/* * Copyright 2010-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ package com.amazonaws.services.kms.model; import java.io.Serializable; import com.amazonaws.AmazonWebServiceRequest; /** *

* Decrypts ciphertext and then reencrypts it entirely within KMS. You can use * this operation to change the KMS key under which data is encrypted, such as * when you manually rotate a KMS key or change the KMS key that protects a * ciphertext. You can also use it to reencrypt ciphertext under the same KMS * key, such as to change the encryption context of a ciphertext. *

* The ReEncrypt operation can decrypt ciphertext that was * encrypted by using a KMS key in an KMS operation, such as Encrypt or * GenerateDataKey. It can also decrypt ciphertext that was encrypted by * using the public key of an asymmetric KMS key outside of KMS. However, it cannot decrypt ciphertext * produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption. These libraries return a ciphertext * format that is incompatible with KMS. *

* When you use the ReEncrypt operation, you need to provide * information for the decrypt operation and the subsequent encrypt operation. *

*
* If your ciphertext was encrypted under an asymmetric KMS key, you must use * the SourceKeyId parameter to identify the KMS key that encrypted * the ciphertext. You must also supply the encryption algorithm that was used. * This information is required to decrypt the data. *
*
*
* If your ciphertext was encrypted under a symmetric encryption KMS key, the * SourceKeyId parameter is optional. KMS can get this information * from metadata that it adds to the symmetric ciphertext blob. This feature * adds durability to your implementation by ensuring that authorized users can * decrypt ciphertext decades after it was encrypted, even if they've lost track * of the key ID. However, specifying the source KMS key is always recommended * as a best practice. When you use the SourceKeyId parameter to * specify a KMS key, KMS uses only the KMS key you specify. If the ciphertext * was encrypted under a different KMS key, the ReEncrypt operation * fails. This practice ensures that you use the KMS key that you intend. *
*
*
* To reencrypt the data, you must use the DestinationKeyId * parameter to specify the KMS key that re-encrypts the data after it is * decrypted. If the destination KMS key is an asymmetric KMS key, you must also * provide the encryption algorithm. The algorithm that you choose must be * compatible with the KMS key. *
* *
* When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to * record the KMS key and encryption algorithm that you choose. You will be * required to provide the same KMS key and encryption algorithm when you * decrypt the data. If the KMS key and algorithm do not match the values used * to encrypt the data, the decrypt operation fails. *
*
* You are not required to supply the key ID and encryption algorithm when you * decrypt with symmetric encryption KMS keys because KMS stores this * information in the ciphertext blob. KMS cannot store metadata in ciphertext * generated with asymmetric keys. The standard format for asymmetric key * ciphertext does not include configurable fields. *
*

* The KMS key that you use for this operation must be in a compatible key * state. For details, see Key states of KMS keys in the Key Management Service Developer * Guide. *

* Cross-account use: Yes. The source KMS key and destination KMS key can * be in different Amazon Web Services accounts. Either or both KMS keys can be * in a different account than the caller. To specify a KMS key in a different * account, you must use its key ARN or alias ARN. *

* Required permissions: *

*
* kms:ReEncryptFrom permission on the source KMS key (key policy) *
*
*
* kms:ReEncryptTo permission on the destination KMS key (key policy) *
*

* To permit reencryption from or to a KMS key, include the * "kms:ReEncrypt*" permission in your key * policy. This permission is automatically included in the key policy when * you use the console to create a KMS key. But you must include it manually * when you create a KMS key programmatically or when you use the * PutKeyPolicy operation to set a key policy. *

* Related operations: *

*
* Decrypt *
*
*
* Encrypt *
*
*
* GenerateDataKey *
*
*
* GenerateDataKeyPair *
*

*/ public class ReEncryptRequest extends AmazonWebServiceRequest implements Serializable { /** *

* Ciphertext of the data to reencrypt. *

* Constraints:
* Length: 1 - 6144
*/ private java.nio.ByteBuffer ciphertextBlob; /** *

* Specifies the encryption context to use to decrypt the ciphertext. Enter * the same encryption context that was used to encrypt the ciphertext. *

* An encryption context is a collection of non-secret key-value * pairs that represent additional authenticated data. When you use an * encryption context to encrypt data, you must specify the same (an exact * case-sensitive match) encryption context to decrypt the data. An * encryption context is supported only on operations with symmetric * encryption KMS keys. On operations with symmetric encryption KMS keys, an * encryption context is optional, but it is strongly recommended. *

* For more information, see Encryption context in the Key Management Service Developer * Guide. *

*/ private java.util.Map sourceEncryptionContext = new java.util.HashMap(); /** *

* Specifies the KMS key that KMS will use to decrypt the ciphertext before * it is re-encrypted. *

* Enter a key ID of the KMS key that was used to encrypt the ciphertext. If * you identify a different KMS key, the ReEncrypt operation * throws an IncorrectKeyException. *

* This parameter is required only when the ciphertext was encrypted under * an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS * can get the KMS key from metadata that it adds to the symmetric * ciphertext blob. However, it is always recommended as a best practice. * This practice ensures that you use the KMS key that you intend. *

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. * When using an alias name, prefix it with "alias/". To * specify a KMS key in a different Amazon Web Services account, you must * use the key ARN or alias ARN. *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

* Constraints:
* Length: 1 - 2048
*/ private String sourceKeyId; /** *

* A unique identifier for the KMS key that is used to reencrypt the data. * Specify a symmetric encryption KMS key or an asymmetric KMS key with a * KeyUsage value of ENCRYPT_DECRYPT. To find the * KeyUsage value of a KMS key, use the DescribeKey * operation. *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

* Constraints:
* Length: 1 - 2048
*/ private String destinationKeyId; /** *

* Specifies that encryption context to use when the reencrypting the data. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* A destination encryption context is valid only when the destination KMS * key is a symmetric encryption KMS key. The standard ciphertext format for * asymmetric KMS keys does not include fields for metadata. *

* For more information, see Encryption context in the Key Management Service Developer * Guide. *

*/ private java.util.Map destinationEncryptionContext = new java.util.HashMap(); /** *

* Specifies the encryption algorithm that KMS will use to decrypt the * ciphertext before it is reencrypted. The default value, * SYMMETRIC_DEFAULT, represents the algorithm used for * symmetric encryption KMS keys. *

* Specify the same algorithm that was used to encrypt the ciphertext. If * you specify a different algorithm, the decrypt attempt fails. *

* This parameter is required only when the ciphertext was encrypted under * an asymmetric KMS key. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE */ private String sourceEncryptionAlgorithm; /** *

* Specifies the encryption algorithm that KMS will use to reecrypt the data * after it has decrypted it. The default value, * SYMMETRIC_DEFAULT, represents the encryption algorithm used * for symmetric encryption KMS keys. *

* This parameter is required only when the destination KMS key is an * asymmetric KMS key. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE */ private String destinationEncryptionAlgorithm; /** *

* A list of grant tokens. *

* Use a grant token when your permission to call this operation comes from * a new grant that has not yet achieved eventual consistency. For * more information, see Grant token and Using a grant token in the Key Management Service Developer * Guide. *

*/ private java.util.List grantTokens = new java.util.ArrayList(); /** *

* Checks if your request will succeed. DryRun is an optional * parameter. *

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

*/ private Boolean dryRun; /** *

* Ciphertext of the data to reencrypt. *

* Constraints:
* Length: 1 - 6144
* * @return

* Ciphertext of the data to reencrypt. *

*/ public java.nio.ByteBuffer getCiphertextBlob() { return ciphertextBlob; } /** *

* Ciphertext of the data to reencrypt. *

* Constraints:
* Length: 1 - 6144
* * @param ciphertextBlob

* Ciphertext of the data to reencrypt. *

*/ public void setCiphertextBlob(java.nio.ByteBuffer ciphertextBlob) { this.ciphertextBlob = ciphertextBlob; } /** *

* Ciphertext of the data to reencrypt. *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 1 - 6144
* * @param ciphertextBlob

* Ciphertext of the data to reencrypt. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReEncryptRequest withCiphertextBlob(java.nio.ByteBuffer ciphertextBlob) { this.ciphertextBlob = ciphertextBlob; return this; } /** *

* Specifies the encryption context to use to decrypt the ciphertext. Enter * the same encryption context that was used to encrypt the ciphertext. *

* For more information, see Encryption context in the Key Management Service Developer * Guide. *

* * @return

* Specifies the encryption context to use to decrypt the * ciphertext. Enter the same encryption context that was used to * encrypt the ciphertext. *

* An encryption context is a collection of non-secret * key-value pairs that represent additional authenticated data. * When you use an encryption context to encrypt data, you must * specify the same (an exact case-sensitive match) encryption * context to decrypt the data. An encryption context is supported * only on operations with symmetric encryption KMS keys. On * operations with symmetric encryption KMS keys, an encryption * context is optional, but it is strongly recommended. *

* For more information, see Encryption context in the Key Management Service * Developer Guide. *

*/ public java.util.Map getSourceEncryptionContext() { return sourceEncryptionContext; } /** *

* Specifies the encryption context to use to decrypt the ciphertext. Enter * the same encryption context that was used to encrypt the ciphertext. *

* For more information, see Encryption context in the Key Management Service Developer * Guide. *

* * @param sourceEncryptionContext

* Specifies the encryption context to use to decrypt the * ciphertext. Enter the same encryption context that was used to * encrypt the ciphertext. *

* An encryption context is a collection of non-secret * key-value pairs that represent additional authenticated data. * When you use an encryption context to encrypt data, you must * specify the same (an exact case-sensitive match) encryption * context to decrypt the data. An encryption context is * supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an * encryption context is optional, but it is strongly * recommended. *

* For more information, see Encryption context in the Key Management Service * Developer Guide. *

*/ public void setSourceEncryptionContext(java.util.Map sourceEncryptionContext) { this.sourceEncryptionContext = sourceEncryptionContext; } /** *

* Specifies the encryption context to use to decrypt the ciphertext. Enter * the same encryption context that was used to encrypt the ciphertext. *

* For more information, see Encryption context in the Key Management Service Developer * Guide. *

* Returns a reference to this object so that method calls can be chained * together. * * @param sourceEncryptionContext

* Specifies the encryption context to use to decrypt the * ciphertext. Enter the same encryption context that was used to * encrypt the ciphertext. *

* An encryption context is a collection of non-secret * key-value pairs that represent additional authenticated data. * When you use an encryption context to encrypt data, you must * specify the same (an exact case-sensitive match) encryption * context to decrypt the data. An encryption context is * supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an * encryption context is optional, but it is strongly * recommended. *

* For more information, see Encryption context in the Key Management Service * Developer Guide. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReEncryptRequest withSourceEncryptionContext( java.util.Map sourceEncryptionContext) { this.sourceEncryptionContext = sourceEncryptionContext; return this; } /** *

* Specifies the encryption context to use to decrypt the ciphertext. Enter * the same encryption context that was used to encrypt the ciphertext. *

* For more information, see Encryption context in the Key Management Service Developer * Guide. *

* The method adds a new key-value pair into SourceEncryptionContext * parameter, and returns a reference to this object so that method calls * can be chained together. * * @param key The key of the entry to be added into SourceEncryptionContext. * @param value The corresponding value of the entry to be added into * SourceEncryptionContext. * @return A reference to this updated object so that method calls can be * chained together. */ public ReEncryptRequest addSourceEncryptionContextEntry(String key, String value) { if (null == this.sourceEncryptionContext) { this.sourceEncryptionContext = new java.util.HashMap(); } if (this.sourceEncryptionContext.containsKey(key)) throw new IllegalArgumentException("Duplicated keys (" + key.toString() + ") are provided."); this.sourceEncryptionContext.put(key, value); return this; } /** * Removes all the entries added into SourceEncryptionContext. *

* Returns a reference to this object so that method calls can be chained * together. */ public ReEncryptRequest clearSourceEncryptionContextEntries() { this.sourceEncryptionContext = null; return this; } /** *

* Specifies the KMS key that KMS will use to decrypt the ciphertext before * it is re-encrypted. *

* Enter a key ID of the KMS key that was used to encrypt the ciphertext. If * you identify a different KMS key, the ReEncrypt operation * throws an IncorrectKeyException. *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

* Constraints:
* Length: 1 - 2048
* * @return

* Specifies the KMS key that KMS will use to decrypt the ciphertext * before it is re-encrypted. *

* Enter a key ID of the KMS key that was used to encrypt the * ciphertext. If you identify a different KMS key, the * ReEncrypt operation throws an * IncorrectKeyException. *

* This parameter is required only when the ciphertext was encrypted * under an asymmetric KMS key. If you used a symmetric encryption * KMS key, KMS can get the KMS key from metadata that it adds to * the symmetric ciphertext blob. However, it is always recommended * as a best practice. This practice ensures that you use the KMS * key that you intend. *

* To specify a KMS key, use its key ID, key ARN, alias name, or * alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different Amazon * Web Services account, you must use the key ARN or alias ARN. *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use ListKeys * or DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

*/ public String getSourceKeyId() { return sourceKeyId; } /** *

* Specifies the KMS key that KMS will use to decrypt the ciphertext before * it is re-encrypted. *

* Enter a key ID of the KMS key that was used to encrypt the ciphertext. If * you identify a different KMS key, the ReEncrypt operation * throws an IncorrectKeyException. *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

* Constraints:
* Length: 1 - 2048
* * @param sourceKeyId

* Specifies the KMS key that KMS will use to decrypt the * ciphertext before it is re-encrypted. *

* Enter a key ID of the KMS key that was used to encrypt the * ciphertext. If you identify a different KMS key, the * ReEncrypt operation throws an * IncorrectKeyException. *

* This parameter is required only when the ciphertext was * encrypted under an asymmetric KMS key. If you used a symmetric * encryption KMS key, KMS can get the KMS key from metadata that * it adds to the symmetric ciphertext blob. However, it is * always recommended as a best practice. This practice ensures * that you use the KMS key that you intend. *

* To specify a KMS key, use its key ID, key ARN, alias name, or * alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different * Amazon Web Services account, you must use the key ARN or alias * ARN. *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name * and alias ARN, use ListAliases. *

*/ public void setSourceKeyId(String sourceKeyId) { this.sourceKeyId = sourceKeyId; } /** *

* Specifies the KMS key that KMS will use to decrypt the ciphertext before * it is re-encrypted. *

* Enter a key ID of the KMS key that was used to encrypt the ciphertext. If * you identify a different KMS key, the ReEncrypt operation * throws an IncorrectKeyException. *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 1 - 2048
* * @param sourceKeyId

* Specifies the KMS key that KMS will use to decrypt the * ciphertext before it is re-encrypted. *

* Enter a key ID of the KMS key that was used to encrypt the * ciphertext. If you identify a different KMS key, the * ReEncrypt operation throws an * IncorrectKeyException. *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name * and alias ARN, use ListAliases. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReEncryptRequest withSourceKeyId(String sourceKeyId) { this.sourceKeyId = sourceKeyId; return this; } /** *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

* Constraints:
* Length: 1 - 2048
* * @return

* A unique identifier for the KMS key that is used to reencrypt the * data. Specify a symmetric encryption KMS key or an asymmetric KMS * key with a KeyUsage value of * ENCRYPT_DECRYPT. To find the KeyUsage * value of a KMS key, use the DescribeKey operation. *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use ListKeys * or DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

*/ public String getDestinationKeyId() { return destinationKeyId; } /** *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

* Constraints:
* Length: 1 - 2048
* * @param destinationKeyId

* A unique identifier for the KMS key that is used to reencrypt * the data. Specify a symmetric encryption KMS key or an * asymmetric KMS key with a KeyUsage value of * ENCRYPT_DECRYPT. To find the * KeyUsage value of a KMS key, use the * DescribeKey operation. *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name * and alias ARN, use ListAliases. *

*/ public void setDestinationKeyId(String destinationKeyId) { this.destinationKeyId = destinationKeyId; } /** *

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 1 - 2048
* * @param destinationKeyId

* For example: *

*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *
*
*
* Alias name: alias/ExampleAlias *
*
*
* Alias ARN: * arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias *
*

* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name * and alias ARN, use ListAliases. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReEncryptRequest withDestinationKeyId(String destinationKeyId) { this.destinationKeyId = destinationKeyId; return this; } /** *

* Specifies that encryption context to use when the reencrypting the data. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* For more information, see Encryption context in the Key Management Service Developer * Guide. *

* * @return

* Specifies that encryption context to use when the reencrypting * the data. *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* *

* A destination encryption context is valid only when the * destination KMS key is a symmetric encryption KMS key. The * standard ciphertext format for asymmetric KMS keys does not * include fields for metadata. *

* For more information, see Encryption context in the Key Management Service * Developer Guide. *

*/ public java.util.Map getDestinationEncryptionContext() { return destinationEncryptionContext; } /** *

* Specifies that encryption context to use when the reencrypting the data. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* For more information, see Encryption context in the Key Management Service Developer * Guide. *

* * @param destinationEncryptionContext

* Specifies that encryption context to use when the reencrypting * the data. *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* *

* An encryption context is a collection of non-secret * key-value pairs that represent additional authenticated data. * When you use an encryption context to encrypt data, you must * specify the same (an exact case-sensitive match) encryption * context to decrypt the data. An encryption context is * supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an * encryption context is optional, but it is strongly * recommended. *

* For more information, see Encryption context in the Key Management Service * Developer Guide. *

*/ public void setDestinationEncryptionContext( java.util.Map destinationEncryptionContext) { this.destinationEncryptionContext = destinationEncryptionContext; } /** *

* Specifies that encryption context to use when the reencrypting the data. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* For more information, see Encryption context in the Key Management Service Developer * Guide. *

* Returns a reference to this object so that method calls can be chained * together. * * @param destinationEncryptionContext

* Specifies that encryption context to use when the reencrypting * the data. *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* *

* An encryption context is a collection of non-secret * key-value pairs that represent additional authenticated data. * When you use an encryption context to encrypt data, you must * specify the same (an exact case-sensitive match) encryption * context to decrypt the data. An encryption context is * supported only on operations with symmetric encryption KMS * keys. On operations with symmetric encryption KMS keys, an * encryption context is optional, but it is strongly * recommended. *

* For more information, see Encryption context in the Key Management Service * Developer Guide. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReEncryptRequest withDestinationEncryptionContext( java.util.Map destinationEncryptionContext) { this.destinationEncryptionContext = destinationEncryptionContext; return this; } /** *

* Specifies that encryption context to use when the reencrypting the data. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* For more information, see Encryption context in the Key Management Service Developer * Guide. *

* The method adds a new key-value pair into DestinationEncryptionContext * parameter, and returns a reference to this object so that method calls * can be chained together. * * @param key The key of the entry to be added into * DestinationEncryptionContext. * @param value The corresponding value of the entry to be added into * DestinationEncryptionContext. * @return A reference to this updated object so that method calls can be * chained together. */ public ReEncryptRequest addDestinationEncryptionContextEntry(String key, String value) { if (null == this.destinationEncryptionContext) { this.destinationEncryptionContext = new java.util.HashMap(); } if (this.destinationEncryptionContext.containsKey(key)) throw new IllegalArgumentException("Duplicated keys (" + key.toString() + ") are provided."); this.destinationEncryptionContext.put(key, value); return this; } /** * Removes all the entries added into DestinationEncryptionContext. *

* Returns a reference to this object so that method calls can be chained * together. */ public ReEncryptRequest clearDestinationEncryptionContextEntries() { this.destinationEncryptionContext = null; return this; } /** *

* Specify the same algorithm that was used to encrypt the ciphertext. If * you specify a different algorithm, the decrypt attempt fails. *

* This parameter is required only when the ciphertext was encrypted under * an asymmetric KMS key. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE * * @return

* Specifies the encryption algorithm that KMS will use to decrypt * the ciphertext before it is reencrypted. The default value, * SYMMETRIC_DEFAULT, represents the algorithm used for * symmetric encryption KMS keys. *

* Specify the same algorithm that was used to encrypt the * ciphertext. If you specify a different algorithm, the decrypt * attempt fails. *

* This parameter is required only when the ciphertext was encrypted * under an asymmetric KMS key. *

* @see EncryptionAlgorithmSpec */ public String getSourceEncryptionAlgorithm() { return sourceEncryptionAlgorithm; } /** *

* Specify the same algorithm that was used to encrypt the ciphertext. If * you specify a different algorithm, the decrypt attempt fails. *

* This parameter is required only when the ciphertext was encrypted under * an asymmetric KMS key. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE * * @param sourceEncryptionAlgorithm

* Specifies the encryption algorithm that KMS will use to * decrypt the ciphertext before it is reencrypted. The default * value, SYMMETRIC_DEFAULT, represents the * algorithm used for symmetric encryption KMS keys. *

* Specify the same algorithm that was used to encrypt the * ciphertext. If you specify a different algorithm, the decrypt * attempt fails. *

* This parameter is required only when the ciphertext was * encrypted under an asymmetric KMS key. *

* @see EncryptionAlgorithmSpec */ public void setSourceEncryptionAlgorithm(String sourceEncryptionAlgorithm) { this.sourceEncryptionAlgorithm = sourceEncryptionAlgorithm; } /** *

* Specify the same algorithm that was used to encrypt the ciphertext. If * you specify a different algorithm, the decrypt attempt fails. *

* This parameter is required only when the ciphertext was encrypted under * an asymmetric KMS key. *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE * * @param sourceEncryptionAlgorithm

* Specify the same algorithm that was used to encrypt the * ciphertext. If you specify a different algorithm, the decrypt * attempt fails. *

* This parameter is required only when the ciphertext was * encrypted under an asymmetric KMS key. *

* @return A reference to this updated object so that method calls can be * chained together. * @see EncryptionAlgorithmSpec */ public ReEncryptRequest withSourceEncryptionAlgorithm(String sourceEncryptionAlgorithm) { this.sourceEncryptionAlgorithm = sourceEncryptionAlgorithm; return this; } /** *

* Specify the same algorithm that was used to encrypt the ciphertext. If * you specify a different algorithm, the decrypt attempt fails. *

* This parameter is required only when the ciphertext was encrypted under * an asymmetric KMS key. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE * * @param sourceEncryptionAlgorithm

* Specify the same algorithm that was used to encrypt the * ciphertext. If you specify a different algorithm, the decrypt * attempt fails. *

* This parameter is required only when the ciphertext was * encrypted under an asymmetric KMS key. *

* @see EncryptionAlgorithmSpec */ public void setSourceEncryptionAlgorithm(EncryptionAlgorithmSpec sourceEncryptionAlgorithm) { this.sourceEncryptionAlgorithm = sourceEncryptionAlgorithm.toString(); } /** *

* Specify the same algorithm that was used to encrypt the ciphertext. If * you specify a different algorithm, the decrypt attempt fails. *

* This parameter is required only when the ciphertext was encrypted under * an asymmetric KMS key. *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE * * @param sourceEncryptionAlgorithm

* Specify the same algorithm that was used to encrypt the * ciphertext. If you specify a different algorithm, the decrypt * attempt fails. *

* This parameter is required only when the ciphertext was * encrypted under an asymmetric KMS key. *

* @return A reference to this updated object so that method calls can be * chained together. * @see EncryptionAlgorithmSpec */ public ReEncryptRequest withSourceEncryptionAlgorithm( EncryptionAlgorithmSpec sourceEncryptionAlgorithm) { this.sourceEncryptionAlgorithm = sourceEncryptionAlgorithm.toString(); return this; } /** *

* This parameter is required only when the destination KMS key is an * asymmetric KMS key. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE * * @return

* Specifies the encryption algorithm that KMS will use to reecrypt * the data after it has decrypted it. The default value, * SYMMETRIC_DEFAULT, represents the encryption * algorithm used for symmetric encryption KMS keys. *

* This parameter is required only when the destination KMS key is * an asymmetric KMS key. *

* @see EncryptionAlgorithmSpec */ public String getDestinationEncryptionAlgorithm() { return destinationEncryptionAlgorithm; } /** *

* This parameter is required only when the destination KMS key is an * asymmetric KMS key. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE * * @param destinationEncryptionAlgorithm

* Specifies the encryption algorithm that KMS will use to * reecrypt the data after it has decrypted it. The default * value, SYMMETRIC_DEFAULT, represents the * encryption algorithm used for symmetric encryption KMS keys. *

* This parameter is required only when the destination KMS key * is an asymmetric KMS key. *

* @see EncryptionAlgorithmSpec */ public void setDestinationEncryptionAlgorithm(String destinationEncryptionAlgorithm) { this.destinationEncryptionAlgorithm = destinationEncryptionAlgorithm; } /** *

* This parameter is required only when the destination KMS key is an * asymmetric KMS key. *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE * * @param destinationEncryptionAlgorithm

* This parameter is required only when the destination KMS key * is an asymmetric KMS key. *

* @return A reference to this updated object so that method calls can be * chained together. * @see EncryptionAlgorithmSpec */ public ReEncryptRequest withDestinationEncryptionAlgorithm(String destinationEncryptionAlgorithm) { this.destinationEncryptionAlgorithm = destinationEncryptionAlgorithm; return this; } /** *

* This parameter is required only when the destination KMS key is an * asymmetric KMS key. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE * * @param destinationEncryptionAlgorithm

* This parameter is required only when the destination KMS key * is an asymmetric KMS key. *

* @see EncryptionAlgorithmSpec */ public void setDestinationEncryptionAlgorithm( EncryptionAlgorithmSpec destinationEncryptionAlgorithm) { this.destinationEncryptionAlgorithm = destinationEncryptionAlgorithm.toString(); } /** *

* This parameter is required only when the destination KMS key is an * asymmetric KMS key. *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, * RSAES_OAEP_SHA_256, SM2PKE * * @param destinationEncryptionAlgorithm

* This parameter is required only when the destination KMS key * is an asymmetric KMS key. *

* @return A reference to this updated object so that method calls can be * chained together. * @see EncryptionAlgorithmSpec */ public ReEncryptRequest withDestinationEncryptionAlgorithm( EncryptionAlgorithmSpec destinationEncryptionAlgorithm) { this.destinationEncryptionAlgorithm = destinationEncryptionAlgorithm.toString(); return this; } /** *

* A list of grant tokens. *

* * @return

* A list of grant tokens. *

* Use a grant token when your permission to call this operation * comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant token and Using a grant token in the Key Management Service * Developer Guide. *

*/ public java.util.List getGrantTokens() { return grantTokens; } /** *

* A list of grant tokens. *

* * @param grantTokens

* A list of grant tokens. *

*/ public void setGrantTokens(java.util.Collection grantTokens) { if (grantTokens == null) { this.grantTokens = null; return; } this.grantTokens = new java.util.ArrayList(grantTokens); } /** *

* A list of grant tokens. *

* Returns a reference to this object so that method calls can be chained * together. * * @param grantTokens

* A list of grant tokens. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReEncryptRequest withGrantTokens(String... grantTokens) { if (getGrantTokens() == null) { this.grantTokens = new java.util.ArrayList(grantTokens.length); } for (String value : grantTokens) { this.grantTokens.add(value); } return this; } /** *

* A list of grant tokens. *

* Returns a reference to this object so that method calls can be chained * together. * * @param grantTokens

* A list of grant tokens. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReEncryptRequest withGrantTokens(java.util.Collection grantTokens) { setGrantTokens(grantTokens); return this; } /** *

* Checks if your request will succeed. DryRun is an optional * parameter. *

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

* * @return

* Checks if your request will succeed. DryRun is an * optional parameter. *

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

*/ public Boolean isDryRun() { return dryRun; } /** *

* Checks if your request will succeed. DryRun is an optional * parameter. *

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

* * @return

* Checks if your request will succeed. DryRun is an * optional parameter. *

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

*/ public Boolean getDryRun() { return dryRun; } /** *

* Checks if your request will succeed. DryRun is an optional * parameter. *

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

* * @param dryRun

* Checks if your request will succeed. DryRun is an * optional parameter. *

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management * Service Developer Guide. *

*/ public void setDryRun(Boolean dryRun) { this.dryRun = dryRun; } /** *

* Checks if your request will succeed. DryRun is an optional * parameter. *

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

* Returns a reference to this object so that method calls can be chained * together. * * @param dryRun

* Checks if your request will succeed. DryRun is an * optional parameter. *

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management * Service Developer Guide. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReEncryptRequest withDryRun(Boolean dryRun) { this.dryRun = dryRun; return this; } /** * Returns a string representation of this object; useful for testing and * debugging. * * @return A string representation of this object. * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getCiphertextBlob() != null) sb.append("CiphertextBlob: " + getCiphertextBlob() + ","); if (getSourceEncryptionContext() != null) sb.append("SourceEncryptionContext: " + getSourceEncryptionContext() + ","); if (getSourceKeyId() != null) sb.append("SourceKeyId: " + getSourceKeyId() + ","); if (getDestinationKeyId() != null) sb.append("DestinationKeyId: " + getDestinationKeyId() + ","); if (getDestinationEncryptionContext() != null) sb.append("DestinationEncryptionContext: " + getDestinationEncryptionContext() + ","); if (getSourceEncryptionAlgorithm() != null) sb.append("SourceEncryptionAlgorithm: " + getSourceEncryptionAlgorithm() + ","); if (getDestinationEncryptionAlgorithm() != null) sb.append("DestinationEncryptionAlgorithm: " + getDestinationEncryptionAlgorithm() + ","); if (getGrantTokens() != null) sb.append("GrantTokens: " + getGrantTokens() + ","); if (getDryRun() != null) sb.append("DryRun: " + getDryRun()); sb.append("}"); return sb.toString(); } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getCiphertextBlob() == null) ? 0 : getCiphertextBlob().hashCode()); hashCode = prime * hashCode + ((getSourceEncryptionContext() == null) ? 0 : getSourceEncryptionContext() .hashCode()); hashCode = prime * hashCode + ((getSourceKeyId() == null) ? 0 : getSourceKeyId().hashCode()); hashCode = prime * hashCode + ((getDestinationKeyId() == null) ? 0 : getDestinationKeyId().hashCode()); hashCode = prime * hashCode + ((getDestinationEncryptionContext() == null) ? 0 : getDestinationEncryptionContext().hashCode()); hashCode = prime * hashCode + ((getSourceEncryptionAlgorithm() == null) ? 0 : getSourceEncryptionAlgorithm() .hashCode()); hashCode = prime * hashCode + ((getDestinationEncryptionAlgorithm() == null) ? 0 : getDestinationEncryptionAlgorithm().hashCode()); hashCode = prime * hashCode + ((getGrantTokens() == null) ? 0 : getGrantTokens().hashCode()); hashCode = prime * hashCode + ((getDryRun() == null) ? 0 : getDryRun().hashCode()); return hashCode; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof ReEncryptRequest == false) return false; ReEncryptRequest other = (ReEncryptRequest) obj; if (other.getCiphertextBlob() == null ^ this.getCiphertextBlob() == null) return false; if (other.getCiphertextBlob() != null && other.getCiphertextBlob().equals(this.getCiphertextBlob()) == false) return false; if (other.getSourceEncryptionContext() == null ^ this.getSourceEncryptionContext() == null) return false; if (other.getSourceEncryptionContext() != null && other.getSourceEncryptionContext().equals(this.getSourceEncryptionContext()) == false) return false; if (other.getSourceKeyId() == null ^ this.getSourceKeyId() == null) return false; if (other.getSourceKeyId() != null && other.getSourceKeyId().equals(this.getSourceKeyId()) == false) return false; if (other.getDestinationKeyId() == null ^ this.getDestinationKeyId() == null) return false; if (other.getDestinationKeyId() != null && other.getDestinationKeyId().equals(this.getDestinationKeyId()) == false) return false; if (other.getDestinationEncryptionContext() == null ^ this.getDestinationEncryptionContext() == null) return false; if (other.getDestinationEncryptionContext() != null && other.getDestinationEncryptionContext().equals( this.getDestinationEncryptionContext()) == false) return false; if (other.getSourceEncryptionAlgorithm() == null ^ this.getSourceEncryptionAlgorithm() == null) return false; if (other.getSourceEncryptionAlgorithm() != null && other.getSourceEncryptionAlgorithm().equals(this.getSourceEncryptionAlgorithm()) == false) return false; if (other.getDestinationEncryptionAlgorithm() == null ^ this.getDestinationEncryptionAlgorithm() == null) return false; if (other.getDestinationEncryptionAlgorithm() != null && other.getDestinationEncryptionAlgorithm().equals( this.getDestinationEncryptionAlgorithm()) == false) return false; if (other.getGrantTokens() == null ^ this.getGrantTokens() == null) return false; if (other.getGrantTokens() != null && other.getGrantTokens().equals(this.getGrantTokens()) == false) return false; if (other.getDryRun() == null ^ this.getDryRun() == null) return false; if (other.getDryRun() != null && other.getDryRun().equals(this.getDryRun()) == false) return false; return true; } }