com.amazonaws.services.kms.model.VerifyRequest Maven / Gradle / Ivy
Show all versions of aws-java-sdk-kms Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.kms.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* @see AWS API Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class VerifyRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {
/**
*
* Identifies the asymmetric KMS key that will be used to verify the signature. This must be the same KMS key that
* was used to generate the signature. If you specify a different KMS key, the signature verification fails.
*
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with
* "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN
* or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*/
private String keyId;
/**
*
* Specifies the message that was signed. You can submit a raw message of up to 4096 bytes, or a hash digest of the
* message. If you submit a digest, use the MessageType parameter with a value of DIGEST.
*
*
* If the message specified here is different from the message that was signed, the signature verification fails. A
* message and its hash digest are considered to be the same message.
*
*/
private java.nio.ByteBuffer message;
/**
*
* Tells KMS whether the value of the Message parameter should be hashed as part of the signing
* algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are
* already hashed.
*
*
* When the value of MessageType is RAW, KMS uses the standard signing algorithm, which
* begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing
* algorithm.
*
*
*
* Use the DIGEST value only when the value of the Message parameter is a message digest.
* If you use the DIGEST value with an unhashed message, the security of the verification operation can
* be compromised.
*
*
*
* When the value of MessageTypeis DIGEST, the length of the Message value
* must match the length of hashed messages for the specified signing algorithm.
*
*
* You can submit a message digest and omit the MessageType or specify RAW so the digest
* is hashed again while signing. However, if the signed message is hashed once while signing, but twice while
* verifying, verification fails, even when the message hasn't changed.
*
*
* The hashing algorithm in that Verify uses is based on the SigningAlgorithm value.
*
*
* -
*
* Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
*
*
* -
*
* SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.
*
*
*
*/
private String messageType;
/**
*
* The signature that the Sign operation generated.
*
*/
private java.nio.ByteBuffer signature;
/**
*
* The signing algorithm that was used to sign the message. If you submit a different algorithm, the signature
* verification fails.
*
*/
private String signingAlgorithm;
/**
*
* A list of grant tokens.
*
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved
* eventual consistency. For more information, see Grant token and Using a grant
* token in the Key Management Service Developer Guide.
*
*/
private com.amazonaws.internal.SdkInternalList grantTokens;
/**
*
* Checks if your request will succeed. DryRun is an optional parameter.
*
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*
*/
private Boolean dryRun;
/**
*
* Identifies the asymmetric KMS key that will be used to verify the signature. This must be the same KMS key that
* was used to generate the signature. If you specify a different KMS key, the signature verification fails.
*
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with
* "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN
* or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @param keyId
* Identifies the asymmetric KMS key that will be used to verify the signature. This must be the same KMS key
* that was used to generate the signature. If you specify a different KMS key, the signature verification
* fails.
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix
* it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must
* use the key ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias
* name and alias ARN, use ListAliases.
*/
public void setKeyId(String keyId) {
this.keyId = keyId;
}
/**
*
* Identifies the asymmetric KMS key that will be used to verify the signature. This must be the same KMS key that
* was used to generate the signature. If you specify a different KMS key, the signature verification fails.
*
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with
* "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN
* or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @return Identifies the asymmetric KMS key that will be used to verify the signature. This must be the same KMS
* key that was used to generate the signature. If you specify a different KMS key, the signature
* verification fails.
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix
* it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must
* use the key ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias
* name and alias ARN, use ListAliases.
*/
public String getKeyId() {
return this.keyId;
}
/**
*
* Identifies the asymmetric KMS key that will be used to verify the signature. This must be the same KMS key that
* was used to generate the signature. If you specify a different KMS key, the signature verification fails.
*
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with
* "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN
* or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @param keyId
* Identifies the asymmetric KMS key that will be used to verify the signature. This must be the same KMS key
* that was used to generate the signature. If you specify a different KMS key, the signature verification
* fails.
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix
* it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must
* use the key ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias
* name and alias ARN, use ListAliases.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public VerifyRequest withKeyId(String keyId) {
setKeyId(keyId);
return this;
}
/**
*
* Specifies the message that was signed. You can submit a raw message of up to 4096 bytes, or a hash digest of the
* message. If you submit a digest, use the MessageType parameter with a value of DIGEST.
*
*
* If the message specified here is different from the message that was signed, the signature verification fails. A
* message and its hash digest are considered to be the same message.
*
*
* The AWS SDK for Java performs a Base64 encoding on this field before sending this request to the AWS service.
* Users of the SDK should not perform Base64 encoding on this field.
*
*
* Warning: ByteBuffers returned by the SDK are mutable. Changes to the content or position of the byte buffer will
* be seen by all objects that have a reference to this object. It is recommended to call ByteBuffer.duplicate() or
* ByteBuffer.asReadOnlyBuffer() before using or reading from the buffer. This behavior will be changed in a future
* major version of the SDK.
*
*
* @param message
* Specifies the message that was signed. You can submit a raw message of up to 4096 bytes, or a hash digest
* of the message. If you submit a digest, use the MessageType parameter with a value of
* DIGEST.
*
* If the message specified here is different from the message that was signed, the signature verification
* fails. A message and its hash digest are considered to be the same message.
*/
public void setMessage(java.nio.ByteBuffer message) {
this.message = message;
}
/**
*
* Specifies the message that was signed. You can submit a raw message of up to 4096 bytes, or a hash digest of the
* message. If you submit a digest, use the MessageType parameter with a value of DIGEST.
*
*
* If the message specified here is different from the message that was signed, the signature verification fails. A
* message and its hash digest are considered to be the same message.
*
*
* {@code ByteBuffer}s are stateful. Calling their {@code get} methods changes their {@code position}. We recommend
* using {@link java.nio.ByteBuffer#asReadOnlyBuffer()} to create a read-only view of the buffer with an independent
* {@code position}, and calling {@code get} methods on this rather than directly on the returned {@code ByteBuffer}.
* Doing so will ensure that anyone else using the {@code ByteBuffer} will not be affected by changes to the
* {@code position}.
*
*
* @return Specifies the message that was signed. You can submit a raw message of up to 4096 bytes, or a hash digest
* of the message. If you submit a digest, use the MessageType parameter with a value of
* DIGEST.
*
* If the message specified here is different from the message that was signed, the signature verification
* fails. A message and its hash digest are considered to be the same message.
*/
public java.nio.ByteBuffer getMessage() {
return this.message;
}
/**
*
* Specifies the message that was signed. You can submit a raw message of up to 4096 bytes, or a hash digest of the
* message. If you submit a digest, use the MessageType parameter with a value of DIGEST.
*
*
* If the message specified here is different from the message that was signed, the signature verification fails. A
* message and its hash digest are considered to be the same message.
*
*
* The AWS SDK for Java performs a Base64 encoding on this field before sending this request to the AWS service.
* Users of the SDK should not perform Base64 encoding on this field.
*
*
* Warning: ByteBuffers returned by the SDK are mutable. Changes to the content or position of the byte buffer will
* be seen by all objects that have a reference to this object. It is recommended to call ByteBuffer.duplicate() or
* ByteBuffer.asReadOnlyBuffer() before using or reading from the buffer. This behavior will be changed in a future
* major version of the SDK.
*
*
* @param message
* Specifies the message that was signed. You can submit a raw message of up to 4096 bytes, or a hash digest
* of the message. If you submit a digest, use the MessageType parameter with a value of
* DIGEST.
*
* If the message specified here is different from the message that was signed, the signature verification
* fails. A message and its hash digest are considered to be the same message.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public VerifyRequest withMessage(java.nio.ByteBuffer message) {
setMessage(message);
return this;
}
/**
*
* Tells KMS whether the value of the Message parameter should be hashed as part of the signing
* algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are
* already hashed.
*
*
* When the value of MessageType is RAW, KMS uses the standard signing algorithm, which
* begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing
* algorithm.
*
*
*
* Use the DIGEST value only when the value of the Message parameter is a message digest.
* If you use the DIGEST value with an unhashed message, the security of the verification operation can
* be compromised.
*
*
*
* When the value of MessageTypeis DIGEST, the length of the Message value
* must match the length of hashed messages for the specified signing algorithm.
*
*
* You can submit a message digest and omit the MessageType or specify RAW so the digest
* is hashed again while signing. However, if the signed message is hashed once while signing, but twice while
* verifying, verification fails, even when the message hasn't changed.
*
*
* The hashing algorithm in that Verify uses is based on the SigningAlgorithm value.
*
*
* -
*
* Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
*
*
* -
*
* SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.
*
*
*
*
* @param messageType
* Tells KMS whether the value of the Message parameter should be hashed as part of the signing
* algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which
* are already hashed.
*
* When the value of MessageType is RAW, KMS uses the standard signing algorithm,
* which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in
* the signing algorithm.
*
*
*
* Use the DIGEST value only when the value of the Message parameter is a message
* digest. If you use the DIGEST value with an unhashed message, the security of the
* verification operation can be compromised.
*
*
*
* When the value of MessageTypeis DIGEST, the length of the Message
* value must match the length of hashed messages for the specified signing algorithm.
*
*
* You can submit a message digest and omit the MessageType or specify RAW so the
* digest is hashed again while signing. However, if the signed message is hashed once while signing, but
* twice while verifying, verification fails, even when the message hasn't changed.
*
*
* The hashing algorithm in that Verify uses is based on the SigningAlgorithm
* value.
*
*
* -
*
* Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
*
*
* -
*
* SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.
*
*
* @see MessageType
*/
public void setMessageType(String messageType) {
this.messageType = messageType;
}
/**
*
* Tells KMS whether the value of the Message parameter should be hashed as part of the signing
* algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are
* already hashed.
*
*
* When the value of MessageType is RAW, KMS uses the standard signing algorithm, which
* begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing
* algorithm.
*
*
*
* Use the DIGEST value only when the value of the Message parameter is a message digest.
* If you use the DIGEST value with an unhashed message, the security of the verification operation can
* be compromised.
*
*
*
* When the value of MessageTypeis DIGEST, the length of the Message value
* must match the length of hashed messages for the specified signing algorithm.
*
*
* You can submit a message digest and omit the MessageType or specify RAW so the digest
* is hashed again while signing. However, if the signed message is hashed once while signing, but twice while
* verifying, verification fails, even when the message hasn't changed.
*
*
* The hashing algorithm in that Verify uses is based on the SigningAlgorithm value.
*
*
* -
*
* Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
*
*
* -
*
* SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.
*
*
*
*
* @return Tells KMS whether the value of the Message parameter should be hashed as part of the signing
* algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which
* are already hashed.
*
* When the value of MessageType is RAW, KMS uses the standard signing algorithm,
* which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in
* the signing algorithm.
*
*
*
* Use the DIGEST value only when the value of the Message parameter is a message
* digest. If you use the DIGEST value with an unhashed message, the security of the
* verification operation can be compromised.
*
*
*
* When the value of MessageTypeis DIGEST, the length of the Message
* value must match the length of hashed messages for the specified signing algorithm.
*
*
* You can submit a message digest and omit the MessageType or specify RAW so the
* digest is hashed again while signing. However, if the signed message is hashed once while signing, but
* twice while verifying, verification fails, even when the message hasn't changed.
*
*
* The hashing algorithm in that Verify uses is based on the SigningAlgorithm
* value.
*
*
* -
*
* Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
*
*
* -
*
* SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.
*
*
* @see MessageType
*/
public String getMessageType() {
return this.messageType;
}
/**
*
* Tells KMS whether the value of the Message parameter should be hashed as part of the signing
* algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are
* already hashed.
*
*
* When the value of MessageType is RAW, KMS uses the standard signing algorithm, which
* begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing
* algorithm.
*
*
*
* Use the DIGEST value only when the value of the Message parameter is a message digest.
* If you use the DIGEST value with an unhashed message, the security of the verification operation can
* be compromised.
*
*
*
* When the value of MessageTypeis DIGEST, the length of the Message value
* must match the length of hashed messages for the specified signing algorithm.
*
*
* You can submit a message digest and omit the MessageType or specify RAW so the digest
* is hashed again while signing. However, if the signed message is hashed once while signing, but twice while
* verifying, verification fails, even when the message hasn't changed.
*
*
* The hashing algorithm in that Verify uses is based on the SigningAlgorithm value.
*
*
* -
*
* Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
*
*
* -
*
* SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.
*
*
*
*
* @param messageType
* Tells KMS whether the value of the Message parameter should be hashed as part of the signing
* algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which
* are already hashed.
*
* When the value of MessageType is RAW, KMS uses the standard signing algorithm,
* which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in
* the signing algorithm.
*
*
*
* Use the DIGEST value only when the value of the Message parameter is a message
* digest. If you use the DIGEST value with an unhashed message, the security of the
* verification operation can be compromised.
*
*
*
* When the value of MessageTypeis DIGEST, the length of the Message
* value must match the length of hashed messages for the specified signing algorithm.
*
*
* You can submit a message digest and omit the MessageType or specify RAW so the
* digest is hashed again while signing. However, if the signed message is hashed once while signing, but
* twice while verifying, verification fails, even when the message hasn't changed.
*
*
* The hashing algorithm in that Verify uses is based on the SigningAlgorithm
* value.
*
*
* -
*
* Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
*
*
* -
*
* SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see MessageType
*/
public VerifyRequest withMessageType(String messageType) {
setMessageType(messageType);
return this;
}
/**
*
* Tells KMS whether the value of the Message parameter should be hashed as part of the signing
* algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are
* already hashed.
*
*
* When the value of MessageType is RAW, KMS uses the standard signing algorithm, which
* begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing
* algorithm.
*
*
*
* Use the DIGEST value only when the value of the Message parameter is a message digest.
* If you use the DIGEST value with an unhashed message, the security of the verification operation can
* be compromised.
*
*
*
* When the value of MessageTypeis DIGEST, the length of the Message value
* must match the length of hashed messages for the specified signing algorithm.
*
*
* You can submit a message digest and omit the MessageType or specify RAW so the digest
* is hashed again while signing. However, if the signed message is hashed once while signing, but twice while
* verifying, verification fails, even when the message hasn't changed.
*
*
* The hashing algorithm in that Verify uses is based on the SigningAlgorithm value.
*
*
* -
*
* Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
*
*
* -
*
* SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.
*
*
*
*
* @param messageType
* Tells KMS whether the value of the Message parameter should be hashed as part of the signing
* algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which
* are already hashed.
*
* When the value of MessageType is RAW, KMS uses the standard signing algorithm,
* which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in
* the signing algorithm.
*
*
*
* Use the DIGEST value only when the value of the Message parameter is a message
* digest. If you use the DIGEST value with an unhashed message, the security of the
* verification operation can be compromised.
*
*
*
* When the value of MessageTypeis DIGEST, the length of the Message
* value must match the length of hashed messages for the specified signing algorithm.
*
*
* You can submit a message digest and omit the MessageType or specify RAW so the
* digest is hashed again while signing. However, if the signed message is hashed once while signing, but
* twice while verifying, verification fails, even when the message hasn't changed.
*
*
* The hashing algorithm in that Verify uses is based on the SigningAlgorithm
* value.
*
*
* -
*
* Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.
*
*
* -
*
* Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
*
*
* -
*
* SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see MessageType
*/
public VerifyRequest withMessageType(MessageType messageType) {
this.messageType = messageType.toString();
return this;
}
/**
*
* The signature that the Sign operation generated.
*
*
* The AWS SDK for Java performs a Base64 encoding on this field before sending this request to the AWS service.
* Users of the SDK should not perform Base64 encoding on this field.
*
*
* Warning: ByteBuffers returned by the SDK are mutable. Changes to the content or position of the byte buffer will
* be seen by all objects that have a reference to this object. It is recommended to call ByteBuffer.duplicate() or
* ByteBuffer.asReadOnlyBuffer() before using or reading from the buffer. This behavior will be changed in a future
* major version of the SDK.
*
*
* @param signature
* The signature that the Sign operation generated.
*/
public void setSignature(java.nio.ByteBuffer signature) {
this.signature = signature;
}
/**
*
* The signature that the Sign operation generated.
*
*
* {@code ByteBuffer}s are stateful. Calling their {@code get} methods changes their {@code position}. We recommend
* using {@link java.nio.ByteBuffer#asReadOnlyBuffer()} to create a read-only view of the buffer with an independent
* {@code position}, and calling {@code get} methods on this rather than directly on the returned {@code ByteBuffer}.
* Doing so will ensure that anyone else using the {@code ByteBuffer} will not be affected by changes to the
* {@code position}.
*
*
* @return The signature that the Sign operation generated.
*/
public java.nio.ByteBuffer getSignature() {
return this.signature;
}
/**
*
* The signature that the Sign operation generated.
*
*
* The AWS SDK for Java performs a Base64 encoding on this field before sending this request to the AWS service.
* Users of the SDK should not perform Base64 encoding on this field.
*
*
* Warning: ByteBuffers returned by the SDK are mutable. Changes to the content or position of the byte buffer will
* be seen by all objects that have a reference to this object. It is recommended to call ByteBuffer.duplicate() or
* ByteBuffer.asReadOnlyBuffer() before using or reading from the buffer. This behavior will be changed in a future
* major version of the SDK.
*
*
* @param signature
* The signature that the Sign operation generated.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public VerifyRequest withSignature(java.nio.ByteBuffer signature) {
setSignature(signature);
return this;
}
/**
*
* The signing algorithm that was used to sign the message. If you submit a different algorithm, the signature
* verification fails.
*
*
* @param signingAlgorithm
* The signing algorithm that was used to sign the message. If you submit a different algorithm, the
* signature verification fails.
* @see SigningAlgorithmSpec
*/
public void setSigningAlgorithm(String signingAlgorithm) {
this.signingAlgorithm = signingAlgorithm;
}
/**
*
* The signing algorithm that was used to sign the message. If you submit a different algorithm, the signature
* verification fails.
*
*
* @return The signing algorithm that was used to sign the message. If you submit a different algorithm, the
* signature verification fails.
* @see SigningAlgorithmSpec
*/
public String getSigningAlgorithm() {
return this.signingAlgorithm;
}
/**
*
* The signing algorithm that was used to sign the message. If you submit a different algorithm, the signature
* verification fails.
*
*
* @param signingAlgorithm
* The signing algorithm that was used to sign the message. If you submit a different algorithm, the
* signature verification fails.
* @return Returns a reference to this object so that method calls can be chained together.
* @see SigningAlgorithmSpec
*/
public VerifyRequest withSigningAlgorithm(String signingAlgorithm) {
setSigningAlgorithm(signingAlgorithm);
return this;
}
/**
*
* The signing algorithm that was used to sign the message. If you submit a different algorithm, the signature
* verification fails.
*
*
* @param signingAlgorithm
* The signing algorithm that was used to sign the message. If you submit a different algorithm, the
* signature verification fails.
* @return Returns a reference to this object so that method calls can be chained together.
* @see SigningAlgorithmSpec
*/
public VerifyRequest withSigningAlgorithm(SigningAlgorithmSpec signingAlgorithm) {
this.signingAlgorithm = signingAlgorithm.toString();
return this;
}
/**
*
* A list of grant tokens.
*
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved
* eventual consistency. For more information, see Grant token and Using a grant
* token in the Key Management Service Developer Guide.
*
*
* @return A list of grant tokens.
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet
* achieved eventual consistency. For more information, see Grant token and
* Using
* a grant token in the Key Management Service Developer Guide.
*/
public java.util.List getGrantTokens() {
if (grantTokens == null) {
grantTokens = new com.amazonaws.internal.SdkInternalList();
}
return grantTokens;
}
/**
*
* A list of grant tokens.
*
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved
* eventual consistency. For more information, see Grant token and Using a grant
* token in the Key Management Service Developer Guide.
*
*
* @param grantTokens
* A list of grant tokens.
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet
* achieved eventual consistency. For more information, see Grant token and
* Using
* a grant token in the Key Management Service Developer Guide.
*/
public void setGrantTokens(java.util.Collection grantTokens) {
if (grantTokens == null) {
this.grantTokens = null;
return;
}
this.grantTokens = new com.amazonaws.internal.SdkInternalList(grantTokens);
}
/**
*
* A list of grant tokens.
*
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved
* eventual consistency. For more information, see Grant token and Using a grant
* token in the Key Management Service Developer Guide.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setGrantTokens(java.util.Collection)} or {@link #withGrantTokens(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param grantTokens
* A list of grant tokens.
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet
* achieved eventual consistency. For more information, see Grant token and
* Using
* a grant token in the Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public VerifyRequest withGrantTokens(String... grantTokens) {
if (this.grantTokens == null) {
setGrantTokens(new com.amazonaws.internal.SdkInternalList(grantTokens.length));
}
for (String ele : grantTokens) {
this.grantTokens.add(ele);
}
return this;
}
/**
*
* A list of grant tokens.
*
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved
* eventual consistency. For more information, see Grant token and Using a grant
* token in the Key Management Service Developer Guide.
*
*
* @param grantTokens
* A list of grant tokens.
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet
* achieved eventual consistency. For more information, see Grant token and
* Using
* a grant token in the Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public VerifyRequest withGrantTokens(java.util.Collection grantTokens) {
setGrantTokens(grantTokens);
return this;
}
/**
*
* Checks if your request will succeed. DryRun is an optional parameter.
*
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*
*
* @param dryRun
* Checks if your request will succeed. DryRun is an optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*/
public void setDryRun(Boolean dryRun) {
this.dryRun = dryRun;
}
/**
*
* Checks if your request will succeed. DryRun is an optional parameter.
*
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*
*
* @return Checks if your request will succeed. DryRun is an optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*/
public Boolean getDryRun() {
return this.dryRun;
}
/**
*
* Checks if your request will succeed. DryRun is an optional parameter.
*
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*
*
* @param dryRun
* Checks if your request will succeed. DryRun is an optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public VerifyRequest withDryRun(Boolean dryRun) {
setDryRun(dryRun);
return this;
}
/**
*
* Checks if your request will succeed. DryRun is an optional parameter.
*
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*
*
* @return Checks if your request will succeed. DryRun is an optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*/
public Boolean isDryRun() {
return this.dryRun;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getKeyId() != null)
sb.append("KeyId: ").append(getKeyId()).append(",");
if (getMessage() != null)
sb.append("Message: ").append("***Sensitive Data Redacted***").append(",");
if (getMessageType() != null)
sb.append("MessageType: ").append(getMessageType()).append(",");
if (getSignature() != null)
sb.append("Signature: ").append(getSignature()).append(",");
if (getSigningAlgorithm() != null)
sb.append("SigningAlgorithm: ").append(getSigningAlgorithm()).append(",");
if (getGrantTokens() != null)
sb.append("GrantTokens: ").append(getGrantTokens()).append(",");
if (getDryRun() != null)
sb.append("DryRun: ").append(getDryRun());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof VerifyRequest == false)
return false;
VerifyRequest other = (VerifyRequest) obj;
if (other.getKeyId() == null ^ this.getKeyId() == null)
return false;
if (other.getKeyId() != null && other.getKeyId().equals(this.getKeyId()) == false)
return false;
if (other.getMessage() == null ^ this.getMessage() == null)
return false;
if (other.getMessage() != null && other.getMessage().equals(this.getMessage()) == false)
return false;
if (other.getMessageType() == null ^ this.getMessageType() == null)
return false;
if (other.getMessageType() != null && other.getMessageType().equals(this.getMessageType()) == false)
return false;
if (other.getSignature() == null ^ this.getSignature() == null)
return false;
if (other.getSignature() != null && other.getSignature().equals(this.getSignature()) == false)
return false;
if (other.getSigningAlgorithm() == null ^ this.getSigningAlgorithm() == null)
return false;
if (other.getSigningAlgorithm() != null && other.getSigningAlgorithm().equals(this.getSigningAlgorithm()) == false)
return false;
if (other.getGrantTokens() == null ^ this.getGrantTokens() == null)
return false;
if (other.getGrantTokens() != null && other.getGrantTokens().equals(this.getGrantTokens()) == false)
return false;
if (other.getDryRun() == null ^ this.getDryRun() == null)
return false;
if (other.getDryRun() != null && other.getDryRun().equals(this.getDryRun()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getKeyId() == null) ? 0 : getKeyId().hashCode());
hashCode = prime * hashCode + ((getMessage() == null) ? 0 : getMessage().hashCode());
hashCode = prime * hashCode + ((getMessageType() == null) ? 0 : getMessageType().hashCode());
hashCode = prime * hashCode + ((getSignature() == null) ? 0 : getSignature().hashCode());
hashCode = prime * hashCode + ((getSigningAlgorithm() == null) ? 0 : getSigningAlgorithm().hashCode());
hashCode = prime * hashCode + ((getGrantTokens() == null) ? 0 : getGrantTokens().hashCode());
hashCode = prime * hashCode + ((getDryRun() == null) ? 0 : getDryRun().hashCode());
return hashCode;
}
@Override
public VerifyRequest clone() {
return (VerifyRequest) super.clone();
}
}