software.amazon.awssdk.services.paymentcryptography.PaymentCryptographyClient Maven / Gradle / Ivy
Show all versions of paymentcryptography Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.paymentcryptography;
import java.util.function.Consumer;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.annotations.SdkPublicApi;
import software.amazon.awssdk.annotations.ThreadSafe;
import software.amazon.awssdk.awscore.AwsClient;
import software.amazon.awssdk.awscore.exception.AwsServiceException;
import software.amazon.awssdk.core.exception.SdkClientException;
import software.amazon.awssdk.regions.ServiceMetadata;
import software.amazon.awssdk.services.paymentcryptography.model.AccessDeniedException;
import software.amazon.awssdk.services.paymentcryptography.model.ConflictException;
import software.amazon.awssdk.services.paymentcryptography.model.CreateAliasRequest;
import software.amazon.awssdk.services.paymentcryptography.model.CreateAliasResponse;
import software.amazon.awssdk.services.paymentcryptography.model.CreateKeyRequest;
import software.amazon.awssdk.services.paymentcryptography.model.CreateKeyResponse;
import software.amazon.awssdk.services.paymentcryptography.model.DeleteAliasRequest;
import software.amazon.awssdk.services.paymentcryptography.model.DeleteAliasResponse;
import software.amazon.awssdk.services.paymentcryptography.model.DeleteKeyRequest;
import software.amazon.awssdk.services.paymentcryptography.model.DeleteKeyResponse;
import software.amazon.awssdk.services.paymentcryptography.model.ExportKeyRequest;
import software.amazon.awssdk.services.paymentcryptography.model.ExportKeyResponse;
import software.amazon.awssdk.services.paymentcryptography.model.GetAliasRequest;
import software.amazon.awssdk.services.paymentcryptography.model.GetAliasResponse;
import software.amazon.awssdk.services.paymentcryptography.model.GetKeyRequest;
import software.amazon.awssdk.services.paymentcryptography.model.GetKeyResponse;
import software.amazon.awssdk.services.paymentcryptography.model.GetParametersForExportRequest;
import software.amazon.awssdk.services.paymentcryptography.model.GetParametersForExportResponse;
import software.amazon.awssdk.services.paymentcryptography.model.GetParametersForImportRequest;
import software.amazon.awssdk.services.paymentcryptography.model.GetParametersForImportResponse;
import software.amazon.awssdk.services.paymentcryptography.model.GetPublicKeyCertificateRequest;
import software.amazon.awssdk.services.paymentcryptography.model.GetPublicKeyCertificateResponse;
import software.amazon.awssdk.services.paymentcryptography.model.ImportKeyRequest;
import software.amazon.awssdk.services.paymentcryptography.model.ImportKeyResponse;
import software.amazon.awssdk.services.paymentcryptography.model.InternalServerException;
import software.amazon.awssdk.services.paymentcryptography.model.ListAliasesRequest;
import software.amazon.awssdk.services.paymentcryptography.model.ListAliasesResponse;
import software.amazon.awssdk.services.paymentcryptography.model.ListKeysRequest;
import software.amazon.awssdk.services.paymentcryptography.model.ListKeysResponse;
import software.amazon.awssdk.services.paymentcryptography.model.ListTagsForResourceRequest;
import software.amazon.awssdk.services.paymentcryptography.model.ListTagsForResourceResponse;
import software.amazon.awssdk.services.paymentcryptography.model.PaymentCryptographyException;
import software.amazon.awssdk.services.paymentcryptography.model.ResourceNotFoundException;
import software.amazon.awssdk.services.paymentcryptography.model.RestoreKeyRequest;
import software.amazon.awssdk.services.paymentcryptography.model.RestoreKeyResponse;
import software.amazon.awssdk.services.paymentcryptography.model.ServiceQuotaExceededException;
import software.amazon.awssdk.services.paymentcryptography.model.ServiceUnavailableException;
import software.amazon.awssdk.services.paymentcryptography.model.StartKeyUsageRequest;
import software.amazon.awssdk.services.paymentcryptography.model.StartKeyUsageResponse;
import software.amazon.awssdk.services.paymentcryptography.model.StopKeyUsageRequest;
import software.amazon.awssdk.services.paymentcryptography.model.StopKeyUsageResponse;
import software.amazon.awssdk.services.paymentcryptography.model.TagResourceRequest;
import software.amazon.awssdk.services.paymentcryptography.model.TagResourceResponse;
import software.amazon.awssdk.services.paymentcryptography.model.ThrottlingException;
import software.amazon.awssdk.services.paymentcryptography.model.UntagResourceRequest;
import software.amazon.awssdk.services.paymentcryptography.model.UntagResourceResponse;
import software.amazon.awssdk.services.paymentcryptography.model.UpdateAliasRequest;
import software.amazon.awssdk.services.paymentcryptography.model.UpdateAliasResponse;
import software.amazon.awssdk.services.paymentcryptography.model.ValidationException;
import software.amazon.awssdk.services.paymentcryptography.paginators.ListAliasesIterable;
import software.amazon.awssdk.services.paymentcryptography.paginators.ListKeysIterable;
import software.amazon.awssdk.services.paymentcryptography.paginators.ListTagsForResourceIterable;
/**
* Service client for accessing Payment Cryptography Control Plane. This can be created using the static
* {@link #builder()} method.
*
*
* Amazon Web Services Payment Cryptography Control Plane APIs manage encryption keys for use during payment-related
* cryptographic operations. You can create, import, export, share, manage, and delete keys. You can also manage
* Identity and Access Management (IAM) policies for keys. For more information, see Identity and access
* management in the Amazon Web Services Payment Cryptography User Guide.
*
*
* To use encryption keys for payment-related transaction processing and associated cryptographic operations, you use
* the Amazon Web
* Services Payment Cryptography Data Plane. You can perform actions like encrypt, decrypt, generate, and verify
* payment-related data.
*
*
* All Amazon Web Services Payment Cryptography API calls must be signed and transmitted using Transport Layer Security
* (TLS). We recommend you always use the latest supported TLS version for logging API requests.
*
*
* Amazon Web Services Payment Cryptography supports CloudTrail for control plane operations, a service that logs Amazon
* Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3
* bucket you specify. By using the information collected by CloudTrail, you can determine what requests were made to
* Amazon Web Services Payment Cryptography, who made the request, when it was made, and so on. If you don't configure a
* trail, you can still view the most recent events in the CloudTrail console. For more information, see the CloudTrail User Guide.
*
*/
@Generated("software.amazon.awssdk:codegen")
@SdkPublicApi
@ThreadSafe
public interface PaymentCryptographyClient extends AwsClient {
String SERVICE_NAME = "payment-cryptography";
/**
* Value for looking up the service's metadata from the
* {@link software.amazon.awssdk.regions.ServiceMetadataProvider}.
*/
String SERVICE_METADATA_ID = "controlplane.payment-cryptography";
/**
*
* Creates an alias, or a friendly name, for an Amazon Web Services Payment Cryptography key. You can use an
* alias to identify a key in the console and when you call cryptographic operations such as EncryptData or DecryptData.
*
*
* You can associate the alias with any key in the same Amazon Web Services Region. Each alias is associated with
* only one key at a time, but a key can have multiple aliases. You can't create an alias without a key. The alias
* must be unique in the account and Amazon Web Services Region, but you can create another alias with the same name
* in a different Amazon Web Services Region.
*
*
* To change the key that's associated with the alias, call UpdateAlias.
* To delete the alias, call DeleteAlias.
* These operations don't affect the underlying key. To get the alias that you created, call ListAliases.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* DeleteAlias
*
*
* -
*
* GetAlias
*
*
* -
*
* ListAliases
*
*
* -
*
* UpdateAlias
*
*
*
*
* @param createAliasRequest
* @return Result of the CreateAlias operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.CreateAlias
* @see AWS API Documentation
*/
default CreateAliasResponse createAlias(CreateAliasRequest createAliasRequest) throws ServiceQuotaExceededException,
ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Creates an alias, or a friendly name, for an Amazon Web Services Payment Cryptography key. You can use an
* alias to identify a key in the console and when you call cryptographic operations such as EncryptData or DecryptData.
*
*
* You can associate the alias with any key in the same Amazon Web Services Region. Each alias is associated with
* only one key at a time, but a key can have multiple aliases. You can't create an alias without a key. The alias
* must be unique in the account and Amazon Web Services Region, but you can create another alias with the same name
* in a different Amazon Web Services Region.
*
*
* To change the key that's associated with the alias, call UpdateAlias.
* To delete the alias, call DeleteAlias.
* These operations don't affect the underlying key. To get the alias that you created, call ListAliases.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* DeleteAlias
*
*
* -
*
* GetAlias
*
*
* -
*
* ListAliases
*
*
* -
*
* UpdateAlias
*
*
*
*
*
* This is a convenience which creates an instance of the {@link CreateAliasRequest.Builder} avoiding the need to
* create one manually via {@link CreateAliasRequest#builder()}
*
*
* @param createAliasRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.CreateAliasRequest.Builder} to create a
* request.
* @return Result of the CreateAlias operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.CreateAlias
* @see AWS API Documentation
*/
default CreateAliasResponse createAlias(Consumer createAliasRequest)
throws ServiceQuotaExceededException, ServiceUnavailableException, ValidationException, ConflictException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
return createAlias(CreateAliasRequest.builder().applyMutation(createAliasRequest).build());
}
/**
*
* Creates an Amazon Web Services Payment Cryptography key, a logical representation of a cryptographic key, that is
* unique in your account and Amazon Web Services Region. You use keys for cryptographic functions such as
* encryption and decryption.
*
*
* In addition to the key material used in cryptographic operations, an Amazon Web Services Payment Cryptography key
* includes metadata such as the key ARN, key usage, key origin, creation date, description, and key state.
*
*
* When you create a key, you specify both immutable and mutable data about the key. The immutable data contains key
* attributes that define the scope and cryptographic operations that you can perform using the key, for example key
* class (example: SYMMETRIC_KEY), key algorithm (example: TDES_2KEY), key usage (example:
* TR31_P0_PIN_ENCRYPTION_KEY) and key modes of use (example: Encrypt). For information
* about valid combinations of key attributes, see Understanding
* key attributes in the Amazon Web Services Payment Cryptography User Guide. The mutable data contained
* within a key includes usage timestamp and key deletion timestamp and can be modified after creation.
*
*
* Amazon Web Services Payment Cryptography binds key attributes to keys using key blocks when you store or export
* them. Amazon Web Services Payment Cryptography stores the key contents wrapped and never stores or transmits them
* in the clear.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
*
* @param createKeyRequest
* @return Result of the CreateKey operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.CreateKey
* @see AWS API Documentation
*/
default CreateKeyResponse createKey(CreateKeyRequest createKeyRequest) throws ServiceQuotaExceededException,
ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Creates an Amazon Web Services Payment Cryptography key, a logical representation of a cryptographic key, that is
* unique in your account and Amazon Web Services Region. You use keys for cryptographic functions such as
* encryption and decryption.
*
*
* In addition to the key material used in cryptographic operations, an Amazon Web Services Payment Cryptography key
* includes metadata such as the key ARN, key usage, key origin, creation date, description, and key state.
*
*
* When you create a key, you specify both immutable and mutable data about the key. The immutable data contains key
* attributes that define the scope and cryptographic operations that you can perform using the key, for example key
* class (example: SYMMETRIC_KEY), key algorithm (example: TDES_2KEY), key usage (example:
* TR31_P0_PIN_ENCRYPTION_KEY) and key modes of use (example: Encrypt). For information
* about valid combinations of key attributes, see Understanding
* key attributes in the Amazon Web Services Payment Cryptography User Guide. The mutable data contained
* within a key includes usage timestamp and key deletion timestamp and can be modified after creation.
*
*
* Amazon Web Services Payment Cryptography binds key attributes to keys using key blocks when you store or export
* them. Amazon Web Services Payment Cryptography stores the key contents wrapped and never stores or transmits them
* in the clear.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
*
*
* This is a convenience which creates an instance of the {@link CreateKeyRequest.Builder} avoiding the need to
* create one manually via {@link CreateKeyRequest#builder()}
*
*
* @param createKeyRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.CreateKeyRequest.Builder} to create a
* request.
* @return Result of the CreateKey operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.CreateKey
* @see AWS API Documentation
*/
default CreateKeyResponse createKey(Consumer createKeyRequest)
throws ServiceQuotaExceededException, ServiceUnavailableException, ValidationException, ConflictException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
return createKey(CreateKeyRequest.builder().applyMutation(createKeyRequest).build());
}
/**
*
* Deletes the alias, but doesn't affect the underlying key.
*
*
* Each key can have multiple aliases. To get the aliases of all keys, use the UpdateAlias
* operation. To change the alias of a key, first use DeleteAlias
* to delete the current alias and then use CreateAlias
* to create a new alias. To associate an existing alias with a different key, call UpdateAlias.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* CreateAlias
*
*
* -
*
* GetAlias
*
*
* -
*
* ListAliases
*
*
* -
*
* UpdateAlias
*
*
*
*
* @param deleteAliasRequest
* @return Result of the DeleteAlias operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.DeleteAlias
* @see AWS API Documentation
*/
default DeleteAliasResponse deleteAlias(DeleteAliasRequest deleteAliasRequest) throws ServiceUnavailableException,
ValidationException, ConflictException, AccessDeniedException, ResourceNotFoundException, ThrottlingException,
InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Deletes the alias, but doesn't affect the underlying key.
*
*
* Each key can have multiple aliases. To get the aliases of all keys, use the UpdateAlias
* operation. To change the alias of a key, first use DeleteAlias
* to delete the current alias and then use CreateAlias
* to create a new alias. To associate an existing alias with a different key, call UpdateAlias.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* CreateAlias
*
*
* -
*
* GetAlias
*
*
* -
*
* ListAliases
*
*
* -
*
* UpdateAlias
*
*
*
*
*
* This is a convenience which creates an instance of the {@link DeleteAliasRequest.Builder} avoiding the need to
* create one manually via {@link DeleteAliasRequest#builder()}
*
*
* @param deleteAliasRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.DeleteAliasRequest.Builder} to create a
* request.
* @return Result of the DeleteAlias operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.DeleteAlias
* @see AWS API Documentation
*/
default DeleteAliasResponse deleteAlias(Consumer deleteAliasRequest)
throws ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
return deleteAlias(DeleteAliasRequest.builder().applyMutation(deleteAliasRequest).build());
}
/**
*
* Deletes the key material and metadata associated with Amazon Web Services Payment Cryptography key.
*
*
* Key deletion is irreversible. After a key is deleted, you can't perform cryptographic operations using the key.
* For example, you can't decrypt data that was encrypted by a deleted Amazon Web Services Payment Cryptography key,
* and the data may become unrecoverable. Because key deletion is destructive, Amazon Web Services Payment
* Cryptography has a safety mechanism to prevent accidental deletion of a key. When you call this operation, Amazon
* Web Services Payment Cryptography disables the specified key but doesn't delete it until after a waiting period
* set using DeleteKeyInDays. The default waiting period is 7 days. During the waiting period, the
* KeyState is DELETE_PENDING. After the key is deleted, the KeyState is
* DELETE_COMPLETE.
*
*
* You should delete a key only when you are sure that you don't need to use it anymore and no other parties are
* utilizing this key. If you aren't sure, consider deactivating it instead by calling StopKeyUsage.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* RestoreKey
*
*
* -
*
*
* StartKeyUsage
*
*
* -
*
*
*
*
* @param deleteKeyRequest
* @return Result of the DeleteKey operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.DeleteKey
* @see AWS API Documentation
*/
default DeleteKeyResponse deleteKey(DeleteKeyRequest deleteKeyRequest) throws ServiceUnavailableException,
ValidationException, ConflictException, AccessDeniedException, ResourceNotFoundException, ThrottlingException,
InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Deletes the key material and metadata associated with Amazon Web Services Payment Cryptography key.
*
*
* Key deletion is irreversible. After a key is deleted, you can't perform cryptographic operations using the key.
* For example, you can't decrypt data that was encrypted by a deleted Amazon Web Services Payment Cryptography key,
* and the data may become unrecoverable. Because key deletion is destructive, Amazon Web Services Payment
* Cryptography has a safety mechanism to prevent accidental deletion of a key. When you call this operation, Amazon
* Web Services Payment Cryptography disables the specified key but doesn't delete it until after a waiting period
* set using DeleteKeyInDays. The default waiting period is 7 days. During the waiting period, the
* KeyState is DELETE_PENDING. After the key is deleted, the KeyState is
* DELETE_COMPLETE.
*
*
* You should delete a key only when you are sure that you don't need to use it anymore and no other parties are
* utilizing this key. If you aren't sure, consider deactivating it instead by calling StopKeyUsage.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* RestoreKey
*
*
* -
*
*
* StartKeyUsage
*
*
* -
*
*
*
*
*
* This is a convenience which creates an instance of the {@link DeleteKeyRequest.Builder} avoiding the need to
* create one manually via {@link DeleteKeyRequest#builder()}
*
*
* @param deleteKeyRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.DeleteKeyRequest.Builder} to create a
* request.
* @return Result of the DeleteKey operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.DeleteKey
* @see AWS API Documentation
*/
default DeleteKeyResponse deleteKey(Consumer deleteKeyRequest) throws ServiceUnavailableException,
ValidationException, ConflictException, AccessDeniedException, ResourceNotFoundException, ThrottlingException,
InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
return deleteKey(DeleteKeyRequest.builder().applyMutation(deleteKeyRequest).build());
}
/**
*
* Exports a key from Amazon Web Services Payment Cryptography.
*
*
* Amazon Web Services Payment Cryptography simplifies key exchange by replacing the existing paper-based approach
* with a modern electronic approach. With ExportKey you can export symmetric keys using either
* symmetric and asymmetric key exchange mechanisms. Using this operation, you can share your Amazon Web Services
* Payment Cryptography generated keys with other service partners to perform cryptographic operations outside of
* Amazon Web Services Payment Cryptography
*
*
* For symmetric key exchange, Amazon Web Services Payment Cryptography uses the ANSI X9 TR-31 norm in accordance
* with PCI PIN guidelines. And for asymmetric key exchange, Amazon Web Services Payment Cryptography supports ANSI
* X9 TR-34 norm and RSA wrap and unwrap key exchange mechanism. Asymmetric key exchange methods are typically used
* to establish bi-directional trust between the two parties exhanging keys and are used for initial key exchange
* such as Key Encryption Key (KEK). After which you can export working keys using symmetric method to perform
* various cryptographic operations within Amazon Web Services Payment Cryptography.
*
*
* The TR-34 norm is intended for exchanging 3DES keys only and keys are imported in a WrappedKeyBlock format. Key
* attributes (such as KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained within the key block.
* With RSA wrap and unwrap, you can exchange both 3DES and AES-128 keys. The keys are imported in a
* WrappedKeyCryptogram format and you will need to specify the key attributes during import.
*
*
* You can also use ExportKey functionality to generate and export an IPEK (Initial Pin Encryption Key)
* from Amazon Web Services Payment Cryptography using either TR-31 or TR-34 export key exchange. IPEK is generated
* from BDK (Base Derivation Key) and ExportDukptInitialKey attribute KSN (KeySerialNumber
* ). The generated IPEK does not persist within Amazon Web Services Payment Cryptography and has to be re-generated
* each time during export.
*
*
* For key exchange using TR-31 or TR-34 key blocks, you can also export optional blocks within the key block header
* which contain additional attribute information about the key. The KeyVersion within
* KeyBlockHeaders indicates the version of the key within the key block. Furthermore,
* KeyExportability within KeyBlockHeaders can be used to further restrict exportability
* of the key after export from Amazon Web Services Payment Cryptography.
*
*
* The OptionalBlocks contain the additional data related to the key. For information on data type that
* can be included within optional blocks, refer to ASC X9.143-2022.
*
*
*
* Data included in key block headers is signed but transmitted in clear text. Sensitive or confidential information
* should not be included in optional blocks. Refer to ASC X9.143-2022 standard for information on allowed data
* type.
*
*
*
* To export initial keys (KEK) or IPEK using TR-34
*
*
* Using this operation, you can export initial key using TR-34 asymmetric key exchange. You can only export KEK
* generated within Amazon Web Services Payment Cryptography. In TR-34 terminology, the sending party of the key is
* called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Device (KRD).
* During key export process, KDH is Amazon Web Services Payment Cryptography which initiates key export and KRD is
* the user receiving the key.
*
*
* To initiate TR-34 key export, the KRD must obtain an export token by calling GetParametersForExport. This operation also generates a key pair for the purpose of key export, signs the
* key and returns back the signing public key certificate (also known as KDH signing certificate) and root
* certificate chain. The KDH uses the private key to sign the the export payload and the signing public key
* certificate is provided to KRD to verify the signature. The KRD can import the root certificate into its Hardware
* Security Module (HSM), as required. The export token and the associated KDH signing certificate expires after 7
* days.
*
*
* Next the KRD generates a key pair for the the purpose of encrypting the KDH key and provides the public key
* cerificate (also known as KRD wrapping certificate) back to KDH. The KRD will also import the root cerificate
* chain into Amazon Web Services Payment Cryptography by calling ImportKey for
* RootCertificatePublicKey. The KDH, Amazon Web Services Payment Cryptography, will use the KRD
* wrapping cerificate to encrypt (wrap) the key under export and signs it with signing private key to generate a
* TR-34 WrappedKeyBlock. For more information on TR-34 key export, see section Exporting symmetric
* keys in the Amazon Web Services Payment Cryptography User Guide.
*
*
* Set the following parameters:
*
*
* -
*
* ExportAttributes: Specify export attributes in case of IPEK export. This parameter is optional for
* KEK export.
*
*
* -
*
* ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) under export.
*
*
* -
*
* KeyMaterial: Use Tr34KeyBlock parameters.
*
*
* -
*
* CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that
* signed the KRD wrapping key certificate.
*
*
* -
*
* ExportToken: Obtained from KDH by calling GetParametersForImport.
*
*
* -
*
* WrappingKeyCertificate: The public key certificate in PEM format (base64 encoded) of the KRD
* wrapping key Amazon Web Services Payment Cryptography uses for encryption of the TR-34 export payload. This
* certificate must be signed by the root certificate (CertificateAuthorityPublicKeyIdentifier) imported into Amazon
* Web Services Payment Cryptography.
*
*
*
*
* When this operation is successful, Amazon Web Services Payment Cryptography returns the KEK or IPEK as a TR-34
* WrappedKeyBlock.
*
*
* To export initial keys (KEK) or IPEK using RSA Wrap and Unwrap
*
*
* Using this operation, you can export initial key using asymmetric RSA wrap and unwrap key exchange method. To
* initiate export, generate an asymmetric key pair on the receiving HSM and obtain the public key certificate in
* PEM format (base64 encoded) for the purpose of wrapping and the root certifiate chain. Import the root
* certificate into Amazon Web Services Payment Cryptography by calling ImportKey for
* RootCertificatePublicKey.
*
*
* Next call ExportKey and set the following parameters:
*
*
* -
*
* CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that
* signed wrapping key certificate.
*
*
* -
*
* KeyMaterial: Set to KeyCryptogram.
*
*
* -
*
* WrappingKeyCertificate: The public key certificate in PEM format (base64 encoded) obtained by the
* receiving HSM and signed by the root certificate (CertificateAuthorityPublicKeyIdentifier) imported into Amazon
* Web Services Payment Cryptography. The receiving HSM uses its private key component to unwrap the
* WrappedKeyCryptogram.
*
*
*
*
* When this operation is successful, Amazon Web Services Payment Cryptography returns the WrappedKeyCryptogram.
*
*
* To export working keys or IPEK using TR-31
*
*
* Using this operation, you can export working keys or IPEK using TR-31 symmetric key exchange. In TR-31, you must
* use an initial key such as KEK to encrypt or wrap the key under export. To establish a KEK, you can use CreateKey or
* ImportKey.
*
*
* Set the following parameters:
*
*
* -
*
* ExportAttributes: Specify export attributes in case of IPEK export. This parameter is optional for
* KEK export.
*
*
* -
*
* ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) under export.
*
*
* -
*
* KeyMaterial: Use Tr31KeyBlock parameters.
*
*
*
*
* When this operation is successful, Amazon Web Services Payment Cryptography returns the working key or IPEK as a
* TR-31 WrappedKeyBlock.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
*
* -
*
* ImportKey
*
*
*
*
* @param exportKeyRequest
* @return Result of the ExportKey operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ExportKey
* @see AWS API Documentation
*/
default ExportKeyResponse exportKey(ExportKeyRequest exportKeyRequest) throws ServiceUnavailableException,
ValidationException, ConflictException, AccessDeniedException, ResourceNotFoundException, ThrottlingException,
InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Exports a key from Amazon Web Services Payment Cryptography.
*
*
* Amazon Web Services Payment Cryptography simplifies key exchange by replacing the existing paper-based approach
* with a modern electronic approach. With ExportKey you can export symmetric keys using either
* symmetric and asymmetric key exchange mechanisms. Using this operation, you can share your Amazon Web Services
* Payment Cryptography generated keys with other service partners to perform cryptographic operations outside of
* Amazon Web Services Payment Cryptography
*
*
* For symmetric key exchange, Amazon Web Services Payment Cryptography uses the ANSI X9 TR-31 norm in accordance
* with PCI PIN guidelines. And for asymmetric key exchange, Amazon Web Services Payment Cryptography supports ANSI
* X9 TR-34 norm and RSA wrap and unwrap key exchange mechanism. Asymmetric key exchange methods are typically used
* to establish bi-directional trust between the two parties exhanging keys and are used for initial key exchange
* such as Key Encryption Key (KEK). After which you can export working keys using symmetric method to perform
* various cryptographic operations within Amazon Web Services Payment Cryptography.
*
*
* The TR-34 norm is intended for exchanging 3DES keys only and keys are imported in a WrappedKeyBlock format. Key
* attributes (such as KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained within the key block.
* With RSA wrap and unwrap, you can exchange both 3DES and AES-128 keys. The keys are imported in a
* WrappedKeyCryptogram format and you will need to specify the key attributes during import.
*
*
* You can also use ExportKey functionality to generate and export an IPEK (Initial Pin Encryption Key)
* from Amazon Web Services Payment Cryptography using either TR-31 or TR-34 export key exchange. IPEK is generated
* from BDK (Base Derivation Key) and ExportDukptInitialKey attribute KSN (KeySerialNumber
* ). The generated IPEK does not persist within Amazon Web Services Payment Cryptography and has to be re-generated
* each time during export.
*
*
* For key exchange using TR-31 or TR-34 key blocks, you can also export optional blocks within the key block header
* which contain additional attribute information about the key. The KeyVersion within
* KeyBlockHeaders indicates the version of the key within the key block. Furthermore,
* KeyExportability within KeyBlockHeaders can be used to further restrict exportability
* of the key after export from Amazon Web Services Payment Cryptography.
*
*
* The OptionalBlocks contain the additional data related to the key. For information on data type that
* can be included within optional blocks, refer to ASC X9.143-2022.
*
*
*
* Data included in key block headers is signed but transmitted in clear text. Sensitive or confidential information
* should not be included in optional blocks. Refer to ASC X9.143-2022 standard for information on allowed data
* type.
*
*
*
* To export initial keys (KEK) or IPEK using TR-34
*
*
* Using this operation, you can export initial key using TR-34 asymmetric key exchange. You can only export KEK
* generated within Amazon Web Services Payment Cryptography. In TR-34 terminology, the sending party of the key is
* called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Device (KRD).
* During key export process, KDH is Amazon Web Services Payment Cryptography which initiates key export and KRD is
* the user receiving the key.
*
*
* To initiate TR-34 key export, the KRD must obtain an export token by calling GetParametersForExport. This operation also generates a key pair for the purpose of key export, signs the
* key and returns back the signing public key certificate (also known as KDH signing certificate) and root
* certificate chain. The KDH uses the private key to sign the the export payload and the signing public key
* certificate is provided to KRD to verify the signature. The KRD can import the root certificate into its Hardware
* Security Module (HSM), as required. The export token and the associated KDH signing certificate expires after 7
* days.
*
*
* Next the KRD generates a key pair for the the purpose of encrypting the KDH key and provides the public key
* cerificate (also known as KRD wrapping certificate) back to KDH. The KRD will also import the root cerificate
* chain into Amazon Web Services Payment Cryptography by calling ImportKey for
* RootCertificatePublicKey. The KDH, Amazon Web Services Payment Cryptography, will use the KRD
* wrapping cerificate to encrypt (wrap) the key under export and signs it with signing private key to generate a
* TR-34 WrappedKeyBlock. For more information on TR-34 key export, see section Exporting symmetric
* keys in the Amazon Web Services Payment Cryptography User Guide.
*
*
* Set the following parameters:
*
*
* -
*
* ExportAttributes: Specify export attributes in case of IPEK export. This parameter is optional for
* KEK export.
*
*
* -
*
* ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) under export.
*
*
* -
*
* KeyMaterial: Use Tr34KeyBlock parameters.
*
*
* -
*
* CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that
* signed the KRD wrapping key certificate.
*
*
* -
*
* ExportToken: Obtained from KDH by calling GetParametersForImport.
*
*
* -
*
* WrappingKeyCertificate: The public key certificate in PEM format (base64 encoded) of the KRD
* wrapping key Amazon Web Services Payment Cryptography uses for encryption of the TR-34 export payload. This
* certificate must be signed by the root certificate (CertificateAuthorityPublicKeyIdentifier) imported into Amazon
* Web Services Payment Cryptography.
*
*
*
*
* When this operation is successful, Amazon Web Services Payment Cryptography returns the KEK or IPEK as a TR-34
* WrappedKeyBlock.
*
*
* To export initial keys (KEK) or IPEK using RSA Wrap and Unwrap
*
*
* Using this operation, you can export initial key using asymmetric RSA wrap and unwrap key exchange method. To
* initiate export, generate an asymmetric key pair on the receiving HSM and obtain the public key certificate in
* PEM format (base64 encoded) for the purpose of wrapping and the root certifiate chain. Import the root
* certificate into Amazon Web Services Payment Cryptography by calling ImportKey for
* RootCertificatePublicKey.
*
*
* Next call ExportKey and set the following parameters:
*
*
* -
*
* CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that
* signed wrapping key certificate.
*
*
* -
*
* KeyMaterial: Set to KeyCryptogram.
*
*
* -
*
* WrappingKeyCertificate: The public key certificate in PEM format (base64 encoded) obtained by the
* receiving HSM and signed by the root certificate (CertificateAuthorityPublicKeyIdentifier) imported into Amazon
* Web Services Payment Cryptography. The receiving HSM uses its private key component to unwrap the
* WrappedKeyCryptogram.
*
*
*
*
* When this operation is successful, Amazon Web Services Payment Cryptography returns the WrappedKeyCryptogram.
*
*
* To export working keys or IPEK using TR-31
*
*
* Using this operation, you can export working keys or IPEK using TR-31 symmetric key exchange. In TR-31, you must
* use an initial key such as KEK to encrypt or wrap the key under export. To establish a KEK, you can use CreateKey or
* ImportKey.
*
*
* Set the following parameters:
*
*
* -
*
* ExportAttributes: Specify export attributes in case of IPEK export. This parameter is optional for
* KEK export.
*
*
* -
*
* ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK) under export.
*
*
* -
*
* KeyMaterial: Use Tr31KeyBlock parameters.
*
*
*
*
* When this operation is successful, Amazon Web Services Payment Cryptography returns the working key or IPEK as a
* TR-31 WrappedKeyBlock.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
*
* -
*
* ImportKey
*
*
*
*
*
* This is a convenience which creates an instance of the {@link ExportKeyRequest.Builder} avoiding the need to
* create one manually via {@link ExportKeyRequest#builder()}
*
*
* @param exportKeyRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.ExportKeyRequest.Builder} to create a
* request.
* @return Result of the ExportKey operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ExportKey
* @see AWS API Documentation
*/
default ExportKeyResponse exportKey(Consumer exportKeyRequest) throws ServiceUnavailableException,
ValidationException, ConflictException, AccessDeniedException, ResourceNotFoundException, ThrottlingException,
InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
return exportKey(ExportKeyRequest.builder().applyMutation(exportKeyRequest).build());
}
/**
*
* Gets the Amazon Web Services Payment Cryptography key associated with the alias.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* CreateAlias
*
*
* -
*
* DeleteAlias
*
*
* -
*
* ListAliases
*
*
* -
*
* UpdateAlias
*
*
*
*
* @param getAliasRequest
* @return Result of the GetAlias operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.GetAlias
* @see AWS
* API Documentation
*/
default GetAliasResponse getAlias(GetAliasRequest getAliasRequest) throws ServiceUnavailableException, ValidationException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Gets the Amazon Web Services Payment Cryptography key associated with the alias.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* CreateAlias
*
*
* -
*
* DeleteAlias
*
*
* -
*
* ListAliases
*
*
* -
*
* UpdateAlias
*
*
*
*
*
* This is a convenience which creates an instance of the {@link GetAliasRequest.Builder} avoiding the need to
* create one manually via {@link GetAliasRequest#builder()}
*
*
* @param getAliasRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.GetAliasRequest.Builder} to create a
* request.
* @return Result of the GetAlias operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.GetAlias
* @see AWS
* API Documentation
*/
default GetAliasResponse getAlias(Consumer getAliasRequest) throws ServiceUnavailableException,
ValidationException, AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException,
AwsServiceException, SdkClientException, PaymentCryptographyException {
return getAlias(GetAliasRequest.builder().applyMutation(getAliasRequest).build());
}
/**
*
* Gets the key material for an Amazon Web Services Payment Cryptography key, including the immutable and mutable
* data specified when the key was created.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
*
* @param getKeyRequest
* @return Result of the GetKey operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.GetKey
* @see AWS
* API Documentation
*/
default GetKeyResponse getKey(GetKeyRequest getKeyRequest) throws ServiceUnavailableException, ValidationException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Gets the key material for an Amazon Web Services Payment Cryptography key, including the immutable and mutable
* data specified when the key was created.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
*
*
* This is a convenience which creates an instance of the {@link GetKeyRequest.Builder} avoiding the need to create
* one manually via {@link GetKeyRequest#builder()}
*
*
* @param getKeyRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.GetKeyRequest.Builder} to create a
* request.
* @return Result of the GetKey operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.GetKey
* @see AWS
* API Documentation
*/
default GetKeyResponse getKey(Consumer getKeyRequest) throws ServiceUnavailableException,
ValidationException, AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException,
AwsServiceException, SdkClientException, PaymentCryptographyException {
return getKey(GetKeyRequest.builder().applyMutation(getKeyRequest).build());
}
/**
*
* Gets the export token and the signing key certificate to initiate a TR-34 key export from Amazon Web Services
* Payment Cryptography.
*
*
* The signing key certificate signs the wrapped key under export within the TR-34 key payload. The export token and
* signing key certificate must be in place and operational before calling ExportKey. The
* export token expires in 7 days. You can use the same export token to export multiple keys from your service
* account.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* ExportKey
*
*
* -
*
*
*
*
* @param getParametersForExportRequest
* @return Result of the GetParametersForExport operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.GetParametersForExport
* @see AWS API Documentation
*/
default GetParametersForExportResponse getParametersForExport(GetParametersForExportRequest getParametersForExportRequest)
throws ServiceQuotaExceededException, ServiceUnavailableException, ValidationException, ConflictException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Gets the export token and the signing key certificate to initiate a TR-34 key export from Amazon Web Services
* Payment Cryptography.
*
*
* The signing key certificate signs the wrapped key under export within the TR-34 key payload. The export token and
* signing key certificate must be in place and operational before calling ExportKey. The
* export token expires in 7 days. You can use the same export token to export multiple keys from your service
* account.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* ExportKey
*
*
* -
*
*
*
*
*
* This is a convenience which creates an instance of the {@link GetParametersForExportRequest.Builder} avoiding the
* need to create one manually via {@link GetParametersForExportRequest#builder()}
*
*
* @param getParametersForExportRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.GetParametersForExportRequest.Builder} to
* create a request.
* @return Result of the GetParametersForExport operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.GetParametersForExport
* @see AWS API Documentation
*/
default GetParametersForExportResponse getParametersForExport(
Consumer getParametersForExportRequest) throws ServiceQuotaExceededException,
ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
return getParametersForExport(GetParametersForExportRequest.builder().applyMutation(getParametersForExportRequest)
.build());
}
/**
*
* Gets the import token and the wrapping key certificate in PEM format (base64 encoded) to initiate a TR-34
* WrappedKeyBlock or a RSA WrappedKeyCryptogram import into Amazon Web Services Payment Cryptography.
*
*
* The wrapping key certificate wraps the key under import. The import token and wrapping key certificate must be in
* place and operational before calling ImportKey. The
* import token expires in 7 days. You can use the same import token to import multiple keys into your service
* account.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
*
* -
*
* ImportKey
*
*
*
*
* @param getParametersForImportRequest
* @return Result of the GetParametersForImport operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.GetParametersForImport
* @see AWS API Documentation
*/
default GetParametersForImportResponse getParametersForImport(GetParametersForImportRequest getParametersForImportRequest)
throws ServiceQuotaExceededException, ServiceUnavailableException, ValidationException, ConflictException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Gets the import token and the wrapping key certificate in PEM format (base64 encoded) to initiate a TR-34
* WrappedKeyBlock or a RSA WrappedKeyCryptogram import into Amazon Web Services Payment Cryptography.
*
*
* The wrapping key certificate wraps the key under import. The import token and wrapping key certificate must be in
* place and operational before calling ImportKey. The
* import token expires in 7 days. You can use the same import token to import multiple keys into your service
* account.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
*
* -
*
* ImportKey
*
*
*
*
*
* This is a convenience which creates an instance of the {@link GetParametersForImportRequest.Builder} avoiding the
* need to create one manually via {@link GetParametersForImportRequest#builder()}
*
*
* @param getParametersForImportRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.GetParametersForImportRequest.Builder} to
* create a request.
* @return Result of the GetParametersForImport operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.GetParametersForImport
* @see AWS API Documentation
*/
default GetParametersForImportResponse getParametersForImport(
Consumer getParametersForImportRequest) throws ServiceQuotaExceededException,
ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
return getParametersForImport(GetParametersForImportRequest.builder().applyMutation(getParametersForImportRequest)
.build());
}
/**
*
* Gets the public key certificate of the asymmetric key pair that exists within Amazon Web Services Payment
* Cryptography.
*
*
* Unlike the private key of an asymmetric key, which never leaves Amazon Web Services Payment Cryptography
* unencrypted, callers with GetPublicKeyCertificate permission can download the public key certificate
* of the asymmetric key. You can share the public key certificate to allow others to encrypt messages and verify
* signatures outside of Amazon Web Services Payment Cryptography
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* @param getPublicKeyCertificateRequest
* @return Result of the GetPublicKeyCertificate operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.GetPublicKeyCertificate
* @see AWS API Documentation
*/
default GetPublicKeyCertificateResponse getPublicKeyCertificate(GetPublicKeyCertificateRequest getPublicKeyCertificateRequest)
throws ServiceUnavailableException, ValidationException, AccessDeniedException, ResourceNotFoundException,
ThrottlingException, InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Gets the public key certificate of the asymmetric key pair that exists within Amazon Web Services Payment
* Cryptography.
*
*
* Unlike the private key of an asymmetric key, which never leaves Amazon Web Services Payment Cryptography
* unencrypted, callers with GetPublicKeyCertificate permission can download the public key certificate
* of the asymmetric key. You can share the public key certificate to allow others to encrypt messages and verify
* signatures outside of Amazon Web Services Payment Cryptography
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
*
* This is a convenience which creates an instance of the {@link GetPublicKeyCertificateRequest.Builder} avoiding
* the need to create one manually via {@link GetPublicKeyCertificateRequest#builder()}
*
*
* @param getPublicKeyCertificateRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.GetPublicKeyCertificateRequest.Builder}
* to create a request.
* @return Result of the GetPublicKeyCertificate operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.GetPublicKeyCertificate
* @see AWS API Documentation
*/
default GetPublicKeyCertificateResponse getPublicKeyCertificate(
Consumer getPublicKeyCertificateRequest) throws ServiceUnavailableException,
ValidationException, AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException,
AwsServiceException, SdkClientException, PaymentCryptographyException {
return getPublicKeyCertificate(GetPublicKeyCertificateRequest.builder().applyMutation(getPublicKeyCertificateRequest)
.build());
}
/**
*
* Imports symmetric keys and public key certificates in PEM format (base64 encoded) into Amazon Web Services
* Payment Cryptography.
*
*
* Amazon Web Services Payment Cryptography simplifies key exchange by replacing the existing paper-based approach
* with a modern electronic approach. With ImportKey you can import symmetric keys using either
* symmetric and asymmetric key exchange mechanisms.
*
*
* For symmetric key exchange, Amazon Web Services Payment Cryptography uses the ANSI X9 TR-31 norm in accordance
* with PCI PIN guidelines. And for asymmetric key exchange, Amazon Web Services Payment Cryptography supports ANSI
* X9 TR-34 norm and RSA wrap and unwrap key exchange mechanisms. Asymmetric key exchange methods are typically used
* to establish bi-directional trust between the two parties exhanging keys and are used for initial key exchange
* such as Key Encryption Key (KEK) or Zone Master Key (ZMK). After which you can import working keys using
* symmetric method to perform various cryptographic operations within Amazon Web Services Payment Cryptography.
*
*
* The TR-34 norm is intended for exchanging 3DES keys only and keys are imported in a WrappedKeyBlock format. Key
* attributes (such as KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained within the key block.
* With RSA wrap and unwrap, you can exchange both 3DES and AES-128 keys. The keys are imported in a
* WrappedKeyCryptogram format and you will need to specify the key attributes during import.
*
*
* You can also import a root public key certificate, used to sign other public key certificates, or a
* trusted public key certificate under an already established root public key certificate.
*
*
* To import a public root key certificate
*
*
* You can also import a root public key certificate, used to sign other public key certificates, or a
* trusted public key certificate under an already established root public key certificate.
*
*
* To import a public root key certificate
*
*
* Using this operation, you can import the public component (in PEM cerificate format) of your private root key.
* You can use the imported public root key certificate for digital signatures, for example signing wrapping key or
* signing key in TR-34, within your Amazon Web Services Payment Cryptography account.
*
*
* Set the following parameters:
*
*
* -
*
* KeyMaterial: RootCertificatePublicKey
*
*
* -
*
* KeyClass: PUBLIC_KEY
*
*
* -
*
* KeyModesOfUse: Verify
*
*
* -
*
* KeyUsage: TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
*
*
* -
*
* PublicKeyCertificate: The public key certificate in PEM format (base64 encoded) of the private root
* key under import.
*
*
*
*
* To import a trusted public key certificate
*
*
* The root public key certificate must be in place and operational before you import a trusted public key
* certificate. Set the following parameters:
*
*
* -
*
* KeyMaterial: TrustedCertificatePublicKey
*
*
* -
*
* CertificateAuthorityPublicKeyIdentifier: KeyArn of the
* RootCertificatePublicKey.
*
*
* -
*
* KeyModesOfUse and KeyUsage: Corresponding to the cryptographic operations such as wrap,
* sign, or encrypt that you will allow the trusted public key certificate to perform.
*
*
* -
*
* PublicKeyCertificate: The trusted public key certificate in PEM format (base64 encoded) under
* import.
*
*
*
*
* To import initial keys (KEK or ZMK or similar) using TR-34
*
*
* Using this operation, you can import initial key using TR-34 asymmetric key exchange. In TR-34 terminology, the
* sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key
* Receiving Device (KRD). During the key import process, KDH is the user who initiates the key import and KRD is
* Amazon Web Services Payment Cryptography who receives the key.
*
*
* To initiate TR-34 key import, the KDH must obtain an import token by calling GetParametersForImport. This operation generates an encryption keypair for the purpose of key import, signs
* the key and returns back the wrapping key certificate (also known as KRD wrapping certificate) and the root
* certificate chain. The KDH must trust and install the KRD wrapping certificate on its HSM and use it to encrypt
* (wrap) the KDH key during TR-34 WrappedKeyBlock generation. The import token and associated KRD wrapping
* certificate expires after 7 days.
*
*
* Next the KDH generates a key pair for the purpose of signing the encrypted KDH key and provides the public
* certificate of the signing key to Amazon Web Services Payment Cryptography. The KDH will also need to import the
* root certificate chain of the KDH signing certificate by calling ImportKey for
* RootCertificatePublicKey. For more information on TR-34 key import, see section Importing symmetric
* keys in the Amazon Web Services Payment Cryptography User Guide.
*
*
* Set the following parameters:
*
*
* -
*
* KeyMaterial: Use Tr34KeyBlock parameters.
*
*
* -
*
* CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that
* signed the KDH signing key certificate.
*
*
* -
*
* ImportToken: Obtained from KRD by calling GetParametersForImport.
*
*
* -
*
* WrappedKeyBlock: The TR-34 wrapped key material from KDH. It contains the KDH key under import,
* wrapped with KRD wrapping certificate and signed by KDH signing private key. This TR-34 key block is typically
* generated by the KDH Hardware Security Module (HSM) outside of Amazon Web Services Payment Cryptography.
*
*
* -
*
* SigningKeyCertificate: The public key certificate in PEM format (base64 encoded) of the KDH signing
* key generated under the root certificate (CertificateAuthorityPublicKeyIdentifier) imported in Amazon Web
* Services Payment Cryptography.
*
*
*
*
* To import initial keys (KEK or ZMK or similar) using RSA Wrap and Unwrap
*
*
* Using this operation, you can import initial key using asymmetric RSA wrap and unwrap key exchange method. To
* initiate import, call GetParametersForImport with KeyMaterial set to KEY_CRYPTOGRAM to generate an
* import token. This operation also generates an encryption keypair for the purpose of key import, signs the key
* and returns back the wrapping key certificate in PEM format (base64 encoded) and its root certificate chain. The
* import token and associated KRD wrapping certificate expires after 7 days.
*
*
* You must trust and install the wrapping certificate and its certificate chain on the sending HSM and use it to
* wrap the key under export for WrappedKeyCryptogram generation. Next call ImportKey with
* KeyMaterial set to KEY_CRYPTOGRAM and provide the ImportToken and
* KeyAttributes for the key under import.
*
*
* To import working keys using TR-31
*
*
* Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange norm to import working keys. A KEK
* must be established within Amazon Web Services Payment Cryptography by using TR-34 key import or by using CreateKey. To
* initiate a TR-31 key import, set the following parameters:
*
*
* -
*
* KeyMaterial: Use Tr31KeyBlock parameters.
*
*
* -
*
* WrappedKeyBlock: The TR-31 wrapped key material. It contains the key under import, encrypted using
* KEK. The TR-31 key block is typically generated by a HSM outside of Amazon Web Services Payment Cryptography.
*
*
* -
*
* WrappingKeyIdentifier: The KeyArn of the KEK that Amazon Web Services Payment
* Cryptography uses to decrypt or unwrap the key under import.
*
*
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* ExportKey
*
*
* -
*
*
*
*
* @param importKeyRequest
* @return Result of the ImportKey operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ImportKey
* @see AWS API Documentation
*/
default ImportKeyResponse importKey(ImportKeyRequest importKeyRequest) throws ServiceQuotaExceededException,
ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Imports symmetric keys and public key certificates in PEM format (base64 encoded) into Amazon Web Services
* Payment Cryptography.
*
*
* Amazon Web Services Payment Cryptography simplifies key exchange by replacing the existing paper-based approach
* with a modern electronic approach. With ImportKey you can import symmetric keys using either
* symmetric and asymmetric key exchange mechanisms.
*
*
* For symmetric key exchange, Amazon Web Services Payment Cryptography uses the ANSI X9 TR-31 norm in accordance
* with PCI PIN guidelines. And for asymmetric key exchange, Amazon Web Services Payment Cryptography supports ANSI
* X9 TR-34 norm and RSA wrap and unwrap key exchange mechanisms. Asymmetric key exchange methods are typically used
* to establish bi-directional trust between the two parties exhanging keys and are used for initial key exchange
* such as Key Encryption Key (KEK) or Zone Master Key (ZMK). After which you can import working keys using
* symmetric method to perform various cryptographic operations within Amazon Web Services Payment Cryptography.
*
*
* The TR-34 norm is intended for exchanging 3DES keys only and keys are imported in a WrappedKeyBlock format. Key
* attributes (such as KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained within the key block.
* With RSA wrap and unwrap, you can exchange both 3DES and AES-128 keys. The keys are imported in a
* WrappedKeyCryptogram format and you will need to specify the key attributes during import.
*
*
* You can also import a root public key certificate, used to sign other public key certificates, or a
* trusted public key certificate under an already established root public key certificate.
*
*
* To import a public root key certificate
*
*
* You can also import a root public key certificate, used to sign other public key certificates, or a
* trusted public key certificate under an already established root public key certificate.
*
*
* To import a public root key certificate
*
*
* Using this operation, you can import the public component (in PEM cerificate format) of your private root key.
* You can use the imported public root key certificate for digital signatures, for example signing wrapping key or
* signing key in TR-34, within your Amazon Web Services Payment Cryptography account.
*
*
* Set the following parameters:
*
*
* -
*
* KeyMaterial: RootCertificatePublicKey
*
*
* -
*
* KeyClass: PUBLIC_KEY
*
*
* -
*
* KeyModesOfUse: Verify
*
*
* -
*
* KeyUsage: TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
*
*
* -
*
* PublicKeyCertificate: The public key certificate in PEM format (base64 encoded) of the private root
* key under import.
*
*
*
*
* To import a trusted public key certificate
*
*
* The root public key certificate must be in place and operational before you import a trusted public key
* certificate. Set the following parameters:
*
*
* -
*
* KeyMaterial: TrustedCertificatePublicKey
*
*
* -
*
* CertificateAuthorityPublicKeyIdentifier: KeyArn of the
* RootCertificatePublicKey.
*
*
* -
*
* KeyModesOfUse and KeyUsage: Corresponding to the cryptographic operations such as wrap,
* sign, or encrypt that you will allow the trusted public key certificate to perform.
*
*
* -
*
* PublicKeyCertificate: The trusted public key certificate in PEM format (base64 encoded) under
* import.
*
*
*
*
* To import initial keys (KEK or ZMK or similar) using TR-34
*
*
* Using this operation, you can import initial key using TR-34 asymmetric key exchange. In TR-34 terminology, the
* sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key
* Receiving Device (KRD). During the key import process, KDH is the user who initiates the key import and KRD is
* Amazon Web Services Payment Cryptography who receives the key.
*
*
* To initiate TR-34 key import, the KDH must obtain an import token by calling GetParametersForImport. This operation generates an encryption keypair for the purpose of key import, signs
* the key and returns back the wrapping key certificate (also known as KRD wrapping certificate) and the root
* certificate chain. The KDH must trust and install the KRD wrapping certificate on its HSM and use it to encrypt
* (wrap) the KDH key during TR-34 WrappedKeyBlock generation. The import token and associated KRD wrapping
* certificate expires after 7 days.
*
*
* Next the KDH generates a key pair for the purpose of signing the encrypted KDH key and provides the public
* certificate of the signing key to Amazon Web Services Payment Cryptography. The KDH will also need to import the
* root certificate chain of the KDH signing certificate by calling ImportKey for
* RootCertificatePublicKey. For more information on TR-34 key import, see section Importing symmetric
* keys in the Amazon Web Services Payment Cryptography User Guide.
*
*
* Set the following parameters:
*
*
* -
*
* KeyMaterial: Use Tr34KeyBlock parameters.
*
*
* -
*
* CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate chain that
* signed the KDH signing key certificate.
*
*
* -
*
* ImportToken: Obtained from KRD by calling GetParametersForImport.
*
*
* -
*
* WrappedKeyBlock: The TR-34 wrapped key material from KDH. It contains the KDH key under import,
* wrapped with KRD wrapping certificate and signed by KDH signing private key. This TR-34 key block is typically
* generated by the KDH Hardware Security Module (HSM) outside of Amazon Web Services Payment Cryptography.
*
*
* -
*
* SigningKeyCertificate: The public key certificate in PEM format (base64 encoded) of the KDH signing
* key generated under the root certificate (CertificateAuthorityPublicKeyIdentifier) imported in Amazon Web
* Services Payment Cryptography.
*
*
*
*
* To import initial keys (KEK or ZMK or similar) using RSA Wrap and Unwrap
*
*
* Using this operation, you can import initial key using asymmetric RSA wrap and unwrap key exchange method. To
* initiate import, call GetParametersForImport with KeyMaterial set to KEY_CRYPTOGRAM to generate an
* import token. This operation also generates an encryption keypair for the purpose of key import, signs the key
* and returns back the wrapping key certificate in PEM format (base64 encoded) and its root certificate chain. The
* import token and associated KRD wrapping certificate expires after 7 days.
*
*
* You must trust and install the wrapping certificate and its certificate chain on the sending HSM and use it to
* wrap the key under export for WrappedKeyCryptogram generation. Next call ImportKey with
* KeyMaterial set to KEY_CRYPTOGRAM and provide the ImportToken and
* KeyAttributes for the key under import.
*
*
* To import working keys using TR-31
*
*
* Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange norm to import working keys. A KEK
* must be established within Amazon Web Services Payment Cryptography by using TR-34 key import or by using CreateKey. To
* initiate a TR-31 key import, set the following parameters:
*
*
* -
*
* KeyMaterial: Use Tr31KeyBlock parameters.
*
*
* -
*
* WrappedKeyBlock: The TR-31 wrapped key material. It contains the key under import, encrypted using
* KEK. The TR-31 key block is typically generated by a HSM outside of Amazon Web Services Payment Cryptography.
*
*
* -
*
* WrappingKeyIdentifier: The KeyArn of the KEK that Amazon Web Services Payment
* Cryptography uses to decrypt or unwrap the key under import.
*
*
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* ExportKey
*
*
* -
*
*
*
*
*
* This is a convenience which creates an instance of the {@link ImportKeyRequest.Builder} avoiding the need to
* create one manually via {@link ImportKeyRequest#builder()}
*
*
* @param importKeyRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.ImportKeyRequest.Builder} to create a
* request.
* @return Result of the ImportKey operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ImportKey
* @see AWS API Documentation
*/
default ImportKeyResponse importKey(Consumer importKeyRequest)
throws ServiceQuotaExceededException, ServiceUnavailableException, ValidationException, ConflictException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
return importKey(ImportKeyRequest.builder().applyMutation(importKeyRequest).build());
}
/**
*
* Lists the aliases for all keys in the caller's Amazon Web Services account and Amazon Web Services Region. You
* can filter the list of aliases. For more information, see Using aliases
* in the Amazon Web Services Payment Cryptography User Guide.
*
*
* This is a paginated operation, which means that each response might contain only a subset of all the aliases.
* When the response contains only a subset of aliases, it includes a NextToken value. Use this value
* in a subsequent ListAliases request to get more aliases. When you receive a response with no
* NextToken (or an empty or null value), that means there are no more aliases to get.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* CreateAlias
*
*
* -
*
* DeleteAlias
*
*
* -
*
* GetAlias
*
*
* -
*
* UpdateAlias
*
*
*
*
* @param listAliasesRequest
* @return Result of the ListAliases operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListAliases
* @see AWS API Documentation
*/
default ListAliasesResponse listAliases(ListAliasesRequest listAliasesRequest) throws ServiceUnavailableException,
ValidationException, AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException,
AwsServiceException, SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the aliases for all keys in the caller's Amazon Web Services account and Amazon Web Services Region. You
* can filter the list of aliases. For more information, see Using aliases
* in the Amazon Web Services Payment Cryptography User Guide.
*
*
* This is a paginated operation, which means that each response might contain only a subset of all the aliases.
* When the response contains only a subset of aliases, it includes a NextToken value. Use this value
* in a subsequent ListAliases request to get more aliases. When you receive a response with no
* NextToken (or an empty or null value), that means there are no more aliases to get.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* CreateAlias
*
*
* -
*
* DeleteAlias
*
*
* -
*
* GetAlias
*
*
* -
*
* UpdateAlias
*
*
*
*
*
* This is a convenience which creates an instance of the {@link ListAliasesRequest.Builder} avoiding the need to
* create one manually via {@link ListAliasesRequest#builder()}
*
*
* @param listAliasesRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.ListAliasesRequest.Builder} to create a
* request.
* @return Result of the ListAliases operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListAliases
* @see AWS API Documentation
*/
default ListAliasesResponse listAliases(Consumer listAliasesRequest)
throws ServiceUnavailableException, ValidationException, AccessDeniedException, ResourceNotFoundException,
ThrottlingException, InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
return listAliases(ListAliasesRequest.builder().applyMutation(listAliasesRequest).build());
}
/**
*
* This is a variant of
* {@link #listAliases(software.amazon.awssdk.services.paymentcryptography.model.ListAliasesRequest)} operation. The
* return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle
* making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListAliasesIterable responses = client.listAliasesPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListAliasesIterable responses = client
* .listAliasesPaginator(request);
* for (software.amazon.awssdk.services.paymentcryptography.model.ListAliasesResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListAliasesIterable responses = client.listAliasesPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listAliases(software.amazon.awssdk.services.paymentcryptography.model.ListAliasesRequest)} operation.
*
*
* @param listAliasesRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListAliases
* @see AWS API Documentation
*/
default ListAliasesIterable listAliasesPaginator(ListAliasesRequest listAliasesRequest) throws ServiceUnavailableException,
ValidationException, AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException,
AwsServiceException, SdkClientException, PaymentCryptographyException {
return new ListAliasesIterable(this, listAliasesRequest);
}
/**
*
* This is a variant of
* {@link #listAliases(software.amazon.awssdk.services.paymentcryptography.model.ListAliasesRequest)} operation. The
* return type is a custom iterable that can be used to iterate through all the pages. SDK will internally handle
* making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListAliasesIterable responses = client.listAliasesPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListAliasesIterable responses = client
* .listAliasesPaginator(request);
* for (software.amazon.awssdk.services.paymentcryptography.model.ListAliasesResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListAliasesIterable responses = client.listAliasesPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listAliases(software.amazon.awssdk.services.paymentcryptography.model.ListAliasesRequest)} operation.
*
*
*
* This is a convenience which creates an instance of the {@link ListAliasesRequest.Builder} avoiding the need to
* create one manually via {@link ListAliasesRequest#builder()}
*
*
* @param listAliasesRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.ListAliasesRequest.Builder} to create a
* request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListAliases
* @see AWS API Documentation
*/
default ListAliasesIterable listAliasesPaginator(Consumer listAliasesRequest)
throws ServiceUnavailableException, ValidationException, AccessDeniedException, ResourceNotFoundException,
ThrottlingException, InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
return listAliasesPaginator(ListAliasesRequest.builder().applyMutation(listAliasesRequest).build());
}
/**
*
* Lists the keys in the caller's Amazon Web Services account and Amazon Web Services Region. You can filter the
* list of keys.
*
*
* This is a paginated operation, which means that each response might contain only a subset of all the keys. When
* the response contains only a subset of keys, it includes a NextToken value. Use this value in a
* subsequent ListKeys request to get more keys. When you receive a response with no NextToken (or an
* empty or null value), that means there are no more keys to get.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
*
* @param listKeysRequest
* @return Result of the ListKeys operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListKeys
* @see AWS
* API Documentation
*/
default ListKeysResponse listKeys(ListKeysRequest listKeysRequest) throws ServiceUnavailableException, ValidationException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the keys in the caller's Amazon Web Services account and Amazon Web Services Region. You can filter the
* list of keys.
*
*
* This is a paginated operation, which means that each response might contain only a subset of all the keys. When
* the response contains only a subset of keys, it includes a NextToken value. Use this value in a
* subsequent ListKeys request to get more keys. When you receive a response with no NextToken (or an
* empty or null value), that means there are no more keys to get.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
*
*
* This is a convenience which creates an instance of the {@link ListKeysRequest.Builder} avoiding the need to
* create one manually via {@link ListKeysRequest#builder()}
*
*
* @param listKeysRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.ListKeysRequest.Builder} to create a
* request.
* @return Result of the ListKeys operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListKeys
* @see AWS
* API Documentation
*/
default ListKeysResponse listKeys(Consumer listKeysRequest) throws ServiceUnavailableException,
ValidationException, AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException,
AwsServiceException, SdkClientException, PaymentCryptographyException {
return listKeys(ListKeysRequest.builder().applyMutation(listKeysRequest).build());
}
/**
*
* This is a variant of {@link #listKeys(software.amazon.awssdk.services.paymentcryptography.model.ListKeysRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListKeysIterable responses = client.listKeysPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListKeysIterable responses = client.listKeysPaginator(request);
* for (software.amazon.awssdk.services.paymentcryptography.model.ListKeysResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListKeysIterable responses = client.listKeysPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listKeys(software.amazon.awssdk.services.paymentcryptography.model.ListKeysRequest)} operation.
*
*
* @param listKeysRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListKeys
* @see AWS
* API Documentation
*/
default ListKeysIterable listKeysPaginator(ListKeysRequest listKeysRequest) throws ServiceUnavailableException,
ValidationException, AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException,
AwsServiceException, SdkClientException, PaymentCryptographyException {
return new ListKeysIterable(this, listKeysRequest);
}
/**
*
* This is a variant of {@link #listKeys(software.amazon.awssdk.services.paymentcryptography.model.ListKeysRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListKeysIterable responses = client.listKeysPaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListKeysIterable responses = client.listKeysPaginator(request);
* for (software.amazon.awssdk.services.paymentcryptography.model.ListKeysResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListKeysIterable responses = client.listKeysPaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listKeys(software.amazon.awssdk.services.paymentcryptography.model.ListKeysRequest)} operation.
*
*
*
* This is a convenience which creates an instance of the {@link ListKeysRequest.Builder} avoiding the need to
* create one manually via {@link ListKeysRequest#builder()}
*
*
* @param listKeysRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.ListKeysRequest.Builder} to create a
* request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListKeys
* @see AWS
* API Documentation
*/
default ListKeysIterable listKeysPaginator(Consumer listKeysRequest)
throws ServiceUnavailableException, ValidationException, AccessDeniedException, ResourceNotFoundException,
ThrottlingException, InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
return listKeysPaginator(ListKeysRequest.builder().applyMutation(listKeysRequest).build());
}
/**
*
* Lists the tags for an Amazon Web Services resource.
*
*
* This is a paginated operation, which means that each response might contain only a subset of all the tags. When
* the response contains only a subset of tags, it includes a NextToken value. Use this value in a
* subsequent ListTagsForResource request to get more tags. When you receive a response with no
* NextToken (or an empty or null value), that means there are no more tags to get.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* TagResource
*
*
* -
*
*
* UntagResource
*
*
*
*
* @param listTagsForResourceRequest
* @return Result of the ListTagsForResource operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListTagsForResource
* @see AWS API Documentation
*/
default ListTagsForResourceResponse listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest)
throws ServiceUnavailableException, ValidationException, AccessDeniedException, ResourceNotFoundException,
ThrottlingException, InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Lists the tags for an Amazon Web Services resource.
*
*
* This is a paginated operation, which means that each response might contain only a subset of all the tags. When
* the response contains only a subset of tags, it includes a NextToken value. Use this value in a
* subsequent ListTagsForResource request to get more tags. When you receive a response with no
* NextToken (or an empty or null value), that means there are no more tags to get.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* TagResource
*
*
* -
*
*
* UntagResource
*
*
*
*
*
* This is a convenience which creates an instance of the {@link ListTagsForResourceRequest.Builder} avoiding the
* need to create one manually via {@link ListTagsForResourceRequest#builder()}
*
*
* @param listTagsForResourceRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.ListTagsForResourceRequest.Builder} to
* create a request.
* @return Result of the ListTagsForResource operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListTagsForResource
* @see AWS API Documentation
*/
default ListTagsForResourceResponse listTagsForResource(
Consumer listTagsForResourceRequest) throws ServiceUnavailableException,
ValidationException, AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException,
AwsServiceException, SdkClientException, PaymentCryptographyException {
return listTagsForResource(ListTagsForResourceRequest.builder().applyMutation(listTagsForResourceRequest).build());
}
/**
*
* This is a variant of
* {@link #listTagsForResource(software.amazon.awssdk.services.paymentcryptography.model.ListTagsForResourceRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListTagsForResourceIterable responses = client
* .listTagsForResourcePaginator(request);
* for (software.amazon.awssdk.services.paymentcryptography.model.ListTagsForResourceResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listTagsForResource(software.amazon.awssdk.services.paymentcryptography.model.ListTagsForResourceRequest)}
* operation.
*
*
* @param listTagsForResourceRequest
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListTagsForResource
* @see AWS API Documentation
*/
default ListTagsForResourceIterable listTagsForResourcePaginator(ListTagsForResourceRequest listTagsForResourceRequest)
throws ServiceUnavailableException, ValidationException, AccessDeniedException, ResourceNotFoundException,
ThrottlingException, InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
return new ListTagsForResourceIterable(this, listTagsForResourceRequest);
}
/**
*
* This is a variant of
* {@link #listTagsForResource(software.amazon.awssdk.services.paymentcryptography.model.ListTagsForResourceRequest)}
* operation. The return type is a custom iterable that can be used to iterate through all the pages. SDK will
* internally handle making service calls for you.
*
*
* When this operation is called, a custom iterable is returned but no service calls are made yet. So there is no
* guarantee that the request is valid. As you iterate through the iterable, SDK will start lazily loading response
* pages by making service calls until there are no pages left or your iteration stops. If there are errors in your
* request, you will see the failures only after you start iterating through the iterable.
*
*
*
* The following are few ways to iterate through the response pages:
*
* 1) Using a Stream
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request);
* responses.stream().forEach(....);
* }
*
*
* 2) Using For loop
*
*
* {
* @code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListTagsForResourceIterable responses = client
* .listTagsForResourcePaginator(request);
* for (software.amazon.awssdk.services.paymentcryptography.model.ListTagsForResourceResponse response : responses) {
* // do something;
* }
* }
*
*
* 3) Use iterator directly
*
*
* {@code
* software.amazon.awssdk.services.paymentcryptography.paginators.ListTagsForResourceIterable responses = client.listTagsForResourcePaginator(request);
* responses.iterator().forEachRemaining(....);
* }
*
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listTagsForResource(software.amazon.awssdk.services.paymentcryptography.model.ListTagsForResourceRequest)}
* operation.
*
*
*
* This is a convenience which creates an instance of the {@link ListTagsForResourceRequest.Builder} avoiding the
* need to create one manually via {@link ListTagsForResourceRequest#builder()}
*
*
* @param listTagsForResourceRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.ListTagsForResourceRequest.Builder} to
* create a request.
* @return A custom iterable that can be used to iterate through all the response pages.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.ListTagsForResource
* @see AWS API Documentation
*/
default ListTagsForResourceIterable listTagsForResourcePaginator(
Consumer listTagsForResourceRequest) throws ServiceUnavailableException,
ValidationException, AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException,
AwsServiceException, SdkClientException, PaymentCryptographyException {
return listTagsForResourcePaginator(ListTagsForResourceRequest.builder().applyMutation(listTagsForResourceRequest)
.build());
}
/**
*
* Cancels a scheduled key deletion during the waiting period. Use this operation to restore a Key that
* is scheduled for deletion.
*
*
* During the waiting period, the KeyState is DELETE_PENDING and
* deletePendingTimestamp contains the date and time after which the Key will be deleted.
* After Key is restored, the KeyState is CREATE_COMPLETE, and the value for
* deletePendingTimestamp is removed.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* DeleteKey
*
*
* -
*
*
* StartKeyUsage
*
*
* -
*
*
*
*
* @param restoreKeyRequest
* @return Result of the RestoreKey operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.RestoreKey
* @see AWS API Documentation
*/
default RestoreKeyResponse restoreKey(RestoreKeyRequest restoreKeyRequest) throws ServiceQuotaExceededException,
ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Cancels a scheduled key deletion during the waiting period. Use this operation to restore a Key that
* is scheduled for deletion.
*
*
* During the waiting period, the KeyState is DELETE_PENDING and
* deletePendingTimestamp contains the date and time after which the Key will be deleted.
* After Key is restored, the KeyState is CREATE_COMPLETE, and the value for
* deletePendingTimestamp is removed.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* DeleteKey
*
*
* -
*
*
* StartKeyUsage
*
*
* -
*
*
*
*
*
* This is a convenience which creates an instance of the {@link RestoreKeyRequest.Builder} avoiding the need to
* create one manually via {@link RestoreKeyRequest#builder()}
*
*
* @param restoreKeyRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.RestoreKeyRequest.Builder} to create a
* request.
* @return Result of the RestoreKey operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.RestoreKey
* @see AWS API Documentation
*/
default RestoreKeyResponse restoreKey(Consumer restoreKeyRequest)
throws ServiceQuotaExceededException, ServiceUnavailableException, ValidationException, ConflictException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
return restoreKey(RestoreKeyRequest.builder().applyMutation(restoreKeyRequest).build());
}
/**
*
* Enables an Amazon Web Services Payment Cryptography key, which makes it active for cryptographic operations
* within Amazon Web Services Payment Cryptography
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
*
*
*
* @param startKeyUsageRequest
* @return Result of the StartKeyUsage operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.StartKeyUsage
* @see AWS API Documentation
*/
default StartKeyUsageResponse startKeyUsage(StartKeyUsageRequest startKeyUsageRequest) throws ServiceQuotaExceededException,
ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Enables an Amazon Web Services Payment Cryptography key, which makes it active for cryptographic operations
* within Amazon Web Services Payment Cryptography
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
*
*
*
*
* This is a convenience which creates an instance of the {@link StartKeyUsageRequest.Builder} avoiding the need to
* create one manually via {@link StartKeyUsageRequest#builder()}
*
*
* @param startKeyUsageRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.StartKeyUsageRequest.Builder} to create a
* request.
* @return Result of the StartKeyUsage operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.StartKeyUsage
* @see AWS API Documentation
*/
default StartKeyUsageResponse startKeyUsage(Consumer startKeyUsageRequest)
throws ServiceQuotaExceededException, ServiceUnavailableException, ValidationException, ConflictException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
return startKeyUsage(StartKeyUsageRequest.builder().applyMutation(startKeyUsageRequest).build());
}
/**
*
* Disables an Amazon Web Services Payment Cryptography key, which makes it inactive within Amazon Web Services
* Payment Cryptography.
*
*
* You can use this operation instead of DeleteKey to
* deactivate a key. You can enable the key in the future by calling StartKeyUsage.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* DeleteKey
*
*
* -
*
*
* StartKeyUsage
*
*
*
*
* @param stopKeyUsageRequest
* @return Result of the StopKeyUsage operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.StopKeyUsage
* @see AWS API Documentation
*/
default StopKeyUsageResponse stopKeyUsage(StopKeyUsageRequest stopKeyUsageRequest) throws ServiceQuotaExceededException,
ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Disables an Amazon Web Services Payment Cryptography key, which makes it inactive within Amazon Web Services
* Payment Cryptography.
*
*
* You can use this operation instead of DeleteKey to
* deactivate a key. You can enable the key in the future by calling StartKeyUsage.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* DeleteKey
*
*
* -
*
*
* StartKeyUsage
*
*
*
*
*
* This is a convenience which creates an instance of the {@link StopKeyUsageRequest.Builder} avoiding the need to
* create one manually via {@link StopKeyUsageRequest#builder()}
*
*
* @param stopKeyUsageRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.StopKeyUsageRequest.Builder} to create a
* request.
* @return Result of the StopKeyUsage operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.StopKeyUsage
* @see AWS API Documentation
*/
default StopKeyUsageResponse stopKeyUsage(Consumer stopKeyUsageRequest)
throws ServiceQuotaExceededException, ServiceUnavailableException, ValidationException, ConflictException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
return stopKeyUsage(StopKeyUsageRequest.builder().applyMutation(stopKeyUsageRequest).build());
}
/**
*
* Adds or edits tags on an Amazon Web Services Payment Cryptography key.
*
*
*
* Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
*
*
*
* Each tag consists of a tag key and a tag value, both of which are case-sensitive strings. The tag value can be an
* empty (null) string. To add a tag, specify a new tag key and a tag value. To edit a tag, specify an existing tag
* key and a new tag value. You can also add tags to an Amazon Web Services Payment Cryptography key when you create
* it with CreateKey.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
*
* -
*
*
* UntagResource
*
*
*
*
* @param tagResourceRequest
* @return Result of the TagResource operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.TagResource
* @see AWS API Documentation
*/
default TagResourceResponse tagResource(TagResourceRequest tagResourceRequest) throws ServiceQuotaExceededException,
ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Adds or edits tags on an Amazon Web Services Payment Cryptography key.
*
*
*
* Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
*
*
*
* Each tag consists of a tag key and a tag value, both of which are case-sensitive strings. The tag value can be an
* empty (null) string. To add a tag, specify a new tag key and a tag value. To edit a tag, specify an existing tag
* key and a new tag value. You can also add tags to an Amazon Web Services Payment Cryptography key when you create
* it with CreateKey.
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
*
* -
*
*
* UntagResource
*
*
*
*
*
* This is a convenience which creates an instance of the {@link TagResourceRequest.Builder} avoiding the need to
* create one manually via {@link TagResourceRequest#builder()}
*
*
* @param tagResourceRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.TagResourceRequest.Builder} to create a
* request.
* @return Result of the TagResource operation returned by the service.
* @throws ServiceQuotaExceededException
* This request would cause a service quota to be exceeded.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.TagResource
* @see AWS API Documentation
*/
default TagResourceResponse tagResource(Consumer tagResourceRequest)
throws ServiceQuotaExceededException, ServiceUnavailableException, ValidationException, ConflictException,
AccessDeniedException, ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException,
SdkClientException, PaymentCryptographyException {
return tagResource(TagResourceRequest.builder().applyMutation(tagResourceRequest).build());
}
/**
*
* Deletes a tag from an Amazon Web Services Payment Cryptography key.
*
*
*
* Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
*
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
*
* -
*
* TagResource
*
*
*
*
* @param untagResourceRequest
* @return Result of the UntagResource operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.UntagResource
* @see AWS API Documentation
*/
default UntagResourceResponse untagResource(UntagResourceRequest untagResourceRequest) throws ServiceUnavailableException,
ValidationException, ConflictException, AccessDeniedException, ResourceNotFoundException, ThrottlingException,
InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Deletes a tag from an Amazon Web Services Payment Cryptography key.
*
*
*
* Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
*
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
*
* -
*
* TagResource
*
*
*
*
*
* This is a convenience which creates an instance of the {@link UntagResourceRequest.Builder} avoiding the need to
* create one manually via {@link UntagResourceRequest#builder()}
*
*
* @param untagResourceRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.UntagResourceRequest.Builder} to create a
* request.
* @return Result of the UntagResource operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.UntagResource
* @see AWS API Documentation
*/
default UntagResourceResponse untagResource(Consumer untagResourceRequest)
throws ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
return untagResource(UntagResourceRequest.builder().applyMutation(untagResourceRequest).build());
}
/**
*
* Associates an existing Amazon Web Services Payment Cryptography alias with a different key. Each alias is
* associated with only one Amazon Web Services Payment Cryptography key at a time, although a key can have multiple
* aliases. The alias and the Amazon Web Services Payment Cryptography key must be in the same Amazon Web Services
* account and Amazon Web Services Region
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* CreateAlias
*
*
* -
*
* DeleteAlias
*
*
* -
*
* GetAlias
*
*
* -
*
* ListAliases
*
*
*
*
* @param updateAliasRequest
* @return Result of the UpdateAlias operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.UpdateAlias
* @see AWS API Documentation
*/
default UpdateAliasResponse updateAlias(UpdateAliasRequest updateAliasRequest) throws ServiceUnavailableException,
ValidationException, ConflictException, AccessDeniedException, ResourceNotFoundException, ThrottlingException,
InternalServerException, AwsServiceException, SdkClientException, PaymentCryptographyException {
throw new UnsupportedOperationException();
}
/**
*
* Associates an existing Amazon Web Services Payment Cryptography alias with a different key. Each alias is
* associated with only one Amazon Web Services Payment Cryptography key at a time, although a key can have multiple
* aliases. The alias and the Amazon Web Services Payment Cryptography key must be in the same Amazon Web Services
* account and Amazon Web Services Region
*
*
* Cross-account use: This operation can't be used across different Amazon Web Services accounts.
*
*
* Related operations:
*
*
* -
*
* CreateAlias
*
*
* -
*
* DeleteAlias
*
*
* -
*
* GetAlias
*
*
* -
*
* ListAliases
*
*
*
*
*
* This is a convenience which creates an instance of the {@link UpdateAliasRequest.Builder} avoiding the need to
* create one manually via {@link UpdateAliasRequest#builder()}
*
*
* @param updateAliasRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.paymentcryptography.model.UpdateAliasRequest.Builder} to create a
* request.
* @return Result of the UpdateAlias operation returned by the service.
* @throws ServiceUnavailableException
* The service cannot complete the request.
* @throws ValidationException
* The request was denied due to an invalid request error.
* @throws ConflictException
* This request can cause an inconsistent state for the resource.
* @throws AccessDeniedException
* You do not have sufficient access to perform this action.
* @throws ResourceNotFoundException
* The request was denied due to an invalid resource error.
* @throws ThrottlingException
* The request was denied due to request throttling.
* @throws InternalServerException
* The request processing has failed because of an unknown error, exception, or failure.
* @throws SdkException
* Base class for all exceptions that can be thrown by the SDK (both service and client). Can be used for
* catch all scenarios.
* @throws SdkClientException
* If any client side error occurs such as an IO related failure, failure to get credentials, etc.
* @throws PaymentCryptographyException
* Base class for all service exceptions. Unknown exceptions will be thrown as an instance of this type.
* @sample PaymentCryptographyClient.UpdateAlias
* @see AWS API Documentation
*/
default UpdateAliasResponse updateAlias(Consumer updateAliasRequest)
throws ServiceUnavailableException, ValidationException, ConflictException, AccessDeniedException,
ResourceNotFoundException, ThrottlingException, InternalServerException, AwsServiceException, SdkClientException,
PaymentCryptographyException {
return updateAlias(UpdateAliasRequest.builder().applyMutation(updateAliasRequest).build());
}
/**
* Create a {@link PaymentCryptographyClient} with the region loaded from the
* {@link software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain} and credentials loaded from the
* {@link software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider}.
*/
static PaymentCryptographyClient create() {
return builder().build();
}
/**
* Create a builder that can be used to configure and create a {@link PaymentCryptographyClient}.
*/
static PaymentCryptographyClientBuilder builder() {
return new DefaultPaymentCryptographyClientBuilder();
}
static ServiceMetadata serviceMetadata() {
return ServiceMetadata.of(SERVICE_METADATA_ID);
}
@Override
default PaymentCryptographyServiceClientConfiguration serviceClientConfiguration() {
throw new UnsupportedOperationException();
}
}