com.amazonaws.services.kms.model

Class ReEncryptRequest

java.lang.Object

com.amazonaws.AmazonWebServiceRequest

com.amazonaws.services.kms.model.ReEncryptRequest

All Implemented Interfaces:

ReadLimitInfo, Serializable, Cloneable

public class ReEncryptRequest
extends AmazonWebServiceRequest
implements Serializable, Cloneable

Container for the parameters to the ReEncrypt operation.

Encrypts data on the server side with a new customer master key without exposing the plaintext of the data on the client side. The data is first decrypted and then encrypted. This operation can also be used to change the encryption context of a ciphertext.

Unlike other actions, ReEncrypt is authorized twice - once as ReEncryptFrom on the source key and once as ReEncryptTo on the destination key. We therefore recommend that you include the "action":"kms:ReEncrypt*" statement in your key policies to permit re-encryption from or to the key. The statement is included automatically when you authorize use of the key through the console but must be included manually when you set a policy by using the PutKeyPolicy function.

See Also:

AWSKMS.reEncrypt(ReEncryptRequest), Serialized Form

Field Summary

Fields inherited from class com.amazonaws.AmazonWebServiceRequest

NOOP

Constructor Summary

Constructors

Constructor and Description
ReEncryptRequest()

Method Summary

Methods

Modifier and Type	Method and Description
ReEncryptRequest	addDestinationEncryptionContextEntry(String key, String value) Encryption context to be used when the data is re-encrypted.
ReEncryptRequest	addSourceEncryptionContextEntry(String key, String value) Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.
ReEncryptRequest	clearDestinationEncryptionContextEntries() Removes all the entries added into DestinationEncryptionContext.
ReEncryptRequest	clearSourceEncryptionContextEntries() Removes all the entries added into SourceEncryptionContext.
ReEncryptRequest	clone()
boolean	equals(Object obj)
ByteBuffer	getCiphertextBlob() Ciphertext of the data to re-encrypt.
Map<String,String>	getDestinationEncryptionContext() Encryption context to be used when the data is re-encrypted.
String	getDestinationKeyId() A unique identifier for the customer master key used to re-encrypt the data.
List<String>	getGrantTokens() A list of grant tokens.
Map<String,String>	getSourceEncryptionContext() Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.
int	hashCode()
void	setCiphertextBlob(ByteBuffer ciphertextBlob) Ciphertext of the data to re-encrypt.
void	setDestinationEncryptionContext(Map<String,String> destinationEncryptionContext) Encryption context to be used when the data is re-encrypted.
void	setDestinationKeyId(String destinationKeyId) A unique identifier for the customer master key used to re-encrypt the data.
void	setGrantTokens(Collection<String> grantTokens) A list of grant tokens.
void	setSourceEncryptionContext(Map<String,String> sourceEncryptionContext) Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.
String	toString() Returns a string representation of this object; useful for testing and debugging.
ReEncryptRequest	withCiphertextBlob(ByteBuffer ciphertextBlob) Ciphertext of the data to re-encrypt.
ReEncryptRequest	withDestinationEncryptionContext(Map<String,String> destinationEncryptionContext) Encryption context to be used when the data is re-encrypted.
ReEncryptRequest	withDestinationKeyId(String destinationKeyId) A unique identifier for the customer master key used to re-encrypt the data.
ReEncryptRequest	withGrantTokens(Collection<String> grantTokens) A list of grant tokens.
ReEncryptRequest	withGrantTokens(String... grantTokens) A list of grant tokens.
ReEncryptRequest	withSourceEncryptionContext(Map<String,String> sourceEncryptionContext) Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Methods inherited from class com.amazonaws.AmazonWebServiceRequest

copyBaseTo, getCloneRoot, getCloneSource, getCustomQueryParameters, getCustomRequestHeaders, getGeneralProgressListener, getReadLimit, getRequestClientOptions, getRequestCredentials, getRequestMetricCollector, putCustomQueryParameter, putCustomRequestHeader, setGeneralProgressListener, setRequestCredentials, setRequestMetricCollector, withGeneralProgressListener, withRequestMetricCollector

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

ReEncryptRequest

public ReEncryptRequest()

Method Detail

getCiphertextBlob

public ByteBuffer getCiphertextBlob()

Ciphertext of the data to re-encrypt.

Constraints:
Length: 1 - 6144

Returns:

Ciphertext of the data to re-encrypt.

setCiphertextBlob

public void setCiphertextBlob(ByteBuffer ciphertextBlob)

Ciphertext of the data to re-encrypt.

Constraints:
Length: 1 - 6144

Parameters:

ciphertextBlob - Ciphertext of the data to re-encrypt.

withCiphertextBlob

public ReEncryptRequest withCiphertextBlob(ByteBuffer ciphertextBlob)

Ciphertext of the data to re-encrypt.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 1 - 6144

Parameters:

ciphertextBlob - Ciphertext of the data to re-encrypt.

Returns:

A reference to this updated object so that method calls can be chained together.

getSourceEncryptionContext

public Map<String,String> getSourceEncryptionContext()

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Returns:

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

setSourceEncryptionContext

public void setSourceEncryptionContext(Map<String,String> sourceEncryptionContext)

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Parameters:

sourceEncryptionContext - Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

withSourceEncryptionContext

public ReEncryptRequest withSourceEncryptionContext(Map<String,String> sourceEncryptionContext)

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Returns a reference to this object so that method calls can be chained together.

Parameters:

sourceEncryptionContext - Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

Returns:

A reference to this updated object so that method calls can be chained together.

addSourceEncryptionContextEntry

public ReEncryptRequest addSourceEncryptionContextEntry(String key,
                                               String value)

Encryption context used to encrypt and decrypt the data specified in the CiphertextBlob parameter.

The method adds a new key-value pair into SourceEncryptionContext parameter, and returns a reference to this object so that method calls can be chained together.

Parameters:

key - The key of the entry to be added into SourceEncryptionContext.

value - The corresponding value of the entry to be added into SourceEncryptionContext.

clearSourceEncryptionContextEntries

public ReEncryptRequest clearSourceEncryptionContextEntries()

Removes all the entries added into SourceEncryptionContext.

Returns a reference to this object so that method calls can be chained together.

getDestinationKeyId

public String getDestinationKeyId()

A unique identifier for the customer master key used to re-encrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

Constraints:
Length: 1 - 256

Returns:

A unique identifier for the customer master key used to re-encrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

setDestinationKeyId

public void setDestinationKeyId(String destinationKeyId)

A unique identifier for the customer master key used to re-encrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

Constraints:
Length: 1 - 256

Parameters:

destinationKeyId - A unique identifier for the customer master key used to re-encrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

withDestinationKeyId

public ReEncryptRequest withDestinationKeyId(String destinationKeyId)

A unique identifier for the customer master key used to re-encrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 1 - 256

Parameters:

destinationKeyId - A unique identifier for the customer master key used to re-encrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

Returns:

A reference to this updated object so that method calls can be chained together.

getDestinationEncryptionContext

public Map<String,String> getDestinationEncryptionContext()

Encryption context to be used when the data is re-encrypted.

Returns:

Encryption context to be used when the data is re-encrypted.

setDestinationEncryptionContext

public void setDestinationEncryptionContext(Map<String,String> destinationEncryptionContext)

Encryption context to be used when the data is re-encrypted.

Parameters:

destinationEncryptionContext - Encryption context to be used when the data is re-encrypted.

withDestinationEncryptionContext

public ReEncryptRequest withDestinationEncryptionContext(Map<String,String> destinationEncryptionContext)

Encryption context to be used when the data is re-encrypted.

Returns a reference to this object so that method calls can be chained together.

Parameters:

destinationEncryptionContext - Encryption context to be used when the data is re-encrypted.

Returns:

A reference to this updated object so that method calls can be chained together.

addDestinationEncryptionContextEntry

public ReEncryptRequest addDestinationEncryptionContextEntry(String key,
                                                    String value)

Encryption context to be used when the data is re-encrypted.

The method adds a new key-value pair into DestinationEncryptionContext parameter, and returns a reference to this object so that method calls can be chained together.

Parameters:

key - The key of the entry to be added into DestinationEncryptionContext.

value - The corresponding value of the entry to be added into DestinationEncryptionContext.

clearDestinationEncryptionContextEntries

public ReEncryptRequest clearDestinationEncryptionContextEntries()

Removes all the entries added into DestinationEncryptionContext.

Returns a reference to this object so that method calls can be chained together.

getGrantTokens

public List<String> getGrantTokens()

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

Constraints:
Length: 0 - 10

Returns:

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

setGrantTokens

public void setGrantTokens(Collection<String> grantTokens)

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

Constraints:
Length: 0 - 10

Parameters:

grantTokens - A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

withGrantTokens

public ReEncryptRequest withGrantTokens(String... grantTokens)

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

NOTE: This method appends the values to the existing list (if any). Use setGrantTokens(java.util.Collection) or withGrantTokens(java.util.Collection) if you want to override the existing values.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 0 - 10

Parameters:

grantTokens - A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

Returns:

A reference to this updated object so that method calls can be chained together.

withGrantTokens

public ReEncryptRequest withGrantTokens(Collection<String> grantTokens)

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 0 - 10

Parameters:

grantTokens - A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

Returns:

A reference to this updated object so that method calls can be chained together.

toString

public String toString()

Returns a string representation of this object; useful for testing and debugging.

Overrides:

toString in class Object

Returns:

A string representation of this object.

See Also:

Object.toString()

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

clone

public ReEncryptRequest clone()

Overrides:

clone in class AmazonWebServiceRequest