* Verifies the hash-based message authentication code (HMAC) for a specified
* message, HMAC KMS key, and MAC algorithm. To verify the HMAC,
* VerifyMac computes an HMAC using the message, HMAC KMS key, and
* MAC algorithm that you specify, and compares the computed HMAC to the HMAC
* that you specify. If the HMACs are identical, the verification succeeds;
* otherwise, it fails. Verification indicates that the message hasn't changed
* since the HMAC was calculated, and the specified key was used to generate and
* verify the HMAC.
*
* HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry * standards defined in RFC 2104. *
** This operation is part of KMS support for HMAC KMS keys. For details, see HMAC * keys in KMS in the Key Management Service Developer Guide. *
** The KMS key that you use for this operation must be in a compatible key * state. For details, see Key states of KMS keys in the Key Management Service Developer * Guide. *
*
* Cross-account use: Yes. To perform this operation with a KMS key in a
* different Amazon Web Services account, specify the key ARN or alias ARN in
* the value of the KeyId parameter.
*
* Required permissions: kms:VerifyMac (key policy) *
** Related operations: GenerateMac *
*/ public class VerifyMacRequest extends AmazonWebServiceRequest implements Serializable { /** ** The message that will be used in the verification. Enter the same message * that was used to generate the HMAC. *
*
* GenerateMac and VerifyMac do not provide special
* handling for message digests. If you generated an HMAC for a hash digest
* of a message, you must verify the HMAC for the same hash digest.
*
* Constraints:
* Length: 1 - 4096
*/
private java.nio.ByteBuffer message;
/**
*
* The KMS key that will be used in the verification. *
*
* Enter a key ID of the KMS key that was used to generate the HMAC. If you
* identify a different KMS key, the VerifyMac operation fails.
*
* Constraints:
* Length: 1 - 2048
*/
private String keyId;
/**
*
* The MAC algorithm that will be used in the verification. Enter the same
* MAC algorithm that was used to compute the HMAC. This algorithm must be
* supported by the HMAC KMS key identified by the KeyId
* parameter.
*
* Constraints:
* Allowed Values: HMAC_SHA_224, HMAC_SHA_256, HMAC_SHA_384,
* HMAC_SHA_512
*/
private String macAlgorithm;
/**
*
* The HMAC to verify. Enter the HMAC that was generated by the * GenerateMac operation when you specified the same message, HMAC * KMS key, and MAC algorithm as the values specified in this request. *
*
* Constraints:
* Length: 1 - 6144
*/
private java.nio.ByteBuffer mac;
/**
*
* A list of grant tokens. *
** Use a grant token when your permission to call this operation comes from * a new grant that has not yet achieved eventual consistency. For * more information, see Grant token and Using a grant token in the Key Management Service Developer * Guide. *
*/ private java.util.List
* Checks if your request will succeed. DryRun is an optional
* parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *
*/ private Boolean dryRun; /** ** The message that will be used in the verification. Enter the same message * that was used to generate the HMAC. *
*
* GenerateMac and VerifyMac do not provide special
* handling for message digests. If you generated an HMAC for a hash digest
* of a message, you must verify the HMAC for the same hash digest.
*
* Constraints:
* Length: 1 - 4096
*
* @return
* The message that will be used in the verification. Enter the same * message that was used to generate the HMAC. *
*
* GenerateMac and VerifyMac do not provide
* special handling for message digests. If you generated an HMAC
* for a hash digest of a message, you must verify the HMAC for the
* same hash digest.
*
* The message that will be used in the verification. Enter the same message * that was used to generate the HMAC. *
*
* GenerateMac and VerifyMac do not provide special
* handling for message digests. If you generated an HMAC for a hash digest
* of a message, you must verify the HMAC for the same hash digest.
*
* Constraints:
* Length: 1 - 4096
*
* @param message
* The message that will be used in the verification. Enter the * same message that was used to generate the HMAC. *
*
* GenerateMac and VerifyMac do not provide
* special handling for message digests. If you generated an HMAC
* for a hash digest of a message, you must verify the HMAC for
* the same hash digest.
*
* The message that will be used in the verification. Enter the same message * that was used to generate the HMAC. *
*
* GenerateMac and VerifyMac do not provide special
* handling for message digests. If you generated an HMAC for a hash digest
* of a message, you must verify the HMAC for the same hash digest.
*
* Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Length: 1 - 4096
*
* @param message
* The message that will be used in the verification. Enter the * same message that was used to generate the HMAC. *
*
* GenerateMac and VerifyMac do not provide
* special handling for message digests. If you generated an HMAC
* for a hash digest of a message, you must verify the HMAC for
* the same hash digest.
*
* The KMS key that will be used in the verification. *
*
* Enter a key ID of the KMS key that was used to generate the HMAC. If you
* identify a different KMS key, the VerifyMac operation fails.
*
* Constraints:
* Length: 1 - 2048
*
* @return
* The KMS key that will be used in the verification. *
*
* Enter a key ID of the KMS key that was used to generate the HMAC.
* If you identify a different KMS key, the VerifyMac
* operation fails.
*
* The KMS key that will be used in the verification. *
*
* Enter a key ID of the KMS key that was used to generate the HMAC. If you
* identify a different KMS key, the VerifyMac operation fails.
*
* Constraints:
* Length: 1 - 2048
*
* @param keyId
* The KMS key that will be used in the verification. *
*
* Enter a key ID of the KMS key that was used to generate the
* HMAC. If you identify a different KMS key, the
* VerifyMac operation fails.
*
* The KMS key that will be used in the verification. *
*
* Enter a key ID of the KMS key that was used to generate the HMAC. If you
* identify a different KMS key, the VerifyMac operation fails.
*
* Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Length: 1 - 2048
*
* @param keyId
* The KMS key that will be used in the verification. *
*
* Enter a key ID of the KMS key that was used to generate the
* HMAC. If you identify a different KMS key, the
* VerifyMac operation fails.
*
* The MAC algorithm that will be used in the verification. Enter the same
* MAC algorithm that was used to compute the HMAC. This algorithm must be
* supported by the HMAC KMS key identified by the KeyId
* parameter.
*
* Constraints:
* Allowed Values: HMAC_SHA_224, HMAC_SHA_256, HMAC_SHA_384,
* HMAC_SHA_512
*
* @return
* The MAC algorithm that will be used in the verification. Enter
* the same MAC algorithm that was used to compute the HMAC. This
* algorithm must be supported by the HMAC KMS key identified by the
* KeyId parameter.
*
* The MAC algorithm that will be used in the verification. Enter the same
* MAC algorithm that was used to compute the HMAC. This algorithm must be
* supported by the HMAC KMS key identified by the KeyId
* parameter.
*
* Constraints:
* Allowed Values: HMAC_SHA_224, HMAC_SHA_256, HMAC_SHA_384,
* HMAC_SHA_512
*
* @param macAlgorithm
* The MAC algorithm that will be used in the verification. Enter
* the same MAC algorithm that was used to compute the HMAC. This
* algorithm must be supported by the HMAC KMS key identified by
* the KeyId parameter.
*
* The MAC algorithm that will be used in the verification. Enter the same
* MAC algorithm that was used to compute the HMAC. This algorithm must be
* supported by the HMAC KMS key identified by the KeyId
* parameter.
*
* Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Allowed Values: HMAC_SHA_224, HMAC_SHA_256, HMAC_SHA_384,
* HMAC_SHA_512
*
* @param macAlgorithm
* The MAC algorithm that will be used in the verification. Enter
* the same MAC algorithm that was used to compute the HMAC. This
* algorithm must be supported by the HMAC KMS key identified by
* the KeyId parameter.
*
* The MAC algorithm that will be used in the verification. Enter the same
* MAC algorithm that was used to compute the HMAC. This algorithm must be
* supported by the HMAC KMS key identified by the KeyId
* parameter.
*
* Constraints:
* Allowed Values: HMAC_SHA_224, HMAC_SHA_256, HMAC_SHA_384,
* HMAC_SHA_512
*
* @param macAlgorithm
* The MAC algorithm that will be used in the verification. Enter
* the same MAC algorithm that was used to compute the HMAC. This
* algorithm must be supported by the HMAC KMS key identified by
* the KeyId parameter.
*
* The MAC algorithm that will be used in the verification. Enter the same
* MAC algorithm that was used to compute the HMAC. This algorithm must be
* supported by the HMAC KMS key identified by the KeyId
* parameter.
*
* Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Allowed Values: HMAC_SHA_224, HMAC_SHA_256, HMAC_SHA_384,
* HMAC_SHA_512
*
* @param macAlgorithm
* The MAC algorithm that will be used in the verification. Enter
* the same MAC algorithm that was used to compute the HMAC. This
* algorithm must be supported by the HMAC KMS key identified by
* the KeyId parameter.
*
* The HMAC to verify. Enter the HMAC that was generated by the * GenerateMac operation when you specified the same message, HMAC * KMS key, and MAC algorithm as the values specified in this request. *
*
* Constraints:
* Length: 1 - 6144
*
* @return
* The HMAC to verify. Enter the HMAC that was generated by the * GenerateMac operation when you specified the same message, * HMAC KMS key, and MAC algorithm as the values specified in this * request. *
*/ public java.nio.ByteBuffer getMac() { return mac; } /** ** The HMAC to verify. Enter the HMAC that was generated by the * GenerateMac operation when you specified the same message, HMAC * KMS key, and MAC algorithm as the values specified in this request. *
*
* Constraints:
* Length: 1 - 6144
*
* @param mac
* The HMAC to verify. Enter the HMAC that was generated by the * GenerateMac operation when you specified the same * message, HMAC KMS key, and MAC algorithm as the values * specified in this request. *
*/ public void setMac(java.nio.ByteBuffer mac) { this.mac = mac; } /** ** The HMAC to verify. Enter the HMAC that was generated by the * GenerateMac operation when you specified the same message, HMAC * KMS key, and MAC algorithm as the values specified in this request. *
** Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Length: 1 - 6144
*
* @param mac
* The HMAC to verify. Enter the HMAC that was generated by the * GenerateMac operation when you specified the same * message, HMAC KMS key, and MAC algorithm as the values * specified in this request. *
* @return A reference to this updated object so that method calls can be * chained together. */ public VerifyMacRequest withMac(java.nio.ByteBuffer mac) { this.mac = mac; return this; } /** ** A list of grant tokens. *
** Use a grant token when your permission to call this operation comes from * a new grant that has not yet achieved eventual consistency. For * more information, see Grant token and Using a grant token in the Key Management Service Developer * Guide. *
* * @return* A list of grant tokens. *
** Use a grant token when your permission to call this operation * comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant token and Using a grant token in the Key Management Service * Developer Guide. *
*/ public java.util.List* A list of grant tokens. *
** Use a grant token when your permission to call this operation comes from * a new grant that has not yet achieved eventual consistency. For * more information, see Grant token and Using a grant token in the Key Management Service Developer * Guide. *
* * @param grantTokens* A list of grant tokens. *
** Use a grant token when your permission to call this operation * comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant token and Using a grant token in the Key Management Service * Developer Guide. *
*/ public void setGrantTokens(java.util.Collection* A list of grant tokens. *
** Use a grant token when your permission to call this operation comes from * a new grant that has not yet achieved eventual consistency. For * more information, see Grant token and Using a grant token in the Key Management Service Developer * Guide. *
** Returns a reference to this object so that method calls can be chained * together. * * @param grantTokens
* A list of grant tokens. *
** Use a grant token when your permission to call this operation * comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant token and Using a grant token in the Key Management Service * Developer Guide. *
* @return A reference to this updated object so that method calls can be * chained together. */ public VerifyMacRequest withGrantTokens(String... grantTokens) { if (getGrantTokens() == null) { this.grantTokens = new java.util.ArrayList* A list of grant tokens. *
** Use a grant token when your permission to call this operation comes from * a new grant that has not yet achieved eventual consistency. For * more information, see Grant token and Using a grant token in the Key Management Service Developer * Guide. *
** Returns a reference to this object so that method calls can be chained * together. * * @param grantTokens
* A list of grant tokens. *
** Use a grant token when your permission to call this operation * comes from a new grant that has not yet achieved eventual * consistency. For more information, see Grant token and Using a grant token in the Key Management Service * Developer Guide. *
* @return A reference to this updated object so that method calls can be * chained together. */ public VerifyMacRequest withGrantTokens(java.util.Collection
* Checks if your request will succeed. DryRun is an optional
* parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *
* * @return
* Checks if your request will succeed. DryRun is an
* optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *
*/ public Boolean isDryRun() { return dryRun; } /** *
* Checks if your request will succeed. DryRun is an optional
* parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *
* * @return
* Checks if your request will succeed. DryRun is an
* optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *
*/ public Boolean getDryRun() { return dryRun; } /** *
* Checks if your request will succeed. DryRun is an optional
* parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *
* * @param dryRun
* Checks if your request will succeed. DryRun is an
* optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management * Service Developer Guide. *
*/ public void setDryRun(Boolean dryRun) { this.dryRun = dryRun; } /** *
* Checks if your request will succeed. DryRun is an optional
* parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management Service * Developer Guide. *
** Returns a reference to this object so that method calls can be chained * together. * * @param dryRun
* Checks if your request will succeed. DryRun is an
* optional parameter.
*
* To learn more about how to use this parameter, see Testing your KMS API calls in the Key Management * Service Developer Guide. *
* @return A reference to this updated object so that method calls can be * chained together. */ public VerifyMacRequest withDryRun(Boolean dryRun) { this.dryRun = dryRun; return this; } /** * Returns a string representation of this object; useful for testing and * debugging. * * @return A string representation of this object. * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getMessage() != null) sb.append("Message: " + getMessage() + ","); if (getKeyId() != null) sb.append("KeyId: " + getKeyId() + ","); if (getMacAlgorithm() != null) sb.append("MacAlgorithm: " + getMacAlgorithm() + ","); if (getMac() != null) sb.append("Mac: " + getMac() + ","); if (getGrantTokens() != null) sb.append("GrantTokens: " + getGrantTokens() + ","); if (getDryRun() != null) sb.append("DryRun: " + getDryRun()); sb.append("}"); return sb.toString(); } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getMessage() == null) ? 0 : getMessage().hashCode()); hashCode = prime * hashCode + ((getKeyId() == null) ? 0 : getKeyId().hashCode()); hashCode = prime * hashCode + ((getMacAlgorithm() == null) ? 0 : getMacAlgorithm().hashCode()); hashCode = prime * hashCode + ((getMac() == null) ? 0 : getMac().hashCode()); hashCode = prime * hashCode + ((getGrantTokens() == null) ? 0 : getGrantTokens().hashCode()); hashCode = prime * hashCode + ((getDryRun() == null) ? 0 : getDryRun().hashCode()); return hashCode; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof VerifyMacRequest == false) return false; VerifyMacRequest other = (VerifyMacRequest) obj; if (other.getMessage() == null ^ this.getMessage() == null) return false; if (other.getMessage() != null && other.getMessage().equals(this.getMessage()) == false) return false; if (other.getKeyId() == null ^ this.getKeyId() == null) return false; if (other.getKeyId() != null && other.getKeyId().equals(this.getKeyId()) == false) return false; if (other.getMacAlgorithm() == null ^ this.getMacAlgorithm() == null) return false; if (other.getMacAlgorithm() != null && other.getMacAlgorithm().equals(this.getMacAlgorithm()) == false) return false; if (other.getMac() == null ^ this.getMac() == null) return false; if (other.getMac() != null && other.getMac().equals(this.getMac()) == false) return false; if (other.getGrantTokens() == null ^ this.getGrantTokens() == null) return false; if (other.getGrantTokens() != null && other.getGrantTokens().equals(this.getGrantTokens()) == false) return false; if (other.getDryRun() == null ^ this.getDryRun() == null) return false; if (other.getDryRun() != null && other.getDryRun().equals(this.getDryRun()) == false) return false; return true; } }