/* * Copyright 2010-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ package com.amazonaws.services.kms.model; import java.io.Serializable; import com.amazonaws.AmazonWebServiceRequest; /** *

* Creates a digital * signature for a message or message digest by using the private key in an * asymmetric signing KMS key. To verify the signature, use the Verify * operation, or use the public key in the same asymmetric KMS key outside of * KMS. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer * Guide. *

*

* Digital signatures are generated and verified by using asymmetric key pair, * such as an RSA or ECC pair that is represented by an asymmetric KMS key. The * key owner (or an authorized user) uses their private key to sign a message. * Anyone with the public key can verify that the message was signed with that * particular private key and that the message hasn't changed since it was * signed. *

*

* To use the Sign operation, provide the following information: *

* * *

* When signing a message, be sure to record the KMS key and the signing * algorithm. This information is required to verify the signature. *

* *

* Best practices recommend that you limit the time during which any signature * is effective. This deters an attack where the actor uses a signed message to * establish validity repeatedly or long after the message is superseded. * Signatures do not include a timestamp, but you can include a timestamp in the * signed message to help you detect when its time to refresh the signature. *

* *

* To verify the signature that this operation generates, use the Verify * operation. Or use the GetPublicKey operation to download the public * key and then use the public key to verify the signature outside of KMS. *

*

* The KMS key that you use for this operation must be in a compatible key * state. For details, see Key states of KMS keys in the Key Management Service Developer * Guide. *

*

* Cross-account use: Yes. To perform this operation with a KMS key in a * different Amazon Web Services account, specify the key ARN or alias ARN in * the value of the KeyId parameter. *

*

* Required permissions: kms:Sign (key policy) *

*

* Related operations: Verify *

*/ public class SignRequest extends AmazonWebServiceRequest implements Serializable { /** *

* Identifies an asymmetric KMS key. KMS uses the private key in the * asymmetric KMS key to sign the message. The KeyUsage type of * the KMS key must be SIGN_VERIFY. To find the * KeyUsage of a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. * When using an alias name, prefix it with "alias/". To * specify a KMS key in a different Amazon Web Services account, you must * use the key ARN or alias ARN. *

*

* For example: *

* *

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

*

* Constraints:
* Length: 1 - 2048
*/ private String keyId; /** *

* Specifies the message or message digest to sign. Messages can be 0-4096 * bytes. To sign a larger message, provide a message digest. *

*

* If you provide a message digest, use the DIGEST value of * MessageType to prevent the digest from being hashed again * while signing. *

*

* Constraints:
* Length: 1 - 4096
*/ private java.nio.ByteBuffer message; /** *

* Tells KMS whether the value of the Message parameter should * be hashed as part of the signing algorithm. Use RAW for * unhashed messages; use DIGEST for message digests, which are * already hashed. *

*

* When the value of MessageType is RAW, KMS uses * the standard signing algorithm, which begins with a hash function. When * the value is DIGEST, KMS skips the hashing step in the * signing algorithm. *

* *

* Use the DIGEST value only when the value of the * Message parameter is a message digest. If you use the * DIGEST value with an unhashed message, the security of the * signing operation can be compromised. *

* *

* When the value of MessageTypeis DIGEST, the * length of the Message value must match the length of hashed * messages for the specified signing algorithm. *

*

* You can submit a message digest and omit the MessageType or * specify RAW so the digest is hashed again while signing. * However, this can cause verification failures when verifying with a * system that assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based on the * SigningAlgorithm value. *

* *

* Constraints:
* Allowed Values: RAW, DIGEST */ private String messageType; /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from * a new grant that has not yet achieved eventual consistency. For * more information, see Grant token and Using a grant token in the Key Management Service Developer * Guide. *

*/ private java.util.List grantTokens = new java.util.ArrayList(); /** *

* Specifies the signing algorithm to use when signing the message. *

*

* Choose an algorithm that is compatible with the type and size of the * specified asymmetric KMS key. When signing with RSA key pairs, RSASSA-PSS * algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms for * compatibility with existing applications. *

*

* Constraints:
* Allowed Values: RSASSA_PSS_SHA_256, RSASSA_PSS_SHA_384, * RSASSA_PSS_SHA_512, RSASSA_PKCS1_V1_5_SHA_256, RSASSA_PKCS1_V1_5_SHA_384, * RSASSA_PKCS1_V1_5_SHA_512, ECDSA_SHA_256, ECDSA_SHA_384, ECDSA_SHA_512, * SM2DSA */ private String signingAlgorithm; /** *

* Checks if your request will succeed. DryRun is an optional * parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

*/ private Boolean dryRun; /** *

* Identifies an asymmetric KMS key. KMS uses the private key in the * asymmetric KMS key to sign the message. The KeyUsage type of * the KMS key must be SIGN_VERIFY. To find the * KeyUsage of a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. * When using an alias name, prefix it with "alias/". To * specify a KMS key in a different Amazon Web Services account, you must * use the key ARN or alias ARN. *

*

* For example: *

* *

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

*

* Constraints:
* Length: 1 - 2048
* * @return

* Identifies an asymmetric KMS key. KMS uses the private key in the * asymmetric KMS key to sign the message. The KeyUsage * type of the KMS key must be SIGN_VERIFY. To find the * KeyUsage of a KMS key, use the DescribeKey * operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or * alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different Amazon * Web Services account, you must use the key ARN or alias ARN. *

*

* For example: *

* *

* To get the key ID and key ARN for a KMS key, use ListKeys * or DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

*/ public String getKeyId() { return keyId; } /** *

* Identifies an asymmetric KMS key. KMS uses the private key in the * asymmetric KMS key to sign the message. The KeyUsage type of * the KMS key must be SIGN_VERIFY. To find the * KeyUsage of a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. * When using an alias name, prefix it with "alias/". To * specify a KMS key in a different Amazon Web Services account, you must * use the key ARN or alias ARN. *

*

* For example: *

* *

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

*

* Constraints:
* Length: 1 - 2048
* * @param keyId

* Identifies an asymmetric KMS key. KMS uses the private key in * the asymmetric KMS key to sign the message. The * KeyUsage type of the KMS key must be * SIGN_VERIFY. To find the KeyUsage of * a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or * alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different * Amazon Web Services account, you must use the key ARN or alias * ARN. *

*

* For example: *

* *

* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name * and alias ARN, use ListAliases. *

*/ public void setKeyId(String keyId) { this.keyId = keyId; } /** *

* Identifies an asymmetric KMS key. KMS uses the private key in the * asymmetric KMS key to sign the message. The KeyUsage type of * the KMS key must be SIGN_VERIFY. To find the * KeyUsage of a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. * When using an alias name, prefix it with "alias/". To * specify a KMS key in a different Amazon Web Services account, you must * use the key ARN or alias ARN. *

*

* For example: *

* *

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. To get the alias name and alias ARN, use * ListAliases. *

*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 1 - 2048
* * @param keyId

* Identifies an asymmetric KMS key. KMS uses the private key in * the asymmetric KMS key to sign the message. The * KeyUsage type of the KMS key must be * SIGN_VERIFY. To find the KeyUsage of * a KMS key, use the DescribeKey operation. *

*

* To specify a KMS key, use its key ID, key ARN, alias name, or * alias ARN. When using an alias name, prefix it with * "alias/". To specify a KMS key in a different * Amazon Web Services account, you must use the key ARN or alias * ARN. *

*

* For example: *

* *

* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. To get the alias name * and alias ARN, use ListAliases. *

* @return A reference to this updated object so that method calls can be * chained together. */ public SignRequest withKeyId(String keyId) { this.keyId = keyId; return this; } /** *

* Specifies the message or message digest to sign. Messages can be 0-4096 * bytes. To sign a larger message, provide a message digest. *

*

* If you provide a message digest, use the DIGEST value of * MessageType to prevent the digest from being hashed again * while signing. *

*

* Constraints:
* Length: 1 - 4096
* * @return

* Specifies the message or message digest to sign. Messages can be * 0-4096 bytes. To sign a larger message, provide a message digest. *

*

* If you provide a message digest, use the DIGEST * value of MessageType to prevent the digest from * being hashed again while signing. *

*/ public java.nio.ByteBuffer getMessage() { return message; } /** *

* Specifies the message or message digest to sign. Messages can be 0-4096 * bytes. To sign a larger message, provide a message digest. *

*

* If you provide a message digest, use the DIGEST value of * MessageType to prevent the digest from being hashed again * while signing. *

*

* Constraints:
* Length: 1 - 4096
* * @param message

* Specifies the message or message digest to sign. Messages can * be 0-4096 bytes. To sign a larger message, provide a message * digest. *

*

* If you provide a message digest, use the DIGEST * value of MessageType to prevent the digest from * being hashed again while signing. *

*/ public void setMessage(java.nio.ByteBuffer message) { this.message = message; } /** *

* Specifies the message or message digest to sign. Messages can be 0-4096 * bytes. To sign a larger message, provide a message digest. *

*

* If you provide a message digest, use the DIGEST value of * MessageType to prevent the digest from being hashed again * while signing. *

*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 1 - 4096
* * @param message

* Specifies the message or message digest to sign. Messages can * be 0-4096 bytes. To sign a larger message, provide a message * digest. *

*

* If you provide a message digest, use the DIGEST * value of MessageType to prevent the digest from * being hashed again while signing. *

* @return A reference to this updated object so that method calls can be * chained together. */ public SignRequest withMessage(java.nio.ByteBuffer message) { this.message = message; return this; } /** *

* Tells KMS whether the value of the Message parameter should * be hashed as part of the signing algorithm. Use RAW for * unhashed messages; use DIGEST for message digests, which are * already hashed. *

*

* When the value of MessageType is RAW, KMS uses * the standard signing algorithm, which begins with a hash function. When * the value is DIGEST, KMS skips the hashing step in the * signing algorithm. *

* *

* Use the DIGEST value only when the value of the * Message parameter is a message digest. If you use the * DIGEST value with an unhashed message, the security of the * signing operation can be compromised. *

* *

* When the value of MessageTypeis DIGEST, the * length of the Message value must match the length of hashed * messages for the specified signing algorithm. *

*

* You can submit a message digest and omit the MessageType or * specify RAW so the digest is hashed again while signing. * However, this can cause verification failures when verifying with a * system that assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based on the * SigningAlgorithm value. *

* *

* Constraints:
* Allowed Values: RAW, DIGEST * * @return

* Tells KMS whether the value of the Message parameter * should be hashed as part of the signing algorithm. Use * RAW for unhashed messages; use DIGEST * for message digests, which are already hashed. *

*

* When the value of MessageType is RAW, * KMS uses the standard signing algorithm, which begins with a hash * function. When the value is DIGEST, KMS skips the * hashing step in the signing algorithm. *

* *

* Use the DIGEST value only when the value of the * Message parameter is a message digest. If you use * the DIGEST value with an unhashed message, the * security of the signing operation can be compromised. *

* *

* When the value of MessageTypeis DIGEST, * the length of the Message value must match the * length of hashed messages for the specified signing algorithm. *

*

* You can submit a message digest and omit the * MessageType or specify RAW so the * digest is hashed again while signing. However, this can cause * verification failures when verifying with a system that assumes a * single hash. *

*

* The hashing algorithm in that Sign uses is based on * the SigningAlgorithm value. *

* * @see MessageType */ public String getMessageType() { return messageType; } /** *

* Tells KMS whether the value of the Message parameter should * be hashed as part of the signing algorithm. Use RAW for * unhashed messages; use DIGEST for message digests, which are * already hashed. *

*

* When the value of MessageType is RAW, KMS uses * the standard signing algorithm, which begins with a hash function. When * the value is DIGEST, KMS skips the hashing step in the * signing algorithm. *

* *

* Use the DIGEST value only when the value of the * Message parameter is a message digest. If you use the * DIGEST value with an unhashed message, the security of the * signing operation can be compromised. *

* *

* When the value of MessageTypeis DIGEST, the * length of the Message value must match the length of hashed * messages for the specified signing algorithm. *

*

* You can submit a message digest and omit the MessageType or * specify RAW so the digest is hashed again while signing. * However, this can cause verification failures when verifying with a * system that assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based on the * SigningAlgorithm value. *

* *

* Constraints:
* Allowed Values: RAW, DIGEST * * @param messageType

* Tells KMS whether the value of the Message * parameter should be hashed as part of the signing algorithm. * Use RAW for unhashed messages; use * DIGEST for message digests, which are already * hashed. *

*

* When the value of MessageType is RAW * , KMS uses the standard signing algorithm, which begins with a * hash function. When the value is DIGEST, KMS * skips the hashing step in the signing algorithm. *

* *

* Use the DIGEST value only when the value of the * Message parameter is a message digest. If you use * the DIGEST value with an unhashed message, the * security of the signing operation can be compromised. *

* *

* When the value of MessageTypeis * DIGEST, the length of the Message * value must match the length of hashed messages for the * specified signing algorithm. *

*

* You can submit a message digest and omit the * MessageType or specify RAW so the * digest is hashed again while signing. However, this can cause * verification failures when verifying with a system that * assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based * on the SigningAlgorithm value. *

* * @see MessageType */ public void setMessageType(String messageType) { this.messageType = messageType; } /** *

* Tells KMS whether the value of the Message parameter should * be hashed as part of the signing algorithm. Use RAW for * unhashed messages; use DIGEST for message digests, which are * already hashed. *

*

* When the value of MessageType is RAW, KMS uses * the standard signing algorithm, which begins with a hash function. When * the value is DIGEST, KMS skips the hashing step in the * signing algorithm. *

* *

* Use the DIGEST value only when the value of the * Message parameter is a message digest. If you use the * DIGEST value with an unhashed message, the security of the * signing operation can be compromised. *

* *

* When the value of MessageTypeis DIGEST, the * length of the Message value must match the length of hashed * messages for the specified signing algorithm. *

*

* You can submit a message digest and omit the MessageType or * specify RAW so the digest is hashed again while signing. * However, this can cause verification failures when verifying with a * system that assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based on the * SigningAlgorithm value. *

* *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: RAW, DIGEST * * @param messageType

* Tells KMS whether the value of the Message * parameter should be hashed as part of the signing algorithm. * Use RAW for unhashed messages; use * DIGEST for message digests, which are already * hashed. *

*

* When the value of MessageType is RAW * , KMS uses the standard signing algorithm, which begins with a * hash function. When the value is DIGEST, KMS * skips the hashing step in the signing algorithm. *

* *

* Use the DIGEST value only when the value of the * Message parameter is a message digest. If you use * the DIGEST value with an unhashed message, the * security of the signing operation can be compromised. *

* *

* When the value of MessageTypeis * DIGEST, the length of the Message * value must match the length of hashed messages for the * specified signing algorithm. *

*

* You can submit a message digest and omit the * MessageType or specify RAW so the * digest is hashed again while signing. However, this can cause * verification failures when verifying with a system that * assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based * on the SigningAlgorithm value. *

* * @return A reference to this updated object so that method calls can be * chained together. * @see MessageType */ public SignRequest withMessageType(String messageType) { this.messageType = messageType; return this; } /** *

* Tells KMS whether the value of the Message parameter should * be hashed as part of the signing algorithm. Use RAW for * unhashed messages; use DIGEST for message digests, which are * already hashed. *

*

* When the value of MessageType is RAW, KMS uses * the standard signing algorithm, which begins with a hash function. When * the value is DIGEST, KMS skips the hashing step in the * signing algorithm. *

* *

* Use the DIGEST value only when the value of the * Message parameter is a message digest. If you use the * DIGEST value with an unhashed message, the security of the * signing operation can be compromised. *

* *

* When the value of MessageTypeis DIGEST, the * length of the Message value must match the length of hashed * messages for the specified signing algorithm. *

*

* You can submit a message digest and omit the MessageType or * specify RAW so the digest is hashed again while signing. * However, this can cause verification failures when verifying with a * system that assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based on the * SigningAlgorithm value. *

* *

* Constraints:
* Allowed Values: RAW, DIGEST * * @param messageType

* Tells KMS whether the value of the Message * parameter should be hashed as part of the signing algorithm. * Use RAW for unhashed messages; use * DIGEST for message digests, which are already * hashed. *

*

* When the value of MessageType is RAW * , KMS uses the standard signing algorithm, which begins with a * hash function. When the value is DIGEST, KMS * skips the hashing step in the signing algorithm. *

* *

* Use the DIGEST value only when the value of the * Message parameter is a message digest. If you use * the DIGEST value with an unhashed message, the * security of the signing operation can be compromised. *

* *

* When the value of MessageTypeis * DIGEST, the length of the Message * value must match the length of hashed messages for the * specified signing algorithm. *

*

* You can submit a message digest and omit the * MessageType or specify RAW so the * digest is hashed again while signing. However, this can cause * verification failures when verifying with a system that * assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based * on the SigningAlgorithm value. *

* * @see MessageType */ public void setMessageType(MessageType messageType) { this.messageType = messageType.toString(); } /** *

* Tells KMS whether the value of the Message parameter should * be hashed as part of the signing algorithm. Use RAW for * unhashed messages; use DIGEST for message digests, which are * already hashed. *

*

* When the value of MessageType is RAW, KMS uses * the standard signing algorithm, which begins with a hash function. When * the value is DIGEST, KMS skips the hashing step in the * signing algorithm. *

* *

* Use the DIGEST value only when the value of the * Message parameter is a message digest. If you use the * DIGEST value with an unhashed message, the security of the * signing operation can be compromised. *

* *

* When the value of MessageTypeis DIGEST, the * length of the Message value must match the length of hashed * messages for the specified signing algorithm. *

*

* You can submit a message digest and omit the MessageType or * specify RAW so the digest is hashed again while signing. * However, this can cause verification failures when verifying with a * system that assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based on the * SigningAlgorithm value. *

* *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: RAW, DIGEST * * @param messageType

* Tells KMS whether the value of the Message * parameter should be hashed as part of the signing algorithm. * Use RAW for unhashed messages; use * DIGEST for message digests, which are already * hashed. *

*

* When the value of MessageType is RAW * , KMS uses the standard signing algorithm, which begins with a * hash function. When the value is DIGEST, KMS * skips the hashing step in the signing algorithm. *

* *

* Use the DIGEST value only when the value of the * Message parameter is a message digest. If you use * the DIGEST value with an unhashed message, the * security of the signing operation can be compromised. *

* *

* When the value of MessageTypeis * DIGEST, the length of the Message * value must match the length of hashed messages for the * specified signing algorithm. *

*

* You can submit a message digest and omit the * MessageType or specify RAW so the * digest is hashed again while signing. However, this can cause * verification failures when verifying with a system that * assumes a single hash. *

*

* The hashing algorithm in that Sign uses is based * on the SigningAlgorithm value. *

* * @return A reference to this updated object so that method calls can be * chained together. * @see MessageType */ public SignRequest withMessageType(MessageType messageType) { this.messageType = messageType.toString(); return this; } /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from * a new grant that has not yet achieved eventual consistency. For * more information, see Grant token and Using a grant token in the Key Management Service Developer * Guide. *

* * @return

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation * comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant token and Using a grant token in the Key Management Service * Developer Guide. *

*/ public java.util.List getGrantTokens() { return grantTokens; } /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from * a new grant that has not yet achieved eventual consistency. For * more information, see Grant token and Using a grant token in the Key Management Service Developer * Guide. *

* * @param grantTokens

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation * comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant token and Using a grant token in the Key Management Service * Developer Guide. *

*/ public void setGrantTokens(java.util.Collection grantTokens) { if (grantTokens == null) { this.grantTokens = null; return; } this.grantTokens = new java.util.ArrayList(grantTokens); } /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from * a new grant that has not yet achieved eventual consistency. For * more information, see Grant token and Using a grant token in the Key Management Service Developer * Guide. *

*

* Returns a reference to this object so that method calls can be chained * together. * * @param grantTokens

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation * comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant token and Using a grant token in the Key Management Service * Developer Guide. *

* @return A reference to this updated object so that method calls can be * chained together. */ public SignRequest withGrantTokens(String... grantTokens) { if (getGrantTokens() == null) { this.grantTokens = new java.util.ArrayList(grantTokens.length); } for (String value : grantTokens) { this.grantTokens.add(value); } return this; } /** *

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation comes from * a new grant that has not yet achieved eventual consistency. For * more information, see Grant token and Using a grant token in the Key Management Service Developer * Guide. *

*

* Returns a reference to this object so that method calls can be chained * together. * * @param grantTokens

* A list of grant tokens. *

*

* Use a grant token when your permission to call this operation * comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant token and Using a grant token in the Key Management Service * Developer Guide. *

* @return A reference to this updated object so that method calls can be * chained together. */ public SignRequest withGrantTokens(java.util.Collection grantTokens) { setGrantTokens(grantTokens); return this; } /** *

* Specifies the signing algorithm to use when signing the message. *

*

* Choose an algorithm that is compatible with the type and size of the * specified asymmetric KMS key. When signing with RSA key pairs, RSASSA-PSS * algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms for * compatibility with existing applications. *

*

* Constraints:
* Allowed Values: RSASSA_PSS_SHA_256, RSASSA_PSS_SHA_384, * RSASSA_PSS_SHA_512, RSASSA_PKCS1_V1_5_SHA_256, RSASSA_PKCS1_V1_5_SHA_384, * RSASSA_PKCS1_V1_5_SHA_512, ECDSA_SHA_256, ECDSA_SHA_384, ECDSA_SHA_512, * SM2DSA * * @return

* Specifies the signing algorithm to use when signing the message. *

*

* Choose an algorithm that is compatible with the type and size of * the specified asymmetric KMS key. When signing with RSA key * pairs, RSASSA-PSS algorithms are preferred. We include * RSASSA-PKCS1-v1_5 algorithms for compatibility with existing * applications. *

* @see SigningAlgorithmSpec */ public String getSigningAlgorithm() { return signingAlgorithm; } /** *

* Specifies the signing algorithm to use when signing the message. *

*

* Choose an algorithm that is compatible with the type and size of the * specified asymmetric KMS key. When signing with RSA key pairs, RSASSA-PSS * algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms for * compatibility with existing applications. *

*

* Constraints:
* Allowed Values: RSASSA_PSS_SHA_256, RSASSA_PSS_SHA_384, * RSASSA_PSS_SHA_512, RSASSA_PKCS1_V1_5_SHA_256, RSASSA_PKCS1_V1_5_SHA_384, * RSASSA_PKCS1_V1_5_SHA_512, ECDSA_SHA_256, ECDSA_SHA_384, ECDSA_SHA_512, * SM2DSA * * @param signingAlgorithm

* Specifies the signing algorithm to use when signing the * message. *

*

* Choose an algorithm that is compatible with the type and size * of the specified asymmetric KMS key. When signing with RSA key * pairs, RSASSA-PSS algorithms are preferred. We include * RSASSA-PKCS1-v1_5 algorithms for compatibility with existing * applications. *

* @see SigningAlgorithmSpec */ public void setSigningAlgorithm(String signingAlgorithm) { this.signingAlgorithm = signingAlgorithm; } /** *

* Specifies the signing algorithm to use when signing the message. *

*

* Choose an algorithm that is compatible with the type and size of the * specified asymmetric KMS key. When signing with RSA key pairs, RSASSA-PSS * algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms for * compatibility with existing applications. *

*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: RSASSA_PSS_SHA_256, RSASSA_PSS_SHA_384, * RSASSA_PSS_SHA_512, RSASSA_PKCS1_V1_5_SHA_256, RSASSA_PKCS1_V1_5_SHA_384, * RSASSA_PKCS1_V1_5_SHA_512, ECDSA_SHA_256, ECDSA_SHA_384, ECDSA_SHA_512, * SM2DSA * * @param signingAlgorithm

* Specifies the signing algorithm to use when signing the * message. *

*

* Choose an algorithm that is compatible with the type and size * of the specified asymmetric KMS key. When signing with RSA key * pairs, RSASSA-PSS algorithms are preferred. We include * RSASSA-PKCS1-v1_5 algorithms for compatibility with existing * applications. *

* @return A reference to this updated object so that method calls can be * chained together. * @see SigningAlgorithmSpec */ public SignRequest withSigningAlgorithm(String signingAlgorithm) { this.signingAlgorithm = signingAlgorithm; return this; } /** *

* Specifies the signing algorithm to use when signing the message. *

*

* Choose an algorithm that is compatible with the type and size of the * specified asymmetric KMS key. When signing with RSA key pairs, RSASSA-PSS * algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms for * compatibility with existing applications. *

*

* Constraints:
* Allowed Values: RSASSA_PSS_SHA_256, RSASSA_PSS_SHA_384, * RSASSA_PSS_SHA_512, RSASSA_PKCS1_V1_5_SHA_256, RSASSA_PKCS1_V1_5_SHA_384, * RSASSA_PKCS1_V1_5_SHA_512, ECDSA_SHA_256, ECDSA_SHA_384, ECDSA_SHA_512, * SM2DSA * * @param signingAlgorithm

* Specifies the signing algorithm to use when signing the * message. *

*

* Choose an algorithm that is compatible with the type and size * of the specified asymmetric KMS key. When signing with RSA key * pairs, RSASSA-PSS algorithms are preferred. We include * RSASSA-PKCS1-v1_5 algorithms for compatibility with existing * applications. *

* @see SigningAlgorithmSpec */ public void setSigningAlgorithm(SigningAlgorithmSpec signingAlgorithm) { this.signingAlgorithm = signingAlgorithm.toString(); } /** *

* Specifies the signing algorithm to use when signing the message. *

*

* Choose an algorithm that is compatible with the type and size of the * specified asymmetric KMS key. When signing with RSA key pairs, RSASSA-PSS * algorithms are preferred. We include RSASSA-PKCS1-v1_5 algorithms for * compatibility with existing applications. *

*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Allowed Values: RSASSA_PSS_SHA_256, RSASSA_PSS_SHA_384, * RSASSA_PSS_SHA_512, RSASSA_PKCS1_V1_5_SHA_256, RSASSA_PKCS1_V1_5_SHA_384, * RSASSA_PKCS1_V1_5_SHA_512, ECDSA_SHA_256, ECDSA_SHA_384, ECDSA_SHA_512, * SM2DSA * * @param signingAlgorithm

* Specifies the signing algorithm to use when signing the * message. *

*

* Choose an algorithm that is compatible with the type and size * of the specified asymmetric KMS key. When signing with RSA key * pairs, RSASSA-PSS algorithms are preferred. We include * RSASSA-PKCS1-v1_5 algorithms for compatibility with existing * applications. *

* @return A reference to this updated object so that method calls can be * chained together. * @see SigningAlgorithmSpec */ public SignRequest withSigningAlgorithm(SigningAlgorithmSpec signingAlgorithm) { this.signingAlgorithm = signingAlgorithm.toString(); return this; } /** *

* Checks if your request will succeed. DryRun is an optional * parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

* * @return

* Checks if your request will succeed. DryRun is an * optional parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

*/ public Boolean isDryRun() { return dryRun; } /** *

* Checks if your request will succeed. DryRun is an optional * parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

* * @return

* Checks if your request will succeed. DryRun is an * optional parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

*/ public Boolean getDryRun() { return dryRun; } /** *

* Checks if your request will succeed. DryRun is an optional * parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

* * @param dryRun

* Checks if your request will succeed. DryRun is an * optional parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management * Service Developer Guide. *

*/ public void setDryRun(Boolean dryRun) { this.dryRun = dryRun; } /** *

* Checks if your request will succeed. DryRun is an optional * parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *

*

* Returns a reference to this object so that method calls can be chained * together. * * @param dryRun

* Checks if your request will succeed. DryRun is an * optional parameter. *

*

* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management * Service Developer Guide. *

* @return A reference to this updated object so that method calls can be * chained together. */ public SignRequest withDryRun(Boolean dryRun) { this.dryRun = dryRun; return this; } /** * Returns a string representation of this object; useful for testing and * debugging. * * @return A string representation of this object. * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getKeyId() != null) sb.append("KeyId: " + getKeyId() + ","); if (getMessage() != null) sb.append("Message: " + getMessage() + ","); if (getMessageType() != null) sb.append("MessageType: " + getMessageType() + ","); if (getGrantTokens() != null) sb.append("GrantTokens: " + getGrantTokens() + ","); if (getSigningAlgorithm() != null) sb.append("SigningAlgorithm: " + getSigningAlgorithm() + ","); if (getDryRun() != null) sb.append("DryRun: " + getDryRun()); sb.append("}"); return sb.toString(); } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getKeyId() == null) ? 0 : getKeyId().hashCode()); hashCode = prime * hashCode + ((getMessage() == null) ? 0 : getMessage().hashCode()); hashCode = prime * hashCode + ((getMessageType() == null) ? 0 : getMessageType().hashCode()); hashCode = prime * hashCode + ((getGrantTokens() == null) ? 0 : getGrantTokens().hashCode()); hashCode = prime * hashCode + ((getSigningAlgorithm() == null) ? 0 : getSigningAlgorithm().hashCode()); hashCode = prime * hashCode + ((getDryRun() == null) ? 0 : getDryRun().hashCode()); return hashCode; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof SignRequest == false) return false; SignRequest other = (SignRequest) obj; if (other.getKeyId() == null ^ this.getKeyId() == null) return false; if (other.getKeyId() != null && other.getKeyId().equals(this.getKeyId()) == false) return false; if (other.getMessage() == null ^ this.getMessage() == null) return false; if (other.getMessage() != null && other.getMessage().equals(this.getMessage()) == false) return false; if (other.getMessageType() == null ^ this.getMessageType() == null) return false; if (other.getMessageType() != null && other.getMessageType().equals(this.getMessageType()) == false) return false; if (other.getGrantTokens() == null ^ this.getGrantTokens() == null) return false; if (other.getGrantTokens() != null && other.getGrantTokens().equals(this.getGrantTokens()) == false) return false; if (other.getSigningAlgorithm() == null ^ this.getSigningAlgorithm() == null) return false; if (other.getSigningAlgorithm() != null && other.getSigningAlgorithm().equals(this.getSigningAlgorithm()) == false) return false; if (other.getDryRun() == null ^ this.getDryRun() == null) return false; if (other.getDryRun() != null && other.getDryRun().equals(this.getDryRun()) == false) return false; return true; } }