com.ibm.cloud.objectstorage.services.kms.AWSKMSClient Maven / Gradle / Ivy
Show all versions of ibm-cos-java-sdk-bundle Show documentation
/*
* Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.ibm.cloud.objectstorage.services.kms;
import org.w3c.dom.*;
import java.net.*;
import java.util.*;
import javax.annotation.Generated;
import org.apache.commons.logging.*;
import com.ibm.cloud.objectstorage.*;
import com.ibm.cloud.objectstorage.annotation.SdkInternalApi;
import com.ibm.cloud.objectstorage.auth.*;
import com.ibm.cloud.objectstorage.handlers.*;
import com.ibm.cloud.objectstorage.http.*;
import com.ibm.cloud.objectstorage.internal.*;
import com.ibm.cloud.objectstorage.internal.auth.*;
import com.ibm.cloud.objectstorage.metrics.*;
import com.ibm.cloud.objectstorage.regions.*;
import com.ibm.cloud.objectstorage.transform.*;
import com.ibm.cloud.objectstorage.util.*;
import com.ibm.cloud.objectstorage.protocol.json.*;
import com.ibm.cloud.objectstorage.util.AWSRequestMetrics.Field;
import com.ibm.cloud.objectstorage.annotation.ThreadSafe;
import com.ibm.cloud.objectstorage.client.AwsSyncClientParams;
import com.ibm.cloud.objectstorage.services.kms.AWSKMSClientBuilder;
import com.ibm.cloud.objectstorage.services.kms.model.*;
import com.ibm.cloud.objectstorage.services.kms.model.transform.*;
/**
* Client for accessing KMS. All service calls made using this client are blocking, and will not return until the
* service call completes.
*
* AWS Key Management Service
*
* AWS Key Management Service (AWS KMS) is an encryption and key management web service. This guide describes the AWS
* KMS operations that you can call programmatically. For general information about AWS KMS, see the AWS Key Management Service Developer Guide
* .
*
*
*
* AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java,
* Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to AWS KMS and
* other AWS services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors,
* and retrying requests automatically. For more information about the AWS SDKs, including how to download and install
* them, see Tools for Amazon Web Services.
*
*
*
* We recommend that you use the AWS SDKs to make programmatic API calls to AWS KMS.
*
*
* Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher
* suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral
* Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.
*
*
* Signing Requests
*
*
* Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you do
* not use your AWS account (root) access key ID and secret key for everyday work with AWS KMS. Instead, use the
* access key ID and secret access key for an IAM user. You can also use the AWS Security Token Service to generate
* temporary security credentials that you can use to sign requests.
*
*
* All AWS KMS operations require Signature Version 4.
*
*
* Logging API Requests
*
*
* AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related events for your AWS account and
* delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can
* determine what requests were made to AWS KMS, who made the request, when it was made, and so on. To learn more about
* CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.
*
*
* Additional Resources
*
*
* For more information about credentials and request signing, see the following:
*
*
* -
*
* AWS Security Credentials -
* This topic provides general information about the types of credentials used for accessing AWS.
*
*
* -
*
* Temporary Security
* Credentials - This section of the IAM User Guide describes how to create and use temporary security
* credentials.
*
*
* -
*
* Signature Version 4 Signing
* Process - This set of topics walks you through the process of signing a request using an access key ID and a
* secret access key.
*
*
*
*
* Commonly Used API Operations
*
*
* Of the API operations discussed in this guide, the following will prove the most useful for most applications. You
* will likely perform operations other than these, such as creating keys and assigning policies, by using the console.
*
*
* -
*
* Encrypt
*
*
* -
*
* Decrypt
*
*
* -
*
* GenerateDataKey
*
*
* -
*
*
*
*/
@ThreadSafe
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class AWSKMSClient extends AmazonWebServiceClient implements AWSKMS {
/** Provider for AWS credentials. */
private final AWSCredentialsProvider awsCredentialsProvider;
private static final Log log = LogFactory.getLog(AWSKMS.class);
/** Default signing name for the service. */
private static final String DEFAULT_SIGNING_NAME = "kms";
/** Client configuration factory providing ClientConfigurations tailored to this client */
protected static final ClientConfigurationFactory configFactory = new ClientConfigurationFactory();
private final com.ibm.cloud.objectstorage.protocol.json.SdkJsonProtocolFactory protocolFactory = new com.ibm.cloud.objectstorage.protocol.json.SdkJsonProtocolFactory(
new JsonClientMetadata()
.withProtocolVersion("1.1")
.withSupportsCbor(false)
.withSupportsIon(false)
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ExpiredImportTokenException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.ExpiredImportTokenException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("MalformedPolicyDocumentException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.MalformedPolicyDocumentException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("IncorrectKeyMaterialException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.IncorrectKeyMaterialException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidImportTokenException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.InvalidImportTokenException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidArnException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.InvalidArnException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("KMSInvalidStateException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.KMSInvalidStateException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("DisabledException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.DisabledException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("NotFoundException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.NotFoundException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("KeyUnavailableException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.KeyUnavailableException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("LimitExceededException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.LimitExceededException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidCiphertextException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.InvalidCiphertextException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidGrantIdException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.InvalidGrantIdException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidGrantTokenException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.InvalidGrantTokenException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("UnsupportedOperationException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.UnsupportedOperationException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("AlreadyExistsException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.AlreadyExistsException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("TagException").withModeledClass(com.ibm.cloud.objectstorage.services.kms.model.TagException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidKeyUsageException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.InvalidKeyUsageException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidMarkerException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.InvalidMarkerException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidAliasNameException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.InvalidAliasNameException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("DependencyTimeoutException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.DependencyTimeoutException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("KMSInternalException").withModeledClass(
com.ibm.cloud.objectstorage.services.kms.model.KMSInternalException.class))
.withBaseServiceExceptionClass(com.ibm.cloud.objectstorage.services.kms.model.AWSKMSException.class));
/**
* Constructs a new client to invoke service methods on KMS. A credentials provider chain will be used that searches
* for credentials in this order:
*
* - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
* - Java System Properties - aws.accessKeyId and aws.secretKey
* - Instance profile credentials delivered through the Amazon EC2 metadata service
*
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @see DefaultAWSCredentialsProviderChain
* @deprecated use {@link AWSKMSClientBuilder#defaultClient()}
*/
@Deprecated
public AWSKMSClient() {
this(DefaultAWSCredentialsProviderChain.getInstance(), configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on KMS. A credentials provider chain will be used that searches
* for credentials in this order:
*
* - Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
* - Java System Properties - aws.accessKeyId and aws.secretKey
* - Instance profile credentials delivered through the Amazon EC2 metadata service
*
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientConfiguration
* The client configuration options controlling how this client connects to KMS (ex: proxy settings, retry
* counts, etc.).
*
* @see DefaultAWSCredentialsProviderChain
* @deprecated use {@link AWSKMSClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AWSKMSClient(ClientConfiguration clientConfiguration) {
this(DefaultAWSCredentialsProviderChain.getInstance(), clientConfiguration);
}
/**
* Constructs a new client to invoke service methods on KMS using the specified AWS account credentials.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentials
* The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.
* @deprecated use {@link AWSKMSClientBuilder#withCredentials(AWSCredentialsProvider)} for example:
* {@code AWSKMSClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(awsCredentials)).build();}
*/
@Deprecated
public AWSKMSClient(AWSCredentials awsCredentials) {
this(awsCredentials, configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on KMS using the specified AWS account credentials and client
* configuration options.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentials
* The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to KMS (ex: proxy settings, retry
* counts, etc.).
* @deprecated use {@link AWSKMSClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AWSKMSClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AWSKMSClient(AWSCredentials awsCredentials, ClientConfiguration clientConfiguration) {
super(clientConfiguration);
this.awsCredentialsProvider = new StaticCredentialsProvider(awsCredentials);
init();
}
/**
* Constructs a new client to invoke service methods on KMS using the specified AWS account credentials provider.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @deprecated use {@link AWSKMSClientBuilder#withCredentials(AWSCredentialsProvider)}
*/
@Deprecated
public AWSKMSClient(AWSCredentialsProvider awsCredentialsProvider) {
this(awsCredentialsProvider, configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on KMS using the specified AWS account credentials provider and
* client configuration options.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to KMS (ex: proxy settings, retry
* counts, etc.).
* @deprecated use {@link AWSKMSClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AWSKMSClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AWSKMSClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration) {
this(awsCredentialsProvider, clientConfiguration, null);
}
/**
* Constructs a new client to invoke service methods on KMS using the specified AWS account credentials provider,
* client configuration options, and request metric collector.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to KMS (ex: proxy settings, retry
* counts, etc.).
* @param requestMetricCollector
* optional request metric collector
* @deprecated use {@link AWSKMSClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AWSKMSClientBuilder#withClientConfiguration(ClientConfiguration)} and
* {@link AWSKMSClientBuilder#withMetricsCollector(RequestMetricCollector)}
*/
@Deprecated
public AWSKMSClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration, RequestMetricCollector requestMetricCollector) {
super(clientConfiguration, requestMetricCollector);
this.awsCredentialsProvider = awsCredentialsProvider;
init();
}
public static AWSKMSClientBuilder builder() {
return AWSKMSClientBuilder.standard();
}
/**
* Constructs a new client to invoke service methods on KMS using the specified parameters.
*
*
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientParams
* Object providing client parameters.
*/
AWSKMSClient(AwsSyncClientParams clientParams) {
super(clientParams);
this.awsCredentialsProvider = clientParams.getCredentialsProvider();
init();
}
private void init() {
setServiceNameIntern(DEFAULT_SIGNING_NAME);
setEndpointPrefix(ENDPOINT_PREFIX);
// calling this.setEndPoint(...) will also modify the signer accordingly
setEndpoint("https://kms.us-east-1.amazonaws.com/");
HandlerChainFactory chainFactory = new HandlerChainFactory();
requestHandler2s.addAll(chainFactory.newRequestHandlerChain("/com/amazonaws/services/kms/request.handlers"));
requestHandler2s.addAll(chainFactory.newRequestHandler2Chain("/com/amazonaws/services/kms/request.handler2s"));
requestHandler2s.addAll(chainFactory.getGlobalHandlers());
}
/**
*
* Cancels the deletion of a customer master key (CMK). When this operation is successful, the CMK is set to the
* Disabled state. To enable a CMK, use EnableKey.
*
*
* For more information about scheduling and canceling deletion of a CMK, see Deleting Customer Master Keys
* in the AWS Key Management Service Developer Guide.
*
*
* @param cancelKeyDeletionRequest
* @return Result of the CancelKeyDeletion operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.CancelKeyDeletion
* @see AWS API
* Documentation
*/
@Override
public CancelKeyDeletionResult cancelKeyDeletion(CancelKeyDeletionRequest request) {
request = beforeClientExecution(request);
return executeCancelKeyDeletion(request);
}
@SdkInternalApi
final CancelKeyDeletionResult executeCancelKeyDeletion(CancelKeyDeletionRequest cancelKeyDeletionRequest) {
ExecutionContext executionContext = createExecutionContext(cancelKeyDeletionRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CancelKeyDeletionRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(cancelKeyDeletionRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CancelKeyDeletionResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a display name for a customer master key. An alias can be used to identify a key and should be unique.
* The console enforces a one-to-one mapping between the alias and a key. An alias name can contain only
* alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). An alias must start with the word
* "alias" followed by a forward slash (alias/). An alias that begins with "aws" after the forward slash
* (alias/aws...) is reserved by Amazon Web Services (AWS).
*
*
* The alias and the key it is mapped to must be in the same AWS account and the same region.
*
*
* To map an alias to a different key, call UpdateAlias.
*
*
* @param createAliasRequest
* @return Result of the CreateAlias operation returned by the service.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws AlreadyExistsException
* The request was rejected because it attempted to create a resource that already exists.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidAliasNameException
* The request was rejected because the specified alias name is not valid.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws LimitExceededException
* The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key
* Management Service Developer Guide.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.CreateAlias
* @see AWS API
* Documentation
*/
@Override
public CreateAliasResult createAlias(CreateAliasRequest request) {
request = beforeClientExecution(request);
return executeCreateAlias(request);
}
@SdkInternalApi
final CreateAliasResult executeCreateAlias(CreateAliasRequest createAliasRequest) {
ExecutionContext executionContext = createExecutionContext(createAliasRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateAliasRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createAliasRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreateAliasResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Adds a grant to a key to specify who can use the key and under what conditions. Grants are alternate permission
* mechanisms to key policies.
*
*
* For more information about grants, see Grants in the AWS Key Management
* Service Developer Guide.
*
*
* @param createGrantRequest
* @return Result of the CreateGrant operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws DisabledException
* The request was rejected because the specified CMK is not enabled.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws InvalidGrantTokenException
* The request was rejected because the specified grant token is not valid.
* @throws LimitExceededException
* The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key
* Management Service Developer Guide.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.CreateGrant
* @see AWS API
* Documentation
*/
@Override
public CreateGrantResult createGrant(CreateGrantRequest request) {
request = beforeClientExecution(request);
return executeCreateGrant(request);
}
@SdkInternalApi
final CreateGrantResult executeCreateGrant(CreateGrantRequest createGrantRequest) {
ExecutionContext executionContext = createExecutionContext(createGrantRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateGrantRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createGrantRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreateGrantResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Creates a customer master key (CMK).
*
*
* You can use a CMK to encrypt small amounts of data (4 KiB or less) directly, but CMKs are more commonly used to
* encrypt data encryption keys (DEKs), which are used to encrypt raw data. For more information about DEKs and the
* difference between CMKs and DEKs, see the following:
*
*
* -
*
* The GenerateDataKey operation
*
*
* -
*
* AWS Key Management Service
* Concepts in the AWS Key Management Service Developer Guide
*
*
*
*
* @param createKeyRequest
* @return Result of the CreateKey operation returned by the service.
* @throws MalformedPolicyDocumentException
* The request was rejected because the specified policy is not syntactically or semantically correct.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws UnsupportedOperationException
* The request was rejected because a specified parameter is not supported or a specified resource is not
* valid for this operation.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws LimitExceededException
* The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key
* Management Service Developer Guide.
* @throws TagException
* The request was rejected because one or more tags are not valid.
* @sample AWSKMS.CreateKey
* @see AWS API
* Documentation
*/
@Override
public CreateKeyResult createKey(CreateKeyRequest request) {
request = beforeClientExecution(request);
return executeCreateKey(request);
}
@SdkInternalApi
final CreateKeyResult executeCreateKey(CreateKeyRequest createKeyRequest) {
ExecutionContext executionContext = createExecutionContext(createKeyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateKeyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createKeyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreateKeyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public CreateKeyResult createKey() {
return createKey(new CreateKeyRequest());
}
/**
*
* Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following
* functions:
*
*
* -
*
* GenerateDataKey
*
*
* -
*
*
* -
*
* Encrypt
*
*
*
*
* Note that if a caller has been granted access permissions to all keys (through, for example, IAM user policies
* that grant Decrypt permission on all resources), then ciphertext encrypted by using keys in other
* accounts where the key grants access to the caller can be decrypted. To remedy this, we recommend that you do not
* grant Decrypt access in an IAM user policy. Instead grant Decrypt access only in key
* policies. If you must grant Decrypt access in an IAM user policy, you should scope the resource to
* specific keys or to specific trusted accounts.
*
*
* @param decryptRequest
* @return Result of the Decrypt operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws DisabledException
* The request was rejected because the specified CMK is not enabled.
* @throws InvalidCiphertextException
* The request was rejected because the specified ciphertext has been corrupted or is otherwise invalid.
* @throws KeyUnavailableException
* The request was rejected because the specified CMK was not available. The request can be retried.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws InvalidGrantTokenException
* The request was rejected because the specified grant token is not valid.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.Decrypt
* @see AWS API
* Documentation
*/
@Override
public DecryptResult decrypt(DecryptRequest request) {
request = beforeClientExecution(request);
return executeDecrypt(request);
}
@SdkInternalApi
final DecryptResult executeDecrypt(DecryptRequest decryptRequest) {
ExecutionContext executionContext = createExecutionContext(decryptRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DecryptRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(decryptRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new DecryptResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes the specified alias. To map an alias to a different key, call UpdateAlias.
*
*
* @param deleteAliasRequest
* @return Result of the DeleteAlias operation returned by the service.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.DeleteAlias
* @see AWS API
* Documentation
*/
@Override
public DeleteAliasResult deleteAlias(DeleteAliasRequest request) {
request = beforeClientExecution(request);
return executeDeleteAlias(request);
}
@SdkInternalApi
final DeleteAliasResult executeDeleteAlias(DeleteAliasRequest deleteAliasRequest) {
ExecutionContext executionContext = createExecutionContext(deleteAliasRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteAliasRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deleteAliasRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeleteAliasResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Deletes key material that you previously imported and makes the specified customer master key (CMK) unusable. For
* more information about importing key material into AWS KMS, see Importing Key Material in the
* AWS Key Management Service Developer Guide.
*
*
* When the specified CMK is in the PendingDeletion state, this operation does not change the CMK's
* state. Otherwise, it changes the CMK's state to PendingImport.
*
*
* After you delete key material, you can use ImportKeyMaterial to reimport the same key material into the
* CMK.
*
*
* @param deleteImportedKeyMaterialRequest
* @return Result of the DeleteImportedKeyMaterial operation returned by the service.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws UnsupportedOperationException
* The request was rejected because a specified parameter is not supported or a specified resource is not
* valid for this operation.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.DeleteImportedKeyMaterial
* @see AWS
* API Documentation
*/
@Override
public DeleteImportedKeyMaterialResult deleteImportedKeyMaterial(DeleteImportedKeyMaterialRequest request) {
request = beforeClientExecution(request);
return executeDeleteImportedKeyMaterial(request);
}
@SdkInternalApi
final DeleteImportedKeyMaterialResult executeDeleteImportedKeyMaterial(DeleteImportedKeyMaterialRequest deleteImportedKeyMaterialRequest) {
ExecutionContext executionContext = createExecutionContext(deleteImportedKeyMaterialRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteImportedKeyMaterialRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(deleteImportedKeyMaterialRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new DeleteImportedKeyMaterialResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Provides detailed information about the specified customer master key.
*
*
* @param describeKeyRequest
* @return Result of the DescribeKey operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @sample AWSKMS.DescribeKey
* @see AWS API
* Documentation
*/
@Override
public DescribeKeyResult describeKey(DescribeKeyRequest request) {
request = beforeClientExecution(request);
return executeDescribeKey(request);
}
@SdkInternalApi
final DescribeKeyResult executeDescribeKey(DescribeKeyRequest describeKeyRequest) {
ExecutionContext executionContext = createExecutionContext(describeKeyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DescribeKeyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(describeKeyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DescribeKeyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Sets the state of a customer master key (CMK) to disabled, thereby preventing its use for cryptographic
* operations. For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param disableKeyRequest
* @return Result of the DisableKey operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.DisableKey
* @see AWS API
* Documentation
*/
@Override
public DisableKeyResult disableKey(DisableKeyRequest request) {
request = beforeClientExecution(request);
return executeDisableKey(request);
}
@SdkInternalApi
final DisableKeyResult executeDisableKey(DisableKeyRequest disableKeyRequest) {
ExecutionContext executionContext = createExecutionContext(disableKeyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DisableKeyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(disableKeyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new DisableKeyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Disables rotation of the specified key.
*
*
* @param disableKeyRotationRequest
* @return Result of the DisableKeyRotation operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws DisabledException
* The request was rejected because the specified CMK is not enabled.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @throws UnsupportedOperationException
* The request was rejected because a specified parameter is not supported or a specified resource is not
* valid for this operation.
* @sample AWSKMS.DisableKeyRotation
* @see AWS API
* Documentation
*/
@Override
public DisableKeyRotationResult disableKeyRotation(DisableKeyRotationRequest request) {
request = beforeClientExecution(request);
return executeDisableKeyRotation(request);
}
@SdkInternalApi
final DisableKeyRotationResult executeDisableKeyRotation(DisableKeyRotationRequest disableKeyRotationRequest) {
ExecutionContext executionContext = createExecutionContext(disableKeyRotationRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DisableKeyRotationRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(disableKeyRotationRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DisableKeyRotationResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Marks a key as enabled, thereby permitting its use.
*
*
* @param enableKeyRequest
* @return Result of the EnableKey operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws LimitExceededException
* The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key
* Management Service Developer Guide.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.EnableKey
* @see AWS API
* Documentation
*/
@Override
public EnableKeyResult enableKey(EnableKeyRequest request) {
request = beforeClientExecution(request);
return executeEnableKey(request);
}
@SdkInternalApi
final EnableKeyResult executeEnableKey(EnableKeyRequest enableKeyRequest) {
ExecutionContext executionContext = createExecutionContext(enableKeyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new EnableKeyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(enableKeyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new EnableKeyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Enables rotation of the specified customer master key.
*
*
* @param enableKeyRotationRequest
* @return Result of the EnableKeyRotation operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws DisabledException
* The request was rejected because the specified CMK is not enabled.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @throws UnsupportedOperationException
* The request was rejected because a specified parameter is not supported or a specified resource is not
* valid for this operation.
* @sample AWSKMS.EnableKeyRotation
* @see AWS API
* Documentation
*/
@Override
public EnableKeyRotationResult enableKeyRotation(EnableKeyRotationRequest request) {
request = beforeClientExecution(request);
return executeEnableKeyRotation(request);
}
@SdkInternalApi
final EnableKeyRotationResult executeEnableKeyRotation(EnableKeyRotationRequest enableKeyRotationRequest) {
ExecutionContext executionContext = createExecutionContext(enableKeyRotationRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new EnableKeyRotationRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(enableKeyRotationRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new EnableKeyRotationResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Encrypts plaintext into ciphertext by using a customer master key. The Encrypt function has two
* primary use cases:
*
*
* -
*
* You can encrypt up to 4 KB of arbitrary data such as an RSA key, a database password, or other sensitive customer
* information.
*
*
* -
*
* If you are moving encrypted data from one region to another, you can use this API to encrypt in the new region
* the plaintext data key that was used to encrypt the data in the original region. This provides you with an
* encrypted copy of the data key that can be decrypted in the new region and used there to decrypt the encrypted
* data.
*
*
*
*
* Unless you are moving encrypted data from one region to another, you don't use this function to encrypt a
* generated data key within a region. You retrieve data keys already encrypted by calling the
* GenerateDataKey or GenerateDataKeyWithoutPlaintext function. Data keys don't need to be encrypted
* again by calling Encrypt.
*
*
* If you want to encrypt data locally in your application, you can use the GenerateDataKey function to
* return a plaintext data encryption key and a copy of the key encrypted under the customer master key (CMK) of
* your choosing.
*
*
* @param encryptRequest
* @return Result of the Encrypt operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws DisabledException
* The request was rejected because the specified CMK is not enabled.
* @throws KeyUnavailableException
* The request was rejected because the specified CMK was not available. The request can be retried.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws InvalidKeyUsageException
* The request was rejected because the specified KeySpec value is not valid.
* @throws InvalidGrantTokenException
* The request was rejected because the specified grant token is not valid.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.Encrypt
* @see AWS API
* Documentation
*/
@Override
public EncryptResult encrypt(EncryptRequest request) {
request = beforeClientExecution(request);
return executeEncrypt(request);
}
@SdkInternalApi
final EncryptResult executeEncrypt(EncryptRequest encryptRequest) {
ExecutionContext executionContext = createExecutionContext(encryptRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new EncryptRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(encryptRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new EncryptResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Returns a data encryption key that you can use in your application to encrypt data locally.
*
*
* You must specify the customer master key (CMK) under which to generate the data key. You must also specify the
* length of the data key using either the KeySpec or NumberOfBytes field. You must
* specify one field or the other, but not both. For common key lengths (128-bit and 256-bit symmetric keys), we
* recommend that you use KeySpec.
*
*
* This operation returns a plaintext copy of the data key in the Plaintext field of the response, and
* an encrypted copy of the data key in the CiphertextBlob field. The data key is encrypted under the
* CMK specified in the KeyId field of the request.
*
*
* We recommend that you use the following pattern to encrypt data locally in your application:
*
*
* -
*
* Use this operation (GenerateDataKey) to retrieve a data encryption key.
*
*
* -
*
* Use the plaintext data encryption key (returned in the Plaintext field of the response) to encrypt
* data locally, then erase the plaintext data key from memory.
*
*
* -
*
* Store the encrypted data key (returned in the CiphertextBlob field of the response) alongside the
* locally encrypted data.
*
*
*
*
* To decrypt data locally:
*
*
* -
*
* Use the Decrypt operation to decrypt the encrypted data key into a plaintext copy of the data key.
*
*
* -
*
* Use the plaintext data key to decrypt data locally, then erase the plaintext data key from memory.
*
*
*
*
* To return only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To return a random
* byte string that is cryptographically secure, use GenerateRandom.
*
*
* If you use the optional EncryptionContext field, you must store at least enough information to be
* able to reconstruct the full encryption context when you later send the ciphertext to the Decrypt
* operation. It is a good practice to choose an encryption context that you can reconstruct on the fly to better
* secure the ciphertext. For more information, see Encryption Context in the
* AWS Key Management Service Developer Guide.
*
*
* @param generateDataKeyRequest
* @return Result of the GenerateDataKey operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws DisabledException
* The request was rejected because the specified CMK is not enabled.
* @throws KeyUnavailableException
* The request was rejected because the specified CMK was not available. The request can be retried.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws InvalidKeyUsageException
* The request was rejected because the specified KeySpec value is not valid.
* @throws InvalidGrantTokenException
* The request was rejected because the specified grant token is not valid.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.GenerateDataKey
* @see AWS API
* Documentation
*/
@Override
public GenerateDataKeyResult generateDataKey(GenerateDataKeyRequest request) {
request = beforeClientExecution(request);
return executeGenerateDataKey(request);
}
@SdkInternalApi
final GenerateDataKeyResult executeGenerateDataKey(GenerateDataKeyRequest generateDataKeyRequest) {
ExecutionContext executionContext = createExecutionContext(generateDataKeyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GenerateDataKeyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(generateDataKeyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GenerateDataKeyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Returns a data encryption key encrypted under a customer master key (CMK). This operation is identical to
* GenerateDataKey but returns only the encrypted copy of the data key.
*
*
* This operation is useful in a system that has multiple components with different degrees of trust. For example,
* consider a system that stores encrypted data in containers. Each container stores the encrypted data and an
* encrypted copy of the data key. One component of the system, called the control plane, creates new
* containers. When it creates a new container, it uses this operation (GenerateDataKeyWithoutPlaintext
* ) to get an encrypted data key and then stores it in the container. Later, a different component of the system,
* called the data plane, puts encrypted data into the containers. To do this, it passes the encrypted data
* key to the Decrypt operation, then uses the returned plaintext data key to encrypt data, and finally
* stores the encrypted data in the container. In this system, the control plane never sees the plaintext data key.
*
*
* @param generateDataKeyWithoutPlaintextRequest
* @return Result of the GenerateDataKeyWithoutPlaintext operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws DisabledException
* The request was rejected because the specified CMK is not enabled.
* @throws KeyUnavailableException
* The request was rejected because the specified CMK was not available. The request can be retried.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws InvalidKeyUsageException
* The request was rejected because the specified KeySpec value is not valid.
* @throws InvalidGrantTokenException
* The request was rejected because the specified grant token is not valid.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.GenerateDataKeyWithoutPlaintext
* @see AWS API Documentation
*/
@Override
public GenerateDataKeyWithoutPlaintextResult generateDataKeyWithoutPlaintext(GenerateDataKeyWithoutPlaintextRequest request) {
request = beforeClientExecution(request);
return executeGenerateDataKeyWithoutPlaintext(request);
}
@SdkInternalApi
final GenerateDataKeyWithoutPlaintextResult executeGenerateDataKeyWithoutPlaintext(
GenerateDataKeyWithoutPlaintextRequest generateDataKeyWithoutPlaintextRequest) {
ExecutionContext executionContext = createExecutionContext(generateDataKeyWithoutPlaintextRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GenerateDataKeyWithoutPlaintextRequestProtocolMarshaller(protocolFactory).marshall(super
.beforeMarshalling(generateDataKeyWithoutPlaintextRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new GenerateDataKeyWithoutPlaintextResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Returns a random byte string that is cryptographically secure.
*
*
* For more information about entropy and random number generation, see the AWS Key Management Service
* Cryptographic Details whitepaper.
*
*
* @param generateRandomRequest
* @return Result of the GenerateRandom operation returned by the service.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @sample AWSKMS.GenerateRandom
* @see AWS API
* Documentation
*/
@Override
public GenerateRandomResult generateRandom(GenerateRandomRequest request) {
request = beforeClientExecution(request);
return executeGenerateRandom(request);
}
@SdkInternalApi
final GenerateRandomResult executeGenerateRandom(GenerateRandomRequest generateRandomRequest) {
ExecutionContext executionContext = createExecutionContext(generateRandomRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GenerateRandomRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(generateRandomRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GenerateRandomResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public GenerateRandomResult generateRandom() {
return generateRandom(new GenerateRandomRequest());
}
/**
*
* Retrieves a policy attached to the specified key.
*
*
* @param getKeyPolicyRequest
* @return Result of the GetKeyPolicy operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.GetKeyPolicy
* @see AWS API
* Documentation
*/
@Override
public GetKeyPolicyResult getKeyPolicy(GetKeyPolicyRequest request) {
request = beforeClientExecution(request);
return executeGetKeyPolicy(request);
}
@SdkInternalApi
final GetKeyPolicyResult executeGetKeyPolicy(GetKeyPolicyRequest getKeyPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(getKeyPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetKeyPolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getKeyPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetKeyPolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves a Boolean value that indicates whether key rotation is enabled for the specified key.
*
*
* @param getKeyRotationStatusRequest
* @return Result of the GetKeyRotationStatus operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @throws UnsupportedOperationException
* The request was rejected because a specified parameter is not supported or a specified resource is not
* valid for this operation.
* @sample AWSKMS.GetKeyRotationStatus
* @see AWS API
* Documentation
*/
@Override
public GetKeyRotationStatusResult getKeyRotationStatus(GetKeyRotationStatusRequest request) {
request = beforeClientExecution(request);
return executeGetKeyRotationStatus(request);
}
@SdkInternalApi
final GetKeyRotationStatusResult executeGetKeyRotationStatus(GetKeyRotationStatusRequest getKeyRotationStatusRequest) {
ExecutionContext executionContext = createExecutionContext(getKeyRotationStatusRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetKeyRotationStatusRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getKeyRotationStatusRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetKeyRotationStatusResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Returns the items you need in order to import key material into AWS KMS from your existing key management
* infrastructure. For more information about importing key material into AWS KMS, see Importing Key Material in the
* AWS Key Management Service Developer Guide.
*
*
* You must specify the key ID of the customer master key (CMK) into which you will import key material. This CMK's
* Origin must be EXTERNAL. You must also specify the wrapping algorithm and type of
* wrapping key (public key) that you will use to encrypt the key material.
*
*
* This operation returns a public key and an import token. Use the public key to encrypt the key material. Store
* the import token to send with a subsequent ImportKeyMaterial request. The public key and import token from
* the same response must be used together. These items are valid for 24 hours, after which they cannot be used for
* a subsequent ImportKeyMaterial request. To retrieve new ones, send another
* GetParametersForImport request.
*
*
* @param getParametersForImportRequest
* @return Result of the GetParametersForImport operation returned by the service.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws UnsupportedOperationException
* The request was rejected because a specified parameter is not supported or a specified resource is not
* valid for this operation.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.GetParametersForImport
* @see AWS API
* Documentation
*/
@Override
public GetParametersForImportResult getParametersForImport(GetParametersForImportRequest request) {
request = beforeClientExecution(request);
return executeGetParametersForImport(request);
}
@SdkInternalApi
final GetParametersForImportResult executeGetParametersForImport(GetParametersForImportRequest getParametersForImportRequest) {
ExecutionContext executionContext = createExecutionContext(getParametersForImportRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetParametersForImportRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getParametersForImportRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false),
new GetParametersForImportResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Imports key material into an AWS KMS customer master key (CMK) from your existing key management infrastructure.
* For more information about importing key material into AWS KMS, see Importing Key Material in the
* AWS Key Management Service Developer Guide.
*
*
* You must specify the key ID of the CMK to import the key material into. This CMK's Origin must be
* EXTERNAL. You must also send an import token and the encrypted key material. Send the import token
* that you received in the same GetParametersForImport response that contained the public key that you used
* to encrypt the key material. You must also specify whether the key material expires and if so, when. When the key
* material expires, AWS KMS deletes the key material and the CMK becomes unusable. To use the CMK again, you can
* reimport the same key material. If you set an expiration date, you can change it only by reimporting the same key
* material and specifying a new expiration date.
*
*
* When this operation is successful, the specified CMK's key state changes to Enabled, and you can use
* the CMK.
*
*
* After you successfully import key material into a CMK, you can reimport the same key material into that CMK, but
* you cannot import different key material.
*
*
* @param importKeyMaterialRequest
* @return Result of the ImportKeyMaterial operation returned by the service.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws UnsupportedOperationException
* The request was rejected because a specified parameter is not supported or a specified resource is not
* valid for this operation.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @throws InvalidCiphertextException
* The request was rejected because the specified ciphertext has been corrupted or is otherwise invalid.
* @throws IncorrectKeyMaterialException
* The request was rejected because the provided key material is invalid or is not the same key material
* that was previously imported into this customer master key (CMK).
* @throws ExpiredImportTokenException
* The request was rejected because the provided import token is expired. Use GetParametersForImport
* to retrieve a new import token and public key, use the new public key to encrypt the key material, and
* then try the request again.
* @throws InvalidImportTokenException
* The request was rejected because the provided import token is invalid or is associated with a different
* customer master key (CMK).
* @sample AWSKMS.ImportKeyMaterial
* @see AWS API
* Documentation
*/
@Override
public ImportKeyMaterialResult importKeyMaterial(ImportKeyMaterialRequest request) {
request = beforeClientExecution(request);
return executeImportKeyMaterial(request);
}
@SdkInternalApi
final ImportKeyMaterialResult executeImportKeyMaterial(ImportKeyMaterialRequest importKeyMaterialRequest) {
ExecutionContext executionContext = createExecutionContext(importKeyMaterialRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ImportKeyMaterialRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(importKeyMaterialRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ImportKeyMaterialResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists all of the key aliases in the account.
*
*
* @param listAliasesRequest
* @return Result of the ListAliases operation returned by the service.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws InvalidMarkerException
* The request was rejected because the marker that specifies where pagination should next begin is not
* valid.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @sample AWSKMS.ListAliases
* @see AWS API
* Documentation
*/
@Override
public ListAliasesResult listAliases(ListAliasesRequest request) {
request = beforeClientExecution(request);
return executeListAliases(request);
}
@SdkInternalApi
final ListAliasesResult executeListAliases(ListAliasesRequest listAliasesRequest) {
ExecutionContext executionContext = createExecutionContext(listAliasesRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListAliasesRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listAliasesRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListAliasesResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public ListAliasesResult listAliases() {
return listAliases(new ListAliasesRequest());
}
/**
*
* List the grants for a specified key.
*
*
* @param listGrantsRequest
* @return Result of the ListGrants operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws InvalidMarkerException
* The request was rejected because the marker that specifies where pagination should next begin is not
* valid.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.ListGrants
* @see AWS API
* Documentation
*/
@Override
public ListGrantsResult listGrants(ListGrantsRequest request) {
request = beforeClientExecution(request);
return executeListGrants(request);
}
@SdkInternalApi
final ListGrantsResult executeListGrants(ListGrantsRequest listGrantsRequest) {
ExecutionContext executionContext = createExecutionContext(listGrantsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListGrantsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listGrantsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListGrantsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retrieves a list of policies attached to a key.
*
*
* @param listKeyPoliciesRequest
* @return Result of the ListKeyPolicies operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.ListKeyPolicies
* @see AWS API
* Documentation
*/
@Override
public ListKeyPoliciesResult listKeyPolicies(ListKeyPoliciesRequest request) {
request = beforeClientExecution(request);
return executeListKeyPolicies(request);
}
@SdkInternalApi
final ListKeyPoliciesResult executeListKeyPolicies(ListKeyPoliciesRequest listKeyPoliciesRequest) {
ExecutionContext executionContext = createExecutionContext(listKeyPoliciesRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListKeyPoliciesRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listKeyPoliciesRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListKeyPoliciesResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Lists the customer master keys.
*
*
* @param listKeysRequest
* @return Result of the ListKeys operation returned by the service.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws InvalidMarkerException
* The request was rejected because the marker that specifies where pagination should next begin is not
* valid.
* @sample AWSKMS.ListKeys
* @see AWS API
* Documentation
*/
@Override
public ListKeysResult listKeys(ListKeysRequest request) {
request = beforeClientExecution(request);
return executeListKeys(request);
}
@SdkInternalApi
final ListKeysResult executeListKeys(ListKeysRequest listKeysRequest) {
ExecutionContext executionContext = createExecutionContext(listKeysRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListKeysRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listKeysRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListKeysResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public ListKeysResult listKeys() {
return listKeys(new ListKeysRequest());
}
/**
*
* Returns a list of all tags for the specified customer master key (CMK).
*
*
* @param listResourceTagsRequest
* @return Result of the ListResourceTags operation returned by the service.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws InvalidMarkerException
* The request was rejected because the marker that specifies where pagination should next begin is not
* valid.
* @sample AWSKMS.ListResourceTags
* @see AWS API
* Documentation
*/
@Override
public ListResourceTagsResult listResourceTags(ListResourceTagsRequest request) {
request = beforeClientExecution(request);
return executeListResourceTags(request);
}
@SdkInternalApi
final ListResourceTagsResult executeListResourceTags(ListResourceTagsRequest listResourceTagsRequest) {
ExecutionContext executionContext = createExecutionContext(listResourceTagsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListResourceTagsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listResourceTagsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListResourceTagsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Returns a list of all grants for which the grant's RetiringPrincipal matches the one specified.
*
*
* A typical use is to list all grants that you are able to retire. To retire a grant, use RetireGrant.
*
*
* @param listRetirableGrantsRequest
* @return Result of the ListRetirableGrants operation returned by the service.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws InvalidMarkerException
* The request was rejected because the marker that specifies where pagination should next begin is not
* valid.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @sample AWSKMS.ListRetirableGrants
* @see AWS API
* Documentation
*/
@Override
public ListRetirableGrantsResult listRetirableGrants(ListRetirableGrantsRequest request) {
request = beforeClientExecution(request);
return executeListRetirableGrants(request);
}
@SdkInternalApi
final ListRetirableGrantsResult executeListRetirableGrants(ListRetirableGrantsRequest listRetirableGrantsRequest) {
ExecutionContext executionContext = createExecutionContext(listRetirableGrantsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListRetirableGrantsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listRetirableGrantsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListRetirableGrantsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Attaches a key policy to the specified customer master key (CMK).
*
*
* For more information about key policies, see Key Policies in the AWS Key
* Management Service Developer Guide.
*
*
* @param putKeyPolicyRequest
* @return Result of the PutKeyPolicy operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws MalformedPolicyDocumentException
* The request was rejected because the specified policy is not syntactically or semantically correct.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws UnsupportedOperationException
* The request was rejected because a specified parameter is not supported or a specified resource is not
* valid for this operation.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws LimitExceededException
* The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key
* Management Service Developer Guide.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.PutKeyPolicy
* @see AWS API
* Documentation
*/
@Override
public PutKeyPolicyResult putKeyPolicy(PutKeyPolicyRequest request) {
request = beforeClientExecution(request);
return executePutKeyPolicy(request);
}
@SdkInternalApi
final PutKeyPolicyResult executePutKeyPolicy(PutKeyPolicyRequest putKeyPolicyRequest) {
ExecutionContext executionContext = createExecutionContext(putKeyPolicyRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new PutKeyPolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(putKeyPolicyRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new PutKeyPolicyResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Encrypts data on the server side with a new customer master key (CMK) without exposing the plaintext of the data
* on the client side. The data is first decrypted and then reencrypted. You can also use this operation to change
* the encryption context of a ciphertext.
*
*
* Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom on the
* source CMK and once as ReEncryptTo on the destination CMK. We recommend that you include the
* "kms:ReEncrypt*" permission in your key policies to permit
* reencryption from or to the CMK. This permission is automatically included in the key policy when you create a
* CMK through the console, but you must include it manually when you create a CMK programmatically or when you set
* a key policy with the PutKeyPolicy operation.
*
*
* @param reEncryptRequest
* @return Result of the ReEncrypt operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws DisabledException
* The request was rejected because the specified CMK is not enabled.
* @throws InvalidCiphertextException
* The request was rejected because the specified ciphertext has been corrupted or is otherwise invalid.
* @throws KeyUnavailableException
* The request was rejected because the specified CMK was not available. The request can be retried.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws InvalidKeyUsageException
* The request was rejected because the specified KeySpec value is not valid.
* @throws InvalidGrantTokenException
* The request was rejected because the specified grant token is not valid.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.ReEncrypt
* @see AWS API
* Documentation
*/
@Override
public ReEncryptResult reEncrypt(ReEncryptRequest request) {
request = beforeClientExecution(request);
return executeReEncrypt(request);
}
@SdkInternalApi
final ReEncryptResult executeReEncrypt(ReEncryptRequest reEncryptRequest) {
ExecutionContext executionContext = createExecutionContext(reEncryptRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ReEncryptRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(reEncryptRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new ReEncryptResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Retires a grant. To clean up, you can retire a grant when you're done using it. You should revoke a grant when
* you intend to actively deny operations that depend on it. The following are permitted to call this API:
*
*
* -
*
* The AWS account (root user) under which the grant was created
*
*
* -
*
* The RetiringPrincipal, if present in the grant
*
*
* -
*
* The GranteePrincipal, if RetireGrant is an operation specified in the grant
*
*
*
*
* You must identify the grant to retire by its grant token or by a combination of the grant ID and the Amazon
* Resource Name (ARN) of the customer master key (CMK). A grant token is a unique variable-length base64-encoded
* string. A grant ID is a 64 character unique identifier of a grant. The CreateGrant operation returns both.
*
*
* @param retireGrantRequest
* @return Result of the RetireGrant operation returned by the service.
* @throws InvalidGrantTokenException
* The request was rejected because the specified grant token is not valid.
* @throws InvalidGrantIdException
* The request was rejected because the specified GrantId is not valid.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.RetireGrant
* @see AWS API
* Documentation
*/
@Override
public RetireGrantResult retireGrant(RetireGrantRequest request) {
request = beforeClientExecution(request);
return executeRetireGrant(request);
}
@SdkInternalApi
final RetireGrantResult executeRetireGrant(RetireGrantRequest retireGrantRequest) {
ExecutionContext executionContext = createExecutionContext(retireGrantRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new RetireGrantRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(retireGrantRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new RetireGrantResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public RetireGrantResult retireGrant() {
return retireGrant(new RetireGrantRequest());
}
/**
*
* Revokes a grant. You can revoke a grant to actively deny operations that depend on it.
*
*
* @param revokeGrantRequest
* @return Result of the RevokeGrant operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws InvalidGrantIdException
* The request was rejected because the specified GrantId is not valid.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.RevokeGrant
* @see AWS API
* Documentation
*/
@Override
public RevokeGrantResult revokeGrant(RevokeGrantRequest request) {
request = beforeClientExecution(request);
return executeRevokeGrant(request);
}
@SdkInternalApi
final RevokeGrantResult executeRevokeGrant(RevokeGrantRequest revokeGrantRequest) {
ExecutionContext executionContext = createExecutionContext(revokeGrantRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new RevokeGrantRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(revokeGrantRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new RevokeGrantResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Schedules the deletion of a customer master key (CMK). You may provide a waiting period, specified in days,
* before deletion occurs. If you do not provide a waiting period, the default period of 30 days is used. When this
* operation is successful, the state of the CMK changes to PendingDeletion. Before the waiting period
* ends, you can use CancelKeyDeletion to cancel the deletion of the CMK. After the waiting period ends, AWS
* KMS deletes the CMK and all AWS KMS data associated with it, including all aliases that refer to it.
*
*
*
* Deleting a CMK is a destructive and potentially dangerous operation. When a CMK is deleted, all data that was
* encrypted under the CMK is rendered unrecoverable. To restrict the use of a CMK without deleting it, use
* DisableKey.
*
*
*
* For more information about scheduling a CMK for deletion, see Deleting Customer Master Keys
* in the AWS Key Management Service Developer Guide.
*
*
* @param scheduleKeyDeletionRequest
* @return Result of the ScheduleKeyDeletion operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.ScheduleKeyDeletion
* @see AWS API
* Documentation
*/
@Override
public ScheduleKeyDeletionResult scheduleKeyDeletion(ScheduleKeyDeletionRequest request) {
request = beforeClientExecution(request);
return executeScheduleKeyDeletion(request);
}
@SdkInternalApi
final ScheduleKeyDeletionResult executeScheduleKeyDeletion(ScheduleKeyDeletionRequest scheduleKeyDeletionRequest) {
ExecutionContext executionContext = createExecutionContext(scheduleKeyDeletionRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ScheduleKeyDeletionRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(scheduleKeyDeletionRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ScheduleKeyDeletionResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Adds or overwrites one or more tags for the specified customer master key (CMK).
*
*
* Each tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be
* empty (null) strings.
*
*
* You cannot use the same tag key more than once per CMK. For example, consider a CMK with one tag whose tag key is
* Purpose and tag value is Test. If you send a TagResource request for this
* CMK with a tag key of Purpose and a tag value of Prod, it does not create a second tag.
* Instead, the original tag is overwritten with the new tag value.
*
*
* @param tagResourceRequest
* @return Result of the TagResource operation returned by the service.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @throws LimitExceededException
* The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key
* Management Service Developer Guide.
* @throws TagException
* The request was rejected because one or more tags are not valid.
* @sample AWSKMS.TagResource
* @see AWS API
* Documentation
*/
@Override
public TagResourceResult tagResource(TagResourceRequest request) {
request = beforeClientExecution(request);
return executeTagResource(request);
}
@SdkInternalApi
final TagResourceResult executeTagResource(TagResourceRequest tagResourceRequest) {
ExecutionContext executionContext = createExecutionContext(tagResourceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new TagResourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(tagResourceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new TagResourceResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Removes the specified tag or tags from the specified customer master key (CMK).
*
*
* To remove a tag, you specify the tag key for each tag to remove. You do not specify the tag value. To overwrite
* the tag value for an existing tag, use TagResource.
*
*
* @param untagResourceRequest
* @return Result of the UntagResource operation returned by the service.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @throws TagException
* The request was rejected because one or more tags are not valid.
* @sample AWSKMS.UntagResource
* @see AWS API
* Documentation
*/
@Override
public UntagResourceResult untagResource(UntagResourceRequest request) {
request = beforeClientExecution(request);
return executeUntagResource(request);
}
@SdkInternalApi
final UntagResourceResult executeUntagResource(UntagResourceRequest untagResourceRequest) {
ExecutionContext executionContext = createExecutionContext(untagResourceRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new UntagResourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(untagResourceRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UntagResourceResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Updates an alias to map it to a different key.
*
*
* An alias is not a property of a key. Therefore, an alias can be mapped to and unmapped from an existing key
* without changing the properties of the key.
*
*
* An alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). An
* alias must start with the word "alias" followed by a forward slash (alias/). An alias that begins with "aws"
* after the forward slash (alias/aws...) is reserved by Amazon Web Services (AWS).
*
*
* The alias and the key it is mapped to must be in the same AWS account and the same region.
*
*
* @param updateAliasRequest
* @return Result of the UpdateAlias operation returned by the service.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.UpdateAlias
* @see AWS API
* Documentation
*/
@Override
public UpdateAliasResult updateAlias(UpdateAliasRequest request) {
request = beforeClientExecution(request);
return executeUpdateAlias(request);
}
@SdkInternalApi
final UpdateAliasResult executeUpdateAlias(UpdateAliasRequest updateAliasRequest) {
ExecutionContext executionContext = createExecutionContext(updateAliasRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new UpdateAliasRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updateAliasRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdateAliasResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
*
* Updates the description of a customer master key (CMK).
*
*
* @param updateKeyDescriptionRequest
* @return Result of the UpdateKeyDescription operation returned by the service.
* @throws NotFoundException
* The request was rejected because the specified entity or resource could not be found.
* @throws InvalidArnException
* The request was rejected because a specified ARN was not valid.
* @throws DependencyTimeoutException
* The system timed out while trying to fulfill the request. The request can be retried.
* @throws KMSInternalException
* The request was rejected because an internal exception occurred. The request can be retried.
* @throws KMSInvalidStateException
* The request was rejected because the state of the specified resource is not valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
* @sample AWSKMS.UpdateKeyDescription
* @see AWS API
* Documentation
*/
@Override
public UpdateKeyDescriptionResult updateKeyDescription(UpdateKeyDescriptionRequest request) {
request = beforeClientExecution(request);
return executeUpdateKeyDescription(request);
}
@SdkInternalApi
final UpdateKeyDescriptionResult executeUpdateKeyDescription(UpdateKeyDescriptionRequest updateKeyDescriptionRequest) {
ExecutionContext executionContext = createExecutionContext(updateKeyDescriptionRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request request = null;
Response response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new UpdateKeyDescriptionRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updateKeyDescriptionRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdateKeyDescriptionResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* Returns additional metadata for a previously executed successful, request, typically used for debugging issues
* where a service isn't acting as expected. This data isn't considered part of the result data returned by an
* operation, so it's available through this separate, diagnostic interface.
*
* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic
* information for an executed request, you should use this method to retrieve it as soon as possible after
* executing the request.
*
* @param request
* The originally executed request
*
* @return The response metadata for the specified request, or null if none is available.
*/
public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request) {
return client.getResponseMetadataForRequest(request);
}
/**
* Normal invoke with authentication. Credentials are required and may be overriden at the request level.
**/
private Response invoke(Request request, HttpResponseHandler> responseHandler,
ExecutionContext executionContext) {
executionContext.setCredentialsProvider(CredentialUtils.getCredentialsProvider(request.getOriginalRequest(), awsCredentialsProvider));
return doInvoke(request, responseHandler, executionContext);
}
/**
* Invoke with no authentication. Credentials are not required and any credentials set on the client or request will
* be ignored for this operation.
**/
private Response anonymousInvoke(Request request,
HttpResponseHandler> responseHandler, ExecutionContext executionContext) {
return doInvoke(request, responseHandler, executionContext);
}
/**
* Invoke the request using the http client. Assumes credentials (or lack thereof) have been configured in the
* ExecutionContext beforehand.
**/
private Response doInvoke(Request request, HttpResponseHandler> responseHandler,
ExecutionContext executionContext) {
request.setEndpoint(endpoint);
request.setTimeOffset(timeOffset);
HttpResponseHandler errorResponseHandler = protocolFactory.createErrorResponseHandler(new JsonErrorResponseMetadata());
return client.execute(request, responseHandler, errorResponseHandler, executionContext);
}
}