EncryptedBlobClient Class

Package:

com.azure.storage.blob.specialized.cryptography

Maven Artifact:

com.azure:azure-storage-blob-cryptography:12.24.4

• java.lang.Object
• • com.azure.storage.blob.specialized.BlobClientBase
  • • com.azure.storage.blob.BlobClient
    • • com.azure.storage.blob.specialized.cryptography.EncryptedBlobClient

public class EncryptedBlobClient
extends BlobClient

This class provides a client side encryption client that contains generic blob operations for Azure Storage Blobs. Operations allowed by the client are uploading, downloading and copying a blob, retrieving and setting metadata, retrieving and setting HTTP headers, and deleting and un-deleting a blob. The upload and download operation allow for encryption and decryption of the data client side. Note: setting metadata in particular is unsafe and should only be done so with caution.

Please refer to the Azure Docs For Client-Side Encryption for more information.

This client is instantiated through EncryptedBlobClientBuilder

For operations on a specific blob type (i.e. append, block, or page) use getAppendBlobClient(), getBlockBlobClient(), or getPageBlobClient() to construct a client that allows blob specific operations. Note, these types do not support client-side encryption, though decryption is possible in case the associated block/page/append blob contains encrypted data.

Please refer to the Azure Docs for more information.

Method Summary

Modifier and Type	Method and Description
void	download(OutputStream stream)
BinaryData	downloadContent()
BlobDownloadContentResponse	downloadContentWithResponse(DownloadRetryOptions options, BlobRequestConditions requestConditions, Duration timeout, Context context)
void	downloadStream(OutputStream stream)
BlobDownloadResponse	downloadStreamWithResponse(OutputStream stream, BlobRange range, DownloadRetryOptions options, BlobRequestConditions requestConditions, boolean getRangeContentMd5, Duration timeout, Context context)
BlobProperties	downloadToFile(String filePath)
BlobProperties	downloadToFile(String filePath, boolean overwrite)
Response<BlobProperties>	downloadToFileWithResponse(BlobDownloadToFileOptions options, Duration timeout, Context context)
Response<BlobProperties>	downloadToFileWithResponse(String filePath, BlobRange range, ParallelTransferOptions parallelTransferOptions, DownloadRetryOptions downloadRetryOptions, BlobRequestConditions requestConditions, boolean rangeGetContentMd5, Duration timeout, Context context)
Response<BlobProperties>	downloadToFileWithResponse(String filePath, BlobRange range, ParallelTransferOptions parallelTransferOptions, DownloadRetryOptions downloadRetryOptions, BlobRequestConditions requestConditions, boolean rangeGetContentMd5, Set<OpenOption> openOptions, Duration timeout, Context context)
BlobDownloadResponse	downloadWithResponse(OutputStream stream, BlobRange range, DownloadRetryOptions options, BlobRequestConditions requestConditions, boolean getRangeContentMd5, Duration timeout, Context context)
AppendBlobClient	getAppendBlobClient() Unsupported.
BlobOutputStream	getBlobOutputStream() Creates and opens an output stream to write data to the block blob.
BlobOutputStream	getBlobOutputStream(boolean overwrite) Creates and opens an output stream to write data to the block blob.
BlobOutputStream	getBlobOutputStream(ParallelTransferOptions parallelTransferOptions, BlobHttpHeaders headers, Map<String,String> metadata, AccessTier tier, BlobRequestConditions requestConditions) Creates and opens an output stream to write data to the block blob.
BlobOutputStream	getBlobOutputStream(BlockBlobOutputStreamOptions options) Creates and opens an output stream to write data to the block blob.
BlockBlobClient	getBlockBlobClient() Unsupported.
EncryptedBlobClient	getCustomerProvidedKeyClient(CustomerProvidedKey customerProvidedKey) Creates a new EncryptedBlobClient with the specified customerProvidedKey.
EncryptedBlobClient	getEncryptionScopeClient(String encryptionScope) Creates a new EncryptedBlobClient with the specified encryptionScope.
PageBlobClient	getPageBlobClient() Unsupported.
BlobInputStream	openInputStream()
BlobInputStream	openInputStream(BlobRange range, BlobRequestConditions requestConditions)
BlobInputStream	openInputStream(BlobInputStreamOptions options)
BlobInputStream	openInputStream(BlobInputStreamOptions options, Context context)
InputStream	openQueryInputStream(String expression) Unsupported.
Response<InputStream>	openQueryInputStreamWithResponse(BlobQueryOptions queryOptions) Unsupported.
void	query(OutputStream stream, String expression) Unsupported.
BlobQueryResponse	queryWithResponse(BlobQueryOptions queryOptions, Duration timeout, Context context) Unsupported.
void	uploadFromFile(String filePath) Creates a new block blob, or updates the content of an existing block blob.
void	uploadFromFile(String filePath, boolean overwrite) Creates a new block blob, or updates the content of an existing block blob.
void	uploadFromFile(String filePath, ParallelTransferOptions parallelTransferOptions, BlobHttpHeaders headers, Map<String,String> metadata, AccessTier tier, BlobRequestConditions requestConditions, Duration timeout) Creates a new block blob, or updates the content of an existing block blob.
Response<BlockBlobItem>	uploadFromFileWithResponse(BlobUploadFromFileOptions options, Duration timeout, Context context) Creates a new block blob, or updates the content of an existing block blob.

Methods inherited from BlobClient

getAppendBlobClient getBlockBlobClient getCustomerProvidedKeyClient getEncryptionScopeClient getPageBlobClient getSnapshotClient getVersionClient upload upload upload upload upload upload uploadFromFile uploadFromFile uploadFromFile uploadFromFileWithResponse uploadWithResponse uploadWithResponse uploadWithResponse

Methods inherited from BlobClientBase

abortCopyFromUrl abortCopyFromUrlWithResponse beginCopy beginCopy beginCopy copyFromUrl copyFromUrlWithResponse copyFromUrlWithResponse createSnapshot createSnapshotWithResponse delete deleteIfExists deleteIfExistsWithResponse deleteImmutabilityPolicy deleteImmutabilityPolicyWithResponse deleteWithResponse download downloadContent downloadContentWithResponse downloadStream downloadStreamWithResponse downloadToFile downloadToFile downloadToFileWithResponse downloadToFileWithResponse downloadToFileWithResponse downloadWithResponse exists existsWithResponse generateSas generateSas generateUserDelegationSas generateUserDelegationSas getAccountInfo getAccountInfoWithResponse getAccountName getAccountUrl getBlobName getBlobUrl getContainerClient getContainerName getCustomerProvidedKey getEncryptionScope getHttpPipeline getProperties getPropertiesWithResponse getServiceVersion getSnapshotId getTags getTagsWithResponse getVersionId isSnapshot openInputStream openInputStream openInputStream openInputStream openQueryInputStream openQueryInputStreamWithResponse openSeekableByteChannelRead query queryWithResponse setAccessTier setAccessTierWithResponse setAccessTierWithResponse setHttpHeaders setHttpHeadersWithResponse setImmutabilityPolicy setImmutabilityPolicyWithResponse setLegalHold setLegalHoldWithResponse setMetadata setMetadataWithResponse setTags setTagsWithResponse undelete undeleteWithResponse

Methods inherited from java.lang.Object

clone equals finalize getClass hashCode notify notifyAll toString wait wait wait

Method Details

download

@Deprecated
public void download(OutputStream stream)

Overrides:

EncryptedBlobClient.download(OutputStream stream)

Parameters:

stream

downloadContent

public BinaryData downloadContent()

Overrides:

EncryptedBlobClient.downloadContent()

downloadContentWithResponse

public BlobDownloadContentResponse downloadContentWithResponse(DownloadRetryOptions options, BlobRequestConditions requestConditions, Duration timeout, Context context)

Overrides:

EncryptedBlobClient.downloadContentWithResponse(DownloadRetryOptions options, BlobRequestConditions requestConditions, Duration timeout, Context context)

Parameters:

options

requestConditions

timeout

context

downloadStream

public void downloadStream(OutputStream stream)

Overrides:

EncryptedBlobClient.downloadStream(OutputStream stream)

Parameters:

stream

downloadStreamWithResponse

public BlobDownloadResponse downloadStreamWithResponse(OutputStream stream, BlobRange range, DownloadRetryOptions options, BlobRequestConditions requestConditions, boolean getRangeContentMd5, Duration timeout, Context context)

Overrides:

EncryptedBlobClient.downloadStreamWithResponse(OutputStream stream, BlobRange range, DownloadRetryOptions options, BlobRequestConditions requestConditions, boolean getRangeContentMd5, Duration timeout, Context context)

Parameters:

stream

range

options

requestConditions

getRangeContentMd5

timeout

context

downloadToFile

public BlobProperties downloadToFile(String filePath)

Overrides:

EncryptedBlobClient.downloadToFile(String filePath)

Parameters:

filePath

downloadToFile

public BlobProperties downloadToFile(String filePath, boolean overwrite)

Overrides:

EncryptedBlobClient.downloadToFile(String filePath, boolean overwrite)

Parameters:

filePath

overwrite

downloadToFileWithResponse

public Response downloadToFileWithResponse(BlobDownloadToFileOptions options, Duration timeout, Context context)

Overrides:

EncryptedBlobClient.downloadToFileWithResponse(BlobDownloadToFileOptions options, Duration timeout, Context context)

Parameters:

options

timeout

context

downloadToFileWithResponse

public Response downloadToFileWithResponse(String filePath, BlobRange range, ParallelTransferOptions parallelTransferOptions, DownloadRetryOptions downloadRetryOptions, BlobRequestConditions requestConditions, boolean rangeGetContentMd5, Duration timeout, Context context)

Overrides:

EncryptedBlobClient.downloadToFileWithResponse(String filePath, BlobRange range, ParallelTransferOptions parallelTransferOptions, DownloadRetryOptions downloadRetryOptions, BlobRequestConditions requestConditions, boolean rangeGetContentMd5, Duration timeout, Context context)

Parameters:

filePath

range

parallelTransferOptions

downloadRetryOptions

requestConditions

rangeGetContentMd5

timeout

context

downloadToFileWithResponse

public Response downloadToFileWithResponse(String filePath, BlobRange range, ParallelTransferOptions parallelTransferOptions, DownloadRetryOptions downloadRetryOptions, BlobRequestConditions requestConditions, boolean rangeGetContentMd5, Set openOptions, Duration timeout, Context context)

Overrides:

EncryptedBlobClient.downloadToFileWithResponse(String filePath, BlobRange range, ParallelTransferOptions parallelTransferOptions, DownloadRetryOptions downloadRetryOptions, BlobRequestConditions requestConditions, boolean rangeGetContentMd5, Set<OpenOption> openOptions, Duration timeout, Context context)

Parameters:

filePath

range

parallelTransferOptions

downloadRetryOptions

requestConditions

rangeGetContentMd5

openOptions

timeout

context

downloadWithResponse

@Deprecated
public BlobDownloadResponse downloadWithResponse(OutputStream stream, BlobRange range, DownloadRetryOptions options, BlobRequestConditions requestConditions, boolean getRangeContentMd5, Duration timeout, Context context)

Overrides:

EncryptedBlobClient.downloadWithResponse(OutputStream stream, BlobRange range, DownloadRetryOptions options, BlobRequestConditions requestConditions, boolean getRangeContentMd5, Duration timeout, Context context)

Parameters:

stream

range

options

requestConditions

getRangeContentMd5

timeout

context

getAppendBlobClient

public AppendBlobClient getAppendBlobClient()

Unsupported.

Overrides:

EncryptedBlobClient.getAppendBlobClient()

getBlobOutputStream

public BlobOutputStream getBlobOutputStream()

Creates and opens an output stream to write data to the block blob.

Note: We recommend you call write with reasonably sized buffers, you can do so by wrapping the BlobOutputStream obtained below with a BufferedOutputStream.

Returns:

A BlobOutputStream object used to write data to the blob.

getBlobOutputStream

public BlobOutputStream getBlobOutputStream(boolean overwrite)

Creates and opens an output stream to write data to the block blob.

Note: We recommend you call write with reasonably sized buffers, you can do so by wrapping the BlobOutputStream obtained below with a BufferedOutputStream.

Parameters:

overwrite - Whether to overwrite, should data exist on the blob.

Returns:

A BlobOutputStream object used to write data to the blob.

getBlobOutputStream

public BlobOutputStream getBlobOutputStream(ParallelTransferOptions parallelTransferOptions, BlobHttpHeaders headers, Map metadata, AccessTier tier, BlobRequestConditions requestConditions)

Creates and opens an output stream to write data to the block blob. If the blob already exists on the service, it will be overwritten.

To avoid overwriting, pass "*" to BlobRequestConditions#setIfNoneMatch(String).

Note: We recommend you call write with reasonably sized buffers, you can do so by wrapping the BlobOutputStream obtained below with a BufferedOutputStream.

Parameters:

parallelTransferOptions - ParallelTransferOptions used to configure buffered uploading.

headers - BlobHttpHeaders

metadata - Metadata to associate with the blob. If there is leading or trailing whitespace in any metadata key or value, it must be removed or encoded.

tier - AccessTier for the destination blob.

requestConditions - BlobRequestConditions

Returns:

A BlobOutputStream object used to write data to the blob.

getBlobOutputStream

public BlobOutputStream getBlobOutputStream(BlockBlobOutputStreamOptions options)

Creates and opens an output stream to write data to the block blob. If the blob already exists on the service, it will be overwritten.

To avoid overwriting, pass "*" to BlobRequestConditions#setIfNoneMatch(String).

Note: We recommend you call write with reasonably sized buffers, you can do so by wrapping the BlobOutputStream obtained below with a BufferedOutputStream.

Parameters:

options - BlockBlobOutputStreamOptions

Returns:

A BlobOutputStream object used to write data to the blob.

getBlockBlobClient

public BlockBlobClient getBlockBlobClient()

Unsupported.

Overrides:

EncryptedBlobClient.getBlockBlobClient()

getCustomerProvidedKeyClient

public EncryptedBlobClient getCustomerProvidedKeyClient(CustomerProvidedKey customerProvidedKey)

Creates a new EncryptedBlobClient with the specified customerProvidedKey.

Overrides:

EncryptedBlobClient.getCustomerProvidedKeyClient(CustomerProvidedKey customerProvidedKey)

Parameters:

customerProvidedKey - the CustomerProvidedKey for the blob, pass null to use no customer provided key.

Returns:

a EncryptedBlobClient with the specified customerProvidedKey.

getEncryptionScopeClient

public EncryptedBlobClient getEncryptionScopeClient(String encryptionScope)

Creates a new EncryptedBlobClient with the specified encryptionScope.

Overrides:

EncryptedBlobClient.getEncryptionScopeClient(String encryptionScope)

Parameters:

encryptionScope - the encryption scope for the blob, pass null to use no encryption scope.

Returns:

a EncryptedBlobClient with the specified encryptionScope.

getPageBlobClient

public PageBlobClient getPageBlobClient()

Unsupported.

Overrides:

EncryptedBlobClient.getPageBlobClient()

openInputStream

public BlobInputStream openInputStream()

Overrides:

EncryptedBlobClient.openInputStream()

openInputStream

public BlobInputStream openInputStream(BlobRange range, BlobRequestConditions requestConditions)

Overrides:

EncryptedBlobClient.openInputStream(BlobRange range, BlobRequestConditions requestConditions)

Parameters:

range

requestConditions

openInputStream

public BlobInputStream openInputStream(BlobInputStreamOptions options)

Overrides:

EncryptedBlobClient.openInputStream(BlobInputStreamOptions options)

Parameters:

options

openInputStream

public BlobInputStream openInputStream(BlobInputStreamOptions options, Context context)

Overrides:

EncryptedBlobClient.openInputStream(BlobInputStreamOptions options, Context context)

Parameters:

options

context

openQueryInputStream

public InputStream openQueryInputStream(String expression)

Unsupported. Cannot query data encrypted on client side.

Overrides:

EncryptedBlobClient.openQueryInputStream(String expression)

Parameters:

expression

openQueryInputStreamWithResponse

public Response openQueryInputStreamWithResponse(BlobQueryOptions queryOptions)

Unsupported. Cannot query data encrypted on client side.

Overrides:

EncryptedBlobClient.openQueryInputStreamWithResponse(BlobQueryOptions queryOptions)

Parameters:

queryOptions

query

public void query(OutputStream stream, String expression)

Unsupported. Cannot query data encrypted on client side.

Overrides:

EncryptedBlobClient.query(OutputStream stream, String expression)

Parameters:

stream

expression

queryWithResponse

public BlobQueryResponse queryWithResponse(BlobQueryOptions queryOptions, Duration timeout, Context context)

Unsupported. Cannot query data encrypted on client side.

Overrides:

EncryptedBlobClient.queryWithResponse(BlobQueryOptions queryOptions, Duration timeout, Context context)

Parameters:

queryOptions

timeout

context

uploadFromFile

public void uploadFromFile(String filePath)

Creates a new block blob, or updates the content of an existing block blob.

Code Samples

try {
     client.uploadFromFile(filePath);
     System.out.println("Upload from file succeeded");
 } catch (UncheckedIOException ex) {
     System.err.printf("Failed to upload from file %s%n", ex.getMessage());
 }

Overrides:

EncryptedBlobClient.uploadFromFile(String filePath)

Parameters:

filePath - Path of the file to upload

uploadFromFile

public void uploadFromFile(String filePath, boolean overwrite)

Creates a new block blob, or updates the content of an existing block blob.

Code Samples

try {
     boolean overwrite = false; // Default value
     client.uploadFromFile(filePath, overwrite);
     System.out.println("Upload from file succeeded");
 } catch (UncheckedIOException ex) {
     System.err.printf("Failed to upload from file %s%n", ex.getMessage());
 }

Overrides:

EncryptedBlobClient.uploadFromFile(String filePath, boolean overwrite)

Parameters:

filePath - Path of the file to upload

overwrite - Whether to overwrite should data already exist on the blob

uploadFromFile

public void uploadFromFile(String filePath, ParallelTransferOptions parallelTransferOptions, BlobHttpHeaders headers, Map metadata, AccessTier tier, BlobRequestConditions requestConditions, Duration timeout)

Creates a new block blob, or updates the content of an existing block blob.

Code Samples

BlobHttpHeaders headers = new BlobHttpHeaders()
     .setContentMd5("data".getBytes(StandardCharsets.UTF_8))
     .setContentLanguage("en-US")
     .setContentType("binary");

 Map<String, String> metadata = new HashMap<>(Collections.singletonMap("metadata", "value"));
 BlobRequestConditions requestConditions = new BlobRequestConditions()
     .setLeaseId(leaseId)
     .setIfUnmodifiedSince(OffsetDateTime.now().minusDays(3));
 long blockSize = 100 * 1024 * 1024; // 100 MB;
 ParallelTransferOptions parallelTransferOptions = new ParallelTransferOptions().setBlockSizeLong(blockSize);

 try {
     client.uploadFromFile(filePath, parallelTransferOptions, headers, metadata, AccessTier.HOT,
         requestConditions, timeout);
     System.out.println("Upload from file succeeded");
 } catch (UncheckedIOException ex) {
     System.err.printf("Failed to upload from file %s%n", ex.getMessage());
 }

Overrides:

EncryptedBlobClient.uploadFromFile(String filePath, ParallelTransferOptions parallelTransferOptions, BlobHttpHeaders headers, Map<String,String> metadata, AccessTier tier, BlobRequestConditions requestConditions, Duration timeout)

Parameters:

filePath - Path of the file to upload

parallelTransferOptions - ParallelTransferOptions to use to upload from file. Number of parallel transfers parameter is ignored.

headers - BlobHttpHeaders

metadata - Metadata to associate with the blob. If there is leading or trailing whitespace in any metadata key or value, it must be removed or encoded.

tier - AccessTier for the uploaded blob

requestConditions - BlobRequestConditions

timeout - An optional timeout value beyond which a RuntimeException will be raised.

Throws:

UncheckedIOException

- If an I/O error occurs

uploadFromFileWithResponse

public Response uploadFromFileWithResponse(BlobUploadFromFileOptions options, Duration timeout, Context context)

Creates a new block blob, or updates the content of an existing block blob.

Code Samples

BlobHttpHeaders headers = new BlobHttpHeaders()
     .setContentMd5("data".getBytes(StandardCharsets.UTF_8))
     .setContentLanguage("en-US")
     .setContentType("binary");

 Map<String, String> metadata = new HashMap<>(Collections.singletonMap("metadata", "value"));
 Map<String, String> tags = new HashMap<>(Collections.singletonMap("tag", "value"));
 BlobRequestConditions requestConditions = new BlobRequestConditions()
     .setLeaseId(leaseId)
     .setIfUnmodifiedSince(OffsetDateTime.now().minusDays(3));
 long blockSize = 100 * 1024 * 1024; // 100 MB;
 ParallelTransferOptions parallelTransferOptions = new ParallelTransferOptions().setBlockSizeLong(blockSize);

 try {
     client.uploadFromFileWithResponse(new BlobUploadFromFileOptions(filePath)
         .setParallelTransferOptions(parallelTransferOptions).setHeaders(headers).setMetadata(metadata)
         .setTags(tags).setTier(AccessTier.HOT).setRequestConditions(requestConditions), timeout,
         Context.NONE);
     System.out.println("Upload from file succeeded");
 } catch (UncheckedIOException ex) {
     System.err.printf("Failed to upload from file %s%n", ex.getMessage());
 }

Overrides:

EncryptedBlobClient.uploadFromFileWithResponse(BlobUploadFromFileOptions options, Duration timeout, Context context)

Parameters:

options - BlobUploadFromFileOptions

timeout - An optional timeout value beyond which a RuntimeException will be raised.

context - Additional context that is passed through the Http pipeline during the service call.

Returns:

Information about the uploaded block blob.

Throws:

UncheckedIOException

- If an I/O error occurs