software.amazon.awssdk.services.kms.DefaultKmsAsyncClient Maven / Gradle / Ivy
Show all versions of kms Show documentation
/*
* Copyright 2014-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.kms;
import java.util.concurrent.CompletableFuture;
import java.util.function.Consumer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
import software.amazon.awssdk.awscore.client.handler.AwsAsyncClientHandler;
import software.amazon.awssdk.awscore.exception.AwsServiceException;
import software.amazon.awssdk.core.ApiName;
import software.amazon.awssdk.core.client.config.SdkClientConfiguration;
import software.amazon.awssdk.core.client.handler.AsyncClientHandler;
import software.amazon.awssdk.core.client.handler.ClientExecutionParams;
import software.amazon.awssdk.core.http.HttpResponseHandler;
import software.amazon.awssdk.core.util.VersionInfo;
import software.amazon.awssdk.protocols.core.ExceptionMetadata;
import software.amazon.awssdk.protocols.json.AwsJsonProtocol;
import software.amazon.awssdk.protocols.json.AwsJsonProtocolFactory;
import software.amazon.awssdk.protocols.json.BaseAwsJsonProtocolFactory;
import software.amazon.awssdk.protocols.json.JsonOperationMetadata;
import software.amazon.awssdk.services.kms.model.AlreadyExistsException;
import software.amazon.awssdk.services.kms.model.CancelKeyDeletionRequest;
import software.amazon.awssdk.services.kms.model.CancelKeyDeletionResponse;
import software.amazon.awssdk.services.kms.model.CloudHsmClusterInUseException;
import software.amazon.awssdk.services.kms.model.CloudHsmClusterInvalidConfigurationException;
import software.amazon.awssdk.services.kms.model.CloudHsmClusterNotActiveException;
import software.amazon.awssdk.services.kms.model.CloudHsmClusterNotFoundException;
import software.amazon.awssdk.services.kms.model.CloudHsmClusterNotRelatedException;
import software.amazon.awssdk.services.kms.model.ConnectCustomKeyStoreRequest;
import software.amazon.awssdk.services.kms.model.ConnectCustomKeyStoreResponse;
import software.amazon.awssdk.services.kms.model.CreateAliasRequest;
import software.amazon.awssdk.services.kms.model.CreateAliasResponse;
import software.amazon.awssdk.services.kms.model.CreateCustomKeyStoreRequest;
import software.amazon.awssdk.services.kms.model.CreateCustomKeyStoreResponse;
import software.amazon.awssdk.services.kms.model.CreateGrantRequest;
import software.amazon.awssdk.services.kms.model.CreateGrantResponse;
import software.amazon.awssdk.services.kms.model.CreateKeyRequest;
import software.amazon.awssdk.services.kms.model.CreateKeyResponse;
import software.amazon.awssdk.services.kms.model.CustomKeyStoreHasCmKsException;
import software.amazon.awssdk.services.kms.model.CustomKeyStoreInvalidStateException;
import software.amazon.awssdk.services.kms.model.CustomKeyStoreNameInUseException;
import software.amazon.awssdk.services.kms.model.CustomKeyStoreNotFoundException;
import software.amazon.awssdk.services.kms.model.DecryptRequest;
import software.amazon.awssdk.services.kms.model.DecryptResponse;
import software.amazon.awssdk.services.kms.model.DeleteAliasRequest;
import software.amazon.awssdk.services.kms.model.DeleteAliasResponse;
import software.amazon.awssdk.services.kms.model.DeleteCustomKeyStoreRequest;
import software.amazon.awssdk.services.kms.model.DeleteCustomKeyStoreResponse;
import software.amazon.awssdk.services.kms.model.DeleteImportedKeyMaterialRequest;
import software.amazon.awssdk.services.kms.model.DeleteImportedKeyMaterialResponse;
import software.amazon.awssdk.services.kms.model.DependencyTimeoutException;
import software.amazon.awssdk.services.kms.model.DescribeCustomKeyStoresRequest;
import software.amazon.awssdk.services.kms.model.DescribeCustomKeyStoresResponse;
import software.amazon.awssdk.services.kms.model.DescribeKeyRequest;
import software.amazon.awssdk.services.kms.model.DescribeKeyResponse;
import software.amazon.awssdk.services.kms.model.DisableKeyRequest;
import software.amazon.awssdk.services.kms.model.DisableKeyResponse;
import software.amazon.awssdk.services.kms.model.DisableKeyRotationRequest;
import software.amazon.awssdk.services.kms.model.DisableKeyRotationResponse;
import software.amazon.awssdk.services.kms.model.DisabledException;
import software.amazon.awssdk.services.kms.model.DisconnectCustomKeyStoreRequest;
import software.amazon.awssdk.services.kms.model.DisconnectCustomKeyStoreResponse;
import software.amazon.awssdk.services.kms.model.EnableKeyRequest;
import software.amazon.awssdk.services.kms.model.EnableKeyResponse;
import software.amazon.awssdk.services.kms.model.EnableKeyRotationRequest;
import software.amazon.awssdk.services.kms.model.EnableKeyRotationResponse;
import software.amazon.awssdk.services.kms.model.EncryptRequest;
import software.amazon.awssdk.services.kms.model.EncryptResponse;
import software.amazon.awssdk.services.kms.model.ExpiredImportTokenException;
import software.amazon.awssdk.services.kms.model.GenerateDataKeyRequest;
import software.amazon.awssdk.services.kms.model.GenerateDataKeyResponse;
import software.amazon.awssdk.services.kms.model.GenerateDataKeyWithoutPlaintextRequest;
import software.amazon.awssdk.services.kms.model.GenerateDataKeyWithoutPlaintextResponse;
import software.amazon.awssdk.services.kms.model.GenerateRandomRequest;
import software.amazon.awssdk.services.kms.model.GenerateRandomResponse;
import software.amazon.awssdk.services.kms.model.GetKeyPolicyRequest;
import software.amazon.awssdk.services.kms.model.GetKeyPolicyResponse;
import software.amazon.awssdk.services.kms.model.GetKeyRotationStatusRequest;
import software.amazon.awssdk.services.kms.model.GetKeyRotationStatusResponse;
import software.amazon.awssdk.services.kms.model.GetParametersForImportRequest;
import software.amazon.awssdk.services.kms.model.GetParametersForImportResponse;
import software.amazon.awssdk.services.kms.model.ImportKeyMaterialRequest;
import software.amazon.awssdk.services.kms.model.ImportKeyMaterialResponse;
import software.amazon.awssdk.services.kms.model.IncorrectKeyMaterialException;
import software.amazon.awssdk.services.kms.model.IncorrectTrustAnchorException;
import software.amazon.awssdk.services.kms.model.InvalidAliasNameException;
import software.amazon.awssdk.services.kms.model.InvalidArnException;
import software.amazon.awssdk.services.kms.model.InvalidCiphertextException;
import software.amazon.awssdk.services.kms.model.InvalidGrantIdException;
import software.amazon.awssdk.services.kms.model.InvalidGrantTokenException;
import software.amazon.awssdk.services.kms.model.InvalidImportTokenException;
import software.amazon.awssdk.services.kms.model.InvalidKeyUsageException;
import software.amazon.awssdk.services.kms.model.InvalidMarkerException;
import software.amazon.awssdk.services.kms.model.KeyUnavailableException;
import software.amazon.awssdk.services.kms.model.KmsException;
import software.amazon.awssdk.services.kms.model.KmsInternalException;
import software.amazon.awssdk.services.kms.model.KmsInvalidStateException;
import software.amazon.awssdk.services.kms.model.KmsRequest;
import software.amazon.awssdk.services.kms.model.LimitExceededException;
import software.amazon.awssdk.services.kms.model.ListAliasesRequest;
import software.amazon.awssdk.services.kms.model.ListAliasesResponse;
import software.amazon.awssdk.services.kms.model.ListGrantsRequest;
import software.amazon.awssdk.services.kms.model.ListGrantsResponse;
import software.amazon.awssdk.services.kms.model.ListKeyPoliciesRequest;
import software.amazon.awssdk.services.kms.model.ListKeyPoliciesResponse;
import software.amazon.awssdk.services.kms.model.ListKeysRequest;
import software.amazon.awssdk.services.kms.model.ListKeysResponse;
import software.amazon.awssdk.services.kms.model.ListResourceTagsRequest;
import software.amazon.awssdk.services.kms.model.ListResourceTagsResponse;
import software.amazon.awssdk.services.kms.model.ListRetirableGrantsRequest;
import software.amazon.awssdk.services.kms.model.ListRetirableGrantsResponse;
import software.amazon.awssdk.services.kms.model.MalformedPolicyDocumentException;
import software.amazon.awssdk.services.kms.model.NotFoundException;
import software.amazon.awssdk.services.kms.model.PutKeyPolicyRequest;
import software.amazon.awssdk.services.kms.model.PutKeyPolicyResponse;
import software.amazon.awssdk.services.kms.model.ReEncryptRequest;
import software.amazon.awssdk.services.kms.model.ReEncryptResponse;
import software.amazon.awssdk.services.kms.model.RetireGrantRequest;
import software.amazon.awssdk.services.kms.model.RetireGrantResponse;
import software.amazon.awssdk.services.kms.model.RevokeGrantRequest;
import software.amazon.awssdk.services.kms.model.RevokeGrantResponse;
import software.amazon.awssdk.services.kms.model.ScheduleKeyDeletionRequest;
import software.amazon.awssdk.services.kms.model.ScheduleKeyDeletionResponse;
import software.amazon.awssdk.services.kms.model.TagException;
import software.amazon.awssdk.services.kms.model.TagResourceRequest;
import software.amazon.awssdk.services.kms.model.TagResourceResponse;
import software.amazon.awssdk.services.kms.model.UnsupportedOperationException;
import software.amazon.awssdk.services.kms.model.UntagResourceRequest;
import software.amazon.awssdk.services.kms.model.UntagResourceResponse;
import software.amazon.awssdk.services.kms.model.UpdateAliasRequest;
import software.amazon.awssdk.services.kms.model.UpdateAliasResponse;
import software.amazon.awssdk.services.kms.model.UpdateCustomKeyStoreRequest;
import software.amazon.awssdk.services.kms.model.UpdateCustomKeyStoreResponse;
import software.amazon.awssdk.services.kms.model.UpdateKeyDescriptionRequest;
import software.amazon.awssdk.services.kms.model.UpdateKeyDescriptionResponse;
import software.amazon.awssdk.services.kms.paginators.ListAliasesPublisher;
import software.amazon.awssdk.services.kms.paginators.ListGrantsPublisher;
import software.amazon.awssdk.services.kms.paginators.ListKeyPoliciesPublisher;
import software.amazon.awssdk.services.kms.paginators.ListKeysPublisher;
import software.amazon.awssdk.services.kms.transform.CancelKeyDeletionRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.ConnectCustomKeyStoreRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.CreateAliasRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.CreateCustomKeyStoreRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.CreateGrantRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.CreateKeyRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.DecryptRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.DeleteAliasRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.DeleteCustomKeyStoreRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.DeleteImportedKeyMaterialRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.DescribeCustomKeyStoresRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.DescribeKeyRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.DisableKeyRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.DisableKeyRotationRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.DisconnectCustomKeyStoreRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.EnableKeyRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.EnableKeyRotationRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.EncryptRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.GenerateDataKeyRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.GenerateDataKeyWithoutPlaintextRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.GenerateRandomRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.GetKeyPolicyRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.GetKeyRotationStatusRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.GetParametersForImportRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.ImportKeyMaterialRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.ListAliasesRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.ListGrantsRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.ListKeyPoliciesRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.ListKeysRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.ListResourceTagsRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.ListRetirableGrantsRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.PutKeyPolicyRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.ReEncryptRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.RetireGrantRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.RevokeGrantRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.ScheduleKeyDeletionRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.TagResourceRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.UntagResourceRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.UpdateAliasRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.UpdateCustomKeyStoreRequestMarshaller;
import software.amazon.awssdk.services.kms.transform.UpdateKeyDescriptionRequestMarshaller;
import software.amazon.awssdk.utils.CompletableFutureUtils;
/**
* Internal implementation of {@link KmsAsyncClient}.
*
* @see KmsAsyncClient#builder()
*/
@Generated("software.amazon.awssdk:codegen")
@SdkInternalApi
final class DefaultKmsAsyncClient implements KmsAsyncClient {
private static final Logger log = LoggerFactory.getLogger(DefaultKmsAsyncClient.class);
private final AsyncClientHandler clientHandler;
private final AwsJsonProtocolFactory protocolFactory;
private final SdkClientConfiguration clientConfiguration;
protected DefaultKmsAsyncClient(SdkClientConfiguration clientConfiguration) {
this.clientHandler = new AwsAsyncClientHandler(clientConfiguration);
this.clientConfiguration = clientConfiguration;
this.protocolFactory = init(AwsJsonProtocolFactory.builder()).build();
}
@Override
public final String serviceName() {
return SERVICE_NAME;
}
/**
*
* Cancels the deletion of a customer master key (CMK). When this operation is successful, the CMK is set to the
* Disabled state. To enable a CMK, use EnableKey. You cannot perform this operation on a CMK in
* a different AWS account.
*
*
* For more information about scheduling and canceling deletion of a CMK, see Deleting Customer Master Keys
* in the AWS Key Management Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param cancelKeyDeletionRequest
* @return A Java Future containing the result of the CancelKeyDeletion operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.CancelKeyDeletion
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture cancelKeyDeletion(CancelKeyDeletionRequest cancelKeyDeletionRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, CancelKeyDeletionResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("CancelKeyDeletion")
.withMarshaller(new CancelKeyDeletionRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(cancelKeyDeletionRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Connects or reconnects a custom key store
* to its associated AWS CloudHSM cluster.
*
*
* The custom key store must be connected before you can create customer master keys (CMKs) in the key store or use
* the CMKs it contains. You can disconnect and reconnect a custom key store at any time.
*
*
* To connect a custom key store, its associated AWS CloudHSM cluster must have at least one active HSM. To get the
* number of active HSMs in a cluster, use the DescribeClusters
* operation. To add HSMs to the cluster, use the CreateHsm operation.
*
*
* The connection process can take an extended amount of time to complete; up to 20 minutes. This operation starts
* the connection process, but it does not wait for it to complete. When it succeeds, this operation quickly returns
* an HTTP 200 response and a JSON object with no properties. However, this response does not indicate that the
* custom key store is connected. To get the connection state of the custom key store, use the
* DescribeCustomKeyStores operation.
*
*
* During the connection process, AWS KMS finds the AWS CloudHSM cluster that is associated with the custom key
* store, creates the connection infrastructure, connects to the cluster, logs into the AWS CloudHSM client as the
*
* kmsuser crypto user (CU), and rotates its password.
*
*
* The ConnectCustomKeyStore operation might fail for various reasons. To find the reason, use the
* DescribeCustomKeyStores operation and see the ConnectionErrorCode in the response. For help
* interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.
*
*
* To fix the failure, use the DisconnectCustomKeyStore operation to disconnect the custom key store, correct
* the error, use the UpdateCustomKeyStore operation if necessary, and then use
* ConnectCustomKeyStore again.
*
*
* If you are having trouble connecting or disconnecting a custom key store, see Troubleshooting a Custom Key
* Store in the AWS Key Management Service Developer Guide.
*
*
* @param connectCustomKeyStoreRequest
* @return A Java Future containing the result of the ConnectCustomKeyStore operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - CloudHsmClusterNotActiveException The request was rejected because the AWS CloudHSM cluster that is
* associated with the custom key store is not active. Initialize and activate the cluster and try the
* command again. For detailed instructions, see Getting Started in
* the AWS CloudHSM User Guide.
* - CustomKeyStoreInvalidStateException The request was rejected because of the
*
ConnectionState of the custom key store. To get the ConnectionState of a custom
* key store, use the DescribeCustomKeyStores operation.
*
* This exception is thrown under the following conditions:
*
*
* -
*
* You requested the CreateKey or GenerateRandom operation in a custom key store that is not
* connected. These operations are valid only when the custom key store ConnectionState is
* CONNECTED.
*
*
* -
*
* You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation on a custom key
* store that is not disconnected. This operation is valid only when the custom key store
* ConnectionState is DISCONNECTED.
*
*
* -
*
* You requested the ConnectCustomKeyStore operation on a custom key store with a
* ConnectionState of DISCONNECTING or FAILED. This operation is
* valid for all other ConnectionState values.
*
*
* - CustomKeyStoreNotFoundException The request was rejected because AWS KMS cannot find a custom key
* store with the specified key store name or ID.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - CloudHsmClusterInvalidConfigurationException The request was rejected because the associated AWS
* CloudHSM cluster did not meet the configuration requirements for a custom key store.
*
* -
*
* The cluster must be configured with private subnets in at least two different Availability Zones in the
* Region.
*
*
* -
*
* The security group for
* the cluster (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound
* rules that allow TCP traffic on ports 2223-2225. The Source in the inbound rules and the
* Destination in the outbound rules must match the security group ID. These rules are set by default
* when you create the cluster. Do not delete or change them. To get information about a particular security
* group, use the DescribeSecurityGroups operation.
*
*
* -
*
* The cluster must contain at least as many HSMs as the operation requires. To add HSMs, use the AWS
* CloudHSM CreateHsm
* operation.
*
*
* For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, the
* AWS CloudHSM cluster must have at least two active HSMs, each in a different Availability Zone. For the
* ConnectCustomKeyStore operation, the AWS CloudHSM must contain at least one active HSM.
*
*
*
*
* For information about the requirements for an AWS CloudHSM cluster that is associated with a custom key
* store, see Assemble the Prerequisites in the AWS Key Management Service Developer Guide. For information
* about creating a private subnet for an AWS CloudHSM cluster, see Create a Private
* Subnet in the AWS CloudHSM User Guide. For information about cluster security groups, see Configure a Default
* Security Group in the AWS CloudHSM User Guide .
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ConnectCustomKeyStore
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture connectCustomKeyStore(
ConnectCustomKeyStoreRequest connectCustomKeyStoreRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, ConnectCustomKeyStoreResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("ConnectCustomKeyStore")
.withMarshaller(new ConnectCustomKeyStoreRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(connectCustomKeyStoreRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Creates a display name for a customer managed customer master key (CMK). You can use an alias to identify a CMK
* in selected operations, such as Encrypt and GenerateDataKey.
*
*
* Each CMK can have multiple aliases, but each alias points to only one CMK. The alias name must be unique in the
* AWS account and region. To simplify code that runs in multiple regions, use the same alias name, but point it to
* a different CMK in each region.
*
*
* Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the
* CMK. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all
* CMKs, use the ListAliases operation.
*
*
* The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias.
* It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name
* cannot begin with alias/aws/. The alias/aws/ prefix is reserved for AWS managed CMKs.
*
*
* The alias and the CMK it is mapped to must be in the same AWS account and the same region. You cannot perform
* this operation on an alias in a different AWS account.
*
*
* To map an existing alias to a different CMK, call UpdateAlias.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param createAliasRequest
* @return A Java Future containing the result of the CreateAlias operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - AlreadyExistsException The request was rejected because it attempted to create a resource that
* already exists.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidAliasNameException The request was rejected because the specified alias name is not valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - LimitExceededException The request was rejected because a limit was exceeded. For more information,
* see Limits in the AWS
* Key Management Service Developer Guide.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.CreateAlias
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture createAlias(CreateAliasRequest createAliasRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
CreateAliasResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("CreateAlias").withMarshaller(new CreateAliasRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(createAliasRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Creates a custom
* key store that is associated with an AWS CloudHSM cluster that you own
* and manage.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* Before you create the custom key store, you must assemble the required elements, including an AWS CloudHSM
* cluster that fulfills the requirements for a custom key store. For details about the required elements, see Assemble the
* Prerequisites in the AWS Key Management Service Developer Guide.
*
*
* When the operation completes successfully, it returns the ID of the new custom key store. Before you can use your
* new custom key store, you need to use the ConnectCustomKeyStore operation to connect the new key store to
* its AWS CloudHSM cluster. Even if you are not going to use your custom key store immediately, you might want to
* connect it to verify that all settings are correct and then disconnect it until you are ready to use it.
*
*
* For help with failures, see Troubleshooting a Custom Key
* Store in the AWS Key Management Service Developer Guide.
*
*
* @param createCustomKeyStoreRequest
* @return A Java Future containing the result of the CreateCustomKeyStore operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - CloudHsmClusterInUseException The request was rejected because the specified AWS CloudHSM cluster is
* already associated with a custom key store or it shares a backup history with a cluster that is
* associated with a custom key store. Each custom key store must be associated with a different AWS
* CloudHSM cluster.
*
* Clusters that share a backup history have the same cluster certificate. To view the cluster certificate
* of a cluster, use the DescribeClusters operation.
* - CustomKeyStoreNameInUseException The request was rejected because the specified custom key store name
* is already assigned to another custom key store in the account. Try again with a custom key store name
* that is unique in the account.
* - CloudHsmClusterNotFoundException The request was rejected because AWS KMS cannot find the AWS
* CloudHSM cluster with the specified cluster ID. Retry the request with a different cluster ID.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - CloudHsmClusterNotActiveException The request was rejected because the AWS CloudHSM cluster that is
* associated with the custom key store is not active. Initialize and activate the cluster and try the
* command again. For detailed instructions, see Getting Started in
* the AWS CloudHSM User Guide.
* - IncorrectTrustAnchorException The request was rejected because the trust anchor certificate in the
* request is not the trust anchor certificate for the specified AWS CloudHSM cluster.
*
* When you initialize
* the cluster, you create the trust anchor certificate and save it in the customerCA.crt
* file.
* - CloudHsmClusterInvalidConfigurationException The request was rejected because the associated AWS
* CloudHSM cluster did not meet the configuration requirements for a custom key store.
*
* -
*
* The cluster must be configured with private subnets in at least two different Availability Zones in the
* Region.
*
*
* -
*
* The security group for
* the cluster (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound
* rules that allow TCP traffic on ports 2223-2225. The Source in the inbound rules and the
* Destination in the outbound rules must match the security group ID. These rules are set by default
* when you create the cluster. Do not delete or change them. To get information about a particular security
* group, use the DescribeSecurityGroups operation.
*
*
* -
*
* The cluster must contain at least as many HSMs as the operation requires. To add HSMs, use the AWS
* CloudHSM CreateHsm
* operation.
*
*
* For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, the
* AWS CloudHSM cluster must have at least two active HSMs, each in a different Availability Zone. For the
* ConnectCustomKeyStore operation, the AWS CloudHSM must contain at least one active HSM.
*
*
*
*
* For information about the requirements for an AWS CloudHSM cluster that is associated with a custom key
* store, see Assemble the Prerequisites in the AWS Key Management Service Developer Guide. For information
* about creating a private subnet for an AWS CloudHSM cluster, see Create a Private
* Subnet in the AWS CloudHSM User Guide. For information about cluster security groups, see Configure a Default
* Security Group in the AWS CloudHSM User Guide .
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.CreateCustomKeyStore
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture createCustomKeyStore(
CreateCustomKeyStoreRequest createCustomKeyStoreRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, CreateCustomKeyStoreResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("CreateCustomKeyStore")
.withMarshaller(new CreateCustomKeyStoreRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(createCustomKeyStoreRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Adds a grant to a customer master key (CMK). The grant allows the grantee principal to use the CMK when the
* conditions specified in the grant are met. When setting permissions, grants are an alternative to key policies.
*
*
* To create a grant that allows a cryptographic operation only when the encryption context in the operation request
* matches or includes a specified encryption context, use the Constraints parameter. For details, see
* GrantConstraints.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter. For more information about grants, see Grants in the AWS Key
* Management Service Developer Guide .
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param createGrantRequest
* @return A Java Future containing the result of the CreateGrant operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DisabledException The request was rejected because the specified CMK is not enabled.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - InvalidGrantTokenException The request was rejected because the specified grant token is not valid.
* - LimitExceededException The request was rejected because a limit was exceeded. For more information,
* see Limits in the AWS
* Key Management Service Developer Guide.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.CreateGrant
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture createGrant(CreateGrantRequest createGrantRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
CreateGrantResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("CreateGrant").withMarshaller(new CreateGrantRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(createGrantRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Creates a customer managed customer master key
* (CMK) in your AWS account.
*
*
* You can use a CMK to encrypt small amounts of data (up to 4096 bytes) directly. But CMKs are more commonly used
* to encrypt the data
* keys that are used to encrypt data.
*
*
* To create a CMK for imported key material, use the Origin parameter with a value of
* EXTERNAL.
*
*
* To create a CMK in a custom key store,
* use the CustomKeyStoreId parameter to specify the custom key store. You must also use the
* Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is
* associated with the custom key store must have at least two active HSMs in different Availability Zones in the
* AWS Region.
*
*
* You cannot use this operation to create a CMK in a different AWS account.
*
*
* @param createKeyRequest
* @return A Java Future containing the result of the CreateKey operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - MalformedPolicyDocumentException The request was rejected because the specified policy is not
* syntactically or semantically correct.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - UnsupportedOperationException The request was rejected because a specified parameter is not supported
* or a specified resource is not valid for this operation.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - LimitExceededException The request was rejected because a limit was exceeded. For more information,
* see Limits in the AWS
* Key Management Service Developer Guide.
* - TagException The request was rejected because one or more tags are not valid.
* - CustomKeyStoreNotFoundException The request was rejected because AWS KMS cannot find a custom key
* store with the specified key store name or ID.
* - CustomKeyStoreInvalidStateException The request was rejected because of the
*
ConnectionState of the custom key store. To get the ConnectionState of a custom
* key store, use the DescribeCustomKeyStores operation.
*
* This exception is thrown under the following conditions:
*
*
* -
*
* You requested the CreateKey or GenerateRandom operation in a custom key store that is not
* connected. These operations are valid only when the custom key store ConnectionState is
* CONNECTED.
*
*
* -
*
* You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation on a custom key
* store that is not disconnected. This operation is valid only when the custom key store
* ConnectionState is DISCONNECTED.
*
*
* -
*
* You requested the ConnectCustomKeyStore operation on a custom key store with a
* ConnectionState of DISCONNECTING or FAILED. This operation is
* valid for all other ConnectionState values.
*
*
* - CloudHsmClusterInvalidConfigurationException The request was rejected because the associated AWS
* CloudHSM cluster did not meet the configuration requirements for a custom key store.
*
* -
*
* The cluster must be configured with private subnets in at least two different Availability Zones in the
* Region.
*
*
* -
*
* The security group for
* the cluster (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound
* rules that allow TCP traffic on ports 2223-2225. The Source in the inbound rules and the
* Destination in the outbound rules must match the security group ID. These rules are set by default
* when you create the cluster. Do not delete or change them. To get information about a particular security
* group, use the DescribeSecurityGroups operation.
*
*
* -
*
* The cluster must contain at least as many HSMs as the operation requires. To add HSMs, use the AWS
* CloudHSM CreateHsm
* operation.
*
*
* For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, the
* AWS CloudHSM cluster must have at least two active HSMs, each in a different Availability Zone. For the
* ConnectCustomKeyStore operation, the AWS CloudHSM must contain at least one active HSM.
*
*
*
*
* For information about the requirements for an AWS CloudHSM cluster that is associated with a custom key
* store, see Assemble the Prerequisites in the AWS Key Management Service Developer Guide. For information
* about creating a private subnet for an AWS CloudHSM cluster, see Create a Private
* Subnet in the AWS CloudHSM User Guide. For information about cluster security groups, see Configure a Default
* Security Group in the AWS CloudHSM User Guide .
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.CreateKey
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture createKey(CreateKeyRequest createKeyRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
CreateKeyResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams().withOperationName("CreateKey")
.withMarshaller(new CreateKeyRequestMarshaller(protocolFactory)).withResponseHandler(responseHandler)
.withErrorResponseHandler(errorResponseHandler).withInput(createKeyRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following
* operations:
*
*
* -
*
* GenerateDataKey
*
*
* -
*
*
* -
*
* Encrypt
*
*
*
*
* Whenever possible, use key policies to give users permission to call the Decrypt operation on the CMK, instead of
* IAM policies. Otherwise, you might create an IAM user policy that gives the user Decrypt permission on all CMKs.
* This user could decrypt ciphertext that was encrypted by CMKs in other accounts if the key policy for the
* cross-account CMK permits it. If you must use an IAM policy for Decrypt permissions, limit the user
* to particular CMKs or particular trusted accounts.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param decryptRequest
* @return A Java Future containing the result of the Decrypt operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DisabledException The request was rejected because the specified CMK is not enabled.
* - InvalidCiphertextException The request was rejected because the specified ciphertext, or additional
* authenticated data incorporated into the ciphertext, such as the encryption context, is corrupted,
* missing, or otherwise invalid.
* - KeyUnavailableException The request was rejected because the specified CMK was not available. The
* request can be retried.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidGrantTokenException The request was rejected because the specified grant token is not valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.Decrypt
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture decrypt(DecryptRequest decryptRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
DecryptResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams().withOperationName("Decrypt")
.withMarshaller(new DecryptRequestMarshaller(protocolFactory)).withResponseHandler(responseHandler)
.withErrorResponseHandler(errorResponseHandler).withInput(decryptRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Deletes the specified alias. You cannot perform this operation on an alias in a different AWS account.
*
*
* Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the
* CMK. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all
* CMKs, use the ListAliases operation.
*
*
* Each CMK can have multiple aliases. To change the alias of a CMK, use DeleteAlias to delete the current
* alias and CreateAlias to create a new alias. To associate an existing alias with a different customer
* master key (CMK), call UpdateAlias.
*
*
* @param deleteAliasRequest
* @return A Java Future containing the result of the DeleteAlias operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.DeleteAlias
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture deleteAlias(DeleteAliasRequest deleteAliasRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
DeleteAliasResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("DeleteAlias").withMarshaller(new DeleteAliasRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(deleteAliasRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Deletes a custom
* key store. This operation does not delete the AWS CloudHSM cluster that is associated with the custom key
* store, or affect any users or keys in the cluster.
*
*
* The custom key store that you delete cannot contain any AWS KMS customer master keys
* (CMKs). Before deleting the key store, verify that you will never need to use any of the CMKs in the key
* store for any cryptographic operations. Then, use ScheduleKeyDeletion to delete the AWS KMS customer
* master keys (CMKs) from the key store. When the scheduled waiting period expires, the
* ScheduleKeyDeletion operation deletes the CMKs. Then it makes a best effort to delete the key
* material from the associated cluster. However, you might need to manually delete
* the orphaned key material from the cluster and its backups.
*
*
* After all CMKs are deleted from AWS KMS, use DisconnectCustomKeyStore to disconnect the key store from AWS
* KMS. Then, you can delete the custom key store.
*
*
* Instead of deleting the custom key store, consider using DisconnectCustomKeyStore to disconnect it from
* AWS KMS. While the key store is disconnected, you cannot create or use the CMKs in the key store. But, you do not
* need to delete CMKs and you can reconnect a disconnected custom key store at any time.
*
*
* If the operation succeeds, it returns a JSON object with no properties.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param deleteCustomKeyStoreRequest
* @return A Java Future containing the result of the DeleteCustomKeyStore operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - CustomKeyStoreHasCmKsException The request was rejected because the custom key store contains AWS KMS
* customer master keys (CMKs). After verifying that you do not need to use the CMKs, use the
* ScheduleKeyDeletion operation to delete the CMKs. After they are deleted, you can delete the
* custom key store.
* - CustomKeyStoreInvalidStateException The request was rejected because of the
*
ConnectionState of the custom key store. To get the ConnectionState of a custom
* key store, use the DescribeCustomKeyStores operation.
*
* This exception is thrown under the following conditions:
*
*
* -
*
* You requested the CreateKey or GenerateRandom operation in a custom key store that is not
* connected. These operations are valid only when the custom key store ConnectionState is
* CONNECTED.
*
*
* -
*
* You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation on a custom key
* store that is not disconnected. This operation is valid only when the custom key store
* ConnectionState is DISCONNECTED.
*
*
* -
*
* You requested the ConnectCustomKeyStore operation on a custom key store with a
* ConnectionState of DISCONNECTING or FAILED. This operation is
* valid for all other ConnectionState values.
*
*
* - CustomKeyStoreNotFoundException The request was rejected because AWS KMS cannot find a custom key
* store with the specified key store name or ID.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.DeleteCustomKeyStore
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture deleteCustomKeyStore(
DeleteCustomKeyStoreRequest deleteCustomKeyStoreRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, DeleteCustomKeyStoreResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("DeleteCustomKeyStore")
.withMarshaller(new DeleteCustomKeyStoreRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(deleteCustomKeyStoreRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Deletes key material that you previously imported. This operation makes the specified customer master key (CMK)
* unusable. For more information about importing key material into AWS KMS, see Importing Key Material in
* the AWS Key Management Service Developer Guide. You cannot perform this operation on a CMK in a different
* AWS account.
*
*
* When the specified CMK is in the PendingDeletion state, this operation does not change the CMK's
* state. Otherwise, it changes the CMK's state to PendingImport.
*
*
* After you delete key material, you can use ImportKeyMaterial to reimport the same key material into the
* CMK.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param deleteImportedKeyMaterialRequest
* @return A Java Future containing the result of the DeleteImportedKeyMaterial operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - UnsupportedOperationException The request was rejected because a specified parameter is not supported
* or a specified resource is not valid for this operation.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.DeleteImportedKeyMaterial
* @see AWS
* API Documentation
*/
@Override
public CompletableFuture deleteImportedKeyMaterial(
DeleteImportedKeyMaterialRequest deleteImportedKeyMaterialRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, DeleteImportedKeyMaterialResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("DeleteImportedKeyMaterial")
.withMarshaller(new DeleteImportedKeyMaterialRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(deleteImportedKeyMaterialRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Gets information about custom key stores
* in the account and region.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* By default, this operation returns information about all custom key stores in the account and region. To get only
* information about a particular custom key store, use either the CustomKeyStoreName or
* CustomKeyStoreId parameter (but not both).
*
*
* To determine whether the custom key store is connected to its AWS CloudHSM cluster, use the
* ConnectionState element in the response. If an attempt to connect the custom key store failed, the
* ConnectionState value is FAILED and the ConnectionErrorCode element in the
* response indicates the cause of the failure. For help interpreting the ConnectionErrorCode, see
* CustomKeyStoresListEntry.
*
*
* Custom key stores have a DISCONNECTED connection state if the key store has never been connected or
* you use the DisconnectCustomKeyStore operation to disconnect it. If your custom key store state is
* CONNECTED but you are having trouble using it, make sure that its associated AWS CloudHSM cluster is
* active and contains the minimum number of HSMs required for the operation, if any.
*
*
* For help repairing your custom key store, see the Troubleshooting Custom Key
* Stores topic in the AWS Key Management Service Developer Guide.
*
*
* @param describeCustomKeyStoresRequest
* @return A Java Future containing the result of the DescribeCustomKeyStores operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - CustomKeyStoreNotFoundException The request was rejected because AWS KMS cannot find a custom key
* store with the specified key store name or ID.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.DescribeCustomKeyStores
* @see AWS
* API Documentation
*/
@Override
public CompletableFuture describeCustomKeyStores(
DescribeCustomKeyStoresRequest describeCustomKeyStoresRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, DescribeCustomKeyStoresResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("DescribeCustomKeyStores")
.withMarshaller(new DescribeCustomKeyStoresRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(describeCustomKeyStoresRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Provides detailed information about the specified customer master key (CMK).
*
*
* You can use DescribeKey on a predefined AWS alias, that is, an AWS alias with no key ID. When you
* do, AWS KMS associates the alias with an AWS managed CMK and
* returns its KeyId and Arn in the response.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of
* the KeyId parameter.
*
*
* @param describeKeyRequest
* @return A Java Future containing the result of the DescribeKey operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.DescribeKey
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture describeKey(DescribeKeyRequest describeKeyRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
DescribeKeyResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("DescribeKey").withMarshaller(new DescribeKeyRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(describeKeyRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Sets the state of a customer master key (CMK) to disabled, thereby preventing its use for cryptographic
* operations. You cannot perform this operation on a CMK in a different AWS account.
*
*
* For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide .
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param disableKeyRequest
* @return A Java Future containing the result of the DisableKey operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.DisableKey
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture disableKey(DisableKeyRequest disableKeyRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
DisableKeyResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams().withOperationName("DisableKey")
.withMarshaller(new DisableKeyRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(disableKeyRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Disables automatic rotation of
* the key material for the specified customer master key (CMK). You cannot perform this operation on a CMK in a
* different AWS account.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param disableKeyRotationRequest
* @return A Java Future containing the result of the DisableKeyRotation operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DisabledException The request was rejected because the specified CMK is not enabled.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - UnsupportedOperationException The request was rejected because a specified parameter is not supported
* or a specified resource is not valid for this operation.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.DisableKeyRotation
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture disableKeyRotation(DisableKeyRotationRequest disableKeyRotationRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, DisableKeyRotationResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("DisableKeyRotation")
.withMarshaller(new DisableKeyRotationRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(disableKeyRotationRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Disconnects the custom key store
* from its associated AWS CloudHSM cluster. While a custom key store is disconnected, you can manage the custom key
* store and its customer master keys (CMKs), but you cannot create or use CMKs in the custom key store. You can
* reconnect the custom key store at any time.
*
*
*
* While a custom key store is disconnected, all attempts to create customer master keys (CMKs) in the custom key
* store or to use existing CMKs in cryptographic operations will fail. This action can prevent users from storing
* and accessing sensitive data.
*
*
*
*
* To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To
* reconnect a custom key store, use the ConnectCustomKeyStore operation.
*
*
* If the operation succeeds, it returns a JSON object with no properties.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param disconnectCustomKeyStoreRequest
* @return A Java Future containing the result of the DisconnectCustomKeyStore operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - CustomKeyStoreInvalidStateException The request was rejected because of the
*
ConnectionState of the custom key store. To get the ConnectionState of a custom
* key store, use the DescribeCustomKeyStores operation.
*
* This exception is thrown under the following conditions:
*
*
* -
*
* You requested the CreateKey or GenerateRandom operation in a custom key store that is not
* connected. These operations are valid only when the custom key store ConnectionState is
* CONNECTED.
*
*
* -
*
* You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation on a custom key
* store that is not disconnected. This operation is valid only when the custom key store
* ConnectionState is DISCONNECTED.
*
*
* -
*
* You requested the ConnectCustomKeyStore operation on a custom key store with a
* ConnectionState of DISCONNECTING or FAILED. This operation is
* valid for all other ConnectionState values.
*
*
* - CustomKeyStoreNotFoundException The request was rejected because AWS KMS cannot find a custom key
* store with the specified key store name or ID.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.DisconnectCustomKeyStore
* @see AWS
* API Documentation
*/
@Override
public CompletableFuture disconnectCustomKeyStore(
DisconnectCustomKeyStoreRequest disconnectCustomKeyStoreRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, DisconnectCustomKeyStoreResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("DisconnectCustomKeyStore")
.withMarshaller(new DisconnectCustomKeyStoreRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(disconnectCustomKeyStoreRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Sets the key state of a customer master key (CMK) to enabled. This allows you to use the CMK for cryptographic
* operations. You cannot perform this operation on a CMK in a different AWS account.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param enableKeyRequest
* @return A Java Future containing the result of the EnableKey operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - LimitExceededException The request was rejected because a limit was exceeded. For more information,
* see Limits in the AWS
* Key Management Service Developer Guide.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.EnableKey
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture enableKey(EnableKeyRequest enableKeyRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
EnableKeyResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams().withOperationName("EnableKey")
.withMarshaller(new EnableKeyRequestMarshaller(protocolFactory)).withResponseHandler(responseHandler)
.withErrorResponseHandler(errorResponseHandler).withInput(enableKeyRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Enables automatic rotation of
* the key material for the specified customer master key (CMK). You cannot perform this operation on a CMK in a
* different AWS account.
*
*
* You cannot enable automatic rotation of CMKs with imported key material or CMKs in a custom key store.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param enableKeyRotationRequest
* @return A Java Future containing the result of the EnableKeyRotation operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DisabledException The request was rejected because the specified CMK is not enabled.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - UnsupportedOperationException The request was rejected because a specified parameter is not supported
* or a specified resource is not valid for this operation.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.EnableKeyRotation
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture enableKeyRotation(EnableKeyRotationRequest enableKeyRotationRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, EnableKeyRotationResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("EnableKeyRotation")
.withMarshaller(new EnableKeyRotationRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(enableKeyRotationRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Encrypts plaintext into ciphertext by using a customer master key (CMK). The Encrypt operation has
* two primary use cases:
*
*
* -
*
* You can encrypt up to 4 kilobytes (4096 bytes) of arbitrary data such as an RSA key, a database password, or
* other sensitive information.
*
*
* -
*
* You can use the Encrypt operation to move encrypted data from one AWS region to another. In the
* first region, generate a data key and use the plaintext key to encrypt the data. Then, in the new region, call
* the Encrypt method on same plaintext data key. Now, you can safely move the encrypted data and
* encrypted data key to the new region, and decrypt in the new region when necessary.
*
*
*
*
* You don't need use this operation to encrypt a data key within a region. The GenerateDataKey and
* GenerateDataKeyWithoutPlaintext operations return an encrypted data key.
*
*
* Also, you don't need to use this operation to encrypt data in your application. You can use the plaintext and
* encrypted data keys that the GenerateDataKey operation returns.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of
* the KeyId parameter.
*
*
* @param encryptRequest
* @return A Java Future containing the result of the Encrypt operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DisabledException The request was rejected because the specified CMK is not enabled.
* - KeyUnavailableException The request was rejected because the specified CMK was not available. The
* request can be retried.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidKeyUsageException The request was rejected because the specified
KeySpec value is
* not valid.
* - InvalidGrantTokenException The request was rejected because the specified grant token is not valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.Encrypt
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture encrypt(EncryptRequest encryptRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
EncryptResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams().withOperationName("Encrypt")
.withMarshaller(new EncryptRequestMarshaller(protocolFactory)).withResponseHandler(responseHandler)
.withErrorResponseHandler(errorResponseHandler).withInput(encryptRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Generates a unique data key. This operation returns a plaintext copy of the data key and a copy that is encrypted
* under a customer master key (CMK) that you specify. You can use the plaintext key to encrypt your data outside of
* KMS and store the encrypted data key with the encrypted data.
*
*
* GenerateDataKey returns a unique data key for each request. The bytes in the key are not related to
* the caller or CMK that is used to encrypt the data key.
*
*
* To generate a data key, you need to specify the customer master key (CMK) that will be used to encrypt the data
* key. You must also specify the length of the data key using either the KeySpec or
* NumberOfBytes field (but not both). For common key lengths (128-bit and 256-bit symmetric keys), we
* recommend that you use KeySpec. To perform this operation on a CMK in a different AWS account,
* specify the key ARN or alias ARN in the value of the KeyId parameter.
*
*
* You will find the plaintext copy of the data key in the Plaintext field of the response, and the
* encrypted copy of the data key in the CiphertextBlob field.
*
*
* We recommend that you use the following pattern to encrypt data locally in your application:
*
*
* -
*
* Use the GenerateDataKey operation to get a data encryption key.
*
*
* -
*
* Use the plaintext data key (returned in the Plaintext field of the response) to encrypt data
* locally, then erase the plaintext data key from memory.
*
*
* -
*
* Store the encrypted data key (returned in the CiphertextBlob field of the response) alongside the
* locally encrypted data.
*
*
*
*
* To decrypt data locally:
*
*
* -
*
* Use the Decrypt operation to decrypt the encrypted data key. The operation returns a plaintext copy of the
* data key.
*
*
* -
*
* Use the plaintext data key to decrypt data locally, then erase the plaintext data key from memory.
*
*
*
*
* To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To get a
* cryptographically secure random byte string, use GenerateRandom.
*
*
* You can use the optional encryption context to add additional security to your encryption operation. When you
* specify an EncryptionContext in the GenerateDataKey operation, you must specify the
* same encryption context (a case-sensitive exact match) in your request to Decrypt the data key. Otherwise,
* the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context
* in the AWS Key Management Service Developer Guide .
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param generateDataKeyRequest
* @return A Java Future containing the result of the GenerateDataKey operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DisabledException The request was rejected because the specified CMK is not enabled.
* - KeyUnavailableException The request was rejected because the specified CMK was not available. The
* request can be retried.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidKeyUsageException The request was rejected because the specified
KeySpec value is
* not valid.
* - InvalidGrantTokenException The request was rejected because the specified grant token is not valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.GenerateDataKey
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture generateDataKey(GenerateDataKeyRequest generateDataKeyRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, GenerateDataKeyResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("GenerateDataKey")
.withMarshaller(new GenerateDataKeyRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(generateDataKeyRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Generates a unique data key. This operation returns a data key that is encrypted under a customer master key
* (CMK) that you specify. GenerateDataKeyWithoutPlaintext is identical to GenerateDataKey
* except that returns only the encrypted copy of the data key.
*
*
* Like GenerateDataKey, GenerateDataKeyWithoutPlaintext returns a unique data key for
* each request. The bytes in the key are not related to the caller or CMK that is used to encrypt the data key.
*
*
* This operation is useful for systems that need to encrypt data at some point, but not immediately. When you need
* to encrypt the data, you call the Decrypt operation on the encrypted copy of the key.
*
*
* It's also useful in distributed systems with different levels of trust. For example, you might store encrypted
* data in containers. One component of your system creates new containers and stores an encrypted data key with
* each container. Then, a different component puts the data into the containers. That component first decrypts the
* data key, uses the plaintext data key to encrypt data, puts the encrypted data into the container, and then
* destroys the plaintext data key. In this system, the component that creates the containers never sees the
* plaintext data key.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param generateDataKeyWithoutPlaintextRequest
* @return A Java Future containing the result of the GenerateDataKeyWithoutPlaintext operation returned by the
* service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DisabledException The request was rejected because the specified CMK is not enabled.
* - KeyUnavailableException The request was rejected because the specified CMK was not available. The
* request can be retried.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidKeyUsageException The request was rejected because the specified
KeySpec value is
* not valid.
* - InvalidGrantTokenException The request was rejected because the specified grant token is not valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.GenerateDataKeyWithoutPlaintext
* @see AWS API Documentation
*/
@Override
public CompletableFuture generateDataKeyWithoutPlaintext(
GenerateDataKeyWithoutPlaintextRequest generateDataKeyWithoutPlaintextRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, GenerateDataKeyWithoutPlaintextResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("GenerateDataKeyWithoutPlaintext")
.withMarshaller(new GenerateDataKeyWithoutPlaintextRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(generateDataKeyWithoutPlaintextRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Returns a random byte string that is cryptographically secure.
*
*
* By default, the random byte string is generated in AWS KMS. To generate the byte string in the AWS CloudHSM
* cluster that is associated with a custom key store,
* specify the custom key store ID.
*
*
* For more information about entropy and random number generation, see the AWS Key Management Service
* Cryptographic Details whitepaper.
*
*
* @param generateRandomRequest
* @return A Java Future containing the result of the GenerateRandom operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - CustomKeyStoreNotFoundException The request was rejected because AWS KMS cannot find a custom key
* store with the specified key store name or ID.
* - CustomKeyStoreInvalidStateException The request was rejected because of the
*
ConnectionState of the custom key store. To get the ConnectionState of a custom
* key store, use the DescribeCustomKeyStores operation.
*
* This exception is thrown under the following conditions:
*
*
* -
*
* You requested the CreateKey or GenerateRandom operation in a custom key store that is not
* connected. These operations are valid only when the custom key store ConnectionState is
* CONNECTED.
*
*
* -
*
* You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation on a custom key
* store that is not disconnected. This operation is valid only when the custom key store
* ConnectionState is DISCONNECTED.
*
*
* -
*
* You requested the ConnectCustomKeyStore operation on a custom key store with a
* ConnectionState of DISCONNECTING or FAILED. This operation is
* valid for all other ConnectionState values.
*
*
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.GenerateRandom
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture generateRandom(GenerateRandomRequest generateRandomRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, GenerateRandomResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("GenerateRandom")
.withMarshaller(new GenerateRandomRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(generateRandomRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Gets a key policy attached to the specified customer master key (CMK). You cannot perform this operation on a CMK
* in a different AWS account.
*
*
* @param getKeyPolicyRequest
* @return A Java Future containing the result of the GetKeyPolicy operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.GetKeyPolicy
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture getKeyPolicy(GetKeyPolicyRequest getKeyPolicyRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
GetKeyPolicyResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("GetKeyPolicy").withMarshaller(new GetKeyPolicyRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(getKeyPolicyRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Gets a Boolean value that indicates whether automatic rotation of the key
* material is enabled for the specified customer master key (CMK).
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* -
*
* Disabled: The key rotation status does not change when you disable a CMK. However, while the CMK is disabled, AWS
* KMS does not rotate the backing key.
*
*
* -
*
* Pending deletion: While a CMK is pending deletion, its key rotation status is false and AWS KMS does
* not rotate the backing key. If you cancel the deletion, the original key rotation status is restored.
*
*
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter.
*
*
* @param getKeyRotationStatusRequest
* @return A Java Future containing the result of the GetKeyRotationStatus operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - UnsupportedOperationException The request was rejected because a specified parameter is not supported
* or a specified resource is not valid for this operation.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.GetKeyRotationStatus
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture getKeyRotationStatus(
GetKeyRotationStatusRequest getKeyRotationStatusRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, GetKeyRotationStatusResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("GetKeyRotationStatus")
.withMarshaller(new GetKeyRotationStatusRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(getKeyRotationStatusRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Returns the items you need in order to import key material into AWS KMS from your existing key management
* infrastructure. For more information about importing key material into AWS KMS, see Importing Key Material in
* the AWS Key Management Service Developer Guide.
*
*
* You must specify the key ID of the customer master key (CMK) into which you will import key material. This CMK's
* Origin must be EXTERNAL. You must also specify the wrapping algorithm and type of
* wrapping key (public key) that you will use to encrypt the key material. You cannot perform this operation on a
* CMK in a different AWS account.
*
*
* This operation returns a public key and an import token. Use the public key to encrypt the key material. Store
* the import token to send with a subsequent ImportKeyMaterial request. The public key and import token from
* the same response must be used together. These items are valid for 24 hours. When they expire, they cannot be
* used for a subsequent ImportKeyMaterial request. To get new ones, send another
* GetParametersForImport request.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param getParametersForImportRequest
* @return A Java Future containing the result of the GetParametersForImport operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - UnsupportedOperationException The request was rejected because a specified parameter is not supported
* or a specified resource is not valid for this operation.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.GetParametersForImport
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture getParametersForImport(
GetParametersForImportRequest getParametersForImportRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, GetParametersForImportResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("GetParametersForImport")
.withMarshaller(new GetParametersForImportRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(getParametersForImportRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Imports key material into an existing AWS KMS customer master key (CMK) that was created without key material.
* You cannot perform this operation on a CMK in a different AWS account. For more information about creating CMKs
* with no key material and then importing key material, see Importing Key Material in
* the AWS Key Management Service Developer Guide.
*
*
* Before using this operation, call GetParametersForImport. Its response includes a public key and an import
* token. Use the public key to encrypt the key material. Then, submit the import token from the same
* GetParametersForImport response.
*
*
* When calling this operation, you must specify the following values:
*
*
* -
*
* The key ID or key ARN of a CMK with no key material. Its Origin must be EXTERNAL.
*
*
* To create a CMK with no key material, call CreateKey and set the value of its Origin
* parameter to EXTERNAL. To get the Origin of a CMK, call DescribeKey.)
*
*
* -
*
* The encrypted key material. To get the public key to encrypt the key material, call
* GetParametersForImport.
*
*
* -
*
* The import token that GetParametersForImport returned. This token and the public key used to encrypt the
* key material must have come from the same response.
*
*
* -
*
* Whether the key material expires and if so, when. If you set an expiration date, you can change it only by
* reimporting the same key material and specifying a new expiration date. If the key material expires, AWS KMS
* deletes the key material and the CMK becomes unusable. To use the CMK again, you must reimport the same key
* material.
*
*
*
*
* When this operation is successful, the key state of the CMK changes from PendingImport to
* Enabled, and you can use the CMK. After you successfully import key material into a CMK, you can
* reimport the same key material into that CMK, but you cannot import different key material.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param importKeyMaterialRequest
* @return A Java Future containing the result of the ImportKeyMaterial operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - UnsupportedOperationException The request was rejected because a specified parameter is not supported
* or a specified resource is not valid for this operation.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - InvalidCiphertextException The request was rejected because the specified ciphertext, or additional
* authenticated data incorporated into the ciphertext, such as the encryption context, is corrupted,
* missing, or otherwise invalid.
* - IncorrectKeyMaterialException The request was rejected because the provided key material is invalid
* or is not the same key material that was previously imported into this customer master key (CMK).
* - ExpiredImportTokenException The request was rejected because the provided import token is expired.
* Use GetParametersForImport to get a new import token and public key, use the new public key to
* encrypt the key material, and then try the request again.
* - InvalidImportTokenException The request was rejected because the provided import token is invalid or
* is associated with a different customer master key (CMK).
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ImportKeyMaterial
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture importKeyMaterial(ImportKeyMaterialRequest importKeyMaterialRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, ImportKeyMaterialResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("ImportKeyMaterial")
.withMarshaller(new ImportKeyMaterialRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(importKeyMaterialRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Gets a list of aliases in the caller's AWS account and region. You cannot list aliases in other accounts. For
* more information about aliases, see CreateAlias.
*
*
* By default, the ListAliases command returns all aliases in the account and region. To get only the aliases that
* point to a particular customer master key (CMK), use the KeyId parameter.
*
*
* The ListAliases response can include aliases that you created and associated with your customer
* managed CMKs, and aliases that AWS created and associated with AWS managed CMKs in your account. You can
* recognize AWS aliases because their names have the format aws/<service-name>, such as
* aws/dynamodb.
*
*
* The response might also include aliases that have no TargetKeyId field. These are predefined aliases
* that AWS has created but has not yet associated with a CMK. Aliases that AWS creates in your account, including
* predefined aliases, do not count against your AWS KMS aliases limit.
*
*
* @param listAliasesRequest
* @return A Java Future containing the result of the ListAliases operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidMarkerException The request was rejected because the marker that specifies where pagination
* should next begin is not valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ListAliases
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture listAliases(ListAliasesRequest listAliasesRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
ListAliasesResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("ListAliases").withMarshaller(new ListAliasesRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(listAliasesRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Gets a list of aliases in the caller's AWS account and region. You cannot list aliases in other accounts. For
* more information about aliases, see CreateAlias.
*
*
* By default, the ListAliases command returns all aliases in the account and region. To get only the aliases that
* point to a particular customer master key (CMK), use the KeyId parameter.
*
*
* The ListAliases response can include aliases that you created and associated with your customer
* managed CMKs, and aliases that AWS created and associated with AWS managed CMKs in your account. You can
* recognize AWS aliases because their names have the format aws/<service-name>, such as
* aws/dynamodb.
*
*
* The response might also include aliases that have no TargetKeyId field. These are predefined aliases
* that AWS has created but has not yet associated with a CMK. Aliases that AWS creates in your account, including
* predefined aliases, do not count against your AWS KMS aliases limit.
*
*
*
* This is a variant of {@link #listAliases(software.amazon.awssdk.services.kms.model.ListAliasesRequest)}
* operation. The return type is a custom publisher that can be subscribed to request a stream of response pages.
* SDK will internally handle making service calls for you.
*
*
* When the operation is called, an instance of this class is returned. At this point, no service calls are made yet
* and so there is no guarantee that the request is valid. If there are errors in your request, you will see the
* failures only after you start streaming the data. The subscribe method should be called as a request to start
* streaming data. For more info, see
* {@link org.reactivestreams.Publisher#subscribe(org.reactivestreams.Subscriber)}. Each call to the subscribe
* method will result in a new {@link org.reactivestreams.Subscription} i.e., a new contract to stream data from the
* starting request.
*
*
*
* The following are few ways to use the response class:
*
* 1) Using the subscribe helper method
*
*
* {@code
* software.amazon.awssdk.services.kms.paginators.ListAliasesPublisher publisher = client.listAliasesPaginator(request);
* CompletableFuture future = publisher.subscribe(res -> { // Do something with the response });
* future.get();
* }
*
*
* 2) Using a custom subscriber
*
*
* {@code
* software.amazon.awssdk.services.kms.paginators.ListAliasesPublisher publisher = client.listAliasesPaginator(request);
* publisher.subscribe(new Subscriber() {
*
* public void onSubscribe(org.reactivestreams.Subscriber subscription) { //... };
*
*
* public void onNext(software.amazon.awssdk.services.kms.model.ListAliasesResponse response) { //... };
* });}
*
*
* As the response is a publisher, it can work well with third party reactive streams implementations like RxJava2.
*
* Note: If you prefer to have control on service calls, use the
* {@link #listAliases(software.amazon.awssdk.services.kms.model.ListAliasesRequest)} operation.
*
*
* @param listAliasesRequest
* @return A custom publisher that can be subscribed to request a stream of response pages.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidMarkerException The request was rejected because the marker that specifies where pagination
* should next begin is not valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ListAliases
* @see AWS API
* Documentation
*/
public ListAliasesPublisher listAliasesPaginator(ListAliasesRequest listAliasesRequest) {
return new ListAliasesPublisher(this, applyPaginatorUserAgent(listAliasesRequest));
}
/**
*
* Gets a list of all grants for the specified customer master key (CMK).
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter.
*
*
* @param listGrantsRequest
* @return A Java Future containing the result of the ListGrants operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidMarkerException The request was rejected because the marker that specifies where pagination
* should next begin is not valid.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ListGrants
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture listGrants(ListGrantsRequest listGrantsRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
ListGrantsResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams().withOperationName("ListGrants")
.withMarshaller(new ListGrantsRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(listGrantsRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Gets a list of all grants for the specified customer master key (CMK).
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter.
*
*
*
* This is a variant of {@link #listGrants(software.amazon.awssdk.services.kms.model.ListGrantsRequest)} operation.
* The return type is a custom publisher that can be subscribed to request a stream of response pages. SDK will
* internally handle making service calls for you.
*
*
* When the operation is called, an instance of this class is returned. At this point, no service calls are made yet
* and so there is no guarantee that the request is valid. If there are errors in your request, you will see the
* failures only after you start streaming the data. The subscribe method should be called as a request to start
* streaming data. For more info, see
* {@link org.reactivestreams.Publisher#subscribe(org.reactivestreams.Subscriber)}. Each call to the subscribe
* method will result in a new {@link org.reactivestreams.Subscription} i.e., a new contract to stream data from the
* starting request.
*
*
*
* The following are few ways to use the response class:
*
* 1) Using the subscribe helper method
*
*
* {@code
* software.amazon.awssdk.services.kms.paginators.ListGrantsPublisher publisher = client.listGrantsPaginator(request);
* CompletableFuture future = publisher.subscribe(res -> { // Do something with the response });
* future.get();
* }
*
*
* 2) Using a custom subscriber
*
*
* {@code
* software.amazon.awssdk.services.kms.paginators.ListGrantsPublisher publisher = client.listGrantsPaginator(request);
* publisher.subscribe(new Subscriber() {
*
* public void onSubscribe(org.reactivestreams.Subscriber subscription) { //... };
*
*
* public void onNext(software.amazon.awssdk.services.kms.model.ListGrantsResponse response) { //... };
* });}
*
*
* As the response is a publisher, it can work well with third party reactive streams implementations like RxJava2.
*
* Note: If you prefer to have control on service calls, use the
* {@link #listGrants(software.amazon.awssdk.services.kms.model.ListGrantsRequest)} operation.
*
*
* @param listGrantsRequest
* @return A custom publisher that can be subscribed to request a stream of response pages.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidMarkerException The request was rejected because the marker that specifies where pagination
* should next begin is not valid.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ListGrants
* @see AWS API
* Documentation
*/
public ListGrantsPublisher listGrantsPaginator(ListGrantsRequest listGrantsRequest) {
return new ListGrantsPublisher(this, applyPaginatorUserAgent(listGrantsRequest));
}
/**
*
* Gets the names of the key policies that are attached to a customer master key (CMK). This operation is designed
* to get policy names that you can use in a GetKeyPolicy operation. However, the only valid policy name is
* default. You cannot perform this operation on a CMK in a different AWS account.
*
*
* @param listKeyPoliciesRequest
* @return A Java Future containing the result of the ListKeyPolicies operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ListKeyPolicies
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture listKeyPolicies(ListKeyPoliciesRequest listKeyPoliciesRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, ListKeyPoliciesResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("ListKeyPolicies")
.withMarshaller(new ListKeyPoliciesRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(listKeyPoliciesRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Gets the names of the key policies that are attached to a customer master key (CMK). This operation is designed
* to get policy names that you can use in a GetKeyPolicy operation. However, the only valid policy name is
* default. You cannot perform this operation on a CMK in a different AWS account.
*
*
*
* This is a variant of {@link #listKeyPolicies(software.amazon.awssdk.services.kms.model.ListKeyPoliciesRequest)}
* operation. The return type is a custom publisher that can be subscribed to request a stream of response pages.
* SDK will internally handle making service calls for you.
*
*
* When the operation is called, an instance of this class is returned. At this point, no service calls are made yet
* and so there is no guarantee that the request is valid. If there are errors in your request, you will see the
* failures only after you start streaming the data. The subscribe method should be called as a request to start
* streaming data. For more info, see
* {@link org.reactivestreams.Publisher#subscribe(org.reactivestreams.Subscriber)}. Each call to the subscribe
* method will result in a new {@link org.reactivestreams.Subscription} i.e., a new contract to stream data from the
* starting request.
*
*
*
* The following are few ways to use the response class:
*
* 1) Using the subscribe helper method
*
*
* {@code
* software.amazon.awssdk.services.kms.paginators.ListKeyPoliciesPublisher publisher = client.listKeyPoliciesPaginator(request);
* CompletableFuture future = publisher.subscribe(res -> { // Do something with the response });
* future.get();
* }
*
*
* 2) Using a custom subscriber
*
*
* {@code
* software.amazon.awssdk.services.kms.paginators.ListKeyPoliciesPublisher publisher = client.listKeyPoliciesPaginator(request);
* publisher.subscribe(new Subscriber() {
*
* public void onSubscribe(org.reactivestreams.Subscriber subscription) { //... };
*
*
* public void onNext(software.amazon.awssdk.services.kms.model.ListKeyPoliciesResponse response) { //... };
* });}
*
*
* As the response is a publisher, it can work well with third party reactive streams implementations like RxJava2.
*
* Note: If you prefer to have control on service calls, use the
* {@link #listKeyPolicies(software.amazon.awssdk.services.kms.model.ListKeyPoliciesRequest)} operation.
*
*
* @param listKeyPoliciesRequest
* @return A custom publisher that can be subscribed to request a stream of response pages.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ListKeyPolicies
* @see AWS API
* Documentation
*/
public ListKeyPoliciesPublisher listKeyPoliciesPaginator(ListKeyPoliciesRequest listKeyPoliciesRequest) {
return new ListKeyPoliciesPublisher(this, applyPaginatorUserAgent(listKeyPoliciesRequest));
}
/**
*
* Gets a list of all customer master keys (CMKs) in the caller's AWS account and region.
*
*
* @param listKeysRequest
* @return A Java Future containing the result of the ListKeys operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - InvalidMarkerException The request was rejected because the marker that specifies where pagination
* should next begin is not valid.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ListKeys
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture listKeys(ListKeysRequest listKeysRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
ListKeysResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams().withOperationName("ListKeys")
.withMarshaller(new ListKeysRequestMarshaller(protocolFactory)).withResponseHandler(responseHandler)
.withErrorResponseHandler(errorResponseHandler).withInput(listKeysRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Gets a list of all customer master keys (CMKs) in the caller's AWS account and region.
*
*
*
* This is a variant of {@link #listKeys(software.amazon.awssdk.services.kms.model.ListKeysRequest)} operation. The
* return type is a custom publisher that can be subscribed to request a stream of response pages. SDK will
* internally handle making service calls for you.
*
*
* When the operation is called, an instance of this class is returned. At this point, no service calls are made yet
* and so there is no guarantee that the request is valid. If there are errors in your request, you will see the
* failures only after you start streaming the data. The subscribe method should be called as a request to start
* streaming data. For more info, see
* {@link org.reactivestreams.Publisher#subscribe(org.reactivestreams.Subscriber)}. Each call to the subscribe
* method will result in a new {@link org.reactivestreams.Subscription} i.e., a new contract to stream data from the
* starting request.
*
*
*
* The following are few ways to use the response class:
*
* 1) Using the subscribe helper method
*
*
* {@code
* software.amazon.awssdk.services.kms.paginators.ListKeysPublisher publisher = client.listKeysPaginator(request);
* CompletableFuture future = publisher.subscribe(res -> { // Do something with the response });
* future.get();
* }
*
*
* 2) Using a custom subscriber
*
*
* {@code
* software.amazon.awssdk.services.kms.paginators.ListKeysPublisher publisher = client.listKeysPaginator(request);
* publisher.subscribe(new Subscriber() {
*
* public void onSubscribe(org.reactivestreams.Subscriber subscription) { //... };
*
*
* public void onNext(software.amazon.awssdk.services.kms.model.ListKeysResponse response) { //... };
* });}
*
*
* As the response is a publisher, it can work well with third party reactive streams implementations like RxJava2.
*
* Note: If you prefer to have control on service calls, use the
* {@link #listKeys(software.amazon.awssdk.services.kms.model.ListKeysRequest)} operation.
*
*
* @param listKeysRequest
* @return A custom publisher that can be subscribed to request a stream of response pages.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - InvalidMarkerException The request was rejected because the marker that specifies where pagination
* should next begin is not valid.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ListKeys
* @see AWS API
* Documentation
*/
public ListKeysPublisher listKeysPaginator(ListKeysRequest listKeysRequest) {
return new ListKeysPublisher(this, applyPaginatorUserAgent(listKeysRequest));
}
/**
*
* Returns a list of all tags for the specified customer master key (CMK).
*
*
* You cannot perform this operation on a CMK in a different AWS account.
*
*
* @param listResourceTagsRequest
* @return A Java Future containing the result of the ListResourceTags operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - InvalidMarkerException The request was rejected because the marker that specifies where pagination
* should next begin is not valid.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ListResourceTags
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture listResourceTags(ListResourceTagsRequest listResourceTagsRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, ListResourceTagsResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("ListResourceTags")
.withMarshaller(new ListResourceTagsRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(listResourceTagsRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Returns a list of all grants for which the grant's RetiringPrincipal matches the one specified.
*
*
* A typical use is to list all grants that you are able to retire. To retire a grant, use RetireGrant.
*
*
* @param listRetirableGrantsRequest
* @return A Java Future containing the result of the ListRetirableGrants operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidMarkerException The request was rejected because the marker that specifies where pagination
* should next begin is not valid.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ListRetirableGrants
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture listRetirableGrants(
ListRetirableGrantsRequest listRetirableGrantsRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, ListRetirableGrantsResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("ListRetirableGrants")
.withMarshaller(new ListRetirableGrantsRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(listRetirableGrantsRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Attaches a key policy to the specified customer master key (CMK). You cannot perform this operation on a CMK in a
* different AWS account.
*
*
* For more information about key policies, see Key Policies in the AWS Key
* Management Service Developer Guide.
*
*
* @param putKeyPolicyRequest
* @return A Java Future containing the result of the PutKeyPolicy operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - MalformedPolicyDocumentException The request was rejected because the specified policy is not
* syntactically or semantically correct.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - UnsupportedOperationException The request was rejected because a specified parameter is not supported
* or a specified resource is not valid for this operation.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - LimitExceededException The request was rejected because a limit was exceeded. For more information,
* see Limits in the AWS
* Key Management Service Developer Guide.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.PutKeyPolicy
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture putKeyPolicy(PutKeyPolicyRequest putKeyPolicyRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
PutKeyPolicyResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("PutKeyPolicy").withMarshaller(new PutKeyPolicyRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(putKeyPolicyRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Encrypts data on the server side with a new customer master key (CMK) without exposing the plaintext of the data
* on the client side. The data is first decrypted and then reencrypted. You can also use this operation to change
* the encryption context of a ciphertext.
*
*
* You can reencrypt data using CMKs in different AWS accounts.
*
*
* Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom on the
* source CMK and once as ReEncryptTo on the destination CMK. We recommend that you include the
* "kms:ReEncrypt*" permission in your key policies to permit
* reencryption from or to the CMK. This permission is automatically included in the key policy when you create a
* CMK through the console. But you must include it manually when you create a CMK programmatically or when you set
* a key policy with the PutKeyPolicy operation.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param reEncryptRequest
* @return A Java Future containing the result of the ReEncrypt operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DisabledException The request was rejected because the specified CMK is not enabled.
* - InvalidCiphertextException The request was rejected because the specified ciphertext, or additional
* authenticated data incorporated into the ciphertext, such as the encryption context, is corrupted,
* missing, or otherwise invalid.
* - KeyUnavailableException The request was rejected because the specified CMK was not available. The
* request can be retried.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidKeyUsageException The request was rejected because the specified
KeySpec value is
* not valid.
* - InvalidGrantTokenException The request was rejected because the specified grant token is not valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ReEncrypt
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture reEncrypt(ReEncryptRequest reEncryptRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
ReEncryptResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams().withOperationName("ReEncrypt")
.withMarshaller(new ReEncryptRequestMarshaller(protocolFactory)).withResponseHandler(responseHandler)
.withErrorResponseHandler(errorResponseHandler).withInput(reEncryptRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Retires a grant. To clean up, you can retire a grant when you're done using it. You should revoke a grant when
* you intend to actively deny operations that depend on it. The following are permitted to call this API:
*
*
* -
*
* The AWS account (root user) under which the grant was created
*
*
* -
*
* The RetiringPrincipal, if present in the grant
*
*
* -
*
* The GranteePrincipal, if RetireGrant is an operation specified in the grant
*
*
*
*
* You must identify the grant to retire by its grant token or by a combination of the grant ID and the Amazon
* Resource Name (ARN) of the customer master key (CMK). A grant token is a unique variable-length base64-encoded
* string. A grant ID is a 64 character unique identifier of a grant. The CreateGrant operation returns both.
*
*
* @param retireGrantRequest
* @return A Java Future containing the result of the RetireGrant operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - InvalidGrantTokenException The request was rejected because the specified grant token is not valid.
* - InvalidGrantIdException The request was rejected because the specified
GrantId is not
* valid.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.RetireGrant
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture retireGrant(RetireGrantRequest retireGrantRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
RetireGrantResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("RetireGrant").withMarshaller(new RetireGrantRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(retireGrantRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Revokes the specified grant for the specified customer master key (CMK). You can revoke a grant to actively deny
* operations that depend on it.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter.
*
*
* @param revokeGrantRequest
* @return A Java Future containing the result of the RevokeGrant operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - InvalidGrantIdException The request was rejected because the specified
GrantId is not
* valid.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.RevokeGrant
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture revokeGrant(RevokeGrantRequest revokeGrantRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
RevokeGrantResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("RevokeGrant").withMarshaller(new RevokeGrantRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(revokeGrantRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Schedules the deletion of a customer master key (CMK). You may provide a waiting period, specified in days,
* before deletion occurs. If you do not provide a waiting period, the default period of 30 days is used. When this
* operation is successful, the key state of the CMK changes to PendingDeletion. Before the waiting
* period ends, you can use CancelKeyDeletion to cancel the deletion of the CMK. After the waiting period
* ends, AWS KMS deletes the CMK and all AWS KMS data associated with it, including all aliases that refer to it.
*
*
*
* Deleting a CMK is a destructive and potentially dangerous operation. When a CMK is deleted, all data that was
* encrypted under the CMK is unrecoverable. To prevent the use of a CMK without deleting it, use DisableKey.
*
*
*
* If you schedule deletion of a CMK from a custom key store,
* when the waiting period expires, ScheduleKeyDeletion deletes the CMK from AWS KMS. Then AWS KMS
* makes a best effort to delete the key material from the associated AWS CloudHSM cluster. However, you might need
* to manually delete
* the orphaned key material from the cluster and its backups.
*
*
* You cannot perform this operation on a CMK in a different AWS account.
*
*
* For more information about scheduling a CMK for deletion, see Deleting Customer Master Keys
* in the AWS Key Management Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param scheduleKeyDeletionRequest
* @return A Java Future containing the result of the ScheduleKeyDeletion operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.ScheduleKeyDeletion
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture scheduleKeyDeletion(
ScheduleKeyDeletionRequest scheduleKeyDeletionRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, ScheduleKeyDeletionResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("ScheduleKeyDeletion")
.withMarshaller(new ScheduleKeyDeletionRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(scheduleKeyDeletionRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Adds or edits tags for a customer master key (CMK). You cannot perform this operation on a CMK in a different AWS
* account.
*
*
* Each tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be
* empty (null) strings.
*
*
* You can only use a tag key once for each CMK. If you use the tag key again, AWS KMS replaces the current tag
* value with the specified value.
*
*
* For information about the rules that apply to tag keys and tag values, see User-Defined
* Tag Restrictions in the AWS Billing and Cost Management User Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param tagResourceRequest
* @return A Java Future containing the result of the TagResource operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - LimitExceededException The request was rejected because a limit was exceeded. For more information,
* see Limits in the AWS
* Key Management Service Developer Guide.
* - TagException The request was rejected because one or more tags are not valid.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.TagResource
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture tagResource(TagResourceRequest tagResourceRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
TagResourceResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("TagResource").withMarshaller(new TagResourceRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(tagResourceRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Removes the specified tags from the specified customer master key (CMK). You cannot perform this operation on a
* CMK in a different AWS account.
*
*
* To remove a tag, specify the tag key. To change the tag value of an existing tag key, use TagResource.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param untagResourceRequest
* @return A Java Future containing the result of the UntagResource operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - TagException The request was rejected because one or more tags are not valid.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.UntagResource
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture untagResource(UntagResourceRequest untagResourceRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
UntagResourceResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("UntagResource")
.withMarshaller(new UntagResourceRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(untagResourceRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Associates an existing alias with a different customer master key (CMK). Each CMK can have multiple aliases, but
* the aliases must be unique within the account and region. You cannot perform this operation on an alias in a
* different AWS account.
*
*
* This operation works only on existing aliases. To change the alias of a CMK to a new value, use
* CreateAlias to create a new alias and DeleteAlias to delete the old alias.
*
*
* Because an alias is not a property of a CMK, you can create, update, and delete the aliases of a CMK without
* affecting the CMK. Also, aliases do not appear in the response from the DescribeKey operation. To get the
* aliases of all CMKs in the account, use the ListAliases operation.
*
*
* The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias.
* It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name
* cannot begin with alias/aws/. The alias/aws/ prefix is reserved for AWS managed CMKs.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param updateAliasRequest
* @return A Java Future containing the result of the UpdateAlias operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.UpdateAlias
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture updateAlias(UpdateAliasRequest updateAliasRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata,
UpdateAliasResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("UpdateAlias").withMarshaller(new UpdateAliasRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(updateAliasRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Changes the properties of a custom key store. Use the CustomKeyStoreId parameter to identify the
* custom key store you want to edit. Use the remaining parameters to change the properties of the custom key store.
*
*
* You can only update a custom key store that is disconnected. To disconnect the custom key store, use
* DisconnectCustomKeyStore. To reconnect the custom key store after the update completes, use
* ConnectCustomKeyStore. To find the connection state of a custom key store, use the
* DescribeCustomKeyStores operation.
*
*
* Use the parameters of UpdateCustomKeyStore to edit your keystore settings.
*
*
* -
*
* Use the NewCustomKeyStoreName parameter to change the friendly name of the custom key store to the value
* that you specify.
*
*
*
* -
*
* Use the KeyStorePassword parameter tell AWS KMS the current password of the
* kmsuser crypto user (CU) in the associated AWS CloudHSM cluster. You can use this parameter to
* fix
* connection failures that occur when AWS KMS cannot log into the associated cluster because the
* kmsuser password has changed. This value does not change the password in the AWS CloudHSM cluster.
*
*
*
* -
*
* Use the CloudHsmClusterId parameter to associate the custom key store with a different, but related, AWS
* CloudHSM cluster. You can use this parameter to repair a custom key store if its AWS CloudHSM cluster becomes
* corrupted or is deleted, or when you need to create or restore a cluster from a backup.
*
*
*
*
* If the operation succeeds, it returns a JSON object with no properties.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param updateCustomKeyStoreRequest
* @return A Java Future containing the result of the UpdateCustomKeyStore operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - CustomKeyStoreNotFoundException The request was rejected because AWS KMS cannot find a custom key
* store with the specified key store name or ID.
* - CloudHsmClusterNotFoundException The request was rejected because AWS KMS cannot find the AWS
* CloudHSM cluster with the specified cluster ID. Retry the request with a different cluster ID.
* - CloudHsmClusterNotRelatedException The request was rejected because the specified AWS CloudHSM
* cluster has a different cluster certificate than the original cluster. You cannot use the operation to
* specify an unrelated cluster.
*
* Specify a cluster that shares a backup history with the original cluster. This includes clusters that
* were created from a backup of the current cluster, and clusters that were created from the same backup
* that produced the current cluster.
*
*
* Clusters that share a backup history have the same cluster certificate. To view the cluster certificate
* of a cluster, use the DescribeClusters operation.
* - CustomKeyStoreInvalidStateException The request was rejected because of the
*
ConnectionState of the custom key store. To get the ConnectionState of a custom
* key store, use the DescribeCustomKeyStores operation.
*
* This exception is thrown under the following conditions:
*
*
* -
*
* You requested the CreateKey or GenerateRandom operation in a custom key store that is not
* connected. These operations are valid only when the custom key store ConnectionState is
* CONNECTED.
*
*
* -
*
* You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation on a custom key
* store that is not disconnected. This operation is valid only when the custom key store
* ConnectionState is DISCONNECTED.
*
*
* -
*
* You requested the ConnectCustomKeyStore operation on a custom key store with a
* ConnectionState of DISCONNECTING or FAILED. This operation is
* valid for all other ConnectionState values.
*
*
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - CloudHsmClusterNotActiveException The request was rejected because the AWS CloudHSM cluster that is
* associated with the custom key store is not active. Initialize and activate the cluster and try the
* command again. For detailed instructions, see Getting Started in
* the AWS CloudHSM User Guide.
* - CloudHsmClusterInvalidConfigurationException The request was rejected because the associated AWS
* CloudHSM cluster did not meet the configuration requirements for a custom key store.
*
* -
*
* The cluster must be configured with private subnets in at least two different Availability Zones in the
* Region.
*
*
* -
*
* The security group for
* the cluster (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound
* rules that allow TCP traffic on ports 2223-2225. The Source in the inbound rules and the
* Destination in the outbound rules must match the security group ID. These rules are set by default
* when you create the cluster. Do not delete or change them. To get information about a particular security
* group, use the DescribeSecurityGroups operation.
*
*
* -
*
* The cluster must contain at least as many HSMs as the operation requires. To add HSMs, use the AWS
* CloudHSM CreateHsm
* operation.
*
*
* For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, the
* AWS CloudHSM cluster must have at least two active HSMs, each in a different Availability Zone. For the
* ConnectCustomKeyStore operation, the AWS CloudHSM must contain at least one active HSM.
*
*
*
*
* For information about the requirements for an AWS CloudHSM cluster that is associated with a custom key
* store, see Assemble the Prerequisites in the AWS Key Management Service Developer Guide. For information
* about creating a private subnet for an AWS CloudHSM cluster, see Create a Private
* Subnet in the AWS CloudHSM User Guide. For information about cluster security groups, see Configure a Default
* Security Group in the AWS CloudHSM User Guide .
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.UpdateCustomKeyStore
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture updateCustomKeyStore(
UpdateCustomKeyStoreRequest updateCustomKeyStoreRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, UpdateCustomKeyStoreResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("UpdateCustomKeyStore")
.withMarshaller(new UpdateCustomKeyStoreRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(updateCustomKeyStoreRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
/**
*
* Updates the description of a customer master key (CMK). To see the description of a CMK, use DescribeKey.
*
*
* You cannot perform this operation on a CMK in a different AWS account.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param updateKeyDescriptionRequest
* @return A Java Future containing the result of the UpdateKeyDescription operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - NotFoundException The request was rejected because the specified entity or resource could not be
* found.
* - InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is
* not valid.
* - DependencyTimeoutException The system timed out while trying to fulfill the request. The request can
* be retried.
* - KmsInternalException The request was rejected because an internal exception occurred. The request can
* be retried.
* - KmsInvalidStateException The request was rejected because the state of the specified resource is not
* valid for this request.
*
* For more information about how key state affects the use of a CMK, see How Key State Affects Use of
* a Customer Master Key in the AWS Key Management Service Developer Guide.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - KmsException Base class for all service exceptions. Unknown exceptions will be thrown as an instance
* of this type.
*
* @sample KmsAsyncClient.UpdateKeyDescription
* @see AWS API
* Documentation
*/
@Override
public CompletableFuture updateKeyDescription(
UpdateKeyDescriptionRequest updateKeyDescriptionRequest) {
try {
JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false)
.isPayloadJson(true).build();
HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(
operationMetadata, UpdateKeyDescriptionResponse::builder);
HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory,
operationMetadata);
CompletableFuture executeFuture = clientHandler
.execute(new ClientExecutionParams()
.withOperationName("UpdateKeyDescription")
.withMarshaller(new UpdateKeyDescriptionRequestMarshaller(protocolFactory))
.withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler)
.withInput(updateKeyDescriptionRequest));
return executeFuture;
} catch (Throwable t) {
return CompletableFutureUtils.failedFuture(t);
}
}
@Override
public void close() {
clientHandler.close();
}
private > T init(T builder) {
return builder
.clientConfiguration(clientConfiguration)
.defaultServiceExceptionSupplier(KmsException::builder)
.protocol(AwsJsonProtocol.AWS_JSON)
.protocolVersion("1.1")
.registerModeledException(
ExceptionMetadata.builder().errorCode("CloudHsmClusterNotFoundException")
.exceptionBuilderSupplier(CloudHsmClusterNotFoundException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("ExpiredImportTokenException")
.exceptionBuilderSupplier(ExpiredImportTokenException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("CustomKeyStoreNotFoundException")
.exceptionBuilderSupplier(CustomKeyStoreNotFoundException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("MalformedPolicyDocumentException")
.exceptionBuilderSupplier(MalformedPolicyDocumentException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("IncorrectKeyMaterialException")
.exceptionBuilderSupplier(IncorrectKeyMaterialException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("InvalidImportTokenException")
.exceptionBuilderSupplier(InvalidImportTokenException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("KMSInvalidStateException")
.exceptionBuilderSupplier(KmsInvalidStateException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("InvalidArnException")
.exceptionBuilderSupplier(InvalidArnException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("CloudHsmClusterNotRelatedException")
.exceptionBuilderSupplier(CloudHsmClusterNotRelatedException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("CustomKeyStoreInvalidStateException")
.exceptionBuilderSupplier(CustomKeyStoreInvalidStateException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("IncorrectTrustAnchorException")
.exceptionBuilderSupplier(IncorrectTrustAnchorException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("DisabledException")
.exceptionBuilderSupplier(DisabledException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("NotFoundException")
.exceptionBuilderSupplier(NotFoundException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("KeyUnavailableException")
.exceptionBuilderSupplier(KeyUnavailableException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("KMSInternalException")
.exceptionBuilderSupplier(KmsInternalException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("LimitExceededException")
.exceptionBuilderSupplier(LimitExceededException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("CloudHsmClusterInUseException")
.exceptionBuilderSupplier(CloudHsmClusterInUseException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("InvalidCiphertextException")
.exceptionBuilderSupplier(InvalidCiphertextException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("InvalidGrantIdException")
.exceptionBuilderSupplier(InvalidGrantIdException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("CustomKeyStoreHasCMKsException")
.exceptionBuilderSupplier(CustomKeyStoreHasCmKsException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("InvalidGrantTokenException")
.exceptionBuilderSupplier(InvalidGrantTokenException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("UnsupportedOperationException")
.exceptionBuilderSupplier(UnsupportedOperationException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("CustomKeyStoreNameInUseException")
.exceptionBuilderSupplier(CustomKeyStoreNameInUseException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("AlreadyExistsException")
.exceptionBuilderSupplier(AlreadyExistsException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("TagException").exceptionBuilderSupplier(TagException::builder)
.build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("InvalidKeyUsageException")
.exceptionBuilderSupplier(InvalidKeyUsageException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("CloudHsmClusterInvalidConfigurationException")
.exceptionBuilderSupplier(CloudHsmClusterInvalidConfigurationException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("InvalidMarkerException")
.exceptionBuilderSupplier(InvalidMarkerException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("InvalidAliasNameException")
.exceptionBuilderSupplier(InvalidAliasNameException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("DependencyTimeoutException")
.exceptionBuilderSupplier(DependencyTimeoutException::builder).build())
.registerModeledException(
ExceptionMetadata.builder().errorCode("CloudHsmClusterNotActiveException")
.exceptionBuilderSupplier(CloudHsmClusterNotActiveException::builder).build());
}
private T applyPaginatorUserAgent(T request) {
Consumer userAgentApplier = b -> b.addApiName(ApiName.builder()
.version(VersionInfo.SDK_VERSION).name("PAGINATED").build());
AwsRequestOverrideConfiguration overrideConfiguration = request.overrideConfiguration()
.map(c -> c.toBuilder().applyMutation(userAgentApplier).build())
.orElse((AwsRequestOverrideConfiguration.builder().applyMutation(userAgentApplier).build()));
return (T) request.toBuilder().overrideConfiguration(overrideConfiguration).build();
}
private HttpResponseHandler createErrorResponseHandler(BaseAwsJsonProtocolFactory protocolFactory,
JsonOperationMetadata operationMetadata) {
return protocolFactory.createErrorResponseHandler(operationMetadata);
}
}