com.amazonaws.services.kms.model.GenerateDataKeyRequest Maven / Gradle / Ivy
Show all versions of aws-java-sdk-kms Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.kms.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class GenerateDataKeyRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {
/**
*
* Specifies the symmetric encryption KMS key that encrypts the data key. You cannot specify an asymmetric KMS key
* or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey
* operation.
*
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with
* "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN
* or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*/
private String keyId;
/**
*
* Specifies the encryption context that will be used when encrypting the data key.
*
*
*
* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in
* CloudTrail logs and other output.
*
*
*
* An encryption context is a collection of non-secret key-value pairs that represent additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on
* operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption
* context is optional, but it is strongly recommended.
*
*
* For more information, see Encryption context
* in the Key Management Service Developer Guide.
*
*/
private com.amazonaws.internal.SdkInternalMap encryptionContext;
/**
*
* Specifies the length of the data key in bytes. For example, use the value 64 to generate a 512-bit data key (64
* bytes is 512 bits). For 128-bit (16-byte) and 256-bit (32-byte) data keys, use the KeySpec
* parameter.
*
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not both) in
* every GenerateDataKey request.
*
*/
private Integer numberOfBytes;
/**
*
* Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric key, or
* AES_256 to generate a 256-bit symmetric key.
*
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not both) in
* every GenerateDataKey request.
*
*/
private String keySpec;
/**
*
* A list of grant tokens.
*
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved
* eventual consistency. For more information, see Grant token and Using a grant
* token in the Key Management Service Developer Guide.
*
*/
private com.amazonaws.internal.SdkInternalList grantTokens;
/**
*
* A signed attestation
* document from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's
* public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.
*
*
* This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this
* parameter, use the Amazon Web Services
* Nitro Enclaves SDK or any Amazon Web Services SDK.
*
*
* When you use this parameter, instead of returning the plaintext data key, KMS encrypts the plaintext data key
* under the public key in the attestation document, and returns the resulting ciphertext in the
* CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private
* key in the enclave. The CiphertextBlob field in the response contains a copy of the data key
* encrypted under the KMS key specified by the KeyId parameter. The Plaintext field in
* the response is null or empty.
*
*
* For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services
* Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
*
*/
private RecipientInfo recipient;
/**
*
* Checks if your request will succeed. DryRun is an optional parameter.
*
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*
*/
private Boolean dryRun;
/**
*
* Specifies the symmetric encryption KMS key that encrypts the data key. You cannot specify an asymmetric KMS key
* or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey
* operation.
*
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with
* "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN
* or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @param keyId
* Specifies the symmetric encryption KMS key that encrypts the data key. You cannot specify an asymmetric
* KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the
* DescribeKey operation.
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix
* it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must
* use the key ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias
* name and alias ARN, use ListAliases.
*/
public void setKeyId(String keyId) {
this.keyId = keyId;
}
/**
*
* Specifies the symmetric encryption KMS key that encrypts the data key. You cannot specify an asymmetric KMS key
* or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey
* operation.
*
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with
* "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN
* or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @return Specifies the symmetric encryption KMS key that encrypts the data key. You cannot specify an asymmetric
* KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the
* DescribeKey operation.
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix
* it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must
* use the key ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias
* name and alias ARN, use ListAliases.
*/
public String getKeyId() {
return this.keyId;
}
/**
*
* Specifies the symmetric encryption KMS key that encrypts the data key. You cannot specify an asymmetric KMS key
* or a KMS key in a custom key store. To get the type and origin of your KMS key, use the DescribeKey
* operation.
*
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with
* "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN
* or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @param keyId
* Specifies the symmetric encryption KMS key that encrypts the data key. You cannot specify an asymmetric
* KMS key or a KMS key in a custom key store. To get the type and origin of your KMS key, use the
* DescribeKey operation.
*
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix
* it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must
* use the key ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias
* name and alias ARN, use ListAliases.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GenerateDataKeyRequest withKeyId(String keyId) {
setKeyId(keyId);
return this;
}
/**
*
* Specifies the encryption context that will be used when encrypting the data key.
*
*
*
* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in
* CloudTrail logs and other output.
*
*
*
* An encryption context is a collection of non-secret key-value pairs that represent additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on
* operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption
* context is optional, but it is strongly recommended.
*
*
* For more information, see Encryption context
* in the Key Management Service Developer Guide.
*
*
* @return Specifies the encryption context that will be used when encrypting the data key.
*
* Do not include confidential or sensitive information in this field. This field may be displayed in
* plaintext in CloudTrail logs and other output.
*
*
*
* An encryption context is a collection of non-secret key-value pairs that represent additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an
* exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported
* only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys,
* an encryption context is optional, but it is strongly recommended.
*
*
* For more information, see Encryption
* context in the Key Management Service Developer Guide.
*/
public java.util.Map getEncryptionContext() {
if (encryptionContext == null) {
encryptionContext = new com.amazonaws.internal.SdkInternalMap();
}
return encryptionContext;
}
/**
*
* Specifies the encryption context that will be used when encrypting the data key.
*
*
*
* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in
* CloudTrail logs and other output.
*
*
*
* An encryption context is a collection of non-secret key-value pairs that represent additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on
* operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption
* context is optional, but it is strongly recommended.
*
*
* For more information, see Encryption context
* in the Key Management Service Developer Guide.
*
*
* @param encryptionContext
* Specifies the encryption context that will be used when encrypting the data key.
*
* Do not include confidential or sensitive information in this field. This field may be displayed in
* plaintext in CloudTrail logs and other output.
*
*
*
* An encryption context is a collection of non-secret key-value pairs that represent additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an
* exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported
* only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys,
* an encryption context is optional, but it is strongly recommended.
*
*
* For more information, see Encryption
* context in the Key Management Service Developer Guide.
*/
public void setEncryptionContext(java.util.Map encryptionContext) {
this.encryptionContext = encryptionContext == null ? null : new com.amazonaws.internal.SdkInternalMap(encryptionContext);
}
/**
*
* Specifies the encryption context that will be used when encrypting the data key.
*
*
*
* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in
* CloudTrail logs and other output.
*
*
*
* An encryption context is a collection of non-secret key-value pairs that represent additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on
* operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption
* context is optional, but it is strongly recommended.
*
*
* For more information, see Encryption context
* in the Key Management Service Developer Guide.
*
*
* @param encryptionContext
* Specifies the encryption context that will be used when encrypting the data key.
*
* Do not include confidential or sensitive information in this field. This field may be displayed in
* plaintext in CloudTrail logs and other output.
*
*
*
* An encryption context is a collection of non-secret key-value pairs that represent additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an
* exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported
* only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys,
* an encryption context is optional, but it is strongly recommended.
*
*
* For more information, see Encryption
* context in the Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GenerateDataKeyRequest withEncryptionContext(java.util.Map encryptionContext) {
setEncryptionContext(encryptionContext);
return this;
}
/**
* Add a single EncryptionContext entry
*
* @see GenerateDataKeyRequest#withEncryptionContext
* @returns a reference to this object so that method calls can be chained together.
*/
public GenerateDataKeyRequest addEncryptionContextEntry(String key, String value) {
if (null == this.encryptionContext) {
this.encryptionContext = new com.amazonaws.internal.SdkInternalMap();
}
if (this.encryptionContext.containsKey(key))
throw new IllegalArgumentException("Duplicated keys (" + key.toString() + ") are provided.");
this.encryptionContext.put(key, value);
return this;
}
/**
* Removes all the entries added into EncryptionContext.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GenerateDataKeyRequest clearEncryptionContextEntries() {
this.encryptionContext = null;
return this;
}
/**
*
* Specifies the length of the data key in bytes. For example, use the value 64 to generate a 512-bit data key (64
* bytes is 512 bits). For 128-bit (16-byte) and 256-bit (32-byte) data keys, use the KeySpec
* parameter.
*
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not both) in
* every GenerateDataKey request.
*
*
* @param numberOfBytes
* Specifies the length of the data key in bytes. For example, use the value 64 to generate a 512-bit data
* key (64 bytes is 512 bits). For 128-bit (16-byte) and 256-bit (32-byte) data keys, use the
* KeySpec parameter.
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not
* both) in every GenerateDataKey request.
*/
public void setNumberOfBytes(Integer numberOfBytes) {
this.numberOfBytes = numberOfBytes;
}
/**
*
* Specifies the length of the data key in bytes. For example, use the value 64 to generate a 512-bit data key (64
* bytes is 512 bits). For 128-bit (16-byte) and 256-bit (32-byte) data keys, use the KeySpec
* parameter.
*
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not both) in
* every GenerateDataKey request.
*
*
* @return Specifies the length of the data key in bytes. For example, use the value 64 to generate a 512-bit data
* key (64 bytes is 512 bits). For 128-bit (16-byte) and 256-bit (32-byte) data keys, use the
* KeySpec parameter.
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not
* both) in every GenerateDataKey request.
*/
public Integer getNumberOfBytes() {
return this.numberOfBytes;
}
/**
*
* Specifies the length of the data key in bytes. For example, use the value 64 to generate a 512-bit data key (64
* bytes is 512 bits). For 128-bit (16-byte) and 256-bit (32-byte) data keys, use the KeySpec
* parameter.
*
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not both) in
* every GenerateDataKey request.
*
*
* @param numberOfBytes
* Specifies the length of the data key in bytes. For example, use the value 64 to generate a 512-bit data
* key (64 bytes is 512 bits). For 128-bit (16-byte) and 256-bit (32-byte) data keys, use the
* KeySpec parameter.
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not
* both) in every GenerateDataKey request.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GenerateDataKeyRequest withNumberOfBytes(Integer numberOfBytes) {
setNumberOfBytes(numberOfBytes);
return this;
}
/**
*
* Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric key, or
* AES_256 to generate a 256-bit symmetric key.
*
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not both) in
* every GenerateDataKey request.
*
*
* @param keySpec
* Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric key, or
* AES_256 to generate a 256-bit symmetric key.
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not
* both) in every GenerateDataKey request.
* @see DataKeySpec
*/
public void setKeySpec(String keySpec) {
this.keySpec = keySpec;
}
/**
*
* Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric key, or
* AES_256 to generate a 256-bit symmetric key.
*
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not both) in
* every GenerateDataKey request.
*
*
* @return Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric key, or
* AES_256 to generate a 256-bit symmetric key.
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not
* both) in every GenerateDataKey request.
* @see DataKeySpec
*/
public String getKeySpec() {
return this.keySpec;
}
/**
*
* Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric key, or
* AES_256 to generate a 256-bit symmetric key.
*
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not both) in
* every GenerateDataKey request.
*
*
* @param keySpec
* Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric key, or
* AES_256 to generate a 256-bit symmetric key.
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not
* both) in every GenerateDataKey request.
* @return Returns a reference to this object so that method calls can be chained together.
* @see DataKeySpec
*/
public GenerateDataKeyRequest withKeySpec(String keySpec) {
setKeySpec(keySpec);
return this;
}
/**
*
* Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric key, or
* AES_256 to generate a 256-bit symmetric key.
*
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not both) in
* every GenerateDataKey request.
*
*
* @param keySpec
* Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric key, or
* AES_256 to generate a 256-bit symmetric key.
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not
* both) in every GenerateDataKey request.
* @see DataKeySpec
*/
public void setKeySpec(DataKeySpec keySpec) {
withKeySpec(keySpec);
}
/**
*
* Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric key, or
* AES_256 to generate a 256-bit symmetric key.
*
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not both) in
* every GenerateDataKey request.
*
*
* @param keySpec
* Specifies the length of the data key. Use AES_128 to generate a 128-bit symmetric key, or
* AES_256 to generate a 256-bit symmetric key.
*
* You must specify either the KeySpec or the NumberOfBytes parameter (but not
* both) in every GenerateDataKey request.
* @return Returns a reference to this object so that method calls can be chained together.
* @see DataKeySpec
*/
public GenerateDataKeyRequest withKeySpec(DataKeySpec keySpec) {
this.keySpec = keySpec.toString();
return this;
}
/**
*
* A list of grant tokens.
*
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved
* eventual consistency. For more information, see Grant token and Using a grant
* token in the Key Management Service Developer Guide.
*
*
* @return A list of grant tokens.
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet
* achieved eventual consistency. For more information, see Grant token and
* Using
* a grant token in the Key Management Service Developer Guide.
*/
public java.util.List getGrantTokens() {
if (grantTokens == null) {
grantTokens = new com.amazonaws.internal.SdkInternalList();
}
return grantTokens;
}
/**
*
* A list of grant tokens.
*
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved
* eventual consistency. For more information, see Grant token and Using a grant
* token in the Key Management Service Developer Guide.
*
*
* @param grantTokens
* A list of grant tokens.
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet
* achieved eventual consistency. For more information, see Grant token and
* Using
* a grant token in the Key Management Service Developer Guide.
*/
public void setGrantTokens(java.util.Collection grantTokens) {
if (grantTokens == null) {
this.grantTokens = null;
return;
}
this.grantTokens = new com.amazonaws.internal.SdkInternalList(grantTokens);
}
/**
*
* A list of grant tokens.
*
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved
* eventual consistency. For more information, see Grant token and Using a grant
* token in the Key Management Service Developer Guide.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setGrantTokens(java.util.Collection)} or {@link #withGrantTokens(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param grantTokens
* A list of grant tokens.
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet
* achieved eventual consistency. For more information, see Grant token and
* Using
* a grant token in the Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GenerateDataKeyRequest withGrantTokens(String... grantTokens) {
if (this.grantTokens == null) {
setGrantTokens(new com.amazonaws.internal.SdkInternalList(grantTokens.length));
}
for (String ele : grantTokens) {
this.grantTokens.add(ele);
}
return this;
}
/**
*
* A list of grant tokens.
*
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved
* eventual consistency. For more information, see Grant token and Using a grant
* token in the Key Management Service Developer Guide.
*
*
* @param grantTokens
* A list of grant tokens.
*
* Use a grant token when your permission to call this operation comes from a new grant that has not yet
* achieved eventual consistency. For more information, see Grant token and
* Using
* a grant token in the Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GenerateDataKeyRequest withGrantTokens(java.util.Collection grantTokens) {
setGrantTokens(grantTokens);
return this;
}
/**
*
* A signed attestation
* document from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's
* public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.
*
*
* This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this
* parameter, use the Amazon Web Services
* Nitro Enclaves SDK or any Amazon Web Services SDK.
*
*
* When you use this parameter, instead of returning the plaintext data key, KMS encrypts the plaintext data key
* under the public key in the attestation document, and returns the resulting ciphertext in the
* CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private
* key in the enclave. The CiphertextBlob field in the response contains a copy of the data key
* encrypted under the KMS key specified by the KeyId parameter. The Plaintext field in
* the response is null or empty.
*
*
* For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services
* Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
*
*
* @param recipient
* A signed attestation document from an Amazon Web Services Nitro enclave and the encryption algorithm to use
* with the enclave's public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.
*
*
* This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this
* parameter, use the Amazon Web
* Services Nitro Enclaves SDK or any Amazon Web Services SDK.
*
*
* When you use this parameter, instead of returning the plaintext data key, KMS encrypts the plaintext data
* key under the public key in the attestation document, and returns the resulting ciphertext in the
* CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the
* private key in the enclave. The CiphertextBlob field in the response contains a copy of the
* data key encrypted under the KMS key specified by the KeyId parameter. The
* Plaintext field in the response is null or empty.
*
*
* For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web
* Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
*/
public void setRecipient(RecipientInfo recipient) {
this.recipient = recipient;
}
/**
*
* A signed attestation
* document from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's
* public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.
*
*
* This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this
* parameter, use the Amazon Web Services
* Nitro Enclaves SDK or any Amazon Web Services SDK.
*
*
* When you use this parameter, instead of returning the plaintext data key, KMS encrypts the plaintext data key
* under the public key in the attestation document, and returns the resulting ciphertext in the
* CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private
* key in the enclave. The CiphertextBlob field in the response contains a copy of the data key
* encrypted under the KMS key specified by the KeyId parameter. The Plaintext field in
* the response is null or empty.
*
*
* For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services
* Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
*
*
* @return A signed attestation document from an Amazon Web Services Nitro enclave and the encryption algorithm to use
* with the enclave's public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.
*
*
* This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include
* this parameter, use the Amazon Web
* Services Nitro Enclaves SDK or any Amazon Web Services SDK.
*
*
* When you use this parameter, instead of returning the plaintext data key, KMS encrypts the plaintext data
* key under the public key in the attestation document, and returns the resulting ciphertext in the
* CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the
* private key in the enclave. The CiphertextBlob field in the response contains a copy of the
* data key encrypted under the KMS key specified by the KeyId parameter. The
* Plaintext field in the response is null or empty.
*
*
* For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web
* Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
*/
public RecipientInfo getRecipient() {
return this.recipient;
}
/**
*
* A signed attestation
* document from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's
* public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.
*
*
* This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this
* parameter, use the Amazon Web Services
* Nitro Enclaves SDK or any Amazon Web Services SDK.
*
*
* When you use this parameter, instead of returning the plaintext data key, KMS encrypts the plaintext data key
* under the public key in the attestation document, and returns the resulting ciphertext in the
* CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the private
* key in the enclave. The CiphertextBlob field in the response contains a copy of the data key
* encrypted under the KMS key specified by the KeyId parameter. The Plaintext field in
* the response is null or empty.
*
*
* For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services
* Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
*
*
* @param recipient
* A signed attestation document from an Amazon Web Services Nitro enclave and the encryption algorithm to use
* with the enclave's public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.
*
*
* This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this
* parameter, use the Amazon Web
* Services Nitro Enclaves SDK or any Amazon Web Services SDK.
*
*
* When you use this parameter, instead of returning the plaintext data key, KMS encrypts the plaintext data
* key under the public key in the attestation document, and returns the resulting ciphertext in the
* CiphertextForRecipient field in the response. This ciphertext can be decrypted only with the
* private key in the enclave. The CiphertextBlob field in the response contains a copy of the
* data key encrypted under the KMS key specified by the KeyId parameter. The
* Plaintext field in the response is null or empty.
*
*
* For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web
* Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GenerateDataKeyRequest withRecipient(RecipientInfo recipient) {
setRecipient(recipient);
return this;
}
/**
*
* Checks if your request will succeed. DryRun is an optional parameter.
*
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*
*
* @param dryRun
* Checks if your request will succeed. DryRun is an optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*/
public void setDryRun(Boolean dryRun) {
this.dryRun = dryRun;
}
/**
*
* Checks if your request will succeed. DryRun is an optional parameter.
*
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*
*
* @return Checks if your request will succeed. DryRun is an optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*/
public Boolean getDryRun() {
return this.dryRun;
}
/**
*
* Checks if your request will succeed. DryRun is an optional parameter.
*
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*
*
* @param dryRun
* Checks if your request will succeed. DryRun is an optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GenerateDataKeyRequest withDryRun(Boolean dryRun) {
setDryRun(dryRun);
return this;
}
/**
*
* Checks if your request will succeed. DryRun is an optional parameter.
*
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*
*
* @return Checks if your request will succeed. DryRun is an optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API
* calls in the Key Management Service Developer Guide.
*/
public Boolean isDryRun() {
return this.dryRun;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getKeyId() != null)
sb.append("KeyId: ").append(getKeyId()).append(",");
if (getEncryptionContext() != null)
sb.append("EncryptionContext: ").append(getEncryptionContext()).append(",");
if (getNumberOfBytes() != null)
sb.append("NumberOfBytes: ").append(getNumberOfBytes()).append(",");
if (getKeySpec() != null)
sb.append("KeySpec: ").append(getKeySpec()).append(",");
if (getGrantTokens() != null)
sb.append("GrantTokens: ").append(getGrantTokens()).append(",");
if (getRecipient() != null)
sb.append("Recipient: ").append(getRecipient()).append(",");
if (getDryRun() != null)
sb.append("DryRun: ").append(getDryRun());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof GenerateDataKeyRequest == false)
return false;
GenerateDataKeyRequest other = (GenerateDataKeyRequest) obj;
if (other.getKeyId() == null ^ this.getKeyId() == null)
return false;
if (other.getKeyId() != null && other.getKeyId().equals(this.getKeyId()) == false)
return false;
if (other.getEncryptionContext() == null ^ this.getEncryptionContext() == null)
return false;
if (other.getEncryptionContext() != null && other.getEncryptionContext().equals(this.getEncryptionContext()) == false)
return false;
if (other.getNumberOfBytes() == null ^ this.getNumberOfBytes() == null)
return false;
if (other.getNumberOfBytes() != null && other.getNumberOfBytes().equals(this.getNumberOfBytes()) == false)
return false;
if (other.getKeySpec() == null ^ this.getKeySpec() == null)
return false;
if (other.getKeySpec() != null && other.getKeySpec().equals(this.getKeySpec()) == false)
return false;
if (other.getGrantTokens() == null ^ this.getGrantTokens() == null)
return false;
if (other.getGrantTokens() != null && other.getGrantTokens().equals(this.getGrantTokens()) == false)
return false;
if (other.getRecipient() == null ^ this.getRecipient() == null)
return false;
if (other.getRecipient() != null && other.getRecipient().equals(this.getRecipient()) == false)
return false;
if (other.getDryRun() == null ^ this.getDryRun() == null)
return false;
if (other.getDryRun() != null && other.getDryRun().equals(this.getDryRun()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getKeyId() == null) ? 0 : getKeyId().hashCode());
hashCode = prime * hashCode + ((getEncryptionContext() == null) ? 0 : getEncryptionContext().hashCode());
hashCode = prime * hashCode + ((getNumberOfBytes() == null) ? 0 : getNumberOfBytes().hashCode());
hashCode = prime * hashCode + ((getKeySpec() == null) ? 0 : getKeySpec().hashCode());
hashCode = prime * hashCode + ((getGrantTokens() == null) ? 0 : getGrantTokens().hashCode());
hashCode = prime * hashCode + ((getRecipient() == null) ? 0 : getRecipient().hashCode());
hashCode = prime * hashCode + ((getDryRun() == null) ? 0 : getDryRun().hashCode());
return hashCode;
}
@Override
public GenerateDataKeyRequest clone() {
return (GenerateDataKeyRequest) super.clone();
}
}