software.amazon.awssdk.services.kms.model.GenerateDataKeyPairWithoutPlaintextRequest Maven / Gradle / Ivy
Show all versions of kms Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.kms.model;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.ListTrait;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.traits.MapTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructList;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructMap;
import software.amazon.awssdk.core.util.SdkAutoConstructList;
import software.amazon.awssdk.core.util.SdkAutoConstructMap;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*/
@Generated("software.amazon.awssdk:codegen")
public final class GenerateDataKeyPairWithoutPlaintextRequest extends KmsRequest implements
ToCopyableBuilder {
private static final SdkField> ENCRYPTION_CONTEXT_FIELD = SdkField
.> builder(MarshallingType.MAP)
.memberName("EncryptionContext")
.getter(getter(GenerateDataKeyPairWithoutPlaintextRequest::encryptionContext))
.setter(setter(Builder::encryptionContext))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("EncryptionContext").build(),
MapTrait.builder()
.keyLocationName("key")
.valueLocationName("value")
.valueFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("value").build()).build()).build()).build();
private static final SdkField KEY_ID_FIELD = SdkField. builder(MarshallingType.STRING).memberName("KeyId")
.getter(getter(GenerateDataKeyPairWithoutPlaintextRequest::keyId)).setter(setter(Builder::keyId))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("KeyId").build()).build();
private static final SdkField KEY_PAIR_SPEC_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("KeyPairSpec").getter(getter(GenerateDataKeyPairWithoutPlaintextRequest::keyPairSpecAsString))
.setter(setter(Builder::keyPairSpec))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("KeyPairSpec").build()).build();
private static final SdkField> GRANT_TOKENS_FIELD = SdkField
.> builder(MarshallingType.LIST)
.memberName("GrantTokens")
.getter(getter(GenerateDataKeyPairWithoutPlaintextRequest::grantTokens))
.setter(setter(Builder::grantTokens))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("GrantTokens").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(ENCRYPTION_CONTEXT_FIELD,
KEY_ID_FIELD, KEY_PAIR_SPEC_FIELD, GRANT_TOKENS_FIELD));
private final Map encryptionContext;
private final String keyId;
private final String keyPairSpec;
private final List grantTokens;
private GenerateDataKeyPairWithoutPlaintextRequest(BuilderImpl builder) {
super(builder);
this.encryptionContext = builder.encryptionContext;
this.keyId = builder.keyId;
this.keyPairSpec = builder.keyPairSpec;
this.grantTokens = builder.grantTokens;
}
/**
* Returns true if the EncryptionContext property was specified by the sender (it may be empty), or false if the
* sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS
* service.
*/
public final boolean hasEncryptionContext() {
return encryptionContext != null && !(encryptionContext instanceof SdkAutoConstructMap);
}
/**
*
* Specifies the encryption context that will be used when encrypting the private key in the data key pair.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting
* with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption Context
* in the AWS Key Management Service Developer Guide.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* You can use {@link #hasEncryptionContext()} to see if a value was sent in this field.
*
*
* @return Specifies the encryption context that will be used when encrypting the private key in the data key
* pair.
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an
* exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional
* when encrypting with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption
* Context in the AWS Key Management Service Developer Guide.
*/
public final Map encryptionContext() {
return encryptionContext;
}
/**
*
* Specifies the CMK that encrypts the private key in the data key pair. You must specify a symmetric CMK. You
* cannot use an asymmetric CMK or a CMK in a custom key store. To get the type and origin of your CMK, use the
* DescribeKey operation.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name,
* prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or
* alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @return Specifies the CMK that encrypts the private key in the data key pair. You must specify a symmetric CMK.
* You cannot use an asymmetric CMK or a CMK in a custom key store. To get the type and origin of your CMK,
* use the DescribeKey operation.
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an
* alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must
* use the key ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name
* and alias ARN, use ListAliases.
*/
public final String keyId() {
return keyId;
}
/**
*
* Determines the type of data key pair that is generated.
*
*
* The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt and decrypt or to sign and verify (but
* not both), and the rule that permits you to use ECC CMKs only to sign and verify, are not effective outside of
* AWS KMS.
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #keyPairSpec} will
* return {@link DataKeyPairSpec#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available from
* {@link #keyPairSpecAsString}.
*
*
* @return Determines the type of data key pair that is generated.
*
* The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt and decrypt or to sign and
* verify (but not both), and the rule that permits you to use ECC CMKs only to sign and verify, are not
* effective outside of AWS KMS.
* @see DataKeyPairSpec
*/
public final DataKeyPairSpec keyPairSpec() {
return DataKeyPairSpec.fromValue(keyPairSpec);
}
/**
*
* Determines the type of data key pair that is generated.
*
*
* The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt and decrypt or to sign and verify (but
* not both), and the rule that permits you to use ECC CMKs only to sign and verify, are not effective outside of
* AWS KMS.
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #keyPairSpec} will
* return {@link DataKeyPairSpec#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available from
* {@link #keyPairSpecAsString}.
*
*
* @return Determines the type of data key pair that is generated.
*
* The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt and decrypt or to sign and
* verify (but not both), and the rule that permits you to use ECC CMKs only to sign and verify, are not
* effective outside of AWS KMS.
* @see DataKeyPairSpec
*/
public final String keyPairSpecAsString() {
return keyPairSpec;
}
/**
* Returns true if the GrantTokens property was specified by the sender (it may be empty), or false if the sender
* did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.
*/
public final boolean hasGrantTokens() {
return grantTokens != null && !(grantTokens instanceof SdkAutoConstructList);
}
/**
*
* A list of grant tokens.
*
*
* For more information, see Grant Tokens in the
* AWS Key Management Service Developer Guide.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* You can use {@link #hasGrantTokens()} to see if a value was sent in this field.
*
*
* @return A list of grant tokens.
*
* For more information, see Grant Tokens
* in the AWS Key Management Service Developer Guide.
*/
public final List grantTokens() {
return grantTokens;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public final int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + super.hashCode();
hashCode = 31 * hashCode + Objects.hashCode(hasEncryptionContext() ? encryptionContext() : null);
hashCode = 31 * hashCode + Objects.hashCode(keyId());
hashCode = 31 * hashCode + Objects.hashCode(keyPairSpecAsString());
hashCode = 31 * hashCode + Objects.hashCode(hasGrantTokens() ? grantTokens() : null);
return hashCode;
}
@Override
public final boolean equals(Object obj) {
return super.equals(obj) && equalsBySdkFields(obj);
}
@Override
public final boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof GenerateDataKeyPairWithoutPlaintextRequest)) {
return false;
}
GenerateDataKeyPairWithoutPlaintextRequest other = (GenerateDataKeyPairWithoutPlaintextRequest) obj;
return hasEncryptionContext() == other.hasEncryptionContext()
&& Objects.equals(encryptionContext(), other.encryptionContext()) && Objects.equals(keyId(), other.keyId())
&& Objects.equals(keyPairSpecAsString(), other.keyPairSpecAsString())
&& hasGrantTokens() == other.hasGrantTokens() && Objects.equals(grantTokens(), other.grantTokens());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public final String toString() {
return ToString.builder("GenerateDataKeyPairWithoutPlaintextRequest")
.add("EncryptionContext", hasEncryptionContext() ? encryptionContext() : null).add("KeyId", keyId())
.add("KeyPairSpec", keyPairSpecAsString()).add("GrantTokens", hasGrantTokens() ? grantTokens() : null).build();
}
public final Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "EncryptionContext":
return Optional.ofNullable(clazz.cast(encryptionContext()));
case "KeyId":
return Optional.ofNullable(clazz.cast(keyId()));
case "KeyPairSpec":
return Optional.ofNullable(clazz.cast(keyPairSpecAsString()));
case "GrantTokens":
return Optional.ofNullable(clazz.cast(grantTokens()));
default:
return Optional.empty();
}
}
@Override
public final List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((GenerateDataKeyPairWithoutPlaintextRequest) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends KmsRequest.Builder, SdkPojo,
CopyableBuilder {
/**
*
* Specifies the encryption context that will be used when encrypting the private key in the data key pair.
*
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact
* case-sensitive match) encryption context to decrypt the data. An encryption context is optional when
* encrypting with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption
* Context in the AWS Key Management Service Developer Guide.
*
*
* @param encryptionContext
* Specifies the encryption context that will be used when encrypting the private key in the data key
* pair.
*
* An encryption context is a collection of non-secret key-value pairs that represents additional
* authenticated data. When you use an encryption context to encrypt data, you must specify the same (an
* exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional
* when encrypting with a symmetric CMK, but it is highly recommended.
*
*
* For more information, see Encryption
* Context in the AWS Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder encryptionContext(Map encryptionContext);
/**
*
* Specifies the CMK that encrypts the private key in the data key pair. You must specify a symmetric CMK. You
* cannot use an asymmetric CMK or a CMK in a custom key store. To get the type and origin of your CMK, use the
* DescribeKey operation.
*
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias
* name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key
* ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and
* alias ARN, use ListAliases.
*
*
* @param keyId
* Specifies the CMK that encrypts the private key in the data key pair. You must specify a symmetric
* CMK. You cannot use an asymmetric CMK or a CMK in a custom key store. To get the type and origin of
* your CMK, use the DescribeKey operation.
*
* To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an
* alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you
* must use the key ARN or alias ARN.
*
*
* For example:
*
*
* -
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
*
* -
*
* Alias name: alias/ExampleAlias
*
*
* -
*
* Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
*
*
*
*
* To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias
* name and alias ARN, use ListAliases.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder keyId(String keyId);
/**
*
* Determines the type of data key pair that is generated.
*
*
* The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt and decrypt or to sign and verify
* (but not both), and the rule that permits you to use ECC CMKs only to sign and verify, are not effective
* outside of AWS KMS.
*
*
* @param keyPairSpec
* Determines the type of data key pair that is generated.
*
* The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt and decrypt or to sign and
* verify (but not both), and the rule that permits you to use ECC CMKs only to sign and verify, are not
* effective outside of AWS KMS.
* @see DataKeyPairSpec
* @return Returns a reference to this object so that method calls can be chained together.
* @see DataKeyPairSpec
*/
Builder keyPairSpec(String keyPairSpec);
/**
*
* Determines the type of data key pair that is generated.
*
*
* The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt and decrypt or to sign and verify
* (but not both), and the rule that permits you to use ECC CMKs only to sign and verify, are not effective
* outside of AWS KMS.
*
*
* @param keyPairSpec
* Determines the type of data key pair that is generated.
*
* The AWS KMS rule that restricts the use of asymmetric RSA CMKs to encrypt and decrypt or to sign and
* verify (but not both), and the rule that permits you to use ECC CMKs only to sign and verify, are not
* effective outside of AWS KMS.
* @see DataKeyPairSpec
* @return Returns a reference to this object so that method calls can be chained together.
* @see DataKeyPairSpec
*/
Builder keyPairSpec(DataKeyPairSpec keyPairSpec);
/**
*
* A list of grant tokens.
*
*
* For more information, see Grant Tokens in
* the AWS Key Management Service Developer Guide.
*
*
* @param grantTokens
* A list of grant tokens.
*
* For more information, see Grant
* Tokens in the AWS Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder grantTokens(Collection grantTokens);
/**
*
* A list of grant tokens.
*
*
* For more information, see Grant Tokens in
* the AWS Key Management Service Developer Guide.
*
*
* @param grantTokens
* A list of grant tokens.
*
* For more information, see Grant
* Tokens in the AWS Key Management Service Developer Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder grantTokens(String... grantTokens);
@Override
Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration);
@Override
Builder overrideConfiguration(Consumer builderConsumer);
}
static final class BuilderImpl extends KmsRequest.BuilderImpl implements Builder {
private Map encryptionContext = DefaultSdkAutoConstructMap.getInstance();
private String keyId;
private String keyPairSpec;
private List grantTokens = DefaultSdkAutoConstructList.getInstance();
private BuilderImpl() {
}
private BuilderImpl(GenerateDataKeyPairWithoutPlaintextRequest model) {
super(model);
encryptionContext(model.encryptionContext);
keyId(model.keyId);
keyPairSpec(model.keyPairSpec);
grantTokens(model.grantTokens);
}
public final Map getEncryptionContext() {
if (encryptionContext instanceof SdkAutoConstructMap) {
return null;
}
return encryptionContext;
}
@Override
public final Builder encryptionContext(Map encryptionContext) {
this.encryptionContext = EncryptionContextTypeCopier.copy(encryptionContext);
return this;
}
public final void setEncryptionContext(Map encryptionContext) {
this.encryptionContext = EncryptionContextTypeCopier.copy(encryptionContext);
}
public final String getKeyId() {
return keyId;
}
@Override
public final Builder keyId(String keyId) {
this.keyId = keyId;
return this;
}
public final void setKeyId(String keyId) {
this.keyId = keyId;
}
public final String getKeyPairSpec() {
return keyPairSpec;
}
@Override
public final Builder keyPairSpec(String keyPairSpec) {
this.keyPairSpec = keyPairSpec;
return this;
}
@Override
public final Builder keyPairSpec(DataKeyPairSpec keyPairSpec) {
this.keyPairSpec(keyPairSpec == null ? null : keyPairSpec.toString());
return this;
}
public final void setKeyPairSpec(String keyPairSpec) {
this.keyPairSpec = keyPairSpec;
}
public final Collection getGrantTokens() {
if (grantTokens instanceof SdkAutoConstructList) {
return null;
}
return grantTokens;
}
@Override
public final Builder grantTokens(Collection grantTokens) {
this.grantTokens = GrantTokenListCopier.copy(grantTokens);
return this;
}
@Override
@SafeVarargs
public final Builder grantTokens(String... grantTokens) {
grantTokens(Arrays.asList(grantTokens));
return this;
}
public final void setGrantTokens(Collection grantTokens) {
this.grantTokens = GrantTokenListCopier.copy(grantTokens);
}
@Override
public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) {
super.overrideConfiguration(overrideConfiguration);
return this;
}
@Override
public Builder overrideConfiguration(Consumer builderConsumer) {
super.overrideConfiguration(builderConsumer);
return this;
}
@Override
public GenerateDataKeyPairWithoutPlaintextRequest build() {
return new GenerateDataKeyPairWithoutPlaintextRequest(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}