Class Key

java.lang.Object
software.amazon.awssdk.services.paymentcryptography.model.Key
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<Key.Builder,Key>
@Generated("software.amazon.awssdk:codegen") public final class Key extends Object implements SdkPojo, Serializable, ToCopyableBuilder<Key.Builder,Key>

Metadata about an Amazon Web Services Payment Cryptography key.

See Also:

  • Method Details

    • keyArn

      public final String keyArn()

      The Amazon Resource Name (ARN) of the key.

      Returns:
      The Amazon Resource Name (ARN) of the key.

    • keyAttributes

      public final KeyAttributes keyAttributes()

      The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.

      Returns:
      The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.

    • keyCheckValue

      public final String keyCheckValue()

      The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

      Returns:
      The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

    • keyCheckValueAlgorithm

      public final KeyCheckValueAlgorithm keyCheckValueAlgorithm()

      The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

      For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

      If the service returns an enum value that is not available in the current SDK version, keyCheckValueAlgorithm will return KeyCheckValueAlgorithm.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyCheckValueAlgorithmAsString().

      Returns:
      The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

      For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

      See Also:

    • keyCheckValueAlgorithmAsString

      public final String keyCheckValueAlgorithmAsString()

      The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

      For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

      If the service returns an enum value that is not available in the current SDK version, keyCheckValueAlgorithm will return KeyCheckValueAlgorithm.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyCheckValueAlgorithmAsString().

      Returns:
      The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

      For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

      See Also:

    • enabled

      public final Boolean enabled()

      Specifies whether the key is enabled.

      Returns:
      Specifies whether the key is enabled.

    • exportable

      public final Boolean exportable()

      Specifies whether the key is exportable. This data is immutable after the key is created.

      Returns:
      Specifies whether the key is exportable. This data is immutable after the key is created.

    • keyState

      public final KeyState keyState()

      The state of key that is being created or deleted.

      If the service returns an enum value that is not available in the current SDK version, keyState will return KeyState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyStateAsString().

      Returns:
      The state of key that is being created or deleted.
      See Also:

    • keyStateAsString

      public final String keyStateAsString()

      The state of key that is being created or deleted.

      If the service returns an enum value that is not available in the current SDK version, keyState will return KeyState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyStateAsString().

      Returns:
      The state of key that is being created or deleted.
      See Also:

    • keyOrigin

      public final KeyOrigin keyOrigin()

      The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into Amazon Web Services Payment Cryptography, the value is EXTERNAL.

      If the service returns an enum value that is not available in the current SDK version, keyOrigin will return KeyOrigin.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyOriginAsString().

      Returns:
      The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into Amazon Web Services Payment Cryptography, the value is EXTERNAL.
      See Also:

    • keyOriginAsString

      public final String keyOriginAsString()

      The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into Amazon Web Services Payment Cryptography, the value is EXTERNAL.

      If the service returns an enum value that is not available in the current SDK version, keyOrigin will return KeyOrigin.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyOriginAsString().

      Returns:
      The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into Amazon Web Services Payment Cryptography, the value is EXTERNAL.
      See Also:

    • createTimestamp

      public final Instant createTimestamp()

      The date and time when the key was created.

      Returns:
      The date and time when the key was created.

    • usageStartTimestamp

      public final Instant usageStartTimestamp()

      The date and time after which Amazon Web Services Payment Cryptography will start using the key material for cryptographic operations.

      Returns:
      The date and time after which Amazon Web Services Payment Cryptography will start using the key material for cryptographic operations.

    • usageStopTimestamp

      public final Instant usageStopTimestamp()

      The date and time after which Amazon Web Services Payment Cryptography will stop using the key material for cryptographic operations.

      Returns:
      The date and time after which Amazon Web Services Payment Cryptography will stop using the key material for cryptographic operations.

    • deletePendingTimestamp

      public final Instant deletePendingTimestamp()

      The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when KeyState is DELETE_PENDING and the key is scheduled for deletion.

      Returns:
      The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when KeyState is DELETE_PENDING and the key is scheduled for deletion.

    • deleteTimestamp

      public final Instant deleteTimestamp()

      The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when when the KeyState is DELETE_COMPLETE and the Amazon Web Services Payment Cryptography key is deleted.

      Returns:
      The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when when the KeyState is DELETE_COMPLETE and the Amazon Web Services Payment Cryptography key is deleted.

    • deriveKeyUsage

      public final DeriveKeyUsage deriveKeyUsage()

      The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.

      If the service returns an enum value that is not available in the current SDK version, deriveKeyUsage will return DeriveKeyUsage.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from deriveKeyUsageAsString().

      Returns:
      The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.
      See Also:

    • deriveKeyUsageAsString

      public final String deriveKeyUsageAsString()

      The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.

      If the service returns an enum value that is not available in the current SDK version, deriveKeyUsage will return DeriveKeyUsage.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from deriveKeyUsageAsString().

      Returns:
      The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.
      See Also:

    • multiRegionKeyType

      public final MultiRegionKeyType multiRegionKeyType()

      Indicates whether this key is a multi-region key and its role in the multi-region key hierarchy.

      Multi-region keys allow the same key material to be used across multiple Amazon Web Services Regions. This field specifies whether the key is a primary key (which can be replicated to other regions) or a replica key (which is a copy of a primary key in another region).

      If the service returns an enum value that is not available in the current SDK version, multiRegionKeyType will return MultiRegionKeyType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from multiRegionKeyTypeAsString().

      Returns:
      Indicates whether this key is a multi-region key and its role in the multi-region key hierarchy.

      Multi-region keys allow the same key material to be used across multiple Amazon Web Services Regions. This field specifies whether the key is a primary key (which can be replicated to other regions) or a replica key (which is a copy of a primary key in another region).

      See Also:

    • multiRegionKeyTypeAsString

      public final String multiRegionKeyTypeAsString()

      Indicates whether this key is a multi-region key and its role in the multi-region key hierarchy.

      Multi-region keys allow the same key material to be used across multiple Amazon Web Services Regions. This field specifies whether the key is a primary key (which can be replicated to other regions) or a replica key (which is a copy of a primary key in another region).

      If the service returns an enum value that is not available in the current SDK version, multiRegionKeyType will return MultiRegionKeyType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from multiRegionKeyTypeAsString().

      Returns:
      Indicates whether this key is a multi-region key and its role in the multi-region key hierarchy.

      Multi-region keys allow the same key material to be used across multiple Amazon Web Services Regions. This field specifies whether the key is a primary key (which can be replicated to other regions) or a replica key (which is a copy of a primary key in another region).

      See Also:

    • primaryRegion

      public final String primaryRegion()
      Returns the value of the PrimaryRegion property for this object.
      Returns:
      The value of the PrimaryRegion property for this object.

    • hasReplicationStatus

      public final boolean hasReplicationStatus()
      For responses, this returns true if the service returned a value for the ReplicationStatus property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • replicationStatus

      public final Map<String,ReplicationStatusType> replicationStatus()

      Information about the replication status of the key across different regions.

      This field provides details about the current state of key replication, including any status messages or operational information. It helps track the progress and health of key replication operations.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasReplicationStatus() method.

      Returns:
      Information about the replication status of the key across different regions.

      This field provides details about the current state of key replication, including any status messages or operational information. It helps track the progress and health of key replication operations.

    • usingDefaultReplicationRegions

      public final Boolean usingDefaultReplicationRegions()

      Indicates whether this key is using the account's default replication regions configuration.

      When set to true, the key automatically replicates to the regions specified in the account's default replication settings. When set to false, the key has a custom replication configuration that overrides the account defaults.

      Returns:
      Indicates whether this key is using the account's default replication regions configuration.

      When set to true, the key automatically replicates to the regions specified in the account's default replication settings. When set to false, the key has a custom replication configuration that overrides the account defaults.

    • toBuilder

      public Key.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<Key.Builder,Key>
      Returns:
      a builder for type T

    • builder

      public static Key.Builder builder()

    • serializableBuilderClass

      public static Class<? extends Key.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.

    • sdkFieldNameToField

      public final Map<String,SdkField<?>> sdkFieldNameToField()
      Specified by:
      sdkFieldNameToField in interface SdkPojo
      Returns:
      The mapping between the field name and its corresponding field.