blob.
      Throws:
      BlobStorageException - If a storage service error occurred.

    • getBlobOutputStream

      public BlobOutputStream getBlobOutputStream(BlockBlobOutputStreamOptions options)
      Creates and opens an output stream to write data to the block blob. If the blob already exists on the service, it will be overwritten.

      To avoid overwriting, pass "*" to BlobRequestConditions.setIfNoneMatch(String).

      Note: We recommend you call write with reasonably sized buffers, you can do so by wrapping the BlobOutputStream obtained below with a BufferedOutputStream.

      Parameters:
      options - BlockBlobOutputStreamOptions
      Returns:
      A BlobOutputStream object used to write data to the blob.
      Throws:
      BlobStorageException - If a storage service error occurred.

    • uploadFromFile

      public void uploadFromFile(String filePath)
      Creates a new block blob, or updates the content of an existing block blob.

      Code Samples

       try {
     client.uploadFromFile(filePath);
     System.out.println("Upload from file succeeded");
 } catch (UncheckedIOException ex) {
     System.err.printf("Failed to upload from file %s%n", ex.getMessage());
 }
      Overrides:
      uploadFromFile in class BlobClient
      Parameters:
      filePath - Path of the file to upload

    • uploadFromFile

      public void uploadFromFile(String filePath, boolean overwrite)
      Creates a new block blob, or updates the content of an existing block blob.

      Code Samples

       try {
     boolean overwrite = false; // Default value
     client.uploadFromFile(filePath, overwrite);
     System.out.println("Upload from file succeeded");
 } catch (UncheckedIOException ex) {
     System.err.printf("Failed to upload from file %s%n", ex.getMessage());
 }
      Overrides:
      uploadFromFile in class BlobClient
      Parameters:
      filePath - Path of the file to upload
      overwrite - Whether to overwrite should data already exist on the blob

    • uploadFromFile

      public void uploadFromFile(String filePath, ParallelTransferOptions parallelTransferOptions, BlobHttpHeaders headers, Map<String,String> metadata, AccessTier tier, BlobRequestConditions requestConditions, Duration timeout) throws UncheckedIOException
      Creates a new block blob, or updates the content of an existing block blob.

      Code Samples

       BlobHttpHeaders headers = new BlobHttpHeaders()
     .setContentMd5("data".getBytes(StandardCharsets.UTF_8))
     .setContentLanguage("en-US")
     .setContentType("binary");

 Map<String, String> metadata = new HashMap<>(Collections.singletonMap("metadata", "value"));
 BlobRequestConditions requestConditions = new BlobRequestConditions()
     .setLeaseId(leaseId)
     .setIfUnmodifiedSince(OffsetDateTime.now().minusDays(3));
 long blockSize = 100 * 1024 * 1024; // 100 MB;
 ParallelTransferOptions parallelTransferOptions = new ParallelTransferOptions().setBlockSizeLong(blockSize);

 try {
     client.uploadFromFile(filePath, parallelTransferOptions, headers, metadata, AccessTier.HOT,
         requestConditions, timeout);
     System.out.println("Upload from file succeeded");
 } catch (UncheckedIOException ex) {
     System.err.printf("Failed to upload from file %s%n", ex.getMessage());
 }
      Overrides:
      uploadFromFile in class BlobClient
      Parameters:
      filePath - Path of the file to upload
      parallelTransferOptions - ParallelTransferOptions to use to upload from file. Number of parallel transfers parameter is ignored.
      headers - BlobHttpHeaders
      metadata - Metadata to associate with the blob. If there is leading or trailing whitespace in any metadata key or value, it must be removed or encoded.
      tier - AccessTier for the uploaded blob
      requestConditions - BlobRequestConditions
      timeout - An optional timeout value beyond which a RuntimeException will be raised.
      Throws:
      UncheckedIOException - If an I/O error occurs

    • uploadFromFileWithResponse

      public com.azure.core.http.rest.Response<BlockBlobItem> uploadFromFileWithResponse(BlobUploadFromFileOptions options, Duration timeout, com.azure.core.util.Context context) throws UncheckedIOException
      Creates a new block blob, or updates the content of an existing block blob.

      Code Samples

       BlobHttpHeaders headers = new BlobHttpHeaders()
     .setContentMd5("data".getBytes(StandardCharsets.UTF_8))
     .setContentLanguage("en-US")
     .setContentType("binary");

 Map<String, String> metadata = new HashMap<>(Collections.singletonMap("metadata", "value"));
 Map<String, String> tags = new HashMap<>(Collections.singletonMap("tag", "value"));
 BlobRequestConditions requestConditions = new BlobRequestConditions()
     .setLeaseId(leaseId)
     .setIfUnmodifiedSince(OffsetDateTime.now().minusDays(3));
 long blockSize = 100 * 1024 * 1024; // 100 MB;
 ParallelTransferOptions parallelTransferOptions = new ParallelTransferOptions().setBlockSizeLong(blockSize);

 try {
     client.uploadFromFileWithResponse(new BlobUploadFromFileOptions(filePath)
         .setParallelTransferOptions(parallelTransferOptions).setHeaders(headers).setMetadata(metadata)
         .setTags(tags).setTier(AccessTier.HOT).setRequestConditions(requestConditions), timeout,
         Context.NONE);
     System.out.println("Upload from file succeeded");
 } catch (UncheckedIOException ex) {
     System.err.printf("Failed to upload from file %s%n", ex.getMessage());
 }
      Overrides:
      uploadFromFileWithResponse in class BlobClient
      Parameters:
      options - BlobUploadFromFileOptions
      timeout - An optional timeout value beyond which a RuntimeException will be raised.
      context - Additional context that is passed through the Http pipeline during the service call.
      Returns:
      Information about the uploaded block blob.
      Throws:
      UncheckedIOException - If an I/O error occurs

    • getAppendBlobClient

      public AppendBlobClient getAppendBlobClient()
      Unsupported.
      Overrides:
      getAppendBlobClient in class BlobClient

    • getBlockBlobClient

      public BlockBlobClient getBlockBlobClient()
      Unsupported.
      Overrides:
      getBlockBlobClient in class BlobClient

    • getPageBlobClient

      public PageBlobClient getPageBlobClient()
      Unsupported.
      Overrides:
      getPageBlobClient in class BlobClient

    • openQueryInputStream

      public InputStream openQueryInputStream(String expression)
      Unsupported. Cannot query data encrypted on client side.
      Overrides:
      openQueryInputStream in class BlobClientBase

    • openQueryInputStreamWithResponse

      public com.azure.core.http.rest.Response<InputStream> openQueryInputStreamWithResponse(BlobQueryOptions queryOptions)
      Unsupported. Cannot query data encrypted on client side.
      Overrides:
      openQueryInputStreamWithResponse in class BlobClientBase

    • query

      public void query(OutputStream stream, String expression)
      Unsupported. Cannot query data encrypted on client side.
      Overrides:
      query in class BlobClientBase

    • queryWithResponse

      public BlobQueryResponse queryWithResponse(BlobQueryOptions queryOptions, Duration timeout, com.azure.core.util.Context context)
      Unsupported. Cannot query data encrypted on client side.
      Overrides:
      queryWithResponse in class BlobClientBase