com.amazonaws.services.kms.model.ReEncryptRequest Maven / Gradle / Ivy
Show all versions of aws-java-sdk-kms Show documentation
/*
* Copyright 2015-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.kms.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class ReEncryptRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {
/**
*
* Ciphertext of the data to reencrypt.
*
*/
private java.nio.ByteBuffer ciphertextBlob;
/**
*
* Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was
* used to encrypt the ciphertext.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting
* with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption Context
* in the AWS Key Management Service Developer Guide.
*
*/
private com.amazonaws.internal.SdkInternalMap sourceEncryptionContext;
/**
*
* A unique identifier for the CMK that is used to decrypt the ciphertext before it reencrypts it using the
* destination CMK.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK. Otherwise, AWS KMS
* uses the metadata that it adds to the ciphertext blob to determine which CMK was used to encrypt the ciphertext.
* However, you can use this parameter to ensure that a particular CMK (of any kind) is used to decrypt the
* ciphertext before it is reencrypted.
*
*
* If you specify a KeyId value, the decrypt part of the ReEncrypt operation succeeds only
* if the specified CMK was used to encrypt the ciphertext.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name,
* prefix it with "alias/".
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*/
private String sourceKeyId;
/**
*
* A unique identifier for the CMK that is used to reencrypt the data. Specify a symmetric or asymmetric CMK with a
* KeyUsage value of ENCRYPT_DECRYPT. To find the KeyUsage value of a CMK,
* use the DescribeKey operation.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name,
* prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or
* alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*/
private String destinationKeyId;
/**
*
* Specifies that encryption context to use when the reencrypting the data.
*
*
* A destination encryption context is valid only when the destination CMK is a symmetric CMK. The standard
* ciphertext format for asymmetric CMKs does not include fields for metadata.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting
* with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption Context
* in the AWS Key Management Service Developer Guide.
*
*/
private com.amazonaws.internal.SdkInternalMap destinationEncryptionContext;
/**
*
* Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext before it is reencrypted. The
* default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric CMKs.
*
*
* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the
* decrypt attempt fails.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK.
*
*/
private String sourceEncryptionAlgorithm;
/**
*
* Specifies the encryption algorithm that AWS KMS will use to reecrypt the data after it has decrypted it. The
* default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric CMKs.
*
*
* This parameter is required only when the destination CMK is an asymmetric CMK.
*
*/
private String destinationEncryptionAlgorithm;
/**
*
* A list of grant tokens.
*
*
* For more information, see Grant Tokens in the
* AWS Key Management Service Developer Guide.
*
*/
private com.amazonaws.internal.SdkInternalList grantTokens;
/**
*
* Ciphertext of the data to reencrypt.
*
*
* The AWS SDK for Java performs a Base64 encoding on this field before sending this request to the AWS service.
* Users of the SDK should not perform Base64 encoding on this field.
*
*
* Warning: ByteBuffers returned by the SDK are mutable. Changes to the content or position of the byte buffer will
* be seen by all objects that have a reference to this object. It is recommended to call ByteBuffer.duplicate() or
* ByteBuffer.asReadOnlyBuffer() before using or reading from the buffer. This behavior will be changed in a future
* major version of the SDK.
*
*
* @param ciphertextBlob
* Ciphertext of the data to reencrypt.
*/
public void setCiphertextBlob(java.nio.ByteBuffer ciphertextBlob) {
this.ciphertextBlob = ciphertextBlob;
}
/**
*
* Ciphertext of the data to reencrypt.
*
*
* {@code ByteBuffer}s are stateful. Calling their {@code get} methods changes their {@code position}. We recommend
* using {@link java.nio.ByteBuffer#asReadOnlyBuffer()} to create a read-only view of the buffer with an independent
* {@code position}, and calling {@code get} methods on this rather than directly on the returned {@code ByteBuffer}.
* Doing so will ensure that anyone else using the {@code ByteBuffer} will not be affected by changes to the
* {@code position}.
*
*
* @return Ciphertext of the data to reencrypt.
*/
public java.nio.ByteBuffer getCiphertextBlob() {
return this.ciphertextBlob;
}
/**
*
* Ciphertext of the data to reencrypt.
*
*
* The AWS SDK for Java performs a Base64 encoding on this field before sending this request to the AWS service.
* Users of the SDK should not perform Base64 encoding on this field.
*
*
* Warning: ByteBuffers returned by the SDK are mutable. Changes to the content or position of the byte buffer will
* be seen by all objects that have a reference to this object. It is recommended to call ByteBuffer.duplicate() or
* ByteBuffer.asReadOnlyBuffer() before using or reading from the buffer. This behavior will be changed in a future
* major version of the SDK.
*
*
* @param ciphertextBlob
* Ciphertext of the data to reencrypt.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReEncryptRequest withCiphertextBlob(java.nio.ByteBuffer ciphertextBlob) {
setCiphertextBlob(ciphertextBlob);
return this;
}
/**
*
* Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was
* used to encrypt the ciphertext.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting
* with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption Context
* in the AWS Key Management Service Developer Guide.
*
*
* @return Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that
* was used to encrypt the ciphertext.
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an
* exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional
* when encrypting with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption
* Context in the AWS Key Management Service Developer Guide.
*/
public java.util.Map getSourceEncryptionContext() {
if (sourceEncryptionContext == null) {
sourceEncryptionContext = new com.amazonaws.internal.SdkInternalMap();
}
return sourceEncryptionContext;
}
/**
*
* Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was
* used to encrypt the ciphertext.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting
* with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption Context
* in the AWS Key Management Service Developer Guide.
*
*
* @param sourceEncryptionContext
* Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that
* was used to encrypt the ciphertext.
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an
* exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when
* encrypting with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption
* Context in the AWS Key Management Service Developer Guide.
*/
public void setSourceEncryptionContext(java.util.Map sourceEncryptionContext) {
this.sourceEncryptionContext = sourceEncryptionContext == null ? null : new com.amazonaws.internal.SdkInternalMap(
sourceEncryptionContext);
}
/**
*
* Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was
* used to encrypt the ciphertext.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting
* with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption Context
* in the AWS Key Management Service Developer Guide.
*
*
* @param sourceEncryptionContext
* Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that
* was used to encrypt the ciphertext.
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an
* exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when
* encrypting with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption
* Context in the AWS Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReEncryptRequest withSourceEncryptionContext(java.util.Map sourceEncryptionContext) {
setSourceEncryptionContext(sourceEncryptionContext);
return this;
}
public ReEncryptRequest addSourceEncryptionContextEntry(String key, String value) {
if (null == this.sourceEncryptionContext) {
this.sourceEncryptionContext = new com.amazonaws.internal.SdkInternalMap();
}
if (this.sourceEncryptionContext.containsKey(key))
throw new IllegalArgumentException("Duplicated keys (" + key.toString() + ") are provided.");
this.sourceEncryptionContext.put(key, value);
return this;
}
/**
* Removes all the entries added into SourceEncryptionContext.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReEncryptRequest clearSourceEncryptionContextEntries() {
this.sourceEncryptionContext = null;
return this;
}
/**
*
* A unique identifier for the CMK that is used to decrypt the ciphertext before it reencrypts it using the
* destination CMK.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK. Otherwise, AWS KMS
* uses the metadata that it adds to the ciphertext blob to determine which CMK was used to encrypt the ciphertext.
* However, you can use this parameter to ensure that a particular CMK (of any kind) is used to decrypt the
* ciphertext before it is reencrypted.
*
*
* If you specify a KeyId value, the decrypt part of the ReEncrypt operation succeeds only
* if the specified CMK was used to encrypt the ciphertext.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name,
* prefix it with "alias/".
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @param sourceKeyId
* A unique identifier for the CMK that is used to decrypt the ciphertext before it reencrypts it using the
* destination CMK.
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK. Otherwise, AWS
* KMS uses the metadata that it adds to the ciphertext blob to determine which CMK was used to encrypt the
* ciphertext. However, you can use this parameter to ensure that a particular CMK (of any kind) is used to
* decrypt the ciphertext before it is reencrypted.
*
*
* If you specify a KeyId value, the decrypt part of the ReEncrypt operation
* succeeds only if the specified CMK was used to encrypt the ciphertext.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an
* alias name, prefix it with "alias/".
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name
* and alias ARN, use ListAliases.
*/
public void setSourceKeyId(String sourceKeyId) {
this.sourceKeyId = sourceKeyId;
}
/**
*
* A unique identifier for the CMK that is used to decrypt the ciphertext before it reencrypts it using the
* destination CMK.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK. Otherwise, AWS KMS
* uses the metadata that it adds to the ciphertext blob to determine which CMK was used to encrypt the ciphertext.
* However, you can use this parameter to ensure that a particular CMK (of any kind) is used to decrypt the
* ciphertext before it is reencrypted.
*
*
* If you specify a KeyId value, the decrypt part of the ReEncrypt operation succeeds only
* if the specified CMK was used to encrypt the ciphertext.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name,
* prefix it with "alias/".
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @return A unique identifier for the CMK that is used to decrypt the ciphertext before it reencrypts it using the
* destination CMK.
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK. Otherwise, AWS
* KMS uses the metadata that it adds to the ciphertext blob to determine which CMK was used to encrypt the
* ciphertext. However, you can use this parameter to ensure that a particular CMK (of any kind) is used to
* decrypt the ciphertext before it is reencrypted.
*
*
* If you specify a KeyId value, the decrypt part of the ReEncrypt operation
* succeeds only if the specified CMK was used to encrypt the ciphertext.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an
* alias name, prefix it with "alias/".
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name
* and alias ARN, use ListAliases.
*/
public String getSourceKeyId() {
return this.sourceKeyId;
}
/**
*
* A unique identifier for the CMK that is used to decrypt the ciphertext before it reencrypts it using the
* destination CMK.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK. Otherwise, AWS KMS
* uses the metadata that it adds to the ciphertext blob to determine which CMK was used to encrypt the ciphertext.
* However, you can use this parameter to ensure that a particular CMK (of any kind) is used to decrypt the
* ciphertext before it is reencrypted.
*
*
* If you specify a KeyId value, the decrypt part of the ReEncrypt operation succeeds only
* if the specified CMK was used to encrypt the ciphertext.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name,
* prefix it with "alias/".
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @param sourceKeyId
* A unique identifier for the CMK that is used to decrypt the ciphertext before it reencrypts it using the
* destination CMK.
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK. Otherwise, AWS
* KMS uses the metadata that it adds to the ciphertext blob to determine which CMK was used to encrypt the
* ciphertext. However, you can use this parameter to ensure that a particular CMK (of any kind) is used to
* decrypt the ciphertext before it is reencrypted.
*
*
* If you specify a KeyId value, the decrypt part of the ReEncrypt operation
* succeeds only if the specified CMK was used to encrypt the ciphertext.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an
* alias name, prefix it with "alias/".
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name
* and alias ARN, use ListAliases.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReEncryptRequest withSourceKeyId(String sourceKeyId) {
setSourceKeyId(sourceKeyId);
return this;
}
/**
*
* A unique identifier for the CMK that is used to reencrypt the data. Specify a symmetric or asymmetric CMK with a
* KeyUsage value of ENCRYPT_DECRYPT. To find the KeyUsage value of a CMK,
* use the DescribeKey operation.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name,
* prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or
* alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @param destinationKeyId
* A unique identifier for the CMK that is used to reencrypt the data. Specify a symmetric or asymmetric CMK
* with a KeyUsage value of ENCRYPT_DECRYPT. To find the KeyUsage
* value of a CMK, use the DescribeKey operation.
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an
* alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must
* use the key ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name
* and alias ARN, use ListAliases.
*/
public void setDestinationKeyId(String destinationKeyId) {
this.destinationKeyId = destinationKeyId;
}
/**
*
* A unique identifier for the CMK that is used to reencrypt the data. Specify a symmetric or asymmetric CMK with a
* KeyUsage value of ENCRYPT_DECRYPT. To find the KeyUsage value of a CMK,
* use the DescribeKey operation.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name,
* prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or
* alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @return A unique identifier for the CMK that is used to reencrypt the data. Specify a symmetric or asymmetric CMK
* with a KeyUsage value of ENCRYPT_DECRYPT. To find the KeyUsage
* value of a CMK, use the DescribeKey operation.
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an
* alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must
* use the key ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name
* and alias ARN, use ListAliases.
*/
public String getDestinationKeyId() {
return this.destinationKeyId;
}
/**
*
* A unique identifier for the CMK that is used to reencrypt the data. Specify a symmetric or asymmetric CMK with a
* KeyUsage value of ENCRYPT_DECRYPT. To find the KeyUsage value of a CMK,
* use the DescribeKey operation.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name,
* prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or
* alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @param destinationKeyId
* A unique identifier for the CMK that is used to reencrypt the data. Specify a symmetric or asymmetric CMK
* with a KeyUsage value of ENCRYPT_DECRYPT. To find the KeyUsage
* value of a CMK, use the DescribeKey operation.
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an
* alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must
* use the key ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name
* and alias ARN, use ListAliases.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReEncryptRequest withDestinationKeyId(String destinationKeyId) {
setDestinationKeyId(destinationKeyId);
return this;
}
/**
*
* Specifies that encryption context to use when the reencrypting the data.
*
*
* A destination encryption context is valid only when the destination CMK is a symmetric CMK. The standard
* ciphertext format for asymmetric CMKs does not include fields for metadata.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting
* with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption Context
* in the AWS Key Management Service Developer Guide.
*
*
* @return Specifies that encryption context to use when the reencrypting the data.
*
* A destination encryption context is valid only when the destination CMK is a symmetric CMK. The standard
* ciphertext format for asymmetric CMKs does not include fields for metadata.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an
* exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional
* when encrypting with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption
* Context in the AWS Key Management Service Developer Guide.
*/
public java.util.Map getDestinationEncryptionContext() {
if (destinationEncryptionContext == null) {
destinationEncryptionContext = new com.amazonaws.internal.SdkInternalMap();
}
return destinationEncryptionContext;
}
/**
*
* Specifies that encryption context to use when the reencrypting the data.
*
*
* A destination encryption context is valid only when the destination CMK is a symmetric CMK. The standard
* ciphertext format for asymmetric CMKs does not include fields for metadata.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting
* with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption Context
* in the AWS Key Management Service Developer Guide.
*
*
* @param destinationEncryptionContext
* Specifies that encryption context to use when the reencrypting the data.
*
* A destination encryption context is valid only when the destination CMK is a symmetric CMK. The standard
* ciphertext format for asymmetric CMKs does not include fields for metadata.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an
* exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when
* encrypting with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption
* Context in the AWS Key Management Service Developer Guide.
*/
public void setDestinationEncryptionContext(java.util.Map destinationEncryptionContext) {
this.destinationEncryptionContext = destinationEncryptionContext == null ? null : new com.amazonaws.internal.SdkInternalMap(
destinationEncryptionContext);
}
/**
*
* Specifies that encryption context to use when the reencrypting the data.
*
*
* A destination encryption context is valid only when the destination CMK is a symmetric CMK. The standard
* ciphertext format for asymmetric CMKs does not include fields for metadata.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting
* with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption Context
* in the AWS Key Management Service Developer Guide.
*
*
* @param destinationEncryptionContext
* Specifies that encryption context to use when the reencrypting the data.
*
* A destination encryption context is valid only when the destination CMK is a symmetric CMK. The standard
* ciphertext format for asymmetric CMKs does not include fields for metadata.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an
* exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when
* encrypting with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption
* Context in the AWS Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReEncryptRequest withDestinationEncryptionContext(java.util.Map destinationEncryptionContext) {
setDestinationEncryptionContext(destinationEncryptionContext);
return this;
}
public ReEncryptRequest addDestinationEncryptionContextEntry(String key, String value) {
if (null == this.destinationEncryptionContext) {
this.destinationEncryptionContext = new com.amazonaws.internal.SdkInternalMap();
}
if (this.destinationEncryptionContext.containsKey(key))
throw new IllegalArgumentException("Duplicated keys (" + key.toString() + ") are provided.");
this.destinationEncryptionContext.put(key, value);
return this;
}
/**
* Removes all the entries added into DestinationEncryptionContext.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReEncryptRequest clearDestinationEncryptionContextEntries() {
this.destinationEncryptionContext = null;
return this;
}
/**
*
* Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext before it is reencrypted. The
* default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric CMKs.
*
*
* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the
* decrypt attempt fails.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK.
*
*
* @param sourceEncryptionAlgorithm
* Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext before it is
* reencrypted. The default value, SYMMETRIC_DEFAULT, represents the algorithm used for
* symmetric CMKs.
*
* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm,
* the decrypt attempt fails.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK.
* @see EncryptionAlgorithmSpec
*/
public void setSourceEncryptionAlgorithm(String sourceEncryptionAlgorithm) {
this.sourceEncryptionAlgorithm = sourceEncryptionAlgorithm;
}
/**
*
* Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext before it is reencrypted. The
* default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric CMKs.
*
*
* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the
* decrypt attempt fails.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK.
*
*
* @return Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext before it is
* reencrypted. The default value, SYMMETRIC_DEFAULT, represents the algorithm used for
* symmetric CMKs.
*
* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm,
* the decrypt attempt fails.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK.
* @see EncryptionAlgorithmSpec
*/
public String getSourceEncryptionAlgorithm() {
return this.sourceEncryptionAlgorithm;
}
/**
*
* Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext before it is reencrypted. The
* default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric CMKs.
*
*
* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the
* decrypt attempt fails.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK.
*
*
* @param sourceEncryptionAlgorithm
* Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext before it is
* reencrypted. The default value, SYMMETRIC_DEFAULT, represents the algorithm used for
* symmetric CMKs.
*
* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm,
* the decrypt attempt fails.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK.
* @return Returns a reference to this object so that method calls can be chained together.
* @see EncryptionAlgorithmSpec
*/
public ReEncryptRequest withSourceEncryptionAlgorithm(String sourceEncryptionAlgorithm) {
setSourceEncryptionAlgorithm(sourceEncryptionAlgorithm);
return this;
}
/**
*
* Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext before it is reencrypted. The
* default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric CMKs.
*
*
* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the
* decrypt attempt fails.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK.
*
*
* @param sourceEncryptionAlgorithm
* Specifies the encryption algorithm that AWS KMS will use to decrypt the ciphertext before it is
* reencrypted. The default value, SYMMETRIC_DEFAULT, represents the algorithm used for
* symmetric CMKs.
*
* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm,
* the decrypt attempt fails.
*
*
* This parameter is required only when the ciphertext was encrypted under an asymmetric CMK.
* @return Returns a reference to this object so that method calls can be chained together.
* @see EncryptionAlgorithmSpec
*/
public ReEncryptRequest withSourceEncryptionAlgorithm(EncryptionAlgorithmSpec sourceEncryptionAlgorithm) {
this.sourceEncryptionAlgorithm = sourceEncryptionAlgorithm.toString();
return this;
}
/**
*
* Specifies the encryption algorithm that AWS KMS will use to reecrypt the data after it has decrypted it. The
* default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric CMKs.
*
*
* This parameter is required only when the destination CMK is an asymmetric CMK.
*
*
* @param destinationEncryptionAlgorithm
* Specifies the encryption algorithm that AWS KMS will use to reecrypt the data after it has decrypted it.
* The default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric
* CMKs.
*
* This parameter is required only when the destination CMK is an asymmetric CMK.
* @see EncryptionAlgorithmSpec
*/
public void setDestinationEncryptionAlgorithm(String destinationEncryptionAlgorithm) {
this.destinationEncryptionAlgorithm = destinationEncryptionAlgorithm;
}
/**
*
* Specifies the encryption algorithm that AWS KMS will use to reecrypt the data after it has decrypted it. The
* default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric CMKs.
*
*
* This parameter is required only when the destination CMK is an asymmetric CMK.
*
*
* @return Specifies the encryption algorithm that AWS KMS will use to reecrypt the data after it has decrypted it.
* The default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric
* CMKs.
*
* This parameter is required only when the destination CMK is an asymmetric CMK.
* @see EncryptionAlgorithmSpec
*/
public String getDestinationEncryptionAlgorithm() {
return this.destinationEncryptionAlgorithm;
}
/**
*
* Specifies the encryption algorithm that AWS KMS will use to reecrypt the data after it has decrypted it. The
* default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric CMKs.
*
*
* This parameter is required only when the destination CMK is an asymmetric CMK.
*
*
* @param destinationEncryptionAlgorithm
* Specifies the encryption algorithm that AWS KMS will use to reecrypt the data after it has decrypted it.
* The default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric
* CMKs.
*
* This parameter is required only when the destination CMK is an asymmetric CMK.
* @return Returns a reference to this object so that method calls can be chained together.
* @see EncryptionAlgorithmSpec
*/
public ReEncryptRequest withDestinationEncryptionAlgorithm(String destinationEncryptionAlgorithm) {
setDestinationEncryptionAlgorithm(destinationEncryptionAlgorithm);
return this;
}
/**
*
* Specifies the encryption algorithm that AWS KMS will use to reecrypt the data after it has decrypted it. The
* default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric CMKs.
*
*
* This parameter is required only when the destination CMK is an asymmetric CMK.
*
*
* @param destinationEncryptionAlgorithm
* Specifies the encryption algorithm that AWS KMS will use to reecrypt the data after it has decrypted it.
* The default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric
* CMKs.
*
* This parameter is required only when the destination CMK is an asymmetric CMK.
* @return Returns a reference to this object so that method calls can be chained together.
* @see EncryptionAlgorithmSpec
*/
public ReEncryptRequest withDestinationEncryptionAlgorithm(EncryptionAlgorithmSpec destinationEncryptionAlgorithm) {
this.destinationEncryptionAlgorithm = destinationEncryptionAlgorithm.toString();
return this;
}
/**
*
* A list of grant tokens.
*
*
* For more information, see Grant Tokens in the
* AWS Key Management Service Developer Guide.
*
*
* @return A list of grant tokens.
*
* For more information, see Grant Tokens
* in the AWS Key Management Service Developer Guide.
*/
public java.util.List getGrantTokens() {
if (grantTokens == null) {
grantTokens = new com.amazonaws.internal.SdkInternalList();
}
return grantTokens;
}
/**
*
* A list of grant tokens.
*
*
* For more information, see Grant Tokens in the
* AWS Key Management Service Developer Guide.
*
*
* @param grantTokens
* A list of grant tokens.
*
* For more information, see Grant Tokens in
* the AWS Key Management Service Developer Guide.
*/
public void setGrantTokens(java.util.Collection grantTokens) {
if (grantTokens == null) {
this.grantTokens = null;
return;
}
this.grantTokens = new com.amazonaws.internal.SdkInternalList(grantTokens);
}
/**
*
* A list of grant tokens.
*
*
* For more information, see Grant Tokens in the
* AWS Key Management Service Developer Guide.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setGrantTokens(java.util.Collection)} or {@link #withGrantTokens(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param grantTokens
* A list of grant tokens.
*
* For more information, see Grant Tokens in
* the AWS Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReEncryptRequest withGrantTokens(String... grantTokens) {
if (this.grantTokens == null) {
setGrantTokens(new com.amazonaws.internal.SdkInternalList(grantTokens.length));
}
for (String ele : grantTokens) {
this.grantTokens.add(ele);
}
return this;
}
/**
*
* A list of grant tokens.
*
*
* For more information, see Grant Tokens in the
* AWS Key Management Service Developer Guide.
*
*
* @param grantTokens
* A list of grant tokens.
*
* For more information, see Grant Tokens in
* the AWS Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReEncryptRequest withGrantTokens(java.util.Collection grantTokens) {
setGrantTokens(grantTokens);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getCiphertextBlob() != null)
sb.append("CiphertextBlob: ").append(getCiphertextBlob()).append(",");
if (getSourceEncryptionContext() != null)
sb.append("SourceEncryptionContext: ").append(getSourceEncryptionContext()).append(",");
if (getSourceKeyId() != null)
sb.append("SourceKeyId: ").append(getSourceKeyId()).append(",");
if (getDestinationKeyId() != null)
sb.append("DestinationKeyId: ").append(getDestinationKeyId()).append(",");
if (getDestinationEncryptionContext() != null)
sb.append("DestinationEncryptionContext: ").append(getDestinationEncryptionContext()).append(",");
if (getSourceEncryptionAlgorithm() != null)
sb.append("SourceEncryptionAlgorithm: ").append(getSourceEncryptionAlgorithm()).append(",");
if (getDestinationEncryptionAlgorithm() != null)
sb.append("DestinationEncryptionAlgorithm: ").append(getDestinationEncryptionAlgorithm()).append(",");
if (getGrantTokens() != null)
sb.append("GrantTokens: ").append(getGrantTokens());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof ReEncryptRequest == false)
return false;
ReEncryptRequest other = (ReEncryptRequest) obj;
if (other.getCiphertextBlob() == null ^ this.getCiphertextBlob() == null)
return false;
if (other.getCiphertextBlob() != null && other.getCiphertextBlob().equals(this.getCiphertextBlob()) == false)
return false;
if (other.getSourceEncryptionContext() == null ^ this.getSourceEncryptionContext() == null)
return false;
if (other.getSourceEncryptionContext() != null && other.getSourceEncryptionContext().equals(this.getSourceEncryptionContext()) == false)
return false;
if (other.getSourceKeyId() == null ^ this.getSourceKeyId() == null)
return false;
if (other.getSourceKeyId() != null && other.getSourceKeyId().equals(this.getSourceKeyId()) == false)
return false;
if (other.getDestinationKeyId() == null ^ this.getDestinationKeyId() == null)
return false;
if (other.getDestinationKeyId() != null && other.getDestinationKeyId().equals(this.getDestinationKeyId()) == false)
return false;
if (other.getDestinationEncryptionContext() == null ^ this.getDestinationEncryptionContext() == null)
return false;
if (other.getDestinationEncryptionContext() != null && other.getDestinationEncryptionContext().equals(this.getDestinationEncryptionContext()) == false)
return false;
if (other.getSourceEncryptionAlgorithm() == null ^ this.getSourceEncryptionAlgorithm() == null)
return false;
if (other.getSourceEncryptionAlgorithm() != null && other.getSourceEncryptionAlgorithm().equals(this.getSourceEncryptionAlgorithm()) == false)
return false;
if (other.getDestinationEncryptionAlgorithm() == null ^ this.getDestinationEncryptionAlgorithm() == null)
return false;
if (other.getDestinationEncryptionAlgorithm() != null
&& other.getDestinationEncryptionAlgorithm().equals(this.getDestinationEncryptionAlgorithm()) == false)
return false;
if (other.getGrantTokens() == null ^ this.getGrantTokens() == null)
return false;
if (other.getGrantTokens() != null && other.getGrantTokens().equals(this.getGrantTokens()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getCiphertextBlob() == null) ? 0 : getCiphertextBlob().hashCode());
hashCode = prime * hashCode + ((getSourceEncryptionContext() == null) ? 0 : getSourceEncryptionContext().hashCode());
hashCode = prime * hashCode + ((getSourceKeyId() == null) ? 0 : getSourceKeyId().hashCode());
hashCode = prime * hashCode + ((getDestinationKeyId() == null) ? 0 : getDestinationKeyId().hashCode());
hashCode = prime * hashCode + ((getDestinationEncryptionContext() == null) ? 0 : getDestinationEncryptionContext().hashCode());
hashCode = prime * hashCode + ((getSourceEncryptionAlgorithm() == null) ? 0 : getSourceEncryptionAlgorithm().hashCode());
hashCode = prime * hashCode + ((getDestinationEncryptionAlgorithm() == null) ? 0 : getDestinationEncryptionAlgorithm().hashCode());
hashCode = prime * hashCode + ((getGrantTokens() == null) ? 0 : getGrantTokens().hashCode());
return hashCode;
}
@Override
public ReEncryptRequest clone() {
return (ReEncryptRequest) super.clone();
}
}