Package com.azure.storage.blob.specialized.cryptography

Class EncryptedBlobClientBuilder

java.lang.Object
com.azure.storage.blob.specialized.cryptography.EncryptedBlobClientBuilder
All Implemented Interfaces:
com.azure.core.client.traits.AzureNamedKeyCredentialTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.AzureSasCredentialTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.ConfigurationTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.ConnectionStringTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.EndpointTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.HttpTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.TokenCredentialTrait<EncryptedBlobClientBuilder>
public final class EncryptedBlobClientBuilder extends Object implements com.azure.core.client.traits.TokenCredentialTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.ConnectionStringTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.AzureNamedKeyCredentialTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.AzureSasCredentialTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.HttpTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.ConfigurationTrait<EncryptedBlobClientBuilder>, com.azure.core.client.traits.EndpointTrait<EncryptedBlobClientBuilder>
This class provides a fluent builder API to help aid the configuration and instantiation of Storage Blob clients.

The following information must be provided on this builder:

Once all the configurations are set on this builder use the following mapping to construct the given client:

  • Constructor Details

    • EncryptedBlobClientBuilder

      @Deprecated public EncryptedBlobClientBuilder()
      Deprecated.
      Use EncryptedBlobClientBuilder(EncryptionVersion).
      Creates a new instance of the EncryptedBlobClientBuilder

    • EncryptedBlobClientBuilder

      public EncryptedBlobClientBuilder(EncryptionVersion version)
      Creates a new instance of the EncryptedBlobClientbuilder.
      Parameters:
      version - The version of the client side encryption protocol to use. It is highly recommended that v2 be preferred for security reasons, though v1 continues to be supported for compatibility reasons. Note that even a client configured to encrypt using v2 can decrypt blobs that use the v1 protocol.

  • Method Details

    • buildEncryptedBlobClient

      public EncryptedBlobClient buildEncryptedBlobClient()
      Creates a EncryptedBlobClient based on options set in the Builder.

      Code Samples

       EncryptedBlobAsyncClient client = new EncryptedBlobClientBuilder()
     .key(key, keyWrapAlgorithm)
     .keyResolver(keyResolver)
     .connectionString(connectionString)
     .containerName("<YOUR CONTAINER NAME>")
     .blobName("<YOUR BLOB NAME>")
     .buildEncryptedBlobAsyncClient();
      Returns:
      a EncryptedBlobClient created from the configurations in this builder.
      Throws:
      NullPointerException - If endpoint, containerName, or blobName is null.
      IllegalStateException - If multiple credentials have been specified.
      IllegalStateException - If both retryOptions(RetryOptions) and retryOptions(RequestRetryOptions) have been set.

    • buildEncryptedBlobAsyncClient

      public EncryptedBlobAsyncClient buildEncryptedBlobAsyncClient()
      Creates a EncryptedBlobAsyncClient based on options set in the Builder.

      Code Samples

       EncryptedBlobClient client = new EncryptedBlobClientBuilder()
     .key(key, keyWrapAlgorithm)
     .keyResolver(keyResolver)
     .connectionString(connectionString)
     .containerName("<YOUR CONTAINER NAME>")
     .blobName("<YOUR BLOB NAME>")
     .buildEncryptedBlobClient();
      Returns:
      a EncryptedBlobAsyncClient created from the configurations in this builder.
      Throws:
      NullPointerException - If endpoint, containerName, or blobName is null.
      IllegalStateException - If multiple credentials have been specified.
      IllegalStateException - If both retryOptions(RetryOptions) and retryOptions(RequestRetryOptions) have been set.

    • key

      public EncryptedBlobClientBuilder key(com.azure.core.cryptography.AsyncKeyEncryptionKey key, String keyWrapAlgorithm)
      Sets the encryption key parameters for the client
      Parameters:
      key - An object of type AsyncKeyEncryptionKey that is used to wrap/unwrap the content encryption key
      keyWrapAlgorithm - The String used to wrap the key.
      Returns:
      the updated EncryptedBlobClientBuilder object

    • keyResolver

      public EncryptedBlobClientBuilder keyResolver(com.azure.core.cryptography.AsyncKeyEncryptionKeyResolver keyResolver)
      Sets the encryption parameters for this client
      Parameters:
      keyResolver - The key resolver used to select the correct key for decrypting existing blobs.
      Returns:
      the updated EncryptedBlobClientBuilder object

    • credential

      public EncryptedBlobClientBuilder credential(com.azure.storage.common.StorageSharedKeyCredential credential)
      Sets the StorageSharedKeyCredential used to authorize requests sent to the service.
      Parameters:
      credential - StorageSharedKeyCredential.
      Returns:
      the updated EncryptedBlobClientBuilder
      Throws:
      NullPointerException - If credential is null.

    • credential

      public EncryptedBlobClientBuilder credential(com.azure.core.credential.AzureNamedKeyCredential credential)
      Sets the AzureNamedKeyCredential used to authorize requests sent to the service.
      Specified by:
      credential in interface com.azure.core.client.traits.AzureNamedKeyCredentialTrait<EncryptedBlobClientBuilder>
      Parameters:
      credential - AzureNamedKeyCredential.
      Returns:
      the updated EncryptedBlobClientBuilder
      Throws:
      NullPointerException - If credential is null.

    • credential

      public EncryptedBlobClientBuilder credential(com.azure.core.credential.TokenCredential credential)
      Sets the TokenCredential used to authorize requests sent to the service. Refer to the Azure SDK for Java identity and authentication documentation for more details on proper usage of the TokenCredential type.
      Specified by:
      credential in interface com.azure.core.client.traits.TokenCredentialTrait<EncryptedBlobClientBuilder>
      Parameters:
      credential - TokenCredential used to authorize requests sent to the service.
      Returns:
      the updated EncryptedBlobClientBuilder
      Throws:
      NullPointerException - If credential is null.

    • sasToken

      public EncryptedBlobClientBuilder sasToken(String sasToken)
      Sets the SAS token used to authorize requests sent to the service.
      Parameters:
      sasToken - The SAS token to use for authenticating requests. This string should only be the query parameters (with or without a leading '?') and not a full url.
      Returns:
      the updated EncryptedBlobClientBuilder
      Throws:
      NullPointerException - If sasToken is null.

    • credential

      public EncryptedBlobClientBuilder credential(com.azure.core.credential.AzureSasCredential credential)
      Sets the AzureSasCredential used to authorize requests sent to the service.
      Specified by:
      credential in interface com.azure.core.client.traits.AzureSasCredentialTrait<EncryptedBlobClientBuilder>
      Parameters:
      credential - AzureSasCredential used to authorize requests sent to the service.
      Returns:
      the updated EncryptedBlobClientBuilder
      Throws:
      NullPointerException - If credential is null.

    • setAnonymousAccess

      public EncryptedBlobClientBuilder setAnonymousAccess()
      Clears the credential used to authorize the request.

      This is for blobs that are publicly accessible.

      Returns:
      the updated EncryptedBlobClientBuilder

    • connectionString

      public EncryptedBlobClientBuilder connectionString(String connectionString)
      Sets the connection string to connect to the service.
      Specified by:
      connectionString in interface com.azure.core.client.traits.ConnectionStringTrait<EncryptedBlobClientBuilder>
      Parameters:
      connectionString - Connection string of the storage account.
      Returns:
      the updated EncryptedBlobClientBuilder
      Throws:
      IllegalArgumentException - If connectionString is invalid.

    • endpoint

      public EncryptedBlobClientBuilder endpoint(String endpoint)
      Sets the service endpoint, additionally parses it for information (SAS token, container name, blob name)

      If the blob name contains special characters, pass in the url encoded version of the blob name.

      If the endpoint is to a blob in the root container, this method will fail as it will interpret the blob name as the container name. With only one path element, it is impossible to distinguish between a container name and a blob in the root container, so it is assumed to be the container name as this is much more common. When working with blobs in the root container, it is best to set the endpoint to the account url and specify the blob name separately using the blobName method.

      Specified by:
      endpoint in interface com.azure.core.client.traits.EndpointTrait<EncryptedBlobClientBuilder>
      Parameters:
      endpoint - URL of the service
      Returns:
      the updated EncryptedBlobClientBuilder object
      Throws:
      IllegalArgumentException - If endpoint is null or is a malformed URL.

    • containerName

      public EncryptedBlobClientBuilder containerName(String containerName)
      Sets the name of the container that contains the blob.
      Parameters:
      containerName - Name of the container. If the value null or empty the root container, $root, will be used.
      Returns:
      the updated EncryptedBlobClientBuilder object

    • blobName

      public EncryptedBlobClientBuilder blobName(String blobName)
      Sets the name of the blob.
      Parameters:
      blobName - Name of the blob. If the blob name contains special characters, pass in the url encoded version of the blob name.
      Returns:
      the updated EncryptedBlobClientBuilder object
      Throws:
      NullPointerException - If blobName is null

    • snapshot

      public EncryptedBlobClientBuilder snapshot(String snapshot)
      Sets the snapshot identifier of the blob.
      Parameters:
      snapshot - Snapshot identifier for the blob.
      Returns:
      the updated EncryptedBlobClientBuilder object

    • versionId

      public EncryptedBlobClientBuilder versionId(String versionId)
      Sets the version identifier of the blob.
      Parameters:
      versionId - Version identifier for the blob, pass null to interact with the latest blob version.
      Returns:
      the updated EncryptedBlobClientBuilder object

    • httpClient

      public EncryptedBlobClientBuilder httpClient(com.azure.core.http.HttpClient httpClient)
      Sets the HttpClient to use for sending and receiving requests to and from the service.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      Specified by:
      httpClient in interface com.azure.core.client.traits.HttpTrait<EncryptedBlobClientBuilder>
      Parameters:
      httpClient - The HttpClient to use for requests.
      Returns:
      the updated EncryptedBlobClientBuilder object

    • addPolicy

      public EncryptedBlobClientBuilder addPolicy(com.azure.core.http.policy.HttpPipelinePolicy pipelinePolicy)
      Adds a pipeline policy to apply on each request sent.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      Specified by:
      addPolicy in interface com.azure.core.client.traits.HttpTrait<EncryptedBlobClientBuilder>
      Parameters:
      pipelinePolicy - A pipeline policy.
      Returns:
      the updated EncryptedBlobClientBuilder object
      Throws:
      NullPointerException - If pipelinePolicy is null.

    • httpLogOptions

      public EncryptedBlobClientBuilder httpLogOptions(com.azure.core.http.policy.HttpLogOptions logOptions)
      Sets the logging configuration to use when sending and receiving requests to and from the service. If a logLevel is not provided, default value of HttpLogDetailLevel.NONE is set.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      Specified by:
      httpLogOptions in interface com.azure.core.client.traits.HttpTrait<EncryptedBlobClientBuilder>
      Parameters:
      logOptions - The logging configuration to use when sending and receiving requests to and from the service.
      Returns:
      the updated EncryptedBlobClientBuilder object
      Throws:
      NullPointerException - If logOptions is null.

    • getDefaultHttpLogOptions

      public static com.azure.core.http.policy.HttpLogOptions getDefaultHttpLogOptions()
      Gets the default Storage allowlist log headers and query parameters.
      Returns:
      the default http log options.

    • configuration

      public EncryptedBlobClientBuilder configuration(com.azure.core.util.Configuration configuration)
      Sets the configuration object used to retrieve environment configuration values during building of the client.
      Specified by:
      configuration in interface com.azure.core.client.traits.ConfigurationTrait<EncryptedBlobClientBuilder>
      Parameters:
      configuration - Configuration store used to retrieve environment configurations.
      Returns:
      the updated EncryptedBlobClientBuilder object

    • retryOptions

      public EncryptedBlobClientBuilder retryOptions(com.azure.storage.common.policy.RequestRetryOptions retryOptions)
      Sets the request retry options for all the requests made through the client. Setting this is mutually exclusive with using retryOptions(RetryOptions).
      Parameters:
      retryOptions - RequestRetryOptions.
      Returns:
      the updated EncryptedBlobClientBuilder object.

    • retryOptions

      public EncryptedBlobClientBuilder retryOptions(com.azure.core.http.policy.RetryOptions retryOptions)
      Sets the RetryOptions for all the requests made through the client.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      Setting this is mutually exclusive with using retryOptions(RequestRetryOptions). Consider using retryOptions(RequestRetryOptions) to also set storage specific options.

      Specified by:
      retryOptions in interface com.azure.core.client.traits.HttpTrait<EncryptedBlobClientBuilder>
      Parameters:
      retryOptions - The RetryOptions to use for all the requests made through the client.
      Returns:
      the updated EncryptedBlobClientBuilder object

    • pipeline

      public EncryptedBlobClientBuilder pipeline(com.azure.core.http.HttpPipeline httpPipeline)
      Sets the HttpPipeline to use for the service client.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      The endpoint and customer provided key are not ignored when pipeline is set.

      Specified by:
      pipeline in interface com.azure.core.client.traits.HttpTrait<EncryptedBlobClientBuilder>
      Returns:
      the updated EncryptedBlobClientBuilder object

    • clientOptions

      public EncryptedBlobClientBuilder clientOptions(com.azure.core.util.ClientOptions clientOptions)
      Allows for setting common properties such as application ID, headers, proxy configuration, etc. Note that it is recommended that this method be called with an instance of the HttpClientOptions class (a subclass of the ClientOptions base class). The HttpClientOptions subclass provides more configuration options suitable for HTTP clients, which is applicable for any class that implements this HttpTrait interface.

      Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

      Specified by:
      clientOptions in interface com.azure.core.client.traits.HttpTrait<EncryptedBlobClientBuilder>
      Parameters:
      clientOptions - A configured instance of HttpClientOptions.
      Returns:
      the updated EncryptedBlobClientBuilder object
      Throws:
      NullPointerException - If clientOptions is null.
      See Also:
      • HttpClientOptions

    • serviceVersion

      public EncryptedBlobClientBuilder serviceVersion(BlobServiceVersion version)
      Sets the BlobServiceVersion that is used when making API requests.

      If a service version is not provided, the service version that will be used will be the latest known service version based on the version of the client library being used. If no service version is specified, updating to a newer version of the client library will have the result of potentially moving to a newer service version.

      Targeting a specific service version may also mean that the service will return an error for newer APIs.

      Parameters:
      version - BlobServiceVersion of the service to be used when making requests.
      Returns:
      the updated EncryptedBlobClientBuilder object

    • customerProvidedKey

      public EncryptedBlobClientBuilder customerProvidedKey(CustomerProvidedKey customerProvidedKey)
      Sets the customer provided key that is used to encrypt blob contents on the server.
      Parameters:
      customerProvidedKey - CustomerProvidedKey
      Returns:
      the updated EncryptedBlobClientBuilder object

    • encryptionScope

      public EncryptedBlobClientBuilder encryptionScope(String encryptionScope)
      Sets the encryption scope that is used to encrypt blob contents on the server.
      Parameters:
      encryptionScope - Encryption scope containing the encryption key information.
      Returns:
      the updated EncryptedBlobClientBuilder object

    • blobClient

      public EncryptedBlobClientBuilder blobClient(BlobClient blobClient)
      Configures the builder based on the passed BlobClient. This will set the HttpPipeline, URL and BlobServiceVersion that are used to interact with the service. Note that the underlying pipeline should not already be configured for encryption/decryption.

      If pipeline is set, all other settings are ignored, aside from endpoint and serviceVersion.

      Note that for security reasons, this method does not copy over the CustomerProvidedKey and encryption scope properties from the provided client. To set CPK, please use customerProvidedKey(CustomerProvidedKey).

      Parameters:
      blobClient - BlobClient used to configure the builder.
      Returns:
      the updated EncryptedBlobClientBuilder object
      Throws:
      NullPointerException - If containerClient is null.

    • blobAsyncClient

      public EncryptedBlobClientBuilder blobAsyncClient(BlobAsyncClient blobAsyncClient)
      Configures the builder based on the passed BlobAsyncClient. This will set the HttpPipeline, URL and BlobServiceVersion that are used to interact with the service. Note that the underlying pipeline should not already be configured for encryption/decryption.

      If pipeline is set, all other settings are ignored, aside from endpoint and serviceVersion.

      Note that for security reasons, this method does not copy over the CustomerProvidedKey and encryption scope properties from the provided client. To set CPK, please use customerProvidedKey(CustomerProvidedKey).

      Parameters:
      blobAsyncClient - BlobAsyncClient used to configure the builder.
      Returns:
      the updated EncryptedBlobClientBuilder object
      Throws:
      NullPointerException - If containerClient is null.

    • requiresEncryption

      public EncryptedBlobClientBuilder requiresEncryption(boolean requiresEncryption)
      Sets the requires encryption option.
      Parameters:
      requiresEncryption - Whether encryption is enforced by this client. Client will throw if data is downloaded and it is not encrypted.
      Returns:
      the updated EncryptedBlobClientBuilder object