* Returns a random byte string that is cryptographically secure. *
*
* You must use the NumberOfBytes parameter to specify the length
* of the random byte string. There is no default value for string length.
*
* By default, the random byte string is generated in KMS. To generate the byte
* string in the CloudHSM cluster associated with an CloudHSM key store, use the
* CustomKeyStoreId parameter.
*
* GenerateRandom also supports Amazon Web Services Nitro Enclaves, which provide an isolated compute
* environment in Amazon EC2. To call GenerateRandom for a Nitro
* enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.
* Use the Recipient parameter to provide the attestation document
* for the enclave. Instead of plaintext bytes, the response includes the
* plaintext bytes encrypted under the public key from the attestation document
* (CiphertextForRecipient).For information about the interaction
* between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management
* Service Developer Guide.
*
* For more information about entropy and random number generation, see Key * Management Service Cryptographic Details. *
*
* Cross-account use: Not applicable. GenerateRandom does
* not use any account-specific resources, such as KMS keys.
*
* Required permissions: kms:GenerateRandom (IAM policy) *
*/ public class GenerateRandomRequest extends AmazonWebServiceRequest implements Serializable { /** ** The length of the random byte string. This parameter is required. *
*
* Constraints:
* Range: 1 - 1024
*/
private Integer numberOfBytes;
/**
*
* Generates the random byte string in the CloudHSM cluster that is * associated with the specified CloudHSM key store. To find the ID of a * custom key store, use the DescribeCustomKeyStores operation. *
*
* External key store IDs are not valid for this parameter. If you specify
* the ID of an external key store, GenerateRandom throws an
* UnsupportedOperationException.
*
* Constraints:
* Length: 1 - 64
*/
private String customKeyStoreId;
/**
*
* A signed attestation document from an Amazon Web Services Nitro enclave and
* the encryption algorithm to use with the enclave's public key. The only
* valid encryption algorithm is RSAES_OAEP_SHA_256.
*
* This parameter only supports attestation documents for Amazon Web * Services Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services * SDK. *
*
* When you use this parameter, instead of returning plaintext bytes, KMS
* encrypts the plaintext bytes under the public key in the attestation
* document, and returns the resulting ciphertext in the
* CiphertextForRecipient field in the response. This
* ciphertext can be decrypted only with the private key in the enclave. The
* Plaintext field in the response is null or empty.
*
* For information about the interaction between KMS and Amazon Web Services * Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key * Management Service Developer Guide. *
*/ private RecipientInfo recipient; /** ** The length of the random byte string. This parameter is required. *
*
* Constraints:
* Range: 1 - 1024
*
* @return
* The length of the random byte string. This parameter is required. *
*/ public Integer getNumberOfBytes() { return numberOfBytes; } /** ** The length of the random byte string. This parameter is required. *
*
* Constraints:
* Range: 1 - 1024
*
* @param numberOfBytes
* The length of the random byte string. This parameter is * required. *
*/ public void setNumberOfBytes(Integer numberOfBytes) { this.numberOfBytes = numberOfBytes; } /** ** The length of the random byte string. This parameter is required. *
** Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Range: 1 - 1024
*
* @param numberOfBytes
* The length of the random byte string. This parameter is * required. *
* @return A reference to this updated object so that method calls can be * chained together. */ public GenerateRandomRequest withNumberOfBytes(Integer numberOfBytes) { this.numberOfBytes = numberOfBytes; return this; } /** ** Generates the random byte string in the CloudHSM cluster that is * associated with the specified CloudHSM key store. To find the ID of a * custom key store, use the DescribeCustomKeyStores operation. *
*
* External key store IDs are not valid for this parameter. If you specify
* the ID of an external key store, GenerateRandom throws an
* UnsupportedOperationException.
*
* Constraints:
* Length: 1 - 64
*
* @return
* Generates the random byte string in the CloudHSM cluster that is * associated with the specified CloudHSM key store. To find the ID * of a custom key store, use the DescribeCustomKeyStores * operation. *
*
* External key store IDs are not valid for this parameter. If you
* specify the ID of an external key store,
* GenerateRandom throws an
* UnsupportedOperationException.
*
* Generates the random byte string in the CloudHSM cluster that is * associated with the specified CloudHSM key store. To find the ID of a * custom key store, use the DescribeCustomKeyStores operation. *
*
* External key store IDs are not valid for this parameter. If you specify
* the ID of an external key store, GenerateRandom throws an
* UnsupportedOperationException.
*
* Constraints:
* Length: 1 - 64
*
* @param customKeyStoreId
* Generates the random byte string in the CloudHSM cluster that * is associated with the specified CloudHSM key store. To find * the ID of a custom key store, use the * DescribeCustomKeyStores operation. *
*
* External key store IDs are not valid for this parameter. If
* you specify the ID of an external key store,
* GenerateRandom throws an
* UnsupportedOperationException.
*
* Generates the random byte string in the CloudHSM cluster that is * associated with the specified CloudHSM key store. To find the ID of a * custom key store, use the DescribeCustomKeyStores operation. *
*
* External key store IDs are not valid for this parameter. If you specify
* the ID of an external key store, GenerateRandom throws an
* UnsupportedOperationException.
*
* Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Length: 1 - 64
*
* @param customKeyStoreId
* Generates the random byte string in the CloudHSM cluster that * is associated with the specified CloudHSM key store. To find * the ID of a custom key store, use the * DescribeCustomKeyStores operation. *
*
* External key store IDs are not valid for this parameter. If
* you specify the ID of an external key store,
* GenerateRandom throws an
* UnsupportedOperationException.
*
* A signed attestation document from an Amazon Web Services Nitro enclave and
* the encryption algorithm to use with the enclave's public key. The only
* valid encryption algorithm is RSAES_OAEP_SHA_256.
*
* This parameter only supports attestation documents for Amazon Web * Services Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services * SDK. *
*
* When you use this parameter, instead of returning plaintext bytes, KMS
* encrypts the plaintext bytes under the public key in the attestation
* document, and returns the resulting ciphertext in the
* CiphertextForRecipient field in the response. This
* ciphertext can be decrypted only with the private key in the enclave. The
* Plaintext field in the response is null or empty.
*
* For information about the interaction between KMS and Amazon Web Services * Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key * Management Service Developer Guide. *
* * @return
* A signed attestation document from an Amazon Web Services Nitro
* enclave and the encryption algorithm to use with the enclave's
* public key. The only valid encryption algorithm is
* RSAES_OAEP_SHA_256.
*
* This parameter only supports attestation documents for Amazon Web * Services Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web * Services SDK. *
*
* When you use this parameter, instead of returning plaintext
* bytes, KMS encrypts the plaintext bytes under the public key in
* the attestation document, and returns the resulting ciphertext in
* the CiphertextForRecipient field in the response.
* This ciphertext can be decrypted only with the private key in the
* enclave. The Plaintext field in the response is null
* or empty.
*
* For information about the interaction between KMS and Amazon Web * Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the * Key Management Service Developer Guide. *
*/ public RecipientInfo getRecipient() { return recipient; } /** *
* A signed attestation document from an Amazon Web Services Nitro enclave and
* the encryption algorithm to use with the enclave's public key. The only
* valid encryption algorithm is RSAES_OAEP_SHA_256.
*
* This parameter only supports attestation documents for Amazon Web * Services Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services * SDK. *
*
* When you use this parameter, instead of returning plaintext bytes, KMS
* encrypts the plaintext bytes under the public key in the attestation
* document, and returns the resulting ciphertext in the
* CiphertextForRecipient field in the response. This
* ciphertext can be decrypted only with the private key in the enclave. The
* Plaintext field in the response is null or empty.
*
* For information about the interaction between KMS and Amazon Web Services * Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key * Management Service Developer Guide. *
* * @param recipient
* A signed attestation document from an Amazon Web Services Nitro
* enclave and the encryption algorithm to use with the enclave's
* public key. The only valid encryption algorithm is
* RSAES_OAEP_SHA_256.
*
* This parameter only supports attestation documents for Amazon * Web Services Nitro Enclaves. To include this parameter, use * the Amazon Web Services Nitro Enclaves SDK or any Amazon Web * Services SDK. *
*
* When you use this parameter, instead of returning plaintext
* bytes, KMS encrypts the plaintext bytes under the public key
* in the attestation document, and returns the resulting
* ciphertext in the CiphertextForRecipient field in
* the response. This ciphertext can be decrypted only with the
* private key in the enclave. The Plaintext field
* in the response is null or empty.
*
* For information about the interaction between KMS and Amazon * Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the * Key Management Service Developer Guide. *
*/ public void setRecipient(RecipientInfo recipient) { this.recipient = recipient; } /** *
* A signed attestation document from an Amazon Web Services Nitro enclave and
* the encryption algorithm to use with the enclave's public key. The only
* valid encryption algorithm is RSAES_OAEP_SHA_256.
*
* This parameter only supports attestation documents for Amazon Web * Services Nitro Enclaves. To include this parameter, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services * SDK. *
*
* When you use this parameter, instead of returning plaintext bytes, KMS
* encrypts the plaintext bytes under the public key in the attestation
* document, and returns the resulting ciphertext in the
* CiphertextForRecipient field in the response. This
* ciphertext can be decrypted only with the private key in the enclave. The
* Plaintext field in the response is null or empty.
*
* For information about the interaction between KMS and Amazon Web Services * Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key * Management Service Developer Guide. *
** Returns a reference to this object so that method calls can be chained * together. * * @param recipient
* A signed attestation document from an Amazon Web Services Nitro
* enclave and the encryption algorithm to use with the enclave's
* public key. The only valid encryption algorithm is
* RSAES_OAEP_SHA_256.
*
* This parameter only supports attestation documents for Amazon * Web Services Nitro Enclaves. To include this parameter, use * the Amazon Web Services Nitro Enclaves SDK or any Amazon Web * Services SDK. *
*
* When you use this parameter, instead of returning plaintext
* bytes, KMS encrypts the plaintext bytes under the public key
* in the attestation document, and returns the resulting
* ciphertext in the CiphertextForRecipient field in
* the response. This ciphertext can be decrypted only with the
* private key in the enclave. The Plaintext field
* in the response is null or empty.
*
* For information about the interaction between KMS and Amazon * Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the * Key Management Service Developer Guide. *
* @return A reference to this updated object so that method calls can be * chained together. */ public GenerateRandomRequest withRecipient(RecipientInfo recipient) { this.recipient = recipient; return this; } /** * Returns a string representation of this object; useful for testing and * debugging. * * @return A string representation of this object. * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getNumberOfBytes() != null) sb.append("NumberOfBytes: " + getNumberOfBytes() + ","); if (getCustomKeyStoreId() != null) sb.append("CustomKeyStoreId: " + getCustomKeyStoreId() + ","); if (getRecipient() != null) sb.append("Recipient: " + getRecipient()); sb.append("}"); return sb.toString(); } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getNumberOfBytes() == null) ? 0 : getNumberOfBytes().hashCode()); hashCode = prime * hashCode + ((getCustomKeyStoreId() == null) ? 0 : getCustomKeyStoreId().hashCode()); hashCode = prime * hashCode + ((getRecipient() == null) ? 0 : getRecipient().hashCode()); return hashCode; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof GenerateRandomRequest == false) return false; GenerateRandomRequest other = (GenerateRandomRequest) obj; if (other.getNumberOfBytes() == null ^ this.getNumberOfBytes() == null) return false; if (other.getNumberOfBytes() != null && other.getNumberOfBytes().equals(this.getNumberOfBytes()) == false) return false; if (other.getCustomKeyStoreId() == null ^ this.getCustomKeyStoreId() == null) return false; if (other.getCustomKeyStoreId() != null && other.getCustomKeyStoreId().equals(this.getCustomKeyStoreId()) == false) return false; if (other.getRecipient() == null ^ this.getRecipient() == null) return false; if (other.getRecipient() != null && other.getRecipient().equals(this.getRecipient()) == false) return false; return true; } }