Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Copyright 2010-2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
   * 
   * Licensed under the Apache License, Version 2.0 (the "License").
   * You may not use this file except in compliance with the License.
   * A copy of the License is located at
   * 
   *  http://aws.amazon.com/apache2.0
   * 
  * or in the "license" file accompanying this file. This file is distributed
  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
  * express or implied. See the License for the specific language governing
  * permissions and limitations under the License.
  */
 package com.amazonaws.services.kms.model;
 
 
Container for the parameters to the GenerateDataKey operation.

Generates a data key that you can use in your application to locally encrypt data. This call returns a plaintext version of the key in the Plaintext field of the response object and an encrypted copy of the key in the CiphertextBlob field. The key is encrypted by using the master key specified by the KeyId field. To decrypt the encrypted key, pass it to the Decrypt API.

We recommend that you use the following pattern to locally encrypt data: call the GenerateDataKey API, use the key returned in the Plaintext response field to locally encrypt data, and then erase the plaintext data key from memory. Store the encrypted data key (contained in the CiphertextBlob field) alongside of the locally encrypted data.

NOTE:You should not call the Encrypt function to re-encrypt your data keys within a region. GenerateDataKey always returns the data key encrypted and tied to the customer master key that will be used to decrypt it. There is no need to decrypt it twice.

If you decide to use the optional EncryptionContext parameter, you must also store the context in full or at least store enough information along with the encrypted data to be able to reconstruct the context when submitting the ciphertext to the Decrypt API. It is a good practice to choose a context that you can reconstruct on the fly to better secure the ciphertext. For more information about how this parameter is used, see Encryption Context .

To decrypt data, pass the encrypted data key to the Decrypt API. Decrypt uses the associated master key to decrypt the encrypted data key and returns it as plaintext. Use the plaintext data key to locally decrypt your data and then erase the key from memory. You must specify the encryption context, if any, that you specified when you generated the key. The encryption context is logged by CloudTrail, and you can use this log to help track the use of particular data.

 
 public class GenerateDataKeyRequest extends AmazonWebServiceRequest implements SerializableCloneable {

    
A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
  • Alias Name Example - alias/MyAliasName

Constraints:
Length: 1 - 256

 
     private String keyId;

    
Name/value pair that contains additional data to be authenticated during the encryption and decryption processes that use the key. This value is logged by AWS CloudTrail to provide context around the data encrypted by the key.
 
     private java.util.Map<String,StringencryptionContext;

    
Integer that contains the number of bytes to generate. Common values are 128, 256, 512, and 1024. 1024 is the current limit. We recommend that you use the KeySpec parameter instead.

Constraints:
Range: 1 - 1024

    private Integer numberOfBytes;

    
Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.

Constraints:
Allowed Values: AES_256, AES_128

    private String keySpec;

    
For more information, see Grant Tokens.

Constraints:
Length: 0 - 10

A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
  • Alias Name Example - alias/MyAliasName

Constraints:
Length: 1 - 256

Returns:
A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
  • Alias Name Example - alias/MyAliasName
    public String getKeyId() {
        return ;
    }
    
    
A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
  • Alias Name Example - alias/MyAliasName

Constraints:
Length: 1 - 256

Parameters:
keyId A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
  • Alias Name Example - alias/MyAliasName
    public void setKeyId(String keyId) {
        this. = keyId;
    }
    
    
A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
  • Alias Name Example - alias/MyAliasName

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 1 - 256

Parameters:
keyId A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
  • Alias Name Example - alias/MyAliasName
Returns:
A reference to this updated object so that method calls can be chained together.
    public GenerateDataKeyRequest withKeyId(String keyId) {
        this. = keyId;
        return this;
    }

    
Name/value pair that contains additional data to be authenticated during the encryption and decryption processes that use the key. This value is logged by AWS CloudTrail to provide context around the data encrypted by the key.

Returns:
Name/value pair that contains additional data to be authenticated during the encryption and decryption processes that use the key. This value is logged by AWS CloudTrail to provide context around the data encrypted by the key.
        
        if ( == null) {
             = new java.util.HashMap<String,String>();
        }
        return ;
    }
    
    
Name/value pair that contains additional data to be authenticated during the encryption and decryption processes that use the key. This value is logged by AWS CloudTrail to provide context around the data encrypted by the key.

Parameters:
encryptionContext Name/value pair that contains additional data to be authenticated during the encryption and decryption processes that use the key. This value is logged by AWS CloudTrail to provide context around the data encrypted by the key.
    public void setEncryptionContext(java.util.Map<String,StringencryptionContext) {
        this. = encryptionContext;
    }
    
    
Name/value pair that contains additional data to be authenticated during the encryption and decryption processes that use the key. This value is logged by AWS CloudTrail to provide context around the data encrypted by the key.

Returns a reference to this object so that method calls can be chained together.

Parameters:
encryptionContext Name/value pair that contains additional data to be authenticated during the encryption and decryption processes that use the key. This value is logged by AWS CloudTrail to provide context around the data encrypted by the key.
Returns:
A reference to this updated object so that method calls can be chained together.
    public GenerateDataKeyRequest withEncryptionContext(java.util.Map<String,StringencryptionContext) {
        setEncryptionContext(encryptionContext);
        return this;
    }

    
Name/value pair that contains additional data to be authenticated during the encryption and decryption processes that use the key. This value is logged by AWS CloudTrail to provide context around the data encrypted by the key.

The method adds a new key-value pair into EncryptionContext parameter, and returns a reference to this object so that method calls can be chained together.

Parameters:
key The key of the entry to be added into EncryptionContext.
value The corresponding value of the entry to be added into EncryptionContext.
    if (null == this.) {
      this. = new java.util.HashMap<String,String>();
    }
    if (this..containsKey(key))
      throw new IllegalArgumentException("Duplicated keys (" + key.toString() + ") are provided.");
    this..put(keyvalue);
    return this;
  }

  
Removes all the entries added into EncryptionContext.

Returns a reference to this object so that method calls can be chained together.

    this. = null;
    return this;
  }
  
    
Integer that contains the number of bytes to generate. Common values are 128, 256, 512, and 1024. 1024 is the current limit. We recommend that you use the KeySpec parameter instead.

Constraints:
Range: 1 - 1024

Returns:
Integer that contains the number of bytes to generate. Common values are 128, 256, 512, and 1024. 1024 is the current limit. We recommend that you use the KeySpec parameter instead.
    public Integer getNumberOfBytes() {
        return ;
    }
    
    
Integer that contains the number of bytes to generate. Common values are 128, 256, 512, and 1024. 1024 is the current limit. We recommend that you use the KeySpec parameter instead.

Constraints:
Range: 1 - 1024

Parameters:
numberOfBytes Integer that contains the number of bytes to generate. Common values are 128, 256, 512, and 1024. 1024 is the current limit. We recommend that you use the KeySpec parameter instead.
    public void setNumberOfBytes(Integer numberOfBytes) {
        this. = numberOfBytes;
    }
    
    
Integer that contains the number of bytes to generate. Common values are 128, 256, 512, and 1024. 1024 is the current limit. We recommend that you use the KeySpec parameter instead.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Range: 1 - 1024

Parameters:
numberOfBytes Integer that contains the number of bytes to generate. Common values are 128, 256, 512, and 1024. 1024 is the current limit. We recommend that you use the KeySpec parameter instead.
Returns:
A reference to this updated object so that method calls can be chained together.
    public GenerateDataKeyRequest withNumberOfBytes(Integer numberOfBytes) {
        this. = numberOfBytes;
        return this;
    }

    
Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.

Constraints:
Allowed Values: AES_256, AES_128

Returns:
Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.
See also:
DataKeySpec
    public String getKeySpec() {
        return ;
    }
    
    
Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.

Constraints:
Allowed Values: AES_256, AES_128

Parameters:
keySpec Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.
See also:
DataKeySpec
    public void setKeySpec(String keySpec) {
        this. = keySpec;
    }
    
    
Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Allowed Values: AES_256, AES_128

Parameters:
keySpec Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.
Returns:
A reference to this updated object so that method calls can be chained together.
See also:
DataKeySpec
    public GenerateDataKeyRequest withKeySpec(String keySpec) {
        this. = keySpec;
        return this;
    }

    
Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.

Constraints:
Allowed Values: AES_256, AES_128

Parameters:
keySpec Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.
See also:
DataKeySpec
    public void setKeySpec(DataKeySpec keySpec) {
        this. = keySpec.toString();
    }
    
    
Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Allowed Values: AES_256, AES_128

Parameters:
keySpec Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.
Returns:
A reference to this updated object so that method calls can be chained together.
See also:
DataKeySpec
    public GenerateDataKeyRequest withKeySpec(DataKeySpec keySpec) {
        this. = keySpec.toString();
        return this;
    }

    
For more information, see Grant Tokens.

Constraints:
Length: 0 - 10

Returns:
For more information, see Grant Tokens.
    public java.util.List<StringgetGrantTokens() {
        if ( == null) {
               = new com.amazonaws.internal.ListWithAutoConstructFlag<String>();
              .setAutoConstruct(true);
        }
        return ;
    }
    
    
For more information, see Grant Tokens.

Constraints:
Length: 0 - 10

Parameters:
grantTokens For more information, see Grant Tokens.
    public void setGrantTokens(java.util.Collection<StringgrantTokens) {
        if (grantTokens == null) {
            this. = null;
            return;
        }
        grantTokensCopy.addAll(grantTokens);
        this. = grantTokensCopy;
    }
    
    
For more information, see Grant Tokens.

NOTE: This method appends the values to the existing list (if any). Use setGrantTokens(java.util.Collection) or withGrantTokens(java.util.Collection) if you want to override the existing values.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 0 - 10

Parameters:
grantTokens For more information, see Grant Tokens.
Returns:
A reference to this updated object so that method calls can be chained together.
    public GenerateDataKeyRequest withGrantTokens(String... grantTokens) {
        if (getGrantTokens() == nullsetGrantTokens(new java.util.ArrayList<String>(grantTokens.length));
        for (String value : grantTokens) {
            getGrantTokens().add(value);
        }
        return this;
    }
    
    
For more information, see Grant Tokens.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 0 - 10

Parameters:
grantTokens For more information, see Grant Tokens.
Returns:
A reference to this updated object so that method calls can be chained together.
        if (grantTokens == null) {
            this. = null;
        } else {
            com.amazonaws.internal.ListWithAutoConstructFlag<StringgrantTokensCopy = new com.amazonaws.internal.ListWithAutoConstructFlag<String>(grantTokens.size());
            grantTokensCopy.addAll(grantTokens);
            this. = grantTokensCopy;
        }
        return this;
    }

    
Returns a string representation of this object; useful for testing and debugging.

Returns:
A string representation of this object.
See also:
java.lang.Object.toString()
    @Override
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("{");
        if (getKeyId() != nullsb.append("KeyId: " + getKeyId() + ",");
        if (getEncryptionContext() != nullsb.append("EncryptionContext: " + getEncryptionContext() + ",");
        if (getNumberOfBytes() != nullsb.append("NumberOfBytes: " + getNumberOfBytes() + ",");
        if (getKeySpec() != nullsb.append("KeySpec: " + getKeySpec() + ",");
        if (getGrantTokens() != nullsb.append("GrantTokens: " + getGrantTokens() );
        sb.append("}");
        return sb.toString();
    }
    
    @Override
    public int hashCode() {
        final int prime = 31;
        int hashCode = 1;
        
        hashCode = prime * hashCode + ((getKeyId() == null) ? 0 : getKeyId().hashCode()); 
        hashCode = prime * hashCode + ((getEncryptionContext() == null) ? 0 : getEncryptionContext().hashCode()); 
        hashCode = prime * hashCode + ((getNumberOfBytes() == null) ? 0 : getNumberOfBytes().hashCode()); 
        hashCode = prime * hashCode + ((getKeySpec() == null) ? 0 : getKeySpec().hashCode()); 
        hashCode = prime * hashCode + ((getGrantTokens() == null) ? 0 : getGrantTokens().hashCode()); 
        return hashCode;
    }
    
    @Override
    public boolean equals(Object obj) {
        if (this == objreturn true;
        if (obj == nullreturn false;
        if (obj instanceof GenerateDataKeyRequest == falsereturn false;
        GenerateDataKeyRequest other = (GenerateDataKeyRequest)obj;
        
        if (other.getKeyId() == null ^ this.getKeyId() == nullreturn false;
        if (other.getKeyId() != null && other.getKeyId().equals(this.getKeyId()) == falsereturn false
        if (other.getEncryptionContext() == null ^ this.getEncryptionContext() == nullreturn false;
        if (other.getEncryptionContext() != null && other.getEncryptionContext().equals(this.getEncryptionContext()) == falsereturn false
        if (other.getNumberOfBytes() == null ^ this.getNumberOfBytes() == nullreturn false;
        if (other.getNumberOfBytes() != null && other.getNumberOfBytes().equals(this.getNumberOfBytes()) == falsereturn false
        if (other.getKeySpec() == null ^ this.getKeySpec() == nullreturn false;
        if (other.getKeySpec() != null && other.getKeySpec().equals(this.getKeySpec()) == falsereturn false
        if (other.getGrantTokens() == null ^ this.getGrantTokens() == nullreturn false;
        if (other.getGrantTokens() != null && other.getGrantTokens().equals(this.getGrantTokens()) == falsereturn false
        return true;
    }
    
    @Override
    public GenerateDataKeyRequest clone() {
        
            return (GenerateDataKeyRequestsuper.clone();
    }
}
    
New to GrepCode? Check out our FAQ X