All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.amazonaws.services.kms.model.GrantConstraints Maven / Gradle / Ivy

/*
 * Copyright 2015-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
 * the License. A copy of the License is located at
 * 
 * http://aws.amazon.com/apache2.0
 * 
 * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 * and limitations under the License.
 */
package com.amazonaws.services.kms.model;

import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;

/**
 * 

* Use this structure to allow cryptographic operations in the grant only when the operation request includes the * specified encryption * context. *

*

* AWS KMS applies the grant constraints only when the grant allows a cryptographic operation that accepts an encryption * context as input, such as the following. *

* *

* AWS KMS does not apply the grant constraints to other operations, such as DescribeKey or * ScheduleKeyDeletion. *

* *

* In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive * match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can * vary. *

*

* However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case * sensitive. *

*

* To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully * case-sensitive encryption context, use the kms:EncryptionContext: and * kms:EncryptionContextKeys conditions in an IAM or key policy. For details, see kms:EncryptionContext: in the AWS Key Management Service Developer Guide . *

*
* * @see AWS API * Documentation */ @Generated("com.amazonaws:aws-java-sdk-code-generator") public class GrantConstraints implements Serializable, Cloneable, StructuredPojo { /** *

* A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. * The grant allows the cryptographic operation only when the encryption context in the request includes the * key-value pairs specified in this constraint, although it can include additional key-value pairs. *

*/ private com.amazonaws.internal.SdkInternalMap encryptionContextSubset; /** *

* A list of key-value pairs that must match the encryption context in the cryptographic operation request. The * grant allows the operation only when the encryption context in the request is the same as the encryption context * specified in this constraint. *

*/ private com.amazonaws.internal.SdkInternalMap encryptionContextEquals; /** *

* A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. * The grant allows the cryptographic operation only when the encryption context in the request includes the * key-value pairs specified in this constraint, although it can include additional key-value pairs. *

* * @return A list of key-value pairs that must be included in the encryption context of the cryptographic operation * request. The grant allows the cryptographic operation only when the encryption context in the request * includes the key-value pairs specified in this constraint, although it can include additional key-value * pairs. */ public java.util.Map getEncryptionContextSubset() { if (encryptionContextSubset == null) { encryptionContextSubset = new com.amazonaws.internal.SdkInternalMap(); } return encryptionContextSubset; } /** *

* A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. * The grant allows the cryptographic operation only when the encryption context in the request includes the * key-value pairs specified in this constraint, although it can include additional key-value pairs. *

* * @param encryptionContextSubset * A list of key-value pairs that must be included in the encryption context of the cryptographic operation * request. The grant allows the cryptographic operation only when the encryption context in the request * includes the key-value pairs specified in this constraint, although it can include additional key-value * pairs. */ public void setEncryptionContextSubset(java.util.Map encryptionContextSubset) { this.encryptionContextSubset = encryptionContextSubset == null ? null : new com.amazonaws.internal.SdkInternalMap( encryptionContextSubset); } /** *

* A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. * The grant allows the cryptographic operation only when the encryption context in the request includes the * key-value pairs specified in this constraint, although it can include additional key-value pairs. *

* * @param encryptionContextSubset * A list of key-value pairs that must be included in the encryption context of the cryptographic operation * request. The grant allows the cryptographic operation only when the encryption context in the request * includes the key-value pairs specified in this constraint, although it can include additional key-value * pairs. * @return Returns a reference to this object so that method calls can be chained together. */ public GrantConstraints withEncryptionContextSubset(java.util.Map encryptionContextSubset) { setEncryptionContextSubset(encryptionContextSubset); return this; } public GrantConstraints addEncryptionContextSubsetEntry(String key, String value) { if (null == this.encryptionContextSubset) { this.encryptionContextSubset = new com.amazonaws.internal.SdkInternalMap(); } if (this.encryptionContextSubset.containsKey(key)) throw new IllegalArgumentException("Duplicated keys (" + key.toString() + ") are provided."); this.encryptionContextSubset.put(key, value); return this; } /** * Removes all the entries added into EncryptionContextSubset. * * @return Returns a reference to this object so that method calls can be chained together. */ public GrantConstraints clearEncryptionContextSubsetEntries() { this.encryptionContextSubset = null; return this; } /** *

* A list of key-value pairs that must match the encryption context in the cryptographic operation request. The * grant allows the operation only when the encryption context in the request is the same as the encryption context * specified in this constraint. *

* * @return A list of key-value pairs that must match the encryption context in the cryptographic operation request. * The grant allows the operation only when the encryption context in the request is the same as the * encryption context specified in this constraint. */ public java.util.Map getEncryptionContextEquals() { if (encryptionContextEquals == null) { encryptionContextEquals = new com.amazonaws.internal.SdkInternalMap(); } return encryptionContextEquals; } /** *

* A list of key-value pairs that must match the encryption context in the cryptographic operation request. The * grant allows the operation only when the encryption context in the request is the same as the encryption context * specified in this constraint. *

* * @param encryptionContextEquals * A list of key-value pairs that must match the encryption context in the cryptographic operation request. * The grant allows the operation only when the encryption context in the request is the same as the * encryption context specified in this constraint. */ public void setEncryptionContextEquals(java.util.Map encryptionContextEquals) { this.encryptionContextEquals = encryptionContextEquals == null ? null : new com.amazonaws.internal.SdkInternalMap( encryptionContextEquals); } /** *

* A list of key-value pairs that must match the encryption context in the cryptographic operation request. The * grant allows the operation only when the encryption context in the request is the same as the encryption context * specified in this constraint. *

* * @param encryptionContextEquals * A list of key-value pairs that must match the encryption context in the cryptographic operation request. * The grant allows the operation only when the encryption context in the request is the same as the * encryption context specified in this constraint. * @return Returns a reference to this object so that method calls can be chained together. */ public GrantConstraints withEncryptionContextEquals(java.util.Map encryptionContextEquals) { setEncryptionContextEquals(encryptionContextEquals); return this; } public GrantConstraints addEncryptionContextEqualsEntry(String key, String value) { if (null == this.encryptionContextEquals) { this.encryptionContextEquals = new com.amazonaws.internal.SdkInternalMap(); } if (this.encryptionContextEquals.containsKey(key)) throw new IllegalArgumentException("Duplicated keys (" + key.toString() + ") are provided."); this.encryptionContextEquals.put(key, value); return this; } /** * Removes all the entries added into EncryptionContextEquals. * * @return Returns a reference to this object so that method calls can be chained together. */ public GrantConstraints clearEncryptionContextEqualsEntries() { this.encryptionContextEquals = null; return this; } /** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. * * @return A string representation of this object. * * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getEncryptionContextSubset() != null) sb.append("EncryptionContextSubset: ").append(getEncryptionContextSubset()).append(","); if (getEncryptionContextEquals() != null) sb.append("EncryptionContextEquals: ").append(getEncryptionContextEquals()); sb.append("}"); return sb.toString(); } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof GrantConstraints == false) return false; GrantConstraints other = (GrantConstraints) obj; if (other.getEncryptionContextSubset() == null ^ this.getEncryptionContextSubset() == null) return false; if (other.getEncryptionContextSubset() != null && other.getEncryptionContextSubset().equals(this.getEncryptionContextSubset()) == false) return false; if (other.getEncryptionContextEquals() == null ^ this.getEncryptionContextEquals() == null) return false; if (other.getEncryptionContextEquals() != null && other.getEncryptionContextEquals().equals(this.getEncryptionContextEquals()) == false) return false; return true; } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getEncryptionContextSubset() == null) ? 0 : getEncryptionContextSubset().hashCode()); hashCode = prime * hashCode + ((getEncryptionContextEquals() == null) ? 0 : getEncryptionContextEquals().hashCode()); return hashCode; } @Override public GrantConstraints clone() { try { return (GrantConstraints) super.clone(); } catch (CloneNotSupportedException e) { throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e); } } @com.amazonaws.annotation.SdkInternalApi @Override public void marshall(ProtocolMarshaller protocolMarshaller) { com.amazonaws.services.kms.model.transform.GrantConstraintsMarshaller.getInstance().marshall(this, protocolMarshaller); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy