All Downloads are FREE. Search and download functionalities are using the official Maven repository.

software.amazon.awssdk.services.kms.model.ReEncryptRequest Maven / Gradle / Ivy

Go to download

The AWS Java SDK for AWS KMS module holds the client classes that are used for communicating with AWS Key Management Service

There is a newer version: 2.30.1
Show newest version
/*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
 * the License. A copy of the License is located at
 * 
 * http://aws.amazon.com/apache2.0
 * 
 * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 * and limitations under the License.
 */

package software.amazon.awssdk.services.kms.model;

import java.nio.ByteBuffer;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.ListTrait;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.traits.MapTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructList;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructMap;
import software.amazon.awssdk.core.util.SdkAutoConstructList;
import software.amazon.awssdk.core.util.SdkAutoConstructMap;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;

/**
 */
@Generated("software.amazon.awssdk:codegen")
public final class ReEncryptRequest extends KmsRequest implements ToCopyableBuilder {
    private static final SdkField CIPHERTEXT_BLOB_FIELD = SdkField. builder(MarshallingType.SDK_BYTES)
            .memberName("CiphertextBlob").getter(getter(ReEncryptRequest::ciphertextBlob))
            .setter(setter(Builder::ciphertextBlob))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("CiphertextBlob").build()).build();

    private static final SdkField> SOURCE_ENCRYPTION_CONTEXT_FIELD = SdkField
            .> builder(MarshallingType.MAP)
            .memberName("SourceEncryptionContext")
            .getter(getter(ReEncryptRequest::sourceEncryptionContext))
            .setter(setter(Builder::sourceEncryptionContext))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("SourceEncryptionContext").build(),
                    MapTrait.builder()
                            .keyLocationName("key")
                            .valueLocationName("value")
                            .valueFieldInfo(
                                    SdkField. builder(MarshallingType.STRING)
                                            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
                                                    .locationName("value").build()).build()).build()).build();

    private static final SdkField SOURCE_KEY_ID_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("SourceKeyId").getter(getter(ReEncryptRequest::sourceKeyId)).setter(setter(Builder::sourceKeyId))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("SourceKeyId").build()).build();

    private static final SdkField DESTINATION_KEY_ID_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("DestinationKeyId").getter(getter(ReEncryptRequest::destinationKeyId))
            .setter(setter(Builder::destinationKeyId))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("DestinationKeyId").build()).build();

    private static final SdkField> DESTINATION_ENCRYPTION_CONTEXT_FIELD = SdkField
            .> builder(MarshallingType.MAP)
            .memberName("DestinationEncryptionContext")
            .getter(getter(ReEncryptRequest::destinationEncryptionContext))
            .setter(setter(Builder::destinationEncryptionContext))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("DestinationEncryptionContext")
                    .build(),
                    MapTrait.builder()
                            .keyLocationName("key")
                            .valueLocationName("value")
                            .valueFieldInfo(
                                    SdkField. builder(MarshallingType.STRING)
                                            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
                                                    .locationName("value").build()).build()).build()).build();

    private static final SdkField SOURCE_ENCRYPTION_ALGORITHM_FIELD = SdkField. builder(MarshallingType.STRING)
            .memberName("SourceEncryptionAlgorithm").getter(getter(ReEncryptRequest::sourceEncryptionAlgorithmAsString))
            .setter(setter(Builder::sourceEncryptionAlgorithm))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("SourceEncryptionAlgorithm").build())
            .build();

    private static final SdkField DESTINATION_ENCRYPTION_ALGORITHM_FIELD = SdkField
            . builder(MarshallingType.STRING)
            .memberName("DestinationEncryptionAlgorithm")
            .getter(getter(ReEncryptRequest::destinationEncryptionAlgorithmAsString))
            .setter(setter(Builder::destinationEncryptionAlgorithm))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("DestinationEncryptionAlgorithm")
                    .build()).build();

    private static final SdkField> GRANT_TOKENS_FIELD = SdkField
            .> builder(MarshallingType.LIST)
            .memberName("GrantTokens")
            .getter(getter(ReEncryptRequest::grantTokens))
            .setter(setter(Builder::grantTokens))
            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("GrantTokens").build(),
                    ListTrait
                            .builder()
                            .memberLocationName(null)
                            .memberFieldInfo(
                                    SdkField. builder(MarshallingType.STRING)
                                            .traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
                                                    .locationName("member").build()).build()).build()).build();

    private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(CIPHERTEXT_BLOB_FIELD,
            SOURCE_ENCRYPTION_CONTEXT_FIELD, SOURCE_KEY_ID_FIELD, DESTINATION_KEY_ID_FIELD, DESTINATION_ENCRYPTION_CONTEXT_FIELD,
            SOURCE_ENCRYPTION_ALGORITHM_FIELD, DESTINATION_ENCRYPTION_ALGORITHM_FIELD, GRANT_TOKENS_FIELD));

    private final SdkBytes ciphertextBlob;

    private final Map sourceEncryptionContext;

    private final String sourceKeyId;

    private final String destinationKeyId;

    private final Map destinationEncryptionContext;

    private final String sourceEncryptionAlgorithm;

    private final String destinationEncryptionAlgorithm;

    private final List grantTokens;

    private ReEncryptRequest(BuilderImpl builder) {
        super(builder);
        this.ciphertextBlob = builder.ciphertextBlob;
        this.sourceEncryptionContext = builder.sourceEncryptionContext;
        this.sourceKeyId = builder.sourceKeyId;
        this.destinationKeyId = builder.destinationKeyId;
        this.destinationEncryptionContext = builder.destinationEncryptionContext;
        this.sourceEncryptionAlgorithm = builder.sourceEncryptionAlgorithm;
        this.destinationEncryptionAlgorithm = builder.destinationEncryptionAlgorithm;
        this.grantTokens = builder.grantTokens;
    }

    /**
     * 

* Ciphertext of the data to reencrypt. *

* * @return Ciphertext of the data to reencrypt. */ public final SdkBytes ciphertextBlob() { return ciphertextBlob; } /** * For responses, this returns true if the service returned a value for the SourceEncryptionContext property. This * DOES NOT check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the * property). This is useful because the SDK will never return a null collection or map, but you may need to * differentiate between the service returning nothing (or null) and the service returning an empty collection or * map. For requests, this returns true if a value for the property was specified in the request builder, and false * if a value was not specified. */ public final boolean hasSourceEncryptionContext() { return sourceEncryptionContext != null && !(sourceEncryptionContext instanceof SdkAutoConstructMap); } /** *

* Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was * used to encrypt the ciphertext. *

*

* An encryption context is a collection of non-secret key-value pairs that represent additional * authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact * case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on * operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption * context is optional, but it is strongly recommended. *

*

* For more information, see Encryption context * in the Key Management Service Developer Guide. *

*

* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException. *

*

* This method will never return null. If you would like to know whether the service returned this field (so that * you can differentiate between null and empty), you can use the {@link #hasSourceEncryptionContext} method. *

* * @return Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that * was used to encrypt the ciphertext.

*

* An encryption context is a collection of non-secret key-value pairs that represent additional * authenticated data. When you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported * only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, * an encryption context is optional, but it is strongly recommended. *

*

* For more information, see Encryption * context in the Key Management Service Developer Guide. */ public final Map sourceEncryptionContext() { return sourceEncryptionContext; } /** *

* Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted. *

*

* Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the * ReEncrypt operation throws an IncorrectKeyException. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you used a * symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext * blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that * you intend. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN * or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and * alias ARN, use ListAliases. *

* * @return Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.

*

* Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS * key, the ReEncrypt operation throws an IncorrectKeyException. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you * used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric * ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use * the KMS key that you intend. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix * it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must * use the key ARN or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias * name and alias ARN, use ListAliases. */ public final String sourceKeyId() { return sourceKeyId; } /** *

* A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS key or * an asymmetric KMS key with a KeyUsage value of ENCRYPT_DECRYPT. To find the * KeyUsage value of a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN * or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and * alias ARN, use ListAliases. *

* * @return A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption * KMS key or an asymmetric KMS key with a KeyUsage value of ENCRYPT_DECRYPT. To * find the KeyUsage value of a KMS key, use the DescribeKey operation.

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix * it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must * use the key ARN or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias * name and alias ARN, use ListAliases. */ public final String destinationKeyId() { return destinationKeyId; } /** * For responses, this returns true if the service returned a value for the DestinationEncryptionContext property. * This DOES NOT check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the * property). This is useful because the SDK will never return a null collection or map, but you may need to * differentiate between the service returning nothing (or null) and the service returning an empty collection or * map. For requests, this returns true if a value for the property was specified in the request builder, and false * if a value was not specified. */ public final boolean hasDestinationEncryptionContext() { return destinationEncryptionContext != null && !(destinationEncryptionContext instanceof SdkAutoConstructMap); } /** *

* Specifies that encryption context to use when the reencrypting the data. *

*

* A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. * The standard ciphertext format for asymmetric KMS keys does not include fields for metadata. *

*

* An encryption context is a collection of non-secret key-value pairs that represent additional * authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact * case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on * operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption * context is optional, but it is strongly recommended. *

*

* For more information, see Encryption context * in the Key Management Service Developer Guide. *

*

* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException. *

*

* This method will never return null. If you would like to know whether the service returned this field (so that * you can differentiate between null and empty), you can use the {@link #hasDestinationEncryptionContext} method. *

* * @return Specifies that encryption context to use when the reencrypting the data.

*

* A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS * key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata. *

*

* An encryption context is a collection of non-secret key-value pairs that represent additional * authenticated data. When you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported * only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, * an encryption context is optional, but it is strongly recommended. *

*

* For more information, see Encryption * context in the Key Management Service Developer Guide. */ public final Map destinationEncryptionContext() { return destinationEncryptionContext; } /** *

* Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The * default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric encryption KMS keys. *

*

* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the * decrypt attempt fails. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. *

*

* If the service returns an enum value that is not available in the current SDK version, * {@link #sourceEncryptionAlgorithm} will return {@link EncryptionAlgorithmSpec#UNKNOWN_TO_SDK_VERSION}. The raw * value returned by the service is available from {@link #sourceEncryptionAlgorithmAsString}. *

* * @return Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. * The default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric encryption * KMS keys.

*

* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, * the decrypt attempt fails. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. * @see EncryptionAlgorithmSpec */ public final EncryptionAlgorithmSpec sourceEncryptionAlgorithm() { return EncryptionAlgorithmSpec.fromValue(sourceEncryptionAlgorithm); } /** *

* Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The * default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric encryption KMS keys. *

*

* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the * decrypt attempt fails. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. *

*

* If the service returns an enum value that is not available in the current SDK version, * {@link #sourceEncryptionAlgorithm} will return {@link EncryptionAlgorithmSpec#UNKNOWN_TO_SDK_VERSION}. The raw * value returned by the service is available from {@link #sourceEncryptionAlgorithmAsString}. *

* * @return Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. * The default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric encryption * KMS keys.

*

* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, * the decrypt attempt fails. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. * @see EncryptionAlgorithmSpec */ public final String sourceEncryptionAlgorithmAsString() { return sourceEncryptionAlgorithm; } /** *

* Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default * value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric encryption KMS * keys. *

*

* This parameter is required only when the destination KMS key is an asymmetric KMS key. *

*

* If the service returns an enum value that is not available in the current SDK version, * {@link #destinationEncryptionAlgorithm} will return {@link EncryptionAlgorithmSpec#UNKNOWN_TO_SDK_VERSION}. The * raw value returned by the service is available from {@link #destinationEncryptionAlgorithmAsString}. *

* * @return Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The * default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric * encryption KMS keys.

*

* This parameter is required only when the destination KMS key is an asymmetric KMS key. * @see EncryptionAlgorithmSpec */ public final EncryptionAlgorithmSpec destinationEncryptionAlgorithm() { return EncryptionAlgorithmSpec.fromValue(destinationEncryptionAlgorithm); } /** *

* Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default * value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric encryption KMS * keys. *

*

* This parameter is required only when the destination KMS key is an asymmetric KMS key. *

*

* If the service returns an enum value that is not available in the current SDK version, * {@link #destinationEncryptionAlgorithm} will return {@link EncryptionAlgorithmSpec#UNKNOWN_TO_SDK_VERSION}. The * raw value returned by the service is available from {@link #destinationEncryptionAlgorithmAsString}. *

* * @return Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The * default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric * encryption KMS keys.

*

* This parameter is required only when the destination KMS key is an asymmetric KMS key. * @see EncryptionAlgorithmSpec */ public final String destinationEncryptionAlgorithmAsString() { return destinationEncryptionAlgorithm; } /** * For responses, this returns true if the service returned a value for the GrantTokens property. This DOES NOT * check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property). * This is useful because the SDK will never return a null collection or map, but you may need to differentiate * between the service returning nothing (or null) and the service returning an empty collection or map. For * requests, this returns true if a value for the property was specified in the request builder, and false if a * value was not specified. */ public final boolean hasGrantTokens() { return grantTokens != null && !(grantTokens instanceof SdkAutoConstructList); } /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved * eventual consistency. For more information, see Grant token and Using a grant * token in the Key Management Service Developer Guide. *

*

* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException. *

*

* This method will never return null. If you would like to know whether the service returned this field (so that * you can differentiate between null and empty), you can use the {@link #hasGrantTokens} method. *

* * @return A list of grant tokens.

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token and * Using * a grant token in the Key Management Service Developer Guide. */ public final List grantTokens() { return grantTokens; } @Override public Builder toBuilder() { return new BuilderImpl(this); } public static Builder builder() { return new BuilderImpl(); } public static Class serializableBuilderClass() { return BuilderImpl.class; } @Override public final int hashCode() { int hashCode = 1; hashCode = 31 * hashCode + super.hashCode(); hashCode = 31 * hashCode + Objects.hashCode(ciphertextBlob()); hashCode = 31 * hashCode + Objects.hashCode(hasSourceEncryptionContext() ? sourceEncryptionContext() : null); hashCode = 31 * hashCode + Objects.hashCode(sourceKeyId()); hashCode = 31 * hashCode + Objects.hashCode(destinationKeyId()); hashCode = 31 * hashCode + Objects.hashCode(hasDestinationEncryptionContext() ? destinationEncryptionContext() : null); hashCode = 31 * hashCode + Objects.hashCode(sourceEncryptionAlgorithmAsString()); hashCode = 31 * hashCode + Objects.hashCode(destinationEncryptionAlgorithmAsString()); hashCode = 31 * hashCode + Objects.hashCode(hasGrantTokens() ? grantTokens() : null); return hashCode; } @Override public final boolean equals(Object obj) { return super.equals(obj) && equalsBySdkFields(obj); } @Override public final boolean equalsBySdkFields(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (!(obj instanceof ReEncryptRequest)) { return false; } ReEncryptRequest other = (ReEncryptRequest) obj; return Objects.equals(ciphertextBlob(), other.ciphertextBlob()) && hasSourceEncryptionContext() == other.hasSourceEncryptionContext() && Objects.equals(sourceEncryptionContext(), other.sourceEncryptionContext()) && Objects.equals(sourceKeyId(), other.sourceKeyId()) && Objects.equals(destinationKeyId(), other.destinationKeyId()) && hasDestinationEncryptionContext() == other.hasDestinationEncryptionContext() && Objects.equals(destinationEncryptionContext(), other.destinationEncryptionContext()) && Objects.equals(sourceEncryptionAlgorithmAsString(), other.sourceEncryptionAlgorithmAsString()) && Objects.equals(destinationEncryptionAlgorithmAsString(), other.destinationEncryptionAlgorithmAsString()) && hasGrantTokens() == other.hasGrantTokens() && Objects.equals(grantTokens(), other.grantTokens()); } /** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. */ @Override public final String toString() { return ToString.builder("ReEncryptRequest").add("CiphertextBlob", ciphertextBlob()) .add("SourceEncryptionContext", hasSourceEncryptionContext() ? sourceEncryptionContext() : null) .add("SourceKeyId", sourceKeyId()).add("DestinationKeyId", destinationKeyId()) .add("DestinationEncryptionContext", hasDestinationEncryptionContext() ? destinationEncryptionContext() : null) .add("SourceEncryptionAlgorithm", sourceEncryptionAlgorithmAsString()) .add("DestinationEncryptionAlgorithm", destinationEncryptionAlgorithmAsString()) .add("GrantTokens", hasGrantTokens() ? grantTokens() : null).build(); } public final Optional getValueForField(String fieldName, Class clazz) { switch (fieldName) { case "CiphertextBlob": return Optional.ofNullable(clazz.cast(ciphertextBlob())); case "SourceEncryptionContext": return Optional.ofNullable(clazz.cast(sourceEncryptionContext())); case "SourceKeyId": return Optional.ofNullable(clazz.cast(sourceKeyId())); case "DestinationKeyId": return Optional.ofNullable(clazz.cast(destinationKeyId())); case "DestinationEncryptionContext": return Optional.ofNullable(clazz.cast(destinationEncryptionContext())); case "SourceEncryptionAlgorithm": return Optional.ofNullable(clazz.cast(sourceEncryptionAlgorithmAsString())); case "DestinationEncryptionAlgorithm": return Optional.ofNullable(clazz.cast(destinationEncryptionAlgorithmAsString())); case "GrantTokens": return Optional.ofNullable(clazz.cast(grantTokens())); default: return Optional.empty(); } } @Override public final List> sdkFields() { return SDK_FIELDS; } private static Function getter(Function g) { return obj -> g.apply((ReEncryptRequest) obj); } private static BiConsumer setter(BiConsumer s) { return (obj, val) -> s.accept((Builder) obj, val); } public interface Builder extends KmsRequest.Builder, SdkPojo, CopyableBuilder { /** *

* Ciphertext of the data to reencrypt. *

* * @param ciphertextBlob * Ciphertext of the data to reencrypt. * @return Returns a reference to this object so that method calls can be chained together. */ Builder ciphertextBlob(SdkBytes ciphertextBlob); /** *

* Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was * used to encrypt the ciphertext. *

*

* An encryption context is a collection of non-secret key-value pairs that represent additional * authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact * case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on * operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an * encryption context is optional, but it is strongly recommended. *

*

* For more information, see Encryption * context in the Key Management Service Developer Guide. *

* * @param sourceEncryptionContext * Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context * that was used to encrypt the ciphertext.

*

* An encryption context is a collection of non-secret key-value pairs that represent additional * authenticated data. When you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported * only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS * keys, an encryption context is optional, but it is strongly recommended. *

*

* For more information, see Encryption * context in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. */ Builder sourceEncryptionContext(Map sourceEncryptionContext); /** *

* Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted. *

*

* Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, * the ReEncrypt operation throws an IncorrectKeyException. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you used a * symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext * blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key * that you intend. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it * with "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the * key ARN or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name * and alias ARN, use ListAliases. *

* * @param sourceKeyId * Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.

*

* Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS * key, the ReEncrypt operation throws an IncorrectKeyException. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you * used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the * symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures * that you use the KMS key that you intend. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, * prefix it with "alias/". To specify a KMS key in a different Amazon Web Services account, * you must use the key ARN or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the * alias name and alias ARN, use ListAliases. * @return Returns a reference to this object so that method calls can be chained together. */ Builder sourceKeyId(String sourceKeyId); /** *

* A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS * key or an asymmetric KMS key with a KeyUsage value of ENCRYPT_DECRYPT. To find the * KeyUsage value of a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it * with "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the * key ARN or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name * and alias ARN, use ListAliases. *

* * @param destinationKeyId * A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption * KMS key or an asymmetric KMS key with a KeyUsage value of ENCRYPT_DECRYPT. * To find the KeyUsage value of a KMS key, use the DescribeKey operation.

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, * prefix it with "alias/". To specify a KMS key in a different Amazon Web Services account, * you must use the key ARN or alias ARN. *

*

* For example: *

*
    *
  • *

    * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

    *
  • *
  • *

    * Alias name: alias/ExampleAlias *

    *
  • *
  • *

    * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *

    *
  • *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the * alias name and alias ARN, use ListAliases. * @return Returns a reference to this object so that method calls can be chained together. */ Builder destinationKeyId(String destinationKeyId); /** *

* Specifies that encryption context to use when the reencrypting the data. *

*

* A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS * key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata. *

*

* An encryption context is a collection of non-secret key-value pairs that represent additional * authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact * case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on * operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an * encryption context is optional, but it is strongly recommended. *

*

* For more information, see Encryption * context in the Key Management Service Developer Guide. *

* * @param destinationEncryptionContext * Specifies that encryption context to use when the reencrypting the data.

*

* A destination encryption context is valid only when the destination KMS key is a symmetric encryption * KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata. *

*

* An encryption context is a collection of non-secret key-value pairs that represent additional * authenticated data. When you use an encryption context to encrypt data, you must specify the same (an * exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported * only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS * keys, an encryption context is optional, but it is strongly recommended. *

*

* For more information, see Encryption * context in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. */ Builder destinationEncryptionContext(Map destinationEncryptionContext); /** *

* Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The * default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric encryption KMS * keys. *

*

* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the * decrypt attempt fails. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. *

* * @param sourceEncryptionAlgorithm * Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is * reencrypted. The default value, SYMMETRIC_DEFAULT, represents the algorithm used for * symmetric encryption KMS keys.

*

* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different * algorithm, the decrypt attempt fails. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. * @see EncryptionAlgorithmSpec * @return Returns a reference to this object so that method calls can be chained together. * @see EncryptionAlgorithmSpec */ Builder sourceEncryptionAlgorithm(String sourceEncryptionAlgorithm); /** *

* Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The * default value, SYMMETRIC_DEFAULT, represents the algorithm used for symmetric encryption KMS * keys. *

*

* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the * decrypt attempt fails. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. *

* * @param sourceEncryptionAlgorithm * Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is * reencrypted. The default value, SYMMETRIC_DEFAULT, represents the algorithm used for * symmetric encryption KMS keys.

*

* Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different * algorithm, the decrypt attempt fails. *

*

* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. * @see EncryptionAlgorithmSpec * @return Returns a reference to this object so that method calls can be chained together. * @see EncryptionAlgorithmSpec */ Builder sourceEncryptionAlgorithm(EncryptionAlgorithmSpec sourceEncryptionAlgorithm); /** *

* Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The * default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric * encryption KMS keys. *

*

* This parameter is required only when the destination KMS key is an asymmetric KMS key. *

* * @param destinationEncryptionAlgorithm * Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. * The default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for * symmetric encryption KMS keys.

*

* This parameter is required only when the destination KMS key is an asymmetric KMS key. * @see EncryptionAlgorithmSpec * @return Returns a reference to this object so that method calls can be chained together. * @see EncryptionAlgorithmSpec */ Builder destinationEncryptionAlgorithm(String destinationEncryptionAlgorithm); /** *

* Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The * default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for symmetric * encryption KMS keys. *

*

* This parameter is required only when the destination KMS key is an asymmetric KMS key. *

* * @param destinationEncryptionAlgorithm * Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. * The default value, SYMMETRIC_DEFAULT, represents the encryption algorithm used for * symmetric encryption KMS keys.

*

* This parameter is required only when the destination KMS key is an asymmetric KMS key. * @see EncryptionAlgorithmSpec * @return Returns a reference to this object so that method calls can be chained together. * @see EncryptionAlgorithmSpec */ Builder destinationEncryptionAlgorithm(EncryptionAlgorithmSpec destinationEncryptionAlgorithm); /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token and Using a * grant token in the Key Management Service Developer Guide. *

* * @param grantTokens * A list of grant tokens.

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token * and Using * a grant token in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. */ Builder grantTokens(Collection grantTokens); /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token and Using a * grant token in the Key Management Service Developer Guide. *

* * @param grantTokens * A list of grant tokens.

*

* Use a grant token when your permission to call this operation comes from a new grant that has not yet * achieved eventual consistency. For more information, see Grant token * and Using * a grant token in the Key Management Service Developer Guide. * @return Returns a reference to this object so that method calls can be chained together. */ Builder grantTokens(String... grantTokens); @Override Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration); @Override Builder overrideConfiguration(Consumer builderConsumer); } static final class BuilderImpl extends KmsRequest.BuilderImpl implements Builder { private SdkBytes ciphertextBlob; private Map sourceEncryptionContext = DefaultSdkAutoConstructMap.getInstance(); private String sourceKeyId; private String destinationKeyId; private Map destinationEncryptionContext = DefaultSdkAutoConstructMap.getInstance(); private String sourceEncryptionAlgorithm; private String destinationEncryptionAlgorithm; private List grantTokens = DefaultSdkAutoConstructList.getInstance(); private BuilderImpl() { } private BuilderImpl(ReEncryptRequest model) { super(model); ciphertextBlob(model.ciphertextBlob); sourceEncryptionContext(model.sourceEncryptionContext); sourceKeyId(model.sourceKeyId); destinationKeyId(model.destinationKeyId); destinationEncryptionContext(model.destinationEncryptionContext); sourceEncryptionAlgorithm(model.sourceEncryptionAlgorithm); destinationEncryptionAlgorithm(model.destinationEncryptionAlgorithm); grantTokens(model.grantTokens); } public final ByteBuffer getCiphertextBlob() { return ciphertextBlob == null ? null : ciphertextBlob.asByteBuffer(); } public final void setCiphertextBlob(ByteBuffer ciphertextBlob) { ciphertextBlob(ciphertextBlob == null ? null : SdkBytes.fromByteBuffer(ciphertextBlob)); } @Override public final Builder ciphertextBlob(SdkBytes ciphertextBlob) { this.ciphertextBlob = ciphertextBlob; return this; } public final Map getSourceEncryptionContext() { if (sourceEncryptionContext instanceof SdkAutoConstructMap) { return null; } return sourceEncryptionContext; } public final void setSourceEncryptionContext(Map sourceEncryptionContext) { this.sourceEncryptionContext = EncryptionContextTypeCopier.copy(sourceEncryptionContext); } @Override public final Builder sourceEncryptionContext(Map sourceEncryptionContext) { this.sourceEncryptionContext = EncryptionContextTypeCopier.copy(sourceEncryptionContext); return this; } public final String getSourceKeyId() { return sourceKeyId; } public final void setSourceKeyId(String sourceKeyId) { this.sourceKeyId = sourceKeyId; } @Override public final Builder sourceKeyId(String sourceKeyId) { this.sourceKeyId = sourceKeyId; return this; } public final String getDestinationKeyId() { return destinationKeyId; } public final void setDestinationKeyId(String destinationKeyId) { this.destinationKeyId = destinationKeyId; } @Override public final Builder destinationKeyId(String destinationKeyId) { this.destinationKeyId = destinationKeyId; return this; } public final Map getDestinationEncryptionContext() { if (destinationEncryptionContext instanceof SdkAutoConstructMap) { return null; } return destinationEncryptionContext; } public final void setDestinationEncryptionContext(Map destinationEncryptionContext) { this.destinationEncryptionContext = EncryptionContextTypeCopier.copy(destinationEncryptionContext); } @Override public final Builder destinationEncryptionContext(Map destinationEncryptionContext) { this.destinationEncryptionContext = EncryptionContextTypeCopier.copy(destinationEncryptionContext); return this; } public final String getSourceEncryptionAlgorithm() { return sourceEncryptionAlgorithm; } public final void setSourceEncryptionAlgorithm(String sourceEncryptionAlgorithm) { this.sourceEncryptionAlgorithm = sourceEncryptionAlgorithm; } @Override public final Builder sourceEncryptionAlgorithm(String sourceEncryptionAlgorithm) { this.sourceEncryptionAlgorithm = sourceEncryptionAlgorithm; return this; } @Override public final Builder sourceEncryptionAlgorithm(EncryptionAlgorithmSpec sourceEncryptionAlgorithm) { this.sourceEncryptionAlgorithm(sourceEncryptionAlgorithm == null ? null : sourceEncryptionAlgorithm.toString()); return this; } public final String getDestinationEncryptionAlgorithm() { return destinationEncryptionAlgorithm; } public final void setDestinationEncryptionAlgorithm(String destinationEncryptionAlgorithm) { this.destinationEncryptionAlgorithm = destinationEncryptionAlgorithm; } @Override public final Builder destinationEncryptionAlgorithm(String destinationEncryptionAlgorithm) { this.destinationEncryptionAlgorithm = destinationEncryptionAlgorithm; return this; } @Override public final Builder destinationEncryptionAlgorithm(EncryptionAlgorithmSpec destinationEncryptionAlgorithm) { this.destinationEncryptionAlgorithm(destinationEncryptionAlgorithm == null ? null : destinationEncryptionAlgorithm .toString()); return this; } public final Collection getGrantTokens() { if (grantTokens instanceof SdkAutoConstructList) { return null; } return grantTokens; } public final void setGrantTokens(Collection grantTokens) { this.grantTokens = GrantTokenListCopier.copy(grantTokens); } @Override public final Builder grantTokens(Collection grantTokens) { this.grantTokens = GrantTokenListCopier.copy(grantTokens); return this; } @Override @SafeVarargs public final Builder grantTokens(String... grantTokens) { grantTokens(Arrays.asList(grantTokens)); return this; } @Override public Builder overrideConfiguration(AwsRequestOverrideConfiguration overrideConfiguration) { super.overrideConfiguration(overrideConfiguration); return this; } @Override public Builder overrideConfiguration(Consumer builderConsumer) { super.overrideConfiguration(builderConsumer); return this; } @Override public ReEncryptRequest build() { return new ReEncryptRequest(this); } @Override public List> sdkFields() { return SDK_FIELDS; } } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy