All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.amazonaws.services.kms.model.SignRequest Maven / Gradle / Ivy

Go to download

The AWS Java SDK for AWS KMS module holds the client classes that are used for communicating with AWS Key Management Service

There is a newer version: 1.12.778
Show newest version
/*
 * Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
 * the License. A copy of the License is located at
 * 
 * http://aws.amazon.com/apache2.0
 * 
 * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 * and limitations under the License.
 */
package com.amazonaws.services.kms.model;

import java.io.Serializable;
import javax.annotation.Generated;

import com.amazonaws.AmazonWebServiceRequest;

/**
 * 
 * @see AWS API Documentation
 */
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class SignRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {

    /**
     * 

* Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to sign the message. The * KeyUsage type of the KMS key must be SIGN_VERIFY. To find the KeyUsage of * a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN * or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and * alias ARN, use ListAliases. *

*/ private String keyId; /** *

* Specifies the message or message digest to sign. Messages can be 0-4096 bytes. To sign a larger message, provide * a message digest. *

*

* If you provide a message digest, use the DIGEST value of MessageType to prevent the * digest from being hashed again while signing. *

*/ private java.nio.ByteBuffer message; /** *

* Tells KMS whether the value of the Message parameter should be hashed as part of the signing * algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are * already hashed. *

*

* When the value of MessageType is RAW, KMS uses the standard signing algorithm, which * begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing * algorithm. *

* *

* Use the DIGEST value only when the value of the Message parameter is a message digest. * If you use the DIGEST value with an unhashed message, the security of the signing operation can be * compromised. *

*
*

* When the value of MessageTypeis DIGEST, the length of the Message value * must match the length of hashed messages for the specified signing algorithm. *

*

* You can submit a message digest and omit the MessageType or specify RAW so the digest * is hashed again while signing. However, this can cause verification failures when verifying with a system that * assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based on the SigningAlgorithm value. *

*
    *
  • *

    * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. *

    *
  • *
  • *

    * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. *

    *
  • *
  • *

    * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. *

    *
  • *
  • *

    * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs. *

    *
  • *
*/ private String messageType; /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved * eventual consistency. For more information, see Grant token and Using a grant * token in the Key Management Service Developer Guide. *

*/ private com.amazonaws.internal.SdkInternalList grantTokens; /** *

* Specifies the signing algorithm to use when signing the message. *

*

* Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key. When signing * with RSA key pairs, RSASSA-PSS algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms for * compatibility with existing applications. *

*/ private String signingAlgorithm; /** *

* Checks if your request will succeed. DryRun is an optional parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. *

*/ private Boolean dryRun; /** *

* Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to sign the message. The * KeyUsage type of the KMS key must be SIGN_VERIFY. To find the KeyUsage of * a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN * or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and * alias ARN, use ListAliases. *

* * @param keyId * Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to sign the message. * The KeyUsage type of the KMS key must be SIGN_VERIFY. To find the * KeyUsage of a KMS key, use the DescribeKey operation.

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix * it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must * use the key ARN or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias * name and alias ARN, use ListAliases. */ public void setKeyId(String keyId) { this.keyId = keyId; } /** *

* Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to sign the message. The * KeyUsage type of the KMS key must be SIGN_VERIFY. To find the KeyUsage of * a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN * or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and * alias ARN, use ListAliases. *

* * @return Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to sign the message. * The KeyUsage type of the KMS key must be SIGN_VERIFY. To find the * KeyUsage of a KMS key, use the DescribeKey operation.

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix * it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must * use the key ARN or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias * name and alias ARN, use ListAliases. */ public String getKeyId() { return this.keyId; } /** *

* Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to sign the message. The * KeyUsage type of the KMS key must be SIGN_VERIFY. To find the KeyUsage of * a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN * or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and * alias ARN, use ListAliases. *

* * @param keyId * Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to sign the message. * The KeyUsage type of the KMS key must be SIGN_VERIFY. To find the * KeyUsage of a KMS key, use the DescribeKey operation.

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix * it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must * use the key ARN or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias * name and alias ARN, use ListAliases. * @return Returns a reference to this object so that method calls can be chained together. */ public SignRequest withKeyId(String keyId) { setKeyId(keyId); return this; } /** *

* Specifies the message or message digest to sign. Messages can be 0-4096 bytes. To sign a larger message, provide * a message digest. *

*

* If you provide a message digest, use the DIGEST value of MessageType to prevent the * digest from being hashed again while signing. *

*

* The AWS SDK for Java performs a Base64 encoding on this field before sending this request to the AWS service. * Users of the SDK should not perform Base64 encoding on this field. *

*

* Warning: ByteBuffers returned by the SDK are mutable. Changes to the content or position of the byte buffer will * be seen by all objects that have a reference to this object. It is recommended to call ByteBuffer.duplicate() or * ByteBuffer.asReadOnlyBuffer() before using or reading from the buffer. This behavior will be changed in a future * major version of the SDK. *

* * @param message * Specifies the message or message digest to sign. Messages can be 0-4096 bytes. To sign a larger message, * provide a message digest.

*

* If you provide a message digest, use the DIGEST value of MessageType to prevent * the digest from being hashed again while signing. */ public void setMessage(java.nio.ByteBuffer message) { this.message = message; } /** *

* Specifies the message or message digest to sign. Messages can be 0-4096 bytes. To sign a larger message, provide * a message digest. *

*

* If you provide a message digest, use the DIGEST value of MessageType to prevent the * digest from being hashed again while signing. *

*

* {@code ByteBuffer}s are stateful. Calling their {@code get} methods changes their {@code position}. We recommend * using {@link java.nio.ByteBuffer#asReadOnlyBuffer()} to create a read-only view of the buffer with an independent * {@code position}, and calling {@code get} methods on this rather than directly on the returned {@code ByteBuffer}. * Doing so will ensure that anyone else using the {@code ByteBuffer} will not be affected by changes to the * {@code position}. *

* * @return Specifies the message or message digest to sign. Messages can be 0-4096 bytes. To sign a larger message, * provide a message digest.

*

* If you provide a message digest, use the DIGEST value of MessageType to prevent * the digest from being hashed again while signing. */ public java.nio.ByteBuffer getMessage() { return this.message; } /** *

* Specifies the message or message digest to sign. Messages can be 0-4096 bytes. To sign a larger message, provide * a message digest. *

*

* If you provide a message digest, use the DIGEST value of MessageType to prevent the * digest from being hashed again while signing. *

*

* The AWS SDK for Java performs a Base64 encoding on this field before sending this request to the AWS service. * Users of the SDK should not perform Base64 encoding on this field. *

*

* Warning: ByteBuffers returned by the SDK are mutable. Changes to the content or position of the byte buffer will * be seen by all objects that have a reference to this object. It is recommended to call ByteBuffer.duplicate() or * ByteBuffer.asReadOnlyBuffer() before using or reading from the buffer. This behavior will be changed in a future * major version of the SDK. *

* * @param message * Specifies the message or message digest to sign. Messages can be 0-4096 bytes. To sign a larger message, * provide a message digest.

*

* If you provide a message digest, use the DIGEST value of MessageType to prevent * the digest from being hashed again while signing. * @return Returns a reference to this object so that method calls can be chained together. */ public SignRequest withMessage(java.nio.ByteBuffer message) { setMessage(message); return this; } /** *

* Tells KMS whether the value of the Message parameter should be hashed as part of the signing * algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are * already hashed. *

*

* When the value of MessageType is RAW, KMS uses the standard signing algorithm, which * begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing * algorithm. *

* *

* Use the DIGEST value only when the value of the Message parameter is a message digest. * If you use the DIGEST value with an unhashed message, the security of the signing operation can be * compromised. *

*
*

* When the value of MessageTypeis DIGEST, the length of the Message value * must match the length of hashed messages for the specified signing algorithm. *

*

* You can submit a message digest and omit the MessageType or specify RAW so the digest * is hashed again while signing. However, this can cause verification failures when verifying with a system that * assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based on the SigningAlgorithm value. *

*
    *
  • *

    * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. *

    *
  • *
  • *

    * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. *

    *
  • *
  • *

    * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. *

    *
  • *
  • *

    * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs. *

    *
  • *
* * @param messageType * Tells KMS whether the value of the Message parameter should be hashed as part of the signing * algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which * are already hashed.

*

* When the value of MessageType is RAW, KMS uses the standard signing algorithm, * which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in * the signing algorithm. *

* *

* Use the DIGEST value only when the value of the Message parameter is a message * digest. If you use the DIGEST value with an unhashed message, the security of the signing * operation can be compromised. *

*
*

* When the value of MessageTypeis DIGEST, the length of the Message * value must match the length of hashed messages for the specified signing algorithm. *

*

* You can submit a message digest and omit the MessageType or specify RAW so the * digest is hashed again while signing. However, this can cause verification failures when verifying with a * system that assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based on the SigningAlgorithm value. *

*
    *
  • *

    * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. *

    *
  • *
  • *

    * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. *

    *
  • *
  • *

    * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. *

    *
  • *
  • *

    * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs. *

    *
  • * @see MessageType */ public void setMessageType(String messageType) { this.messageType = messageType; } /** *

    * Tells KMS whether the value of the Message parameter should be hashed as part of the signing * algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are * already hashed. *

    *

    * When the value of MessageType is RAW, KMS uses the standard signing algorithm, which * begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing * algorithm. *

    * *

    * Use the DIGEST value only when the value of the Message parameter is a message digest. * If you use the DIGEST value with an unhashed message, the security of the signing operation can be * compromised. *

    *
    *

    * When the value of MessageTypeis DIGEST, the length of the Message value * must match the length of hashed messages for the specified signing algorithm. *

    *

    * You can submit a message digest and omit the MessageType or specify RAW so the digest * is hashed again while signing. However, this can cause verification failures when verifying with a system that * assumes a single hash. *

    *

    * The hashing algorithm in that Sign uses is based on the SigningAlgorithm value. *

    *
      *
    • *

      * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. *

      *
    • *
    • *

      * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. *

      *
    • *
    • *

      * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. *

      *
    • *
    • *

      * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs. *

      *
    • *
    * * @return Tells KMS whether the value of the Message parameter should be hashed as part of the signing * algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which * are already hashed.

    *

    * When the value of MessageType is RAW, KMS uses the standard signing algorithm, * which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in * the signing algorithm. *

    * *

    * Use the DIGEST value only when the value of the Message parameter is a message * digest. If you use the DIGEST value with an unhashed message, the security of the signing * operation can be compromised. *

    *
    *

    * When the value of MessageTypeis DIGEST, the length of the Message * value must match the length of hashed messages for the specified signing algorithm. *

    *

    * You can submit a message digest and omit the MessageType or specify RAW so the * digest is hashed again while signing. However, this can cause verification failures when verifying with a * system that assumes a single hash. *

    *

    * The hashing algorithm in that Sign uses is based on the SigningAlgorithm value. *

    *
      *
    • *

      * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. *

      *
    • *
    • *

      * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. *

      *
    • *
    • *

      * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. *

      *
    • *
    • *

      * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs. *

      *
    • * @see MessageType */ public String getMessageType() { return this.messageType; } /** *

      * Tells KMS whether the value of the Message parameter should be hashed as part of the signing * algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are * already hashed. *

      *

      * When the value of MessageType is RAW, KMS uses the standard signing algorithm, which * begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing * algorithm. *

      * *

      * Use the DIGEST value only when the value of the Message parameter is a message digest. * If you use the DIGEST value with an unhashed message, the security of the signing operation can be * compromised. *

      *
      *

      * When the value of MessageTypeis DIGEST, the length of the Message value * must match the length of hashed messages for the specified signing algorithm. *

      *

      * You can submit a message digest and omit the MessageType or specify RAW so the digest * is hashed again while signing. However, this can cause verification failures when verifying with a system that * assumes a single hash. *

      *

      * The hashing algorithm in that Sign uses is based on the SigningAlgorithm value. *

      *
        *
      • *

        * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. *

        *
      • *
      • *

        * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. *

        *
      • *
      • *

        * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. *

        *
      • *
      • *

        * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs. *

        *
      • *
      * * @param messageType * Tells KMS whether the value of the Message parameter should be hashed as part of the signing * algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which * are already hashed.

      *

      * When the value of MessageType is RAW, KMS uses the standard signing algorithm, * which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in * the signing algorithm. *

      * *

      * Use the DIGEST value only when the value of the Message parameter is a message * digest. If you use the DIGEST value with an unhashed message, the security of the signing * operation can be compromised. *

      *
      *

      * When the value of MessageTypeis DIGEST, the length of the Message * value must match the length of hashed messages for the specified signing algorithm. *

      *

      * You can submit a message digest and omit the MessageType or specify RAW so the * digest is hashed again while signing. However, this can cause verification failures when verifying with a * system that assumes a single hash. *

      *

      * The hashing algorithm in that Sign uses is based on the SigningAlgorithm value. *

      *
        *
      • *

        * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. *

        *
      • *
      • *

        * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. *

        *
      • *
      • *

        * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. *

        *
      • *
      • *

        * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs. *

        *
      • * @return Returns a reference to this object so that method calls can be chained together. * @see MessageType */ public SignRequest withMessageType(String messageType) { setMessageType(messageType); return this; } /** *

        * Tells KMS whether the value of the Message parameter should be hashed as part of the signing * algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which are * already hashed. *

        *

        * When the value of MessageType is RAW, KMS uses the standard signing algorithm, which * begins with a hash function. When the value is DIGEST, KMS skips the hashing step in the signing * algorithm. *

        * *

        * Use the DIGEST value only when the value of the Message parameter is a message digest. * If you use the DIGEST value with an unhashed message, the security of the signing operation can be * compromised. *

        *
        *

        * When the value of MessageTypeis DIGEST, the length of the Message value * must match the length of hashed messages for the specified signing algorithm. *

        *

        * You can submit a message digest and omit the MessageType or specify RAW so the digest * is hashed again while signing. However, this can cause verification failures when verifying with a system that * assumes a single hash. *

        *

        * The hashing algorithm in that Sign uses is based on the SigningAlgorithm value. *

        *
          *
        • *

          * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. *

          *
        • *
        • *

          * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. *

          *
        • *
        • *

          * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. *

          *
        • *
        • *

          * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs. *

          *
        • *
        * * @param messageType * Tells KMS whether the value of the Message parameter should be hashed as part of the signing * algorithm. Use RAW for unhashed messages; use DIGEST for message digests, which * are already hashed.

        *

        * When the value of MessageType is RAW, KMS uses the standard signing algorithm, * which begins with a hash function. When the value is DIGEST, KMS skips the hashing step in * the signing algorithm. *

        * *

        * Use the DIGEST value only when the value of the Message parameter is a message * digest. If you use the DIGEST value with an unhashed message, the security of the signing * operation can be compromised. *

        *
        *

        * When the value of MessageTypeis DIGEST, the length of the Message * value must match the length of hashed messages for the specified signing algorithm. *

        *

        * You can submit a message digest and omit the MessageType or specify RAW so the * digest is hashed again while signing. However, this can cause verification failures when verifying with a * system that assumes a single hash. *

        *

        * The hashing algorithm in that Sign uses is based on the SigningAlgorithm value. *

        *
          *
        • *

          * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm. *

          *
        • *
        • *

          * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm. *

          *
        • *
        • *

          * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm. *

          *
        • *
        • *

          * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs. *

          *
        • * @return Returns a reference to this object so that method calls can be chained together. * @see MessageType */ public SignRequest withMessageType(MessageType messageType) { this.messageType = messageType.toString(); return this; } /** *

          * A list of grant tokens. *

          *

          * Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved * eventual consistency. For more information, see Grant token and Using a grant * token in the Key Management Service Developer Guide. *

          * * @return A list of grant tokens.

          *

          * Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token and * Using * a grant token in the Key Management Service Developer Guide. */ public java.util.List getGrantTokens() { if (grantTokens == null) { grantTokens = new com.amazonaws.internal.SdkInternalList(); } return grantTokens; } /** *

          * A list of grant tokens. *

          *

          * Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved * eventual consistency. For more information, see Grant token and Using a grant * token in the Key Management Service Developer Guide. *

          * * @param grantTokens * A list of grant tokens.

          *

          * Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token and * Using * a grant token in the Key Management Service Developer Guide. */ public void setGrantTokens(java.util.Collection grantTokens) { if (grantTokens == null) { this.grantTokens = null; return; } this.grantTokens = new com.amazonaws.internal.SdkInternalList(grantTokens); } /** *

          * A list of grant tokens. *

          *

          * Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved * eventual consistency. For more information, see Grant token and Using a grant * token in the Key Management Service Developer Guide. *

          *

          * NOTE: This method appends the values to the existing list (if any). Use * {@link #setGrantTokens(java.util.Collection)} or {@link #withGrantTokens(java.util.Collection)} if you want to * override the existing values. *

          * * @param grantTokens * A list of grant tokens.

          *

          * Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token and * Using * a grant token in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. */ public SignRequest withGrantTokens(String... grantTokens) { if (this.grantTokens == null) { setGrantTokens(new com.amazonaws.internal.SdkInternalList(grantTokens.length)); } for (String ele : grantTokens) { this.grantTokens.add(ele); } return this; } /** *

          * A list of grant tokens. *

          *

          * Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved * eventual consistency. For more information, see Grant token and Using a grant * token in the Key Management Service Developer Guide. *

          * * @param grantTokens * A list of grant tokens.

          *

          * Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token and * Using * a grant token in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. */ public SignRequest withGrantTokens(java.util.Collection grantTokens) { setGrantTokens(grantTokens); return this; } /** *

          * Specifies the signing algorithm to use when signing the message. *

          *

          * Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key. When signing * with RSA key pairs, RSASSA-PSS algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms for * compatibility with existing applications. *

          * * @param signingAlgorithm * Specifies the signing algorithm to use when signing the message.

          *

          * Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key. When * signing with RSA key pairs, RSASSA-PSS algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms * for compatibility with existing applications. * @see SigningAlgorithmSpec */ public void setSigningAlgorithm(String signingAlgorithm) { this.signingAlgorithm = signingAlgorithm; } /** *

          * Specifies the signing algorithm to use when signing the message. *

          *

          * Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key. When signing * with RSA key pairs, RSASSA-PSS algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms for * compatibility with existing applications. *

          * * @return Specifies the signing algorithm to use when signing the message.

          *

          * Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key. When * signing with RSA key pairs, RSASSA-PSS algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms * for compatibility with existing applications. * @see SigningAlgorithmSpec */ public String getSigningAlgorithm() { return this.signingAlgorithm; } /** *

          * Specifies the signing algorithm to use when signing the message. *

          *

          * Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key. When signing * with RSA key pairs, RSASSA-PSS algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms for * compatibility with existing applications. *

          * * @param signingAlgorithm * Specifies the signing algorithm to use when signing the message.

          *

          * Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key. When * signing with RSA key pairs, RSASSA-PSS algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms * for compatibility with existing applications. * @return Returns a reference to this object so that method calls can be chained together. * @see SigningAlgorithmSpec */ public SignRequest withSigningAlgorithm(String signingAlgorithm) { setSigningAlgorithm(signingAlgorithm); return this; } /** *

          * Specifies the signing algorithm to use when signing the message. *

          *

          * Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key. When signing * with RSA key pairs, RSASSA-PSS algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms for * compatibility with existing applications. *

          * * @param signingAlgorithm * Specifies the signing algorithm to use when signing the message.

          *

          * Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key. When * signing with RSA key pairs, RSASSA-PSS algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms * for compatibility with existing applications. * @return Returns a reference to this object so that method calls can be chained together. * @see SigningAlgorithmSpec */ public SignRequest withSigningAlgorithm(SigningAlgorithmSpec signingAlgorithm) { this.signingAlgorithm = signingAlgorithm.toString(); return this; } /** *

          * Checks if your request will succeed. DryRun is an optional parameter. *

          *

          * To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. *

          * * @param dryRun * Checks if your request will succeed. DryRun is an optional parameter.

          *

          * To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. */ public void setDryRun(Boolean dryRun) { this.dryRun = dryRun; } /** *

          * Checks if your request will succeed. DryRun is an optional parameter. *

          *

          * To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. *

          * * @return Checks if your request will succeed. DryRun is an optional parameter.

          *

          * To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. */ public Boolean getDryRun() { return this.dryRun; } /** *

          * Checks if your request will succeed. DryRun is an optional parameter. *

          *

          * To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. *

          * * @param dryRun * Checks if your request will succeed. DryRun is an optional parameter.

          *

          * To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. */ public SignRequest withDryRun(Boolean dryRun) { setDryRun(dryRun); return this; } /** *

          * Checks if your request will succeed. DryRun is an optional parameter. *

          *

          * To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. *

          * * @return Checks if your request will succeed. DryRun is an optional parameter.

          *

          * To learn more about how to use this parameter, see Testing your KMS API * calls in the Key Management Service Developer Guide. */ public Boolean isDryRun() { return this.dryRun; } /** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. * * @return A string representation of this object. * * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getKeyId() != null) sb.append("KeyId: ").append(getKeyId()).append(","); if (getMessage() != null) sb.append("Message: ").append("***Sensitive Data Redacted***").append(","); if (getMessageType() != null) sb.append("MessageType: ").append(getMessageType()).append(","); if (getGrantTokens() != null) sb.append("GrantTokens: ").append(getGrantTokens()).append(","); if (getSigningAlgorithm() != null) sb.append("SigningAlgorithm: ").append(getSigningAlgorithm()).append(","); if (getDryRun() != null) sb.append("DryRun: ").append(getDryRun()); sb.append("}"); return sb.toString(); } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof SignRequest == false) return false; SignRequest other = (SignRequest) obj; if (other.getKeyId() == null ^ this.getKeyId() == null) return false; if (other.getKeyId() != null && other.getKeyId().equals(this.getKeyId()) == false) return false; if (other.getMessage() == null ^ this.getMessage() == null) return false; if (other.getMessage() != null && other.getMessage().equals(this.getMessage()) == false) return false; if (other.getMessageType() == null ^ this.getMessageType() == null) return false; if (other.getMessageType() != null && other.getMessageType().equals(this.getMessageType()) == false) return false; if (other.getGrantTokens() == null ^ this.getGrantTokens() == null) return false; if (other.getGrantTokens() != null && other.getGrantTokens().equals(this.getGrantTokens()) == false) return false; if (other.getSigningAlgorithm() == null ^ this.getSigningAlgorithm() == null) return false; if (other.getSigningAlgorithm() != null && other.getSigningAlgorithm().equals(this.getSigningAlgorithm()) == false) return false; if (other.getDryRun() == null ^ this.getDryRun() == null) return false; if (other.getDryRun() != null && other.getDryRun().equals(this.getDryRun()) == false) return false; return true; } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getKeyId() == null) ? 0 : getKeyId().hashCode()); hashCode = prime * hashCode + ((getMessage() == null) ? 0 : getMessage().hashCode()); hashCode = prime * hashCode + ((getMessageType() == null) ? 0 : getMessageType().hashCode()); hashCode = prime * hashCode + ((getGrantTokens() == null) ? 0 : getGrantTokens().hashCode()); hashCode = prime * hashCode + ((getSigningAlgorithm() == null) ? 0 : getSigningAlgorithm().hashCode()); hashCode = prime * hashCode + ((getDryRun() == null) ? 0 : getDryRun().hashCode()); return hashCode; } @Override public SignRequest clone() { return (SignRequest) super.clone(); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy