Indicates whether this workgroup enables publishing metrics to Amazon CloudWatch.
", "WorkGroupConfigurationUpdates$RemoveBytesScannedCutoffPerQuery": "Indicates that the data usage control limit per query is removed. WorkGroupConfiguration$BytesScannedCutoffPerQuery
", "WorkGroupConfigurationUpdates$RequesterPaysEnabled": "If set to true, allows members assigned to a workgroup to specify Amazon S3 Requester Pays buckets in queries. If set to false, workgroup members cannot query data from Requester Pays buckets, and queries that retrieve data from Requester Pays buckets cause an error. The default is false. For more information about Requester Pays buckets, see Requester Pays Buckets in the Amazon Simple Storage Service Developer Guide.
Removes content encryption configuration for a workgroup.
", + "WorkGroupConfigurationUpdates$RemoveCustomerContentEncryptionConfiguration": "Removes content encryption configuration from an Apache Spark-enabled Athena workgroup.
", "WorkGroupConfigurationUpdates$EnableMinimumEncryptionConfiguration": "Enforces a minimal level of encryption for the workgroup for query and calculation results that are written to Amazon S3. When enabled, workgroup users can set encryption only to the minimum level set by the administrator or higher when they submit queries. This setting does not apply to Spark-enabled workgroups.
The EnforceWorkGroupConfiguration setting takes precedence over the EnableMinimumEncryptionConfiguration flag. This means that if EnforceWorkGroupConfiguration is true, the EnableMinimumEncryptionConfiguration flag is ignored, and the workgroup configuration for encryption is used.
Specifies the KMS key that is used to encrypt the user's data stores in Athena.
", + "base": "Specifies the KMS key that is used to encrypt the user's data stores in Athena. This setting does not apply to Athena SQL workgroups.
", "refs": { - "WorkGroupConfiguration$CustomerContentEncryptionConfiguration": "Specifies the KMS key that is used to encrypt the user's data stores in Athena.
", + "WorkGroupConfiguration$CustomerContentEncryptionConfiguration": "Specifies the KMS key that is used to encrypt the user's data stores in Athena. This setting does not apply to Athena SQL workgroups.
", "WorkGroupConfigurationUpdates$CustomerContentEncryptionConfiguration": null } }, @@ -1440,6 +1440,7 @@ "DataCatalog$Parameters": "Specifies the Lambda function or functions to use for the data catalog. This is a mapping whose values depend on the catalog type.
For the HIVE data catalog type, use the following syntax. The metadata-function parameter is required. The sdk-version parameter is optional and defaults to the currently supported version.
metadata-function=lambda_arn, sdk-version=version_number
For the LAMBDA data catalog type, use one of the following sets of required parameters, but not both.
If you have one Lambda function that processes metadata and another for reading the actual data, use the following syntax. Both parameters are required.
metadata-function=lambda_arn, record-function=lambda_arn
If you have a composite Lambda function that processes both metadata and data, use the following syntax to specify your Lambda function.
function=lambda_arn
The GLUE type takes a catalog ID parameter and is required. The catalog_id is the account ID of the Amazon Web Services account to which the Glue catalog belongs.
catalog-id=catalog_id
The GLUE data catalog type also applies to the default AwsDataCatalog that already exists in your account, of which you can have only one and cannot modify.
Queries that specify a Glue Data Catalog other than the default AwsDataCatalog must be run on Athena engine version 2.
A set of custom key/value pairs.
", "EngineConfiguration$AdditionalConfigs": "Contains additional notebook engine MAP<string, string> parameter mappings in the form of key-value pairs. To specify an Athena notebook that the Jupyter server will download and serve, specify a value for the StartSessionRequest$NotebookVersion field, and then add a key named NotebookId to AdditionalConfigs that has the value of the Athena notebook ID.
Specifies custom jar files and Spark properties for use cases like cluster encryption, table formats, and general Spark tuning.
", "TableMetadata$Parameters": "A set of custom key/value pairs for table properties.
", "UpdateDataCatalogInput$Parameters": "Specifies the Lambda function or functions to use for updating the data catalog. This is a mapping whose values depend on the catalog type.
For the HIVE data catalog type, use the following syntax. The metadata-function parameter is required. The sdk-version parameter is optional and defaults to the currently supported version.
metadata-function=lambda_arn, sdk-version=version_number
For the LAMBDA data catalog type, use one of the following sets of required parameters, but not both.
If you have one Lambda function that processes metadata and another for reading the actual data, use the following syntax. Both parameters are required.
metadata-function=lambda_arn, record-function=lambda_arn
If you have a composite Lambda function that processes both metadata and data, use the following syntax to specify your Lambda function.
function=lambda_arn
You use the Amazon Web Services Payment Cryptography Data Plane to manage how encryption keys are used for payment-related transaction processing and associated cryptographic operations. You can encrypt, decrypt, generate, verify, and translate payment-related cryptographic operations in Amazon Web Services Payment Cryptography. For more information, see Data operations in the Amazon Web Services Payment Cryptography User Guide.
To manage your encryption keys, you use the Amazon Web Services Payment Cryptography Control Plane. You can create, import, export, share, manage, and delete keys. You can also manage Identity and Access Management (IAM) policies for keys.
", + "operations": { + "DecryptData": "Decrypts ciphertext data to plaintext using symmetric, asymmetric, or DUKPT data encryption key. For more information, see Decrypt data in the Amazon Web Services Payment Cryptography User Guide.
You can use an encryption key generated within Amazon Web Services Payment Cryptography, or you can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse set to Decrypt. In asymmetric decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext using the private component of the asymmetric encryption key pair. For data encryption outside of Amazon Web Services Payment Cryptography, you can export the public component of the asymmetric key pair by calling GetPublicCertificate.
For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For asymmetric decryption, Amazon Web Services Payment Cryptography supports RSA. When you use DUKPT, for TDES algorithm, the ciphertext data length must be a multiple of 16 bytes. For AES algorithm, the ciphertext data length must be a multiple of 32 bytes.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "EncryptData": "Encrypts plaintext data to ciphertext using symmetric, asymmetric, or DUKPT data encryption key. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide.
You can generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey. You can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse set to Encrypt. In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling ImportKey).
for symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For asymmetric encryption, Amazon Web Services Payment Cryptography supports RSA. To encrypt using DUKPT, you must already have a DUKPT key in your account with KeyModesOfUse set to DeriveKey, or you can generate a new DUKPT key by calling CreateKey.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "GenerateCardValidationData": "Generates card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2), or Card Security Codes (CSC). For more information, see Generate card data in the Amazon Web Services Payment Cryptography User Guide.
This operation generates a CVV or CSC value that is printed on a payment credit or debit card during card production. The CVV or CSC, PAN (Primary Account Number) and expiration date of the card are required to check its validity during transaction processing. To begin this operation, a CVK (Card Verification Key) encryption key is required. You can use CreateKey or ImportKey to establish a CVK within Amazon Web Services Payment Cryptography. The KeyModesOfUse should be set to Generate and Verify for a CVK encryption key.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "GenerateMac": "Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography.
You can use this operation when keys won't be shared but mutual data is present on both ends for validation. In this case, known data values are used to generate a MAC on both ends for comparision without sending or receiving data in ciphertext or plaintext. You can use this operation to generate a DUPKT, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage such as TR31_M7_HMAC_KEY for HMAC generation, and they key must have KeyModesOfUse set to Generate and Verify.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "GeneratePinData": "Generates pin-related data such as PIN, PIN Verification Value (PVV), PIN Block, and PIN Offset during new card issuance or reissuance. For more information, see Generate PIN data in the Amazon Web Services Payment Cryptography User Guide.
PIN data is never transmitted in clear to or from Amazon Web Services Payment Cryptography. This operation generates PIN, PVV, or PIN Offset and then encrypts it using Pin Encryption Key (PEK) to create an EncryptedPinBlock for transmission from Amazon Web Services Payment Cryptography. This operation uses a separate Pin Verification Key (PVK) for VISA PVV generation.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "ReEncryptData": "Re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data Encryption Keys.
You can either generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey or import your own encryption key by calling ImportKey. The KeyArn for use with this operation must be in a compatible key state with KeyModesOfUse set to Encrypt. In asymmetric encryption, ciphertext is encrypted using public component (imported by calling ImportKey) of the asymmetric key pair created outside of Amazon Web Services Payment Cryptography.
For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For asymmetric encryption, Amazon Web Services Payment Cryptography supports RSA. To encrypt using DUKPT, a DUKPT key must already exist within your account with KeyModesOfUse set to DeriveKey or a new DUKPT can be generated by calling CreateKey.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "TranslatePinData": "Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide.
PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports TDES and AES key derivation type for DUKPT tranlations. You can use this operation for P2PE (Point to Point Encryption) use cases where the encryption keys should change but the processing system either does not need to, or is not permitted to, decrypt the data.
The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
At this time, Amazon Web Services Payment Cryptography does not support translations to PIN format 4.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "VerifyAuthRequestCryptogram": "Verifies Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization. For more information, see Verify auth request cryptogram in the Amazon Web Services Payment Cryptography User Guide.
ARQC generation is done outside of Amazon Web Services Payment Cryptography and is typically generated on a point of sale terminal for an EMV chip card to obtain payment authorization during transaction time. For ARQC verification, you must first import the ARQC generated outside of Amazon Web Services Payment Cryptography by calling ImportKey. This operation uses the imported ARQC and an major encryption key (DUKPT) created by calling CreateKey to either provide a boolean ARQC verification result or provide an APRC (Authorization Response Cryptogram) response using Method 1 or Method 2. The ARPC_METHOD_1 uses AuthResponseCode to generate ARPC and ARPC_METHOD_2 uses CardStatusUpdate to generate ARPC.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "VerifyCardValidationData": "Verifies card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) and Card Security Codes (CSC). For more information, see Verify card data in the Amazon Web Services Payment Cryptography User Guide.
This operation validates the CVV or CSC codes that is printed on a payment credit or debit card during card payment transaction. The input values are typically provided as part of an inbound transaction to an issuer or supporting platform partner. Amazon Web Services Payment Cryptography uses CVV or CSC, PAN (Primary Account Number) and expiration date of the card to check its validity during transaction processing. In this operation, the CVK (Card Verification Key) encryption key for use with card data verification is same as the one in used for GenerateCardValidationData.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "VerifyMac": "Verifies a Message Authentication Code (MAC).
You can use this operation when keys won't be shared but mutual data is present on both ends for validation. In this case, known data values are used to generate a MAC on both ends for verification without sending or receiving data in ciphertext or plaintext. You can use this operation to verify a DUPKT, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. Use the same encryption key for MAC verification as you use for GenerateMac.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "VerifyPinData": "Verifies pin-related data such as PIN and PIN Offset using algorithms including VISA PVV and IBM3624. For more information, see Verify PIN data in the Amazon Web Services Payment Cryptography User Guide.
This operation verifies PIN data for user payment card. A card holder PIN data is never transmitted in clear to or from Amazon Web Services Payment Cryptography. This operation uses PIN Verification Key (PVK) for PIN or PIN Offset generation and then encrypts it using PIN Encryption Key (PEK) to create an EncryptedPinBlock for transmission from Amazon Web Services Payment Cryptography.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
" + }, + "shapes": { + "AccessDeniedException": { + "base": "You do not have sufficient access to perform this action.
", + "refs": { + } + }, + "AmexCardSecurityCodeVersion1": { + "base": "Card data parameters that are required to generate a Card Security Code (CSC2) for an AMEX payment card.
", + "refs": { + "CardGenerationAttributes$AmexCardSecurityCodeVersion1": null, + "CardVerificationAttributes$AmexCardSecurityCodeVersion1": null + } + }, + "AmexCardSecurityCodeVersion2": { + "base": "Card data parameters that are required to generate a Card Security Code (CSC2) for an AMEX payment card.
", + "refs": { + "CardGenerationAttributes$AmexCardSecurityCodeVersion2": "Card data parameters that are required to generate a Card Security Code (CSC2) for an AMEX payment card.
", + "CardVerificationAttributes$AmexCardSecurityCodeVersion2": "Card data parameters that are required to verify a Card Security Code (CSC2) for an AMEX payment card.
" + } + }, + "AsymmetricEncryptionAttributes": { + "base": "Parameters for plaintext encryption using asymmetric keys.
", + "refs": { + "EncryptionDecryptionAttributes$Asymmetric": null + } + }, + "CardGenerationAttributes": { + "base": "Card data parameters that are required to generate Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2), or Card Security Codes (CSC).
", + "refs": { + "GenerateCardValidationDataInput$GenerationAttributes": "The algorithm for generating CVV or CSC values for the card within Amazon Web Services Payment Cryptography.
" + } + }, + "CardHolderVerificationValue": { + "base": "Card data parameters that are required to generate a cardholder verification value for the payment card.
", + "refs": { + "CardGenerationAttributes$CardHolderVerificationValue": "Card data parameters that are required to generate a cardholder verification value for the payment card.
", + "CardVerificationAttributes$CardHolderVerificationValue": "Card data parameters that are required to verify a cardholder verification value for the payment card.
" + } + }, + "CardVerificationAttributes": { + "base": "Card data parameters that are requried to verify Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2), or Card Security Codes (CSC).
", + "refs": { + "VerifyCardValidationDataInput$VerificationAttributes": "The algorithm to use for verification of card data within Amazon Web Services Payment Cryptography.
" + } + }, + "CardVerificationValue1": { + "base": "Card data parameters that are required to verify CVV (Card Verification Value) for the payment card.
", + "refs": { + "CardGenerationAttributes$CardVerificationValue1": "Card data parameters that are required to generate Card Verification Value (CVV) for the payment card.
", + "CardVerificationAttributes$CardVerificationValue1": "Card data parameters that are required to verify Card Verification Value (CVV) for the payment card.
" + } + }, + "CardVerificationValue2": { + "base": "Card data parameters that are required to verify Card Verification Value (CVV2) for the payment card.
", + "refs": { + "CardGenerationAttributes$CardVerificationValue2": "Card data parameters that are required to generate Card Verification Value (CVV2) for the payment card.
", + "CardVerificationAttributes$CardVerificationValue2": "Card data parameters that are required to verify Card Verification Value (CVV2) for the payment card.
" + } + }, + "CryptogramAuthResponse": { + "base": "Parameters that are required for Authorization Response Cryptogram (ARPC) generation after Authorization Request Cryptogram (ARQC) verification is successful.
", + "refs": { + "VerifyAuthRequestCryptogramInput$AuthResponseAttributes": "The attributes and values for auth request cryptogram verification. These parameters are required in case using ARPC Method 1 or Method 2 for ARQC verification.
" + } + }, + "CryptogramVerificationArpcMethod1": { + "base": "Parameters that are required for ARPC response generation using method1 after ARQC verification is successful.
", + "refs": { + "CryptogramAuthResponse$ArpcMethod1": "Parameters that are required for ARPC response generation using method1 after ARQC verification is successful.
" + } + }, + "CryptogramVerificationArpcMethod2": { + "base": "Parameters that are required for ARPC response generation using method2 after ARQC verification is successful.
", + "refs": { + "CryptogramAuthResponse$ArpcMethod2": "Parameters that are required for ARPC response generation using method2 after ARQC verification is successful.
" + } + }, + "DecryptDataInput": { + "base": null, + "refs": { + } + }, + "DecryptDataOutput": { + "base": null, + "refs": { + } + }, + "DiscoverDynamicCardVerificationCode": { + "base": "Parameters that are required to generate or verify dCVC (Dynamic Card Verification Code).
", + "refs": { + "CardVerificationAttributes$DiscoverDynamicCardVerificationCode": "Card data parameters that are required to verify CDynamic Card Verification Code (dCVC) for the payment card.
" + } + }, + "DukptAttributes": { + "base": "Parameters that are used for Derived Unique Key Per Transaction (DUKPT) derivation algorithm.
", + "refs": { + "VerifyPinDataInput$DukptAttributes": "The attributes and values for the DUKPT encrypted PIN block data.
" + } + }, + "DukptDerivationAttributes": { + "base": "Parameters required for encryption or decryption of data using DUKPT.
", + "refs": { + "TranslatePinDataInput$IncomingDukptAttributes": "The attributes and values to use for incoming DUKPT encryption key for PIN block tranlation.
", + "TranslatePinDataInput$OutgoingDukptAttributes": "The attributes and values to use for outgoing DUKPT encryption key after PIN block translation.
" + } + }, + "DukptDerivationType": { + "base": null, + "refs": { + "DukptAttributes$DukptDerivationType": "The key type derived using DUKPT from a Base Derivation Key (BDK) and Key Serial Number (KSN). This must be less than or equal to the strength of the BDK. For example, you can't use AES_128 as a derivation type for a BDK of AES_128 or TDES_2KEY.
The key type derived using DUKPT from a Base Derivation Key (BDK) and Key Serial Number (KSN). This must be less than or equal to the strength of the BDK. For example, you can't use AES_128 as a derivation type for a BDK of AES_128 or TDES_2KEY
The key type encrypted using DUKPT from a Base Derivation Key (BDK) and Key Serial Number (KSN). This must be less than or equal to the strength of the BDK. For example, you can't use AES_128 as a derivation type for a BDK of AES_128 or TDES_2KEY
The key type derived using DUKPT from a Base Derivation Key (BDK) and Key Serial Number (KSN). This must be less than or equal to the strength of the BDK. For example, you can't use AES_128 as a derivation type for a BDK of AES_128 or TDES_2KEY.
Parameters that are required to encrypt plaintext data using DUKPT.
", + "refs": { + "EncryptionDecryptionAttributes$Dukpt": null, + "ReEncryptionAttributes$Dukpt": null + } + }, + "DukptEncryptionMode": { + "base": null, + "refs": { + "DukptEncryptionAttributes$Mode": "The block cipher mode of operation. Block ciphers are designed to encrypt a block of data of fixed size, for example, 128 bits. The size of the input block is usually same as the size of the encrypted output block, while the key length can be different. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.
The default is CBC.
" + } + }, + "DukptKeyVariant": { + "base": null, + "refs": { + "DukptDerivationAttributes$DukptKeyVariant": "The type of use of DUKPT, which can be for incoming data decryption, outgoing data encryption, or both.
", + "DukptEncryptionAttributes$DukptKeyVariant": "The type of use of DUKPT, which can be incoming data decryption, outgoing data encryption, or both.
", + "MacAlgorithmDukpt$DukptKeyVariant": "The type of use of DUKPT, which can be MAC generation, MAC verification, or both.
" + } + }, + "DynamicCardVerificationCode": { + "base": "Parameters that are required to generate or verify Dynamic Card Verification Value (dCVV).
", + "refs": { + "CardGenerationAttributes$DynamicCardVerificationCode": "Card data parameters that are required to generate CDynamic Card Verification Code (dCVC) for the payment card.
", + "CardVerificationAttributes$DynamicCardVerificationCode": "Card data parameters that are required to verify CDynamic Card Verification Code (dCVC) for the payment card.
" + } + }, + "DynamicCardVerificationValue": { + "base": "Parameters that are required to generate or verify Dynamic Card Verification Value (dCVV).
", + "refs": { + "CardGenerationAttributes$DynamicCardVerificationValue": "Card data parameters that are required to generate CDynamic Card Verification Value (dCVV) for the payment card.
", + "CardVerificationAttributes$DynamicCardVerificationValue": "Card data parameters that are required to verify CDynamic Card Verification Value (dCVV) for the payment card.
" + } + }, + "EncryptDataInput": { + "base": null, + "refs": { + } + }, + "EncryptDataOutput": { + "base": null, + "refs": { + } + }, + "EncryptionDecryptionAttributes": { + "base": "Parameters that are required to perform encryption and decryption operations.
", + "refs": { + "DecryptDataInput$DecryptionAttributes": "The encryption key type and attributes for ciphertext decryption.
", + "EncryptDataInput$EncryptionAttributes": "The encryption key type and attributes for plaintext encryption.
" + } + }, + "EncryptionMode": { + "base": null, + "refs": { + "SymmetricEncryptionAttributes$Mode": "The block cipher mode of operation. Block ciphers are designed to encrypt a block of data of fixed size (for example, 128 bits). The size of the input block is usually same as the size of the encrypted output block, while the key length can be different. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.
" + } + }, + "GenerateCardValidationDataInput": { + "base": null, + "refs": { + } + }, + "GenerateCardValidationDataOutput": { + "base": null, + "refs": { + } + }, + "GenerateMacInput": { + "base": null, + "refs": { + } + }, + "GenerateMacOutput": { + "base": null, + "refs": { + } + }, + "GeneratePinDataInput": { + "base": null, + "refs": { + } + }, + "GeneratePinDataOutput": { + "base": null, + "refs": { + } + }, + "HexEvenLengthBetween16And4064": { + "base": null, + "refs": { + "EncryptDataInput$PlainText": "The plaintext to be encrypted.
" + } + }, + "HexEvenLengthBetween16And4096": { + "base": null, + "refs": { + "DecryptDataInput$CipherText": "The ciphertext to decrypt.
", + "DecryptDataOutput$PlainText": "The decrypted plaintext data.
", + "EncryptDataOutput$CipherText": "The encrypted ciphertext.
", + "ReEncryptDataInput$CipherText": "Ciphertext to be encrypted. The minimum allowed length is 16 bytes and maximum allowed length is 4096 bytes.
", + "ReEncryptDataOutput$CipherText": "The encrypted ciphertext.
" + } + }, + "HexLength16Or32": { + "base": null, + "refs": { + "DukptEncryptionAttributes$InitializationVector": "An input to cryptographic primitive used to provide the intial state. Typically the InitializationVector must have a random or psuedo-random value, but sometimes it only needs to be unpredictable or unique. If you don't provide a value, Amazon Web Services Payment Cryptography generates a random value.
An input to cryptographic primitive used to provide the intial state. The InitializationVector is typically required have a random or psuedo-random value, but sometimes it only needs to be unpredictable or unique. If a value is not provided, Amazon Web Services Payment Cryptography generates a random value.
The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter.
", + "DukptDerivationAttributes$KeySerialNumber": "The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter.
", + "DukptEncryptionAttributes$KeySerialNumber": "The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter.
", + "MacAlgorithmDukpt$KeySerialNumber": "The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter.
" + } + }, + "HexLengthBetween16And32": { + "base": null, + "refs": { + "GeneratePinDataOutput$EncryptedPinBlock": "The PIN block encrypted under PEK from Amazon Web Services Payment Cryptography. The encrypted PIN block is a composite of PAN (Primary Account Number) and PIN (Personal Identification Number), generated in accordance with ISO 9564 standard.
", + "Ibm3624PinOffset$EncryptedPinBlock": "The encrypted PIN block data. According to ISO 9564 standard, a PIN Block is an encoded representation of a payment card Personal Account Number (PAN) and the cardholder Personal Identification Number (PIN).
", + "TranslatePinDataInput$EncryptedPinBlock": "The encrypted PIN block data that Amazon Web Services Payment Cryptography translates.
", + "TranslatePinDataOutput$PinBlock": "The ougoing encrypted PIN block data after tranlation.
", + "VerifyPinDataInput$EncryptedPinBlock": "The encrypted PIN block data that Amazon Web Services Payment Cryptography verifies.
", + "VisaPinVerificationValue$EncryptedPinBlock": "The encrypted PIN block data to verify.
" + } + }, + "HexLengthBetween1And16": { + "base": null, + "refs": { + "CryptogramVerificationArpcMethod2$ProprietaryAuthenticationData": "The proprietary authentication data used by issuer for communication during online transaction using an EMV chip card.
", + "VerifyAuthRequestCryptogramOutput$AuthResponseValue": "The result for ARQC verification or ARPC generation within Amazon Web Services Payment Cryptography.
" + } + }, + "HexLengthBetween2And1024": { + "base": null, + "refs": { + "VerifyAuthRequestCryptogramInput$TransactionData": "The transaction data that Amazon Web Services Payment Cryptography uses for ARQC verification. The same transaction is used for ARQC generation outside of Amazon Web Services Payment Cryptography.
" + } + }, + "HexLengthBetween2And160": { + "base": null, + "refs": { + "DynamicCardVerificationCode$TrackData": "The data on the two tracks of magnetic cards used for financial transactions. This includes the cardholder name, PAN, expiration date, bank ID (BIN) and several other numbers the issuing bank uses to validate the data received.
" + } + }, + "HexLengthBetween2And4": { + "base": null, + "refs": { + "CardHolderVerificationValue$ApplicationTransactionCounter": "The transaction counter value that comes from a point of sale terminal.
", + "DiscoverDynamicCardVerificationCode$ApplicationTransactionCounter": "The transaction counter value that comes from the terminal.
", + "DynamicCardVerificationCode$ApplicationTransactionCounter": "The transaction counter value that comes from the terminal.
", + "DynamicCardVerificationValue$ApplicationTransactionCounter": "The transaction counter value that comes from the terminal.
", + "SessionKeyDerivationValue$ApplicationTransactionCounter": "The transaction counter that is provided by the terminal during transaction processing.
", + "SessionKeyEmv2000$ApplicationTransactionCounter": "The transaction counter that is provided by the terminal during transaction processing.
", + "SessionKeyEmvCommon$ApplicationTransactionCounter": "The transaction counter that is provided by the terminal during transaction processing.
", + "SessionKeyMastercard$ApplicationTransactionCounter": "The transaction counter that is provided by the terminal during transaction processing.
" + } + }, + "HexLengthBetween2And4096": { + "base": null, + "refs": { + "GenerateMacInput$MessageData": "The data for which a MAC is under generation.
", + "VerifyMacInput$MessageData": "The data on for which MAC is under verification.
" + } + }, + "HexLengthBetween2And8": { + "base": null, + "refs": { + "CardHolderVerificationValue$UnpredictableNumber": "A random number generated by the issuer.
", + "DiscoverDynamicCardVerificationCode$UnpredictableNumber": "A random number that is generated by the issuer.
", + "DynamicCardVerificationCode$UnpredictableNumber": "A random number generated by the issuer.
", + "SessionKeyMastercard$UnpredictableNumber": "A random number generated by the issuer.
" + } + }, + "HexLengthBetween4And128": { + "base": null, + "refs": { + "GenerateMacOutput$Mac": "The MAC cryptogram generated within Amazon Web Services Payment Cryptography.
", + "VerifyMacInput$Mac": "The MAC being verified.
" + } + }, + "HexLengthEquals1": { + "base": null, + "refs": { + "Ibm3624NaturalPin$PinValidationDataPadCharacter": "The padding character for validation data.
", + "Ibm3624PinFromOffset$PinValidationDataPadCharacter": "The padding character for validation data.
", + "Ibm3624PinOffset$PinValidationDataPadCharacter": "The padding character for validation data.
", + "Ibm3624PinVerification$PinValidationDataPadCharacter": "The padding character for validation data.
", + "Ibm3624RandomPin$PinValidationDataPadCharacter": "The padding character for validation data.
" + } + }, + "HexLengthEquals16": { + "base": null, + "refs": { + "SessionKeyDerivationValue$ApplicationCryptogram": "The cryptogram provided by the terminal during transaction processing.
", + "VerifyAuthRequestCryptogramInput$AuthRequestCryptogram": "The auth request cryptogram imported into Amazon Web Services Payment Cryptography for ARQC verification using a major encryption key and transaction data.
" + } + }, + "HexLengthEquals2": { + "base": null, + "refs": { + "CardHolderVerificationValue$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", + "DynamicCardVerificationCode$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", + "DynamicCardVerificationValue$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", + "MacAlgorithmEmv$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", + "SessionKeyAmex$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", + "SessionKeyEmv2000$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", + "SessionKeyEmvCommon$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", + "SessionKeyMastercard$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", + "SessionKeyVisa$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
" + } + }, + "HexLengthEquals4": { + "base": null, + "refs": { + "CryptogramVerificationArpcMethod1$AuthResponseCode": "The auth code used to calculate APRC after ARQC verification is successful. This is the same auth code used for ARQC generation outside of Amazon Web Services Payment Cryptography.
" + } + }, + "HexLengthEquals8": { + "base": null, + "refs": { + "CryptogramVerificationArpcMethod2$CardStatusUpdate": "The data indicating whether the issuer approves or declines an online transaction using an EMV chip card.
" + } + }, + "Ibm3624NaturalPin": { + "base": "Parameters that are required to generate or verify Ibm3624 natural PIN.
", + "refs": { + "PinGenerationAttributes$Ibm3624NaturalPin": "Parameters that are required to generate or verify Ibm3624 natural PIN.
" + } + }, + "Ibm3624PinFromOffset": { + "base": "Parameters that are required to generate or verify Ibm3624 PIN from offset PIN.
", + "refs": { + "PinGenerationAttributes$Ibm3624PinFromOffset": "Parameters that are required to generate or verify Ibm3624 PIN from offset PIN.
" + } + }, + "Ibm3624PinOffset": { + "base": "Pparameters that are required to generate or verify Ibm3624 PIN offset PIN.
", + "refs": { + "PinGenerationAttributes$Ibm3624PinOffset": "Parameters that are required to generate or verify Ibm3624 PIN offset PIN.
" + } + }, + "Ibm3624PinVerification": { + "base": "Parameters that are required to generate or verify Ibm3624 PIN verification PIN.
", + "refs": { + "PinVerificationAttributes$Ibm3624Pin": "Parameters that are required to generate or verify Ibm3624 PIN.
" + } + }, + "Ibm3624RandomPin": { + "base": "Parameters that are required to generate or verify Ibm3624 random PIN.
", + "refs": { + "PinGenerationAttributes$Ibm3624RandomPin": "Parameters that are required to generate or verify Ibm3624 random PIN.
" + } + }, + "IntegerRangeBetween0And9": { + "base": null, + "refs": { + "VisaPin$PinVerificationKeyIndex": "The value for PIN verification index. It is used in the Visa PIN algorithm to calculate the PVV (PIN Verification Value).
", + "VisaPinVerification$PinVerificationKeyIndex": "The value for PIN verification index. It is used in the Visa PIN algorithm to calculate the PVV (PIN Verification Value).
", + "VisaPinVerificationValue$PinVerificationKeyIndex": "The value for PIN verification index. It is used in the Visa PIN algorithm to calculate the PVV (PIN Verification Value).
" + } + }, + "IntegerRangeBetween3And5Type": { + "base": null, + "refs": { + "GenerateCardValidationDataInput$ValidationDataLength": "The length of the CVV or CSC to be generated. The default value is 3.
" + } + }, + "IntegerRangeBetween4And12": { + "base": null, + "refs": { + "GeneratePinDataInput$PinDataLength": "The length of PIN under generation.
", + "VerifyPinDataInput$PinDataLength": "The length of PIN being verified.
" + } + }, + "IntegerRangeBetween4And16": { + "base": null, + "refs": { + "GenerateMacInput$MacLength": "The length of a MAC under generation.
", + "VerifyMacInput$MacLength": "The length of the MAC.
" + } + }, + "InternalServerException": { + "base": "The request processing has failed because of an unknown error, exception, or failure.
", + "refs": { + } + }, + "KeyArn": { + "base": null, + "refs": { + "DecryptDataOutput$KeyArn": "The keyARN of the encryption key that Amazon Web Services Payment Cryptography uses for ciphertext decryption.
The keyARN of the encryption key that Amazon Web Services Payment Cryptography uses for plaintext encryption.
The keyARN of the CVK encryption key that Amazon Web Services Payment Cryptography uses to generate CVV or CSC.
The keyARN of the encryption key that Amazon Web Services Payment Cryptography uses for MAC generation.
The keyARN of the PEK that Amazon Web Services Payment Cryptography uses for encrypted pin block generation.
The keyARN of the pin data generation key that Amazon Web Services Payment Cryptography uses for PIN, PVV or PIN Offset generation.
The keyARN (Amazon Resource Name) of the encryption key that Amazon Web Services Payment Cryptography uses for plaintext encryption.
", + "TranslatePinDataOutput$KeyArn": "The keyARN of the encryption key that Amazon Web Services Payment Cryptography uses to encrypt outgoing PIN block data after translation.
The keyARN of the major encryption key that Amazon Web Services Payment Cryptography uses for ARQC verification.
The keyARN of the CVK encryption key that Amazon Web Services Payment Cryptography uses to verify CVV or CSC.
The keyARN of the encryption key that Amazon Web Services Payment Cryptography uses for MAC verification.
The keyARN of the PEK that Amazon Web Services Payment Cryptography uses for encrypted pin block generation.
The keyARN of the PIN encryption key that Amazon Web Services Payment Cryptography uses for PIN or PIN Offset verification.
The keyARN of the encryption key that Amazon Web Services Payment Cryptography uses for ciphertext decryption.
The keyARN of the encryption key that Amazon Web Services Payment Cryptography uses for plaintext encryption.
The keyARN of the CVK encryption key that Amazon Web Services Payment Cryptography uses to generate card data.
The keyARN of the MAC generation encryption key.
The keyARN of the PEK that Amazon Web Services Payment Cryptography uses to encrypt the PIN Block.
The keyARN of the PEK that Amazon Web Services Payment Cryptography uses for pin data generation.
The keyARN of the encryption key of incoming ciphertext data.
The keyARN of the encryption key of outgoing ciphertext data after encryption by Amazon Web Services Payment Cryptography.
The keyARN of the encryption key under which incoming PIN block data is encrypted. This key type can be PEK or BDK.
The keyARN of the encryption key for encrypting outgoing PIN block data. This key type can be PEK or BDK.
The keyARN of the major encryption key that Amazon Web Services Payment Cryptography uses for ARQC verification.
The keyARN of the CVK encryption key that Amazon Web Services Payment Cryptography uses to verify card data.
The keyARN of the encryption key that Amazon Web Services Payment Cryptography uses to verify MAC data.
The keyARN of the encryption key under which the PIN block data is encrypted. This key type can be PEK or BDK.
The keyARN of the PIN verification key.
The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "EncryptDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "GenerateCardValidationDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "GenerateMacOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "GeneratePinDataOutput$EncryptionKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "GeneratePinDataOutput$GenerationKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "ReEncryptDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "TranslatePinDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "VerifyAuthRequestCryptogramOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "VerifyCardValidationDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "VerifyMacOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "VerifyPinDataOutput$EncryptionKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "VerifyPinDataOutput$VerificationKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
" + } + }, + "MacAlgorithm": { + "base": null, + "refs": { + "MacAttributes$Algorithm": "The encryption algorithm for MAC generation or verification.
" + } + }, + "MacAlgorithmDukpt": { + "base": "Parameters required for DUKPT MAC generation and verification.
", + "refs": { + "MacAttributes$DukptCmac": "Parameters that are required for MAC generation or verification using DUKPT CMAC algorithm.
", + "MacAttributes$DukptIso9797Algorithm1": "Parameters that are required for MAC generation or verification using DUKPT ISO 9797 algorithm1.
", + "MacAttributes$DukptIso9797Algorithm3": "Parameters that are required for MAC generation or verification using DUKPT ISO 9797 algorithm2.
" + } + }, + "MacAlgorithmEmv": { + "base": "Parameters that are required for EMV MAC generation and verification.
", + "refs": { + "MacAttributes$EmvMac": "Parameters that are required for MAC generation or verification using EMV MAC algorithm.
" + } + }, + "MacAttributes": { + "base": "Parameters that are required for DUKPT, HMAC, or EMV MAC generation or verification.
", + "refs": { + "GenerateMacInput$GenerationAttributes": "The attributes and data values to use for MAC generation within Amazon Web Services Payment Cryptography.
", + "VerifyMacInput$VerificationAttributes": "The attributes and data values to use for MAC verification within Amazon Web Services Payment Cryptography.
" + } + }, + "MajorKeyDerivationMode": { + "base": null, + "refs": { + "MacAlgorithmEmv$MajorKeyDerivationMode": "The method to use when deriving the master key for EMV MAC generation or verification.
", + "VerifyAuthRequestCryptogramInput$MajorKeyDerivationMode": "The method to use when deriving the major encryption key for ARQC verification within Amazon Web Services Payment Cryptography. The same key derivation mode was used for ARQC generation outside of Amazon Web Services Payment Cryptography.
" + } + }, + "NumberLengthBetween12And19": { + "base": null, + "refs": { + "GenerateCardValidationDataInput$PrimaryAccountNumber": "The Primary Account Number (PAN), a unique identifier for a payment credit or debit card that associates the card with a specific account holder.
", + "GeneratePinDataInput$PrimaryAccountNumber": "The Primary Account Number (PAN), a unique identifier for a payment credit or debit card that associates the card with a specific account holder.
", + "MacAlgorithmEmv$PrimaryAccountNumber": "The Primary Account Number (PAN), a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
", + "SessionKeyAmex$PrimaryAccountNumber": "The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
", + "SessionKeyEmv2000$PrimaryAccountNumber": "The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
", + "SessionKeyEmvCommon$PrimaryAccountNumber": "The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
", + "SessionKeyMastercard$PrimaryAccountNumber": "The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
", + "SessionKeyVisa$PrimaryAccountNumber": "The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
", + "TranslationPinDataIsoFormat034$PrimaryAccountNumber": "The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
", + "VerifyCardValidationDataInput$PrimaryAccountNumber": "The Primary Account Number (PAN), a unique identifier for a payment credit or debit card that associates the card with a specific account holder.
", + "VerifyPinDataInput$PrimaryAccountNumber": "The Primary Account Number (PAN), a unique identifier for a payment credit or debit card that associates the card with a specific account holder.
" + } + }, + "NumberLengthBetween3And5": { + "base": null, + "refs": { + "GenerateCardValidationDataOutput$ValidationData": "The CVV or CSC value that Amazon Web Services Payment Cryptography generates for the card.
", + "VerifyCardValidationDataInput$ValidationData": "The CVV or CSC value for use for card data verification within Amazon Web Services Payment Cryptography.
" + } + }, + "NumberLengthBetween4And12": { + "base": null, + "refs": { + "Ibm3624PinFromOffset$PinOffset": "The PIN offset value.
", + "Ibm3624PinVerification$PinOffset": "The PIN offset value.
", + "PinData$PinOffset": "The PIN offset value.
", + "PinData$VerificationValue": "The unique data to identify a cardholder. In most cases, this is the same as cardholder's Primary Account Number (PAN). If a value is not provided, it defaults to PAN.
", + "VisaPinVerification$VerificationValue": "Parameters that are required to generate or verify Visa PVV (PIN Verification Value).
" + } + }, + "NumberLengthBetween4And16": { + "base": null, + "refs": { + "Ibm3624NaturalPin$PinValidationData": "The unique data for cardholder identification.
", + "Ibm3624PinFromOffset$PinValidationData": "The unique data for cardholder identification.
", + "Ibm3624PinOffset$PinValidationData": "The unique data for cardholder identification.
", + "Ibm3624PinVerification$PinValidationData": "The unique data for cardholder identification.
", + "Ibm3624RandomPin$PinValidationData": "The unique data for cardholder identification.
" + } + }, + "NumberLengthEquals16": { + "base": null, + "refs": { + "Ibm3624NaturalPin$DecimalizationTable": "The decimalization table to use for IBM 3624 PIN algorithm. The table is used to convert the algorithm intermediate result from hexadecimal characters to decimal.
", + "Ibm3624PinFromOffset$DecimalizationTable": "The decimalization table to use for IBM 3624 PIN algorithm. The table is used to convert the algorithm intermediate result from hexadecimal characters to decimal.
", + "Ibm3624PinOffset$DecimalizationTable": "The decimalization table to use for IBM 3624 PIN algorithm. The table is used to convert the algorithm intermediate result from hexadecimal characters to decimal.
", + "Ibm3624PinVerification$DecimalizationTable": "The decimalization table to use for IBM 3624 PIN algorithm. The table is used to convert the algorithm intermediate result from hexadecimal characters to decimal.
", + "Ibm3624RandomPin$DecimalizationTable": "The decimalization table to use for IBM 3624 PIN algorithm. The table is used to convert the algorithm intermediate result from hexadecimal characters to decimal.
" + } + }, + "NumberLengthEquals3": { + "base": null, + "refs": { + "AmexCardSecurityCodeVersion2$ServiceCode": "The service code of the AMEX payment card. This is different from the Card Security Code (CSC).
", + "CardVerificationValue1$ServiceCode": "The service code of the payment card. This is different from Card Security Code (CSC).
", + "DynamicCardVerificationValue$ServiceCode": "The service code of the payment card. This is different from Card Security Code (CSC).
" + } + }, + "NumberLengthEquals4": { + "base": null, + "refs": { + "AmexCardSecurityCodeVersion1$CardExpiryDate": "The expiry date of a payment card.
", + "AmexCardSecurityCodeVersion2$CardExpiryDate": "The expiry date of a payment card.
", + "CardVerificationValue1$CardExpiryDate": "The expiry date of a payment card.
", + "CardVerificationValue2$CardExpiryDate": "The expiry date of a payment card.
", + "DiscoverDynamicCardVerificationCode$CardExpiryDate": "The expiry date of a payment card.
", + "DynamicCardVerificationValue$CardExpiryDate": "The expiry date of a payment card.
" + } + }, + "PaddingType": { + "base": null, + "refs": { + "AsymmetricEncryptionAttributes$PaddingType": "The padding to be included with the data.
", + "SymmetricEncryptionAttributes$PaddingType": "The padding to be included with the data.
" + } + }, + "PinBlockFormatForPinData": { + "base": null, + "refs": { + "GeneratePinDataInput$PinBlockFormat": "The PIN encoding format for pin data generation as specified in ISO 9564. Amazon Web Services Payment Cryptography supports ISO_Format_0 and ISO_Format_3.
The ISO_Format_0 PIN block format is equivalent to the ANSI X9.8, VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports a PIN from 4 to 12 digits in length.
The ISO_Format_3 PIN block format is the same as ISO_Format_0 except that the fill digits are random values from 10 to 15.
The PIN encoding format for pin data generation as specified in ISO 9564. Amazon Web Services Payment Cryptography supports ISO_Format_0 and ISO_Format_3.
The ISO_Format_0 PIN block format is equivalent to the ANSI X9.8, VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports a PIN from 4 to 12 digits in length.
The ISO_Format_3 PIN block format is the same as ISO_Format_0 except that the fill digits are random values from 10 to 15.
Parameters that are required to generate, translate, or verify PIN data.
", + "refs": { + "GeneratePinDataOutput$PinData": "The attributes and values Amazon Web Services Payment Cryptography uses for pin data generation.
" + } + }, + "PinGenerationAttributes": { + "base": "Parameters that are required for PIN data generation.
", + "refs": { + "GeneratePinDataInput$GenerationAttributes": "The attributes and values to use for PIN, PVV, or PIN Offset generation.
" + } + }, + "PinVerificationAttributes": { + "base": "Parameters that are required for PIN data verification.
", + "refs": { + "VerifyPinDataInput$VerificationAttributes": "The attributes and values for PIN data verification.
" + } + }, + "ReEncryptDataInput": { + "base": null, + "refs": { + } + }, + "ReEncryptDataOutput": { + "base": null, + "refs": { + } + }, + "ReEncryptionAttributes": { + "base": "Parameters that are required to perform reencryption operation.
", + "refs": { + "ReEncryptDataInput$IncomingEncryptionAttributes": "The attributes and values for incoming ciphertext.
", + "ReEncryptDataInput$OutgoingEncryptionAttributes": "The attributes and values for outgoing ciphertext data after encryption by Amazon Web Services Payment Cryptography.
" + } + }, + "ResourceNotFoundException": { + "base": "The request was denied due to an invalid resource error.
", + "refs": { + } + }, + "SessionKeyAmex": { + "base": "Parameters to derive session key for an Amex payment card.
", + "refs": { + "SessionKeyDerivation$Amex": "Parameters to derive session key for an Amex payment card for ARQC verification.
" + } + }, + "SessionKeyDerivation": { + "base": "Parameters to derive a session key for Authorization Response Cryptogram (ARQC) verification.
", + "refs": { + "VerifyAuthRequestCryptogramInput$SessionKeyDerivationAttributes": "The attributes and values to use for deriving a session key for ARQC verification within Amazon Web Services Payment Cryptography. The same attributes were used for ARQC generation outside of Amazon Web Services Payment Cryptography.
" + } + }, + "SessionKeyDerivationMode": { + "base": null, + "refs": { + "MacAlgorithmEmv$SessionKeyDerivationMode": "The method of deriving a session key for EMV MAC generation or verification.
" + } + }, + "SessionKeyDerivationValue": { + "base": "Parameters to derive session key value using a MAC EMV algorithm.
", + "refs": { + "MacAlgorithmEmv$SessionKeyDerivationValue": "Parameters that are required to generate session key for EMV generation and verification.
" + } + }, + "SessionKeyEmv2000": { + "base": "Parameters to derive session key for an Emv2000 payment card for ARQC verification.
", + "refs": { + "SessionKeyDerivation$Emv2000": "Parameters to derive session key for an Emv2000 payment card for ARQC verification.
" + } + }, + "SessionKeyEmvCommon": { + "base": "Parameters to derive session key for an Emv common payment card for ARQC verification.
", + "refs": { + "SessionKeyDerivation$EmvCommon": "Parameters to derive session key for an Emv common payment card for ARQC verification.
" + } + }, + "SessionKeyMastercard": { + "base": "Parameters to derive session key for Mastercard payment card for ARQC verification.
", + "refs": { + "SessionKeyDerivation$Mastercard": "Parameters to derive session key for a Mastercard payment card for ARQC verification.
" + } + }, + "SessionKeyVisa": { + "base": "Parameters to derive session key for Visa payment card for ARQC verification.
", + "refs": { + "SessionKeyDerivation$Visa": "Parameters to derive session key for a Visa payment cardfor ARQC verification.
" + } + }, + "String": { + "base": null, + "refs": { + "AccessDeniedException$Message": null, + "InternalServerException$Message": null, + "ResourceNotFoundException$ResourceId": "The resource that is missing.
", + "ThrottlingException$Message": null, + "ValidationException$message": null, + "ValidationExceptionField$message": "The request was denied due to an invalid request error.
", + "ValidationExceptionField$path": "The request was denied due to an invalid request error.
", + "VerificationFailedException$Message": null + } + }, + "SymmetricEncryptionAttributes": { + "base": "Parameters requried to encrypt plaintext data using symmetric keys.
", + "refs": { + "EncryptionDecryptionAttributes$Symmetric": "Parameters that are required to perform encryption and decryption using symmetric keys.
", + "ReEncryptionAttributes$Symmetric": "Parameters that are required to encrypt data using symmetric keys.
" + } + }, + "ThrottlingException": { + "base": "The request was denied due to request throttling.
", + "refs": { + } + }, + "TranslatePinDataInput": { + "base": null, + "refs": { + } + }, + "TranslatePinDataOutput": { + "base": null, + "refs": { + } + }, + "TranslationIsoFormats": { + "base": "Parameters that are required for translation between ISO9564 PIN block formats 0,1,3,4.
", + "refs": { + "TranslatePinDataInput$IncomingTranslationAttributes": "The format of the incoming PIN block data for tranlation within Amazon Web Services Payment Cryptography.
", + "TranslatePinDataInput$OutgoingTranslationAttributes": "The format of the outgoing PIN block data after tranlation by Amazon Web Services Payment Cryptography.
" + } + }, + "TranslationPinDataIsoFormat034": { + "base": "Parameters that are required for tranlation between ISO9564 PIN format 0,3,4 tranlation.
", + "refs": { + "TranslationIsoFormats$IsoFormat0": "Parameters that are required for ISO9564 PIN format 0 tranlation.
", + "TranslationIsoFormats$IsoFormat3": "Parameters that are required for ISO9564 PIN format 3 tranlation.
", + "TranslationIsoFormats$IsoFormat4": "Parameters that are required for ISO9564 PIN format 4 tranlation.
" + } + }, + "TranslationPinDataIsoFormat1": { + "base": "Parameters that are required for ISO9564 PIN format 1 tranlation.
", + "refs": { + "TranslationIsoFormats$IsoFormat1": "Parameters that are required for ISO9564 PIN format 1 tranlation.
" + } + }, + "ValidationException": { + "base": "The request was denied due to an invalid request error.
", + "refs": { + } + }, + "ValidationExceptionField": { + "base": "The request was denied due to an invalid request error.
", + "refs": { + "ValidationExceptionFieldList$member": null + } + }, + "ValidationExceptionFieldList": { + "base": null, + "refs": { + "ValidationException$fieldList": "The request was denied due to an invalid request error.
" + } + }, + "VerificationFailedException": { + "base": "This request failed verification.
", + "refs": { + } + }, + "VerificationFailedReason": { + "base": null, + "refs": { + "VerificationFailedException$Reason": "The reason for the exception.
" + } + }, + "VerifyAuthRequestCryptogramInput": { + "base": null, + "refs": { + } + }, + "VerifyAuthRequestCryptogramOutput": { + "base": null, + "refs": { + } + }, + "VerifyCardValidationDataInput": { + "base": null, + "refs": { + } + }, + "VerifyCardValidationDataOutput": { + "base": null, + "refs": { + } + }, + "VerifyMacInput": { + "base": null, + "refs": { + } + }, + "VerifyMacOutput": { + "base": null, + "refs": { + } + }, + "VerifyPinDataInput": { + "base": null, + "refs": { + } + }, + "VerifyPinDataOutput": { + "base": null, + "refs": { + } + }, + "VisaPin": { + "base": "Parameters that are required to generate or verify Visa PIN.
", + "refs": { + "PinGenerationAttributes$VisaPin": "Parameters that are required to generate or verify Visa PIN.
" + } + }, + "VisaPinVerification": { + "base": "Parameters that are required to generate or verify Visa PIN.
", + "refs": { + "PinVerificationAttributes$VisaPin": "Parameters that are required to generate or verify Visa PIN.
" + } + }, + "VisaPinVerificationValue": { + "base": "Parameters that are required to generate or verify Visa PVV (PIN Verification Value).
", + "refs": { + "PinGenerationAttributes$VisaPinVerificationValue": "Parameters that are required to generate or verify Visa PIN Verification Value (PVV).
" + } + } + } +} diff --git a/models/apis/payment-cryptography-data/2022-02-03/endpoint-rule-set-1.json b/models/apis/payment-cryptography-data/2022-02-03/endpoint-rule-set-1.json new file mode 100644 index 00000000000..0686f59b325 --- /dev/null +++ b/models/apis/payment-cryptography-data/2022-02-03/endpoint-rule-set-1.json @@ -0,0 +1,350 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "Boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://dataplane.payment-cryptography-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://dataplane.payment-cryptography-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://dataplane.payment-cryptography.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://dataplane.payment-cryptography.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + } + ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ] + } + ] +} \ No newline at end of file diff --git a/models/apis/payment-cryptography-data/2022-02-03/endpoint-tests-1.json b/models/apis/payment-cryptography-data/2022-02-03/endpoint-tests-1.json new file mode 100644 index 00000000000..b78414e0682 --- /dev/null +++ b/models/apis/payment-cryptography-data/2022-02-03/endpoint-tests-1.json @@ -0,0 +1,295 @@ +{ + "testCases": [ + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography-fips.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography-fips.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-isob-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-isob-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-isob-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://dataplane.payment-cryptography.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-isob-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true, + "Endpoint": "https://example.com" + } + } + ], + "version": "1.0" +} \ No newline at end of file diff --git a/models/apis/payment-cryptography-data/2022-02-03/examples-1.json b/models/apis/payment-cryptography-data/2022-02-03/examples-1.json new file mode 100644 index 00000000000..0ea7e3b0bbe --- /dev/null +++ b/models/apis/payment-cryptography-data/2022-02-03/examples-1.json @@ -0,0 +1,5 @@ +{ + "version": "1.0", + "examples": { + } +} diff --git a/models/apis/payment-cryptography-data/2022-02-03/paginators-1.json b/models/apis/payment-cryptography-data/2022-02-03/paginators-1.json new file mode 100644 index 00000000000..5677bd8e4a2 --- /dev/null +++ b/models/apis/payment-cryptography-data/2022-02-03/paginators-1.json @@ -0,0 +1,4 @@ +{ + "pagination": { + } +} diff --git a/models/apis/payment-cryptography/2021-09-14/api-2.json b/models/apis/payment-cryptography/2021-09-14/api-2.json new file mode 100644 index 00000000000..2d52af3ff8b --- /dev/null +++ b/models/apis/payment-cryptography/2021-09-14/api-2.json @@ -0,0 +1,1192 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2021-09-14", + "endpointPrefix":"controlplane.payment-cryptography", + "jsonVersion":"1.0", + "protocol":"json", + "serviceFullName":"Payment Cryptography Control Plane", + "serviceId":"Payment Cryptography", + "signatureVersion":"v4", + "signingName":"payment-cryptography", + "targetPrefix":"PaymentCryptographyControlPlane", + "uid":"payment-cryptography-2021-09-14" + }, + "operations":{ + "CreateAlias":{ + "name":"CreateAlias", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateAliasInput"}, + "output":{"shape":"CreateAliasOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "CreateKey":{ + "name":"CreateKey", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateKeyInput"}, + "output":{"shape":"CreateKeyOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "DeleteAlias":{ + "name":"DeleteAlias", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteAliasInput"}, + "output":{"shape":"DeleteAliasOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "DeleteKey":{ + "name":"DeleteKey", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteKeyInput"}, + "output":{"shape":"DeleteKeyOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "ExportKey":{ + "name":"ExportKey", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ExportKeyInput"}, + "output":{"shape":"ExportKeyOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "GetAlias":{ + "name":"GetAlias", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetAliasInput"}, + "output":{"shape":"GetAliasOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "GetKey":{ + "name":"GetKey", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetKeyInput"}, + "output":{"shape":"GetKeyOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "GetParametersForExport":{ + "name":"GetParametersForExport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetParametersForExportInput"}, + "output":{"shape":"GetParametersForExportOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "GetParametersForImport":{ + "name":"GetParametersForImport", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetParametersForImportInput"}, + "output":{"shape":"GetParametersForImportOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "GetPublicKeyCertificate":{ + "name":"GetPublicKeyCertificate", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetPublicKeyCertificateInput"}, + "output":{"shape":"GetPublicKeyCertificateOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "ImportKey":{ + "name":"ImportKey", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ImportKeyInput"}, + "output":{"shape":"ImportKeyOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "ListAliases":{ + "name":"ListAliases", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAliasesInput"}, + "output":{"shape":"ListAliasesOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "ListKeys":{ + "name":"ListKeys", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListKeysInput"}, + "output":{"shape":"ListKeysOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTagsForResourceInput"}, + "output":{"shape":"ListTagsForResourceOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "RestoreKey":{ + "name":"RestoreKey", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"RestoreKeyInput"}, + "output":{"shape":"RestoreKeyOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "StartKeyUsage":{ + "name":"StartKeyUsage", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartKeyUsageInput"}, + "output":{"shape":"StartKeyUsageOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "StopKeyUsage":{ + "name":"StopKeyUsage", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StopKeyUsageInput"}, + "output":{"shape":"StopKeyUsageOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TagResourceInput"}, + "output":{"shape":"TagResourceOutput"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceInput"}, + "output":{"shape":"UntagResourceOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, + "UpdateAlias":{ + "name":"UpdateAlias", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateAliasInput"}, + "output":{"shape":"UpdateAliasOutput"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "exception":true + }, + "Alias":{ + "type":"structure", + "required":["AliasName"], + "members":{ + "AliasName":{"shape":"AliasName"}, + "KeyArn":{"shape":"KeyArn"} + } + }, + "AliasName":{ + "type":"string", + "max":256, + "min":7, + "pattern":"^alias/[a-zA-Z0-9/_-]+$" + }, + "Aliases":{ + "type":"list", + "member":{"shape":"Alias"} + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "CertificateType":{ + "type":"string", + "max":32768, + "min":1, + "pattern":"^[^\\[;\\]<>]+$", + "sensitive":true + }, + "ConflictException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "exception":true + }, + "CreateAliasInput":{ + "type":"structure", + "required":["AliasName"], + "members":{ + "AliasName":{"shape":"AliasName"}, + "KeyArn":{"shape":"KeyArn"} + } + }, + "CreateAliasOutput":{ + "type":"structure", + "required":["Alias"], + "members":{ + "Alias":{"shape":"Alias"} + } + }, + "CreateKeyInput":{ + "type":"structure", + "required":[ + "Exportable", + "KeyAttributes" + ], + "members":{ + "Enabled":{"shape":"Boolean"}, + "Exportable":{"shape":"Boolean"}, + "KeyAttributes":{"shape":"KeyAttributes"}, + "KeyCheckValueAlgorithm":{"shape":"KeyCheckValueAlgorithm"}, + "Tags":{"shape":"Tags"} + } + }, + "CreateKeyOutput":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{"shape":"Key"} + } + }, + "DeleteAliasInput":{ + "type":"structure", + "required":["AliasName"], + "members":{ + "AliasName":{"shape":"AliasName"} + } + }, + "DeleteAliasOutput":{ + "type":"structure", + "members":{ + } + }, + "DeleteKeyInput":{ + "type":"structure", + "required":["KeyIdentifier"], + "members":{ + "DeleteKeyInDays":{"shape":"DeleteKeyInputDeleteKeyInDaysInteger"}, + "KeyIdentifier":{"shape":"KeyArnOrKeyAliasType"} + } + }, + "DeleteKeyInputDeleteKeyInDaysInteger":{ + "type":"integer", + "box":true, + "max":180, + "min":3 + }, + "DeleteKeyOutput":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{"shape":"Key"} + } + }, + "ExportKeyInput":{ + "type":"structure", + "required":[ + "ExportKeyIdentifier", + "KeyMaterial" + ], + "members":{ + "ExportKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"}, + "KeyMaterial":{"shape":"ExportKeyMaterial"} + } + }, + "ExportKeyMaterial":{ + "type":"structure", + "members":{ + "Tr31KeyBlock":{"shape":"ExportTr31KeyBlock"}, + "Tr34KeyBlock":{"shape":"ExportTr34KeyBlock"} + }, + "union":true + }, + "ExportKeyOutput":{ + "type":"structure", + "members":{ + "WrappedKey":{"shape":"WrappedKey"} + } + }, + "ExportTokenId":{ + "type":"string", + "pattern":"^export-token-[0-9a-zA-Z]{16,64}$" + }, + "ExportTr31KeyBlock":{ + "type":"structure", + "required":["WrappingKeyIdentifier"], + "members":{ + "WrappingKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"} + } + }, + "ExportTr34KeyBlock":{ + "type":"structure", + "required":[ + "CertificateAuthorityPublicKeyIdentifier", + "ExportToken", + "KeyBlockFormat", + "WrappingKeyCertificate" + ], + "members":{ + "CertificateAuthorityPublicKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"}, + "ExportToken":{"shape":"ExportTokenId"}, + "KeyBlockFormat":{"shape":"Tr34KeyBlockFormat"}, + "RandomNonce":{"shape":"HexLength16"}, + "WrappingKeyCertificate":{"shape":"CertificateType"} + } + }, + "GetAliasInput":{ + "type":"structure", + "required":["AliasName"], + "members":{ + "AliasName":{"shape":"AliasName"} + } + }, + "GetAliasOutput":{ + "type":"structure", + "required":["Alias"], + "members":{ + "Alias":{"shape":"Alias"} + } + }, + "GetKeyInput":{ + "type":"structure", + "required":["KeyIdentifier"], + "members":{ + "KeyIdentifier":{"shape":"KeyArnOrKeyAliasType"} + } + }, + "GetKeyOutput":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{"shape":"Key"} + } + }, + "GetParametersForExportInput":{ + "type":"structure", + "required":[ + "KeyMaterialType", + "SigningKeyAlgorithm" + ], + "members":{ + "KeyMaterialType":{"shape":"KeyMaterialType"}, + "SigningKeyAlgorithm":{"shape":"KeyAlgorithm"} + } + }, + "GetParametersForExportOutput":{ + "type":"structure", + "required":[ + "ExportToken", + "ParametersValidUntilTimestamp", + "SigningKeyAlgorithm", + "SigningKeyCertificate", + "SigningKeyCertificateChain" + ], + "members":{ + "ExportToken":{"shape":"ExportTokenId"}, + "ParametersValidUntilTimestamp":{"shape":"Timestamp"}, + "SigningKeyAlgorithm":{"shape":"KeyAlgorithm"}, + "SigningKeyCertificate":{"shape":"CertificateType"}, + "SigningKeyCertificateChain":{"shape":"CertificateType"} + } + }, + "GetParametersForImportInput":{ + "type":"structure", + "required":[ + "KeyMaterialType", + "WrappingKeyAlgorithm" + ], + "members":{ + "KeyMaterialType":{"shape":"KeyMaterialType"}, + "WrappingKeyAlgorithm":{"shape":"KeyAlgorithm"} + } + }, + "GetParametersForImportOutput":{ + "type":"structure", + "required":[ + "ImportToken", + "ParametersValidUntilTimestamp", + "WrappingKeyAlgorithm", + "WrappingKeyCertificate", + "WrappingKeyCertificateChain" + ], + "members":{ + "ImportToken":{"shape":"ImportTokenId"}, + "ParametersValidUntilTimestamp":{"shape":"Timestamp"}, + "WrappingKeyAlgorithm":{"shape":"KeyAlgorithm"}, + "WrappingKeyCertificate":{"shape":"CertificateType"}, + "WrappingKeyCertificateChain":{"shape":"CertificateType"} + } + }, + "GetPublicKeyCertificateInput":{ + "type":"structure", + "required":["KeyIdentifier"], + "members":{ + "KeyIdentifier":{"shape":"KeyArnOrKeyAliasType"} + } + }, + "GetPublicKeyCertificateOutput":{ + "type":"structure", + "required":[ + "KeyCertificate", + "KeyCertificateChain" + ], + "members":{ + "KeyCertificate":{"shape":"CertificateType"}, + "KeyCertificateChain":{"shape":"CertificateType"} + } + }, + "HexLength16":{ + "type":"string", + "max":16, + "min":16, + "pattern":"^[0-9A-F]+$" + }, + "ImportKeyInput":{ + "type":"structure", + "required":["KeyMaterial"], + "members":{ + "Enabled":{"shape":"Boolean"}, + "KeyCheckValueAlgorithm":{"shape":"KeyCheckValueAlgorithm"}, + "KeyMaterial":{"shape":"ImportKeyMaterial"}, + "Tags":{"shape":"Tags"} + } + }, + "ImportKeyMaterial":{ + "type":"structure", + "members":{ + "RootCertificatePublicKey":{"shape":"RootCertificatePublicKey"}, + "Tr31KeyBlock":{"shape":"ImportTr31KeyBlock"}, + "Tr34KeyBlock":{"shape":"ImportTr34KeyBlock"}, + "TrustedCertificatePublicKey":{"shape":"TrustedCertificatePublicKey"} + }, + "union":true + }, + "ImportKeyOutput":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{"shape":"Key"} + } + }, + "ImportTokenId":{ + "type":"string", + "pattern":"^import-token-[0-9a-zA-Z]{16,64}$" + }, + "ImportTr31KeyBlock":{ + "type":"structure", + "required":[ + "WrappedKeyBlock", + "WrappingKeyIdentifier" + ], + "members":{ + "WrappedKeyBlock":{"shape":"Tr31WrappedKeyBlock"}, + "WrappingKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"} + } + }, + "ImportTr34KeyBlock":{ + "type":"structure", + "required":[ + "CertificateAuthorityPublicKeyIdentifier", + "ImportToken", + "KeyBlockFormat", + "SigningKeyCertificate", + "WrappedKeyBlock" + ], + "members":{ + "CertificateAuthorityPublicKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"}, + "ImportToken":{"shape":"ImportTokenId"}, + "KeyBlockFormat":{"shape":"Tr34KeyBlockFormat"}, + "RandomNonce":{"shape":"HexLength16"}, + "SigningKeyCertificate":{"shape":"CertificateType"}, + "WrappedKeyBlock":{"shape":"Tr34WrappedKeyBlock"} + } + }, + "InternalServerException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "exception":true, + "fault":true + }, + "Key":{ + "type":"structure", + "required":[ + "CreateTimestamp", + "Enabled", + "Exportable", + "KeyArn", + "KeyAttributes", + "KeyCheckValue", + "KeyCheckValueAlgorithm", + "KeyOrigin", + "KeyState" + ], + "members":{ + "CreateTimestamp":{"shape":"Timestamp"}, + "DeletePendingTimestamp":{"shape":"Timestamp"}, + "DeleteTimestamp":{"shape":"Timestamp"}, + "Enabled":{"shape":"Boolean"}, + "Exportable":{"shape":"Boolean"}, + "KeyArn":{"shape":"KeyArn"}, + "KeyAttributes":{"shape":"KeyAttributes"}, + "KeyCheckValue":{"shape":"KeyCheckValue"}, + "KeyCheckValueAlgorithm":{"shape":"KeyCheckValueAlgorithm"}, + "KeyOrigin":{"shape":"KeyOrigin"}, + "KeyState":{"shape":"KeyState"}, + "UsageStartTimestamp":{"shape":"Timestamp"}, + "UsageStopTimestamp":{"shape":"Timestamp"} + } + }, + "KeyAlgorithm":{ + "type":"string", + "enum":[ + "TDES_2KEY", + "TDES_3KEY", + "AES_128", + "AES_192", + "AES_256", + "RSA_2048", + "RSA_3072", + "RSA_4096" + ] + }, + "KeyArn":{ + "type":"string", + "max":150, + "min":70, + "pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64}$" + }, + "KeyArnOrKeyAliasType":{ + "type":"string", + "max":322, + "min":7, + "pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$" + }, + "KeyAttributes":{ + "type":"structure", + "required":[ + "KeyAlgorithm", + "KeyClass", + "KeyModesOfUse", + "KeyUsage" + ], + "members":{ + "KeyAlgorithm":{"shape":"KeyAlgorithm"}, + "KeyClass":{"shape":"KeyClass"}, + "KeyModesOfUse":{"shape":"KeyModesOfUse"}, + "KeyUsage":{"shape":"KeyUsage"} + } + }, + "KeyCheckValue":{ + "type":"string", + "max":16, + "min":4, + "pattern":"^[0-9a-fA-F]+$" + }, + "KeyCheckValueAlgorithm":{ + "type":"string", + "enum":[ + "CMAC", + "ANSI_X9_24" + ] + }, + "KeyClass":{ + "type":"string", + "enum":[ + "SYMMETRIC_KEY", + "ASYMMETRIC_KEY_PAIR", + "PRIVATE_KEY", + "PUBLIC_KEY" + ] + }, + "KeyMaterial":{ + "type":"string", + "max":16384, + "min":48, + "sensitive":true + }, + "KeyMaterialType":{ + "type":"string", + "enum":[ + "TR34_KEY_BLOCK", + "TR31_KEY_BLOCK", + "ROOT_PUBLIC_KEY_CERTIFICATE", + "TRUSTED_PUBLIC_KEY_CERTIFICATE" + ] + }, + "KeyModesOfUse":{ + "type":"structure", + "members":{ + "Decrypt":{"shape":"PrimitiveBoolean"}, + "DeriveKey":{"shape":"PrimitiveBoolean"}, + "Encrypt":{"shape":"PrimitiveBoolean"}, + "Generate":{"shape":"PrimitiveBoolean"}, + "NoRestrictions":{"shape":"PrimitiveBoolean"}, + "Sign":{"shape":"PrimitiveBoolean"}, + "Unwrap":{"shape":"PrimitiveBoolean"}, + "Verify":{"shape":"PrimitiveBoolean"}, + "Wrap":{"shape":"PrimitiveBoolean"} + } + }, + "KeyOrigin":{ + "type":"string", + "enum":[ + "EXTERNAL", + "AWS_PAYMENT_CRYPTOGRAPHY" + ] + }, + "KeyState":{ + "type":"string", + "enum":[ + "CREATE_IN_PROGRESS", + "CREATE_COMPLETE", + "DELETE_PENDING", + "DELETE_COMPLETE" + ] + }, + "KeySummary":{ + "type":"structure", + "required":[ + "Enabled", + "Exportable", + "KeyArn", + "KeyAttributes", + "KeyCheckValue", + "KeyState" + ], + "members":{ + "Enabled":{"shape":"Boolean"}, + "Exportable":{"shape":"Boolean"}, + "KeyArn":{"shape":"KeyArn"}, + "KeyAttributes":{"shape":"KeyAttributes"}, + "KeyCheckValue":{"shape":"KeyCheckValue"}, + "KeyState":{"shape":"KeyState"} + } + }, + "KeySummaryList":{ + "type":"list", + "member":{"shape":"KeySummary"} + }, + "KeyUsage":{ + "type":"string", + "enum":[ + "TR31_B0_BASE_DERIVATION_KEY", + "TR31_C0_CARD_VERIFICATION_KEY", + "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", + "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", + "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", + "TR31_E1_EMV_MKEY_CONFIDENTIALITY", + "TR31_E2_EMV_MKEY_INTEGRITY", + "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", + "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", + "TR31_E6_EMV_MKEY_OTHER", + "TR31_K0_KEY_ENCRYPTION_KEY", + "TR31_K1_KEY_BLOCK_PROTECTION_KEY", + "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", + "TR31_M3_ISO_9797_3_MAC_KEY", + "TR31_M6_ISO_9797_5_CMAC_KEY", + "TR31_M7_HMAC_KEY", + "TR31_P0_PIN_ENCRYPTION_KEY", + "TR31_P1_PIN_GENERATION_KEY", + "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", + "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", + "TR31_V2_VISA_PIN_VERIFICATION_KEY", + "TR31_K2_TR34_ASYMMETRIC_KEY" + ] + }, + "ListAliasesInput":{ + "type":"structure", + "members":{ + "MaxResults":{"shape":"MaxResults"}, + "NextToken":{"shape":"NextToken"} + } + }, + "ListAliasesOutput":{ + "type":"structure", + "required":["Aliases"], + "members":{ + "Aliases":{"shape":"Aliases"}, + "NextToken":{"shape":"NextToken"} + } + }, + "ListKeysInput":{ + "type":"structure", + "members":{ + "KeyState":{"shape":"KeyState"}, + "MaxResults":{"shape":"MaxResults"}, + "NextToken":{"shape":"NextToken"} + } + }, + "ListKeysOutput":{ + "type":"structure", + "required":["Keys"], + "members":{ + "Keys":{"shape":"KeySummaryList"}, + "NextToken":{"shape":"NextToken"} + } + }, + "ListTagsForResourceInput":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "MaxResults":{"shape":"MaxResults"}, + "NextToken":{"shape":"NextToken"}, + "ResourceArn":{"shape":"ResourceArn"} + } + }, + "ListTagsForResourceOutput":{ + "type":"structure", + "required":["Tags"], + "members":{ + "NextToken":{"shape":"NextToken"}, + "Tags":{"shape":"Tags"} + } + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "NextToken":{ + "type":"string", + "max":8192, + "min":1 + }, + "PrimitiveBoolean":{"type":"boolean"}, + "ResourceArn":{ + "type":"string", + "max":150, + "min":70, + "pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64}$" + }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "ResourceId":{"shape":"String"} + }, + "exception":true + }, + "RestoreKeyInput":{ + "type":"structure", + "required":["KeyIdentifier"], + "members":{ + "KeyIdentifier":{"shape":"KeyArnOrKeyAliasType"} + } + }, + "RestoreKeyOutput":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{"shape":"Key"} + } + }, + "RootCertificatePublicKey":{ + "type":"structure", + "required":[ + "KeyAttributes", + "PublicKeyCertificate" + ], + "members":{ + "KeyAttributes":{"shape":"KeyAttributes"}, + "PublicKeyCertificate":{"shape":"CertificateType"} + } + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "exception":true + }, + "ServiceUnavailableException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "exception":true, + "fault":true + }, + "StartKeyUsageInput":{ + "type":"structure", + "required":["KeyIdentifier"], + "members":{ + "KeyIdentifier":{"shape":"KeyArnOrKeyAliasType"} + } + }, + "StartKeyUsageOutput":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{"shape":"Key"} + } + }, + "StopKeyUsageInput":{ + "type":"structure", + "required":["KeyIdentifier"], + "members":{ + "KeyIdentifier":{"shape":"KeyArnOrKeyAliasType"} + } + }, + "StopKeyUsageOutput":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{"shape":"Key"} + } + }, + "String":{"type":"string"}, + "Tag":{ + "type":"structure", + "required":["Key"], + "members":{ + "Key":{"shape":"TagKey"}, + "Value":{"shape":"TagValue"} + } + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1 + }, + "TagKeys":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":200, + "min":0 + }, + "TagResourceInput":{ + "type":"structure", + "required":[ + "ResourceArn", + "Tags" + ], + "members":{ + "ResourceArn":{"shape":"ResourceArn"}, + "Tags":{"shape":"Tags"} + } + }, + "TagResourceOutput":{ + "type":"structure", + "members":{ + } + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0 + }, + "Tags":{ + "type":"list", + "member":{"shape":"Tag"}, + "max":200, + "min":0 + }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "exception":true + }, + "Timestamp":{"type":"timestamp"}, + "Tr31WrappedKeyBlock":{ + "type":"string", + "max":9984, + "min":56, + "pattern":"^[0-9A-Z]+$" + }, + "Tr34KeyBlockFormat":{ + "type":"string", + "enum":["X9_TR34_2012"] + }, + "Tr34WrappedKeyBlock":{ + "type":"string", + "max":4096, + "min":2, + "pattern":"^[0-9A-F]+$" + }, + "TrustedCertificatePublicKey":{ + "type":"structure", + "required":[ + "CertificateAuthorityPublicKeyIdentifier", + "KeyAttributes", + "PublicKeyCertificate" + ], + "members":{ + "CertificateAuthorityPublicKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"}, + "KeyAttributes":{"shape":"KeyAttributes"}, + "PublicKeyCertificate":{"shape":"CertificateType"} + } + }, + "UntagResourceInput":{ + "type":"structure", + "required":[ + "ResourceArn", + "TagKeys" + ], + "members":{ + "ResourceArn":{"shape":"ResourceArn"}, + "TagKeys":{"shape":"TagKeys"} + } + }, + "UntagResourceOutput":{ + "type":"structure", + "members":{ + } + }, + "UpdateAliasInput":{ + "type":"structure", + "required":["AliasName"], + "members":{ + "AliasName":{"shape":"AliasName"}, + "KeyArn":{"shape":"KeyArn"} + } + }, + "UpdateAliasOutput":{ + "type":"structure", + "required":["Alias"], + "members":{ + "Alias":{"shape":"Alias"} + } + }, + "ValidationException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "exception":true + }, + "WrappedKey":{ + "type":"structure", + "required":[ + "KeyMaterial", + "WrappedKeyMaterialFormat", + "WrappingKeyArn" + ], + "members":{ + "KeyMaterial":{"shape":"KeyMaterial"}, + "WrappedKeyMaterialFormat":{"shape":"WrappedKeyMaterialFormat"}, + "WrappingKeyArn":{"shape":"KeyArn"} + } + }, + "WrappedKeyMaterialFormat":{ + "type":"string", + "enum":[ + "KEY_CRYPTOGRAM", + "TR31_KEY_BLOCK", + "TR34_KEY_BLOCK" + ] + } + } +} diff --git a/models/apis/payment-cryptography/2021-09-14/docs-2.json b/models/apis/payment-cryptography/2021-09-14/docs-2.json new file mode 100644 index 00000000000..40201cc970b --- /dev/null +++ b/models/apis/payment-cryptography/2021-09-14/docs-2.json @@ -0,0 +1,658 @@ +{ + "version": "2.0", + "service": "You use the Amazon Web Services Payment Cryptography Control Plane to manage the encryption keys you use for payment-related cryptographic operations. You can create, import, export, share, manage, and delete keys. You can also manage Identity and Access Management (IAM) policies for keys. For more information, see Identity and access management in the Amazon Web Services Payment Cryptography User Guide.
To use encryption keys for payment-related transaction processing and associated cryptographic operations, you use the Amazon Web Services Payment Cryptography Data Plane. You can encrypt, decrypt, generate, verify, and translate payment-related cryptographic operations.
All Amazon Web Services Payment Cryptography API calls must be signed and transmitted using Transport Layer Security (TLS). We recommend you always use the latest supported TLS version for logging API requests.
Amazon Web Services Payment Cryptography supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to Amazon Web Services Payment Cryptography, who made the request, when it was made, and so on. If you don't configure a trail, you can still view the most recent events in the CloudTrail console. For more information, see the CloudTrail User Guide.
", + "operations": { + "CreateAlias": "Creates an alias, or a friendly name, for an Amazon Web Services Payment Cryptography key. You can use an alias to identify a key in the console and when you call cryptographic operations such as EncryptData or DecryptData.
You can associate the alias with any key in the same Amazon Web Services Region. Each alias is associated with only one key at a time, but a key can have multiple aliases. You can't create an alias without a key. The alias must be unique in the account and Amazon Web Services Region, but you can create another alias with the same name in a different Amazon Web Services Region.
To change the key that's associated with the alias, call UpdateAlias. To delete the alias, call DeleteAlias. These operations don't affect the underlying key. To get the alias that you created, call ListAliases.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "CreateKey": "Creates an Amazon Web Services Payment Cryptography key, a logical representation of a cryptographic key, that is unique in your account and Amazon Web Services Region. You use keys for cryptographic functions such as encryption and decryption.
In addition to the key material used in cryptographic operations, an Amazon Web Services Payment Cryptography key includes metadata such as the key ARN, key usage, key origin, creation date, description, and key state.
When you create a key, you specify both immutable and mutable data about the key. The immutable data contains key attributes that defines the scope and cryptographic operations that you can perform using the key, for example key class (example: SYMMETRIC_KEY), key algorithm (example: TDES_2KEY), key usage (example: TR31_P0_PIN_ENCRYPTION_KEY) and key modes of use (example: Encrypt). For information about valid combinations of key attributes, see Understanding key attributes in the Amazon Web Services Payment Cryptography User Guide. The mutable data contained within a key includes usage timestamp and key deletion timestamp and can be modified after creation.
Amazon Web Services Payment Cryptography binds key attributes to keys using key blocks when you store or export them. Amazon Web Services Payment Cryptography stores the key contents wrapped and never stores or transmits them in the clear.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "DeleteAlias": "Deletes the alias, but doesn't affect the underlying key.
Each key can have multiple aliases. To get the aliases of all keys, use the ListAliases operation. To change the alias of a key, first use DeleteAlias to delete the current alias and then use CreateAlias to create a new alias. To associate an existing alias with a different key, call UpdateAlias.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "DeleteKey": "Deletes the key material and all metadata associated with Amazon Web Services Payment Cryptography key.
Key deletion is irreversible. After a key is deleted, you can't perform cryptographic operations using the key. For example, you can't decrypt data that was encrypted by a deleted Amazon Web Services Payment Cryptography key, and the data may become unrecoverable. Because key deletion is destructive, Amazon Web Services Payment Cryptography has a safety mechanism to prevent accidental deletion of a key. When you call this operation, Amazon Web Services Payment Cryptography disables the specified key but doesn't delete it until after a waiting period. The default waiting period is 7 days. To set a different waiting period, set DeleteKeyInDays. During the waiting period, the KeyState is DELETE_PENDING. After the key is deleted, the KeyState is DELETE_COMPLETE.
If you delete key material, you can use ImportKey to reimport the same key material into the Amazon Web Services Payment Cryptography key.
You should delete a key only when you are sure that you don't need to use it anymore and no other parties are utilizing this key. If you aren't sure, consider deactivating it instead by calling StopKeyUsage.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "ExportKey": "Exports a key from Amazon Web Services Payment Cryptography using either ANSI X9 TR-34 or TR-31 key export standard.
Amazon Web Services Payment Cryptography simplifies main or root key exchange process by eliminating the need of a paper-based key exchange process. It takes a modern and secure approach based of the ANSI X9 TR-34 key exchange standard.
You can use ExportKey to export main or root keys such as KEK (Key Encryption Key), using asymmetric key exchange technique following ANSI X9 TR-34 standard. The ANSI X9 TR-34 standard uses asymmetric keys to establishes bi-directional trust between the two parties exchanging keys. After which you can export working keys using the ANSI X9 TR-31 symmetric key exchange standard as mandated by PCI PIN. Using this operation, you can share your Amazon Web Services Payment Cryptography generated keys with other service partners to perform cryptographic operations outside of Amazon Web Services Payment Cryptography
TR-34 key export
Amazon Web Services Payment Cryptography uses TR-34 asymmetric key exchange standard to export main keys such as KEK. In TR-34 terminology, the sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Host (KRH). In key export process, KDH is Amazon Web Services Payment Cryptography which initiates key export. KRH is the user receiving the key. Before you initiate TR-34 key export, you must obtain an export token by calling GetParametersForExport. This operation also returns the signing key certificate that KDH uses to sign the wrapped key to generate a TR-34 wrapped key block. The export token expires after 7 days.
Set the following parameters:
The KeyARN of the certificate chain that will sign the wrapping key certificate. This must exist within Amazon Web Services Payment Cryptography before you initiate TR-34 key export. If it does not exist, you can import it by calling ImportKey for RootCertificatePublicKey.
Obtained from KDH by calling GetParametersForExport.
Amazon Web Services Payment Cryptography uses this to wrap the key under export.
When this operation is successful, Amazon Web Services Payment Cryptography returns the TR-34 wrapped key block.
TR-31 key export
Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange standard to export working keys. In TR-31, you must use a main key such as KEK to encrypt or wrap the key under export. To establish a KEK, you can use CreateKey or ImportKey. When this operation is successful, Amazon Web Services Payment Cryptography returns a TR-31 wrapped key block.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "GetAlias": "Gets the Amazon Web Services Payment Cryptography key associated with the alias.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "GetKey": "Gets the key material for an Amazon Web Services Payment Cryptography key, including the immutable and mutable data specified when the key was created.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "GetParametersForExport": "Gets the export token and the signing key certificate to initiate a TR-34 key export from Amazon Web Services Payment Cryptography.
The signing key certificate signs the wrapped key under export within the TR-34 key payload. The export token and signing key certificate must be in place and operational before calling ExportKey. The export token expires in 7 days. You can use the same export token to export multiple keys from your service account.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "GetParametersForImport": "Gets the import token and the wrapping key certificate to initiate a TR-34 key import into Amazon Web Services Payment Cryptography.
The wrapping key certificate wraps the key under import within the TR-34 key payload. The import token and wrapping key certificate must be in place and operational before calling ImportKey. The import token expires in 7 days. The same import token can be used to import multiple keys into your service account.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "GetPublicKeyCertificate": "Gets the public key certificate of the asymmetric key pair that exists within Amazon Web Services Payment Cryptography.
Unlike the private key of an asymmetric key, which never leaves Amazon Web Services Payment Cryptography unencrypted, callers with GetPublicKeyCertificate permission can download the public key certificate of the asymmetric key. You can share the public key certificate to allow others to encrypt messages and verify signatures outside of Amazon Web Services Payment Cryptography
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
", + "ImportKey": "Imports keys and public key certificates into Amazon Web Services Payment Cryptography.
Amazon Web Services Payment Cryptography simplifies main or root key exchange process by eliminating the need of a paper-based key exchange process. It takes a modern and secure approach based of the ANSI X9 TR-34 key exchange standard.
You can use ImportKey to import main or root keys such as KEK (Key Encryption Key) using asymmetric key exchange technique following the ANSI X9 TR-34 standard. The ANSI X9 TR-34 standard uses asymmetric keys to establishes bi-directional trust between the two parties exchanging keys.
After you have imported a main or root key, you can import working keys to perform various cryptographic operations within Amazon Web Services Payment Cryptography using the ANSI X9 TR-31 symmetric key exchange standard as mandated by PCI PIN.
You can also import a root public key certificate, a self-signed certificate used to sign other public key certificates, or a trusted public key certificate under an already established root public key certificate.
To import a public root key certificate
Using this operation, you can import the public component (in PEM cerificate format) of your private root key. You can use the imported public root key certificate for digital signatures, for example signing wrapping key or signing key in TR-34, within your Amazon Web Services Payment Cryptography account.
Set the following parameters:
KeyMaterial: RootCertificatePublicKey
KeyClass: PUBLIC_KEY
KeyModesOfUse: Verify
KeyUsage: TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
PublicKeyCertificate: The certificate authority used to sign the root public key certificate.
To import a trusted public key certificate
The root public key certificate must be in place and operational before you import a trusted public key certificate. Set the following parameters:
KeyMaterial: TrustedCertificatePublicKey
CertificateAuthorityPublicKeyIdentifier: KeyArn of the RootCertificatePublicKey.
KeyModesOfUse and KeyUsage: Corresponding to the cryptographic operations such as wrap, sign, or encrypt that you will allow the trusted public key certificate to perform.
PublicKeyCertificate: The certificate authority used to sign the trusted public key certificate.
Import main keys
Amazon Web Services Payment Cryptography uses TR-34 asymmetric key exchange standard to import main keys such as KEK. In TR-34 terminology, the sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Host (KRH). During the key import process, KDH is the user who initiates the key import and KRH is Amazon Web Services Payment Cryptography who receives the key. Before initiating TR-34 key import, you must obtain an import token by calling GetParametersForImport. This operation also returns the wrapping key certificate that KDH uses wrap key under import to generate a TR-34 wrapped key block. The import token expires after 7 days.
Set the following parameters:
CertificateAuthorityPublicKeyIdentifier: The KeyArn of the certificate chain that will sign the signing key certificate and should exist within Amazon Web Services Payment Cryptography before initiating TR-34 key import. If it does not exist, you can import it by calling by calling ImportKey for RootCertificatePublicKey.
ImportToken: Obtained from KRH by calling GetParametersForImport.
WrappedKeyBlock: The TR-34 wrapped key block from KDH. It contains the KDH key under import, wrapped with KRH provided wrapping key certificate and signed by the KDH private signing key. This TR-34 key block is generated by the KDH Hardware Security Module (HSM) outside of Amazon Web Services Payment Cryptography.
SigningKeyCertificate: The public component of the private key that signed the KDH TR-34 wrapped key block. In PEM certificate format.
TR-34 is intended primarily to exchange 3DES keys. Your ability to export AES-128 and larger AES keys may be dependent on your source system.
Import working keys
Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange standard to import working keys. A KEK must be established within Amazon Web Services Payment Cryptography by using TR-34 key import. To initiate a TR-31 key import, set the following parameters:
WrappedKeyBlock: The key under import and encrypted using KEK. The TR-31 key block generated by your HSM outside of Amazon Web Services Payment Cryptography.
WrappingKeyIdentifier: The KeyArn of the KEK that Amazon Web Services Payment Cryptography uses to decrypt or unwrap the key under import.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "ListAliases": "Lists the aliases for all keys in the caller's Amazon Web Services account and Amazon Web Services Region. You can filter the list of aliases. For more information, see Using aliases in the Amazon Web Services Payment Cryptography User Guide.
This is a paginated operation, which means that each response might contain only a subset of all the aliases. When the response contains only a subset of aliases, it includes a NextToken value. Use this value in a subsequent ListAliases request to get more aliases. When you receive a response with no NextToken (or an empty or null value), that means there are no more aliases to get.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "ListKeys": "Lists the keys in the caller's Amazon Web Services account and Amazon Web Services Region. You can filter the list of keys.
This is a paginated operation, which means that each response might contain only a subset of all the keys. When the response contains only a subset of keys, it includes a NextToken value. Use this value in a subsequent ListKeys request to get more keys. When you receive a response with no NextToken (or an empty or null value), that means there are no more keys to get.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "ListTagsForResource": "Lists the tags for an Amazon Web Services resource.
This is a paginated operation, which means that each response might contain only a subset of all the tags. When the response contains only a subset of tags, it includes a NextToken value. Use this value in a subsequent ListTagsForResource request to get more tags. When you receive a response with no NextToken (or an empty or null value), that means there are no more tags to get.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "RestoreKey": "Cancels a scheduled key deletion during the waiting period. Use this operation to restore a Key that is scheduled for deletion.
During the waiting period, the KeyState is DELETE_PENDING and deletePendingTimestamp contains the date and time after which the Key will be deleted. After Key is restored, the KeyState is CREATE_COMPLETE, and the value for deletePendingTimestamp is removed.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "StartKeyUsage": "Enables an Amazon Web Services Payment Cryptography key, which makes it active for cryptographic operations within Amazon Web Services Payment Cryptography
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "StopKeyUsage": "Disables an Amazon Web Services Payment Cryptography key, which makes it inactive within Amazon Web Services Payment Cryptography.
You can use this operation instead of DeleteKey to deactivate a key. You can enable the key in the future by calling StartKeyUsage.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "TagResource": "Adds or edits tags on an Amazon Web Services Payment Cryptography key.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
Each tag consists of a tag key and a tag value, both of which are case-sensitive strings. The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag value. To edit a tag, specify an existing tag key and a new tag value. You can also add tags to an Amazon Web Services Payment Cryptography key when you create it with CreateKey.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "UntagResource": "Deletes a tag from an Amazon Web Services Payment Cryptography key.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "UpdateAlias": "Associates an existing Amazon Web Services Payment Cryptography alias with a different key. Each alias is associated with only one Amazon Web Services Payment Cryptography key at a time, although a key can have multiple aliases. The alias and the Amazon Web Services Payment Cryptography key must be in the same Amazon Web Services account and Amazon Web Services Region
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
" + }, + "shapes": { + "AccessDeniedException": { + "base": "You do not have sufficient access to perform this action.
", + "refs": { + } + }, + "Alias": { + "base": "Contains information about an alias.
", + "refs": { + "Aliases$member": null, + "CreateAliasOutput$Alias": "The alias for the key.
", + "GetAliasOutput$Alias": "The alias of the Amazon Web Services Payment Cryptography key.
", + "UpdateAliasOutput$Alias": "The alias name.
" + } + }, + "AliasName": { + "base": null, + "refs": { + "Alias$AliasName": "A friendly name that you can use to refer to a key. The value must begin with alias/.
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
A friendly name that you can use to refer a key. An alias must begin with alias/ followed by a name, for example alias/ExampleAlias. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-).
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
A friendly name that you can use to refer Amazon Web Services Payment Cryptography key. This value must begin with alias/ followed by a name, such as alias/ExampleAlias.
The alias of the Amazon Web Services Payment Cryptography key.
", + "UpdateAliasInput$AliasName": "The alias whose associated key is changing.
" + } + }, + "Aliases": { + "base": null, + "refs": { + "ListAliasesOutput$Aliases": "The list of aliases. Each alias describes the KeyArn contained within.
Specifies whether to enable the key. If the key is enabled, it is activated for use within the service. If the key not enabled, then it is created but not activated. The default value is enabled.
", + "CreateKeyInput$Exportable": "Specifies whether the key is exportable from the service.
", + "ImportKeyInput$Enabled": "Specifies whether import key is enabled.
", + "Key$Enabled": "Specifies whether the key is enabled.
", + "Key$Exportable": "Specifies whether the key is exportable. This data is immutable after the key is created.
", + "KeySummary$Enabled": "Specifies whether the key is enabled.
", + "KeySummary$Exportable": "Specifies whether the key is exportable. This data is immutable after the key is created.
" + } + }, + "CertificateType": { + "base": null, + "refs": { + "ExportTr34KeyBlock$WrappingKeyCertificate": "The KeyARN of the wrapping key certificate. Amazon Web Services Payment Cryptography uses this certificate to wrap the key under export.
The signing key certificate of the public key for signature within the TR-34 key block cryptogram. The certificate expires after 7 days.
", + "GetParametersForExportOutput$SigningKeyCertificateChain": "The certificate chain that signed the signing key certificate. This is the root certificate authority (CA) within your service account.
", + "GetParametersForImportOutput$WrappingKeyCertificate": "The wrapping key certificate of the wrapping key for use within the TR-34 key block. The certificate expires in 7 days.
", + "GetParametersForImportOutput$WrappingKeyCertificateChain": "The Amazon Web Services Payment Cryptography certificate chain that signed the wrapping key certificate. This is the root certificate authority (CA) within your service account.
", + "GetPublicKeyCertificateOutput$KeyCertificate": "The public key component of the asymmetric key pair in a certificate (PEM) format. It is signed by the root certificate authority (CA) within your service account. The certificate expires in 90 days.
", + "GetPublicKeyCertificateOutput$KeyCertificateChain": "The certificate chain that signed the public key certificate of the asymmetric key pair. This is the root certificate authority (CA) within your service account.
", + "ImportTr34KeyBlock$SigningKeyCertificate": "The public key component in PEM certificate format of the private key that signs the KDH TR-34 wrapped key block.
", + "RootCertificatePublicKey$PublicKeyCertificate": "Parameter information for root public key certificate import.
", + "TrustedCertificatePublicKey$PublicKeyCertificate": "Parameter information for trusted public key certificate import.
" + } + }, + "ConflictException": { + "base": "This request can cause an inconsistent state for the resource.
", + "refs": { + } + }, + "CreateAliasInput": { + "base": null, + "refs": { + } + }, + "CreateAliasOutput": { + "base": null, + "refs": { + } + }, + "CreateKeyInput": { + "base": null, + "refs": { + } + }, + "CreateKeyOutput": { + "base": null, + "refs": { + } + }, + "DeleteAliasInput": { + "base": null, + "refs": { + } + }, + "DeleteAliasOutput": { + "base": null, + "refs": { + } + }, + "DeleteKeyInput": { + "base": null, + "refs": { + } + }, + "DeleteKeyInputDeleteKeyInDaysInteger": { + "base": null, + "refs": { + "DeleteKeyInput$DeleteKeyInDays": "The waiting period for key deletion. The default value is seven days.
" + } + }, + "DeleteKeyOutput": { + "base": null, + "refs": { + } + }, + "ExportKeyInput": { + "base": null, + "refs": { + } + }, + "ExportKeyMaterial": { + "base": "Parameter information for key material export from Amazon Web Services Payment Cryptography.
", + "refs": { + "ExportKeyInput$KeyMaterial": "The key block format type, for example, TR-34 or TR-31, to use during key material export.
" + } + }, + "ExportKeyOutput": { + "base": null, + "refs": { + } + }, + "ExportTokenId": { + "base": null, + "refs": { + "ExportTr34KeyBlock$ExportToken": "The export token to initiate key export from Amazon Web Services Payment Cryptography. It also contains the signing key certificate that will sign the wrapped key during TR-34 key block generation. Call GetParametersForExport to receive an export token. It expires after 7 days. You can use the same export token to export multiple keys from the same service account.
", + "GetParametersForExportOutput$ExportToken": "The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 7 days. You can use the same export token to export multiple keys from the same service account.
" + } + }, + "ExportTr31KeyBlock": { + "base": "Parameter information for key material export using TR-31 standard.
", + "refs": { + "ExportKeyMaterial$Tr31KeyBlock": "Parameter information for key material export using TR-31 standard.
" + } + }, + "ExportTr34KeyBlock": { + "base": "Parameter information for key material export using TR-34 standard.
", + "refs": { + "ExportKeyMaterial$Tr34KeyBlock": "Parameter information for key material export using TR-34 standard.
" + } + }, + "GetAliasInput": { + "base": null, + "refs": { + } + }, + "GetAliasOutput": { + "base": null, + "refs": { + } + }, + "GetKeyInput": { + "base": null, + "refs": { + } + }, + "GetKeyOutput": { + "base": null, + "refs": { + } + }, + "GetParametersForExportInput": { + "base": null, + "refs": { + } + }, + "GetParametersForExportOutput": { + "base": null, + "refs": { + } + }, + "GetParametersForImportInput": { + "base": null, + "refs": { + } + }, + "GetParametersForImportOutput": { + "base": null, + "refs": { + } + }, + "GetPublicKeyCertificateInput": { + "base": null, + "refs": { + } + }, + "GetPublicKeyCertificateOutput": { + "base": null, + "refs": { + } + }, + "HexLength16": { + "base": null, + "refs": { + "ExportTr34KeyBlock$RandomNonce": "A random number value that is unique to the TR-34 key block generated using 2 pass. The operation will fail, if a random nonce value is not provided for a TR-34 key block generated using 2 pass.
", + "ImportTr34KeyBlock$RandomNonce": "A random number value that is unique to the TR-34 key block generated using 2 pass. The operation will fail, if a random nonce value is not provided for a TR-34 key block generated using 2 pass.
" + } + }, + "ImportKeyInput": { + "base": null, + "refs": { + } + }, + "ImportKeyMaterial": { + "base": "Parameter information for key material import.
", + "refs": { + "ImportKeyInput$KeyMaterial": "The key or public key certificate type to use during key material import, for example TR-34 or RootCertificatePublicKey.
" + } + }, + "ImportKeyOutput": { + "base": null, + "refs": { + } + }, + "ImportTokenId": { + "base": null, + "refs": { + "GetParametersForImportOutput$ImportToken": "The import token to initiate key import into Amazon Web Services Payment Cryptography. The import token expires after 7 days. You can use the same import token to import multiple keys to the same service account.
", + "ImportTr34KeyBlock$ImportToken": "The import token that initiates key import into Amazon Web Services Payment Cryptography. It expires after 7 days. You can use the same import token to import multiple keys to the same service account.
" + } + }, + "ImportTr31KeyBlock": { + "base": "Parameter information for key material import using TR-31 standard.
", + "refs": { + "ImportKeyMaterial$Tr31KeyBlock": "Parameter information for key material import using TR-31 standard.
" + } + }, + "ImportTr34KeyBlock": { + "base": "Parameter information for key material import using TR-34 standard.
", + "refs": { + "ImportKeyMaterial$Tr34KeyBlock": "Parameter information for key material import using TR-34 standard.
" + } + }, + "InternalServerException": { + "base": "The request processing has failed because of an unknown error, exception, or failure.
", + "refs": { + } + }, + "Key": { + "base": "Metadata about an Amazon Web Services Payment Cryptography key.
", + "refs": { + "CreateKeyOutput$Key": "The key material that contains all the key attributes.
", + "DeleteKeyOutput$Key": "The KeyARN of the key that is scheduled for deletion.
The key material, including the immutable and mutable data for the key.
", + "ImportKeyOutput$Key": "The KeyARN of the key material imported within Amazon Web Services Payment Cryptography.
The key material of the restored key. The KeyState will change to CREATE_COMPLETE and value for DeletePendingTimestamp gets removed.
The KeyARN of the Amazon Web Services Payment Cryptography key activated for use.
The KeyARN of the key.
The signing key algorithm to generate a signing key certificate. This certificate signs the wrapped key under export within the TR-34 key block cryptogram. RSA_2048 is the only signing key algorithm allowed.
The algorithm of the signing key certificate for use in TR-34 key block generation. RSA_2048 is the only signing key algorithm allowed.
The wrapping key algorithm to generate a wrapping key certificate. This certificate wraps the key under import within the TR-34 key block cryptogram. RSA_2048 is the only wrapping key algorithm allowed.
The algorithm of the wrapping key for use within TR-34 key block. RSA_2048 is the only wrapping key algorithm allowed.
The key algorithm to be use during creation of an Amazon Web Services Payment Cryptography key.
For symmetric keys, Amazon Web Services Payment Cryptography supports AES and TDES algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography supports RSA and ECC_NIST algorithms.
The KeyARN of the key associated with the alias.
The KeyARN of the key to associate with the alias.
The Amazon Resource Name (ARN) of the key.
", + "KeySummary$KeyArn": "The Amazon Resource Name (ARN) of the key.
", + "UpdateAliasInput$KeyArn": "The KeyARN for the key that you are updating or removing from the alias.
The KeyARN of the wrapped key.
The KeyARN of the key that is scheduled for deletion.
The KeyARN of the key under export from Amazon Web Services Payment Cryptography.
The KeyARN of the the wrapping key. This key encrypts or wraps the key under export for TR-31 key block generation.
The KeyARN of the certificate chain that signs the wrapping key certificate during TR-34 key export.
The KeyARN of the Amazon Web Services Payment Cryptography key.
The KeyARN of the asymmetric key pair.
The KeyARN of the key that will decrypt or unwrap a TR-31 key block during import.
The KeyARN of the certificate chain that signs the signing key certificate during TR-34 key import.
The KeyARN of the key to be restored within Amazon Web Services Payment Cryptography.
The KeyArn of the key.
The KeyArn of the key.
The KeyARN of the root public key certificate or certificate chain that signs the trusted public key certificate import.
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
", + "refs": { + "CreateKeyInput$KeyAttributes": "The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
", + "Key$KeyAttributes": "The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
", + "KeySummary$KeyAttributes": "The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
", + "RootCertificatePublicKey$KeyAttributes": "The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the root public key is imported.
", + "TrustedCertificatePublicKey$KeyAttributes": "The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after a trusted public key is imported.
" + } + }, + "KeyCheckValue": { + "base": null, + "refs": { + "Key$KeyCheckValue": "The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", + "KeySummary$KeyCheckValue": "The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
" + } + }, + "KeyCheckValueAlgorithm": { + "base": null, + "refs": { + "CreateKeyInput$KeyCheckValueAlgorithm": "The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV) for DES and AES keys.
For DES key, the KCV is computed by encrypting 8 bytes, each with value '00', with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES key, the KCV is computed by encrypting 8 bytes, each with value '01', with the key to be checked and retaining the 3 highest order bytes of the encrypted result.
", + "ImportKeyInput$KeyCheckValueAlgorithm": "The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV) for DES and AES keys.
For DES key, the KCV is computed by encrypting 8 bytes, each with value '00', with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES key, the KCV is computed by encrypting 8 bytes, each with value '01', with the key to be checked and retaining the 3 highest order bytes of the encrypted result.
", + "Key$KeyCheckValueAlgorithm": "The algorithm used for calculating key check value (KCV) for DES and AES keys. For a DES key, Amazon Web Services Payment Cryptography computes the KCV by encrypting 8 bytes, each with value '00', with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For an AES key, Amazon Web Services Payment Cryptography computes the KCV by encrypting 8 bytes, each with value '01', with the key to be checked and retaining the 3 highest order bytes of the encrypted result.
" + } + }, + "KeyClass": { + "base": null, + "refs": { + "KeyAttributes$KeyClass": "The type of Amazon Web Services Payment Cryptography key to create, which determines the classification of the cryptographic method and whether Amazon Web Services Payment Cryptography key contains a symmetric key or an asymmetric key pair.
" + } + }, + "KeyMaterial": { + "base": null, + "refs": { + "WrappedKey$KeyMaterial": "Parameter information for generating a wrapped key using TR-31 or TR-34 standard.
" + } + }, + "KeyMaterialType": { + "base": null, + "refs": { + "GetParametersForExportInput$KeyMaterialType": "The key block format type (for example, TR-34 or TR-31) to use during key material export. Export token is only required for a TR-34 key export, TR34_KEY_BLOCK. Export token is not required for TR-31 key export.
The key block format type such as TR-34 or TR-31 to use during key material import. Import token is only required for TR-34 key import TR34_KEY_BLOCK. Import token is not required for TR-31 key import.
The list of cryptographic operations that you can perform using the key. The modes of use are defined in section A.5.3 of the TR-31 spec.
", + "refs": { + "KeyAttributes$KeyModesOfUse": "The list of cryptographic operations that you can perform using the key.
" + } + }, + "KeyOrigin": { + "base": "Defines the source of a key
", + "refs": { + "Key$KeyOrigin": "The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into Amazon Web Services Payment Cryptography, the value is EXTERNAL.
Defines the state of a key
", + "refs": { + "Key$KeyState": "The state of key that is being created or deleted.
", + "KeySummary$KeyState": "The state of an Amazon Web Services Payment Cryptography that is being created or deleted.
", + "ListKeysInput$KeyState": "The key state of the keys you want to list.
" + } + }, + "KeySummary": { + "base": "Metadata about an Amazon Web Services Payment Cryptography key.
", + "refs": { + "KeySummaryList$member": null + } + }, + "KeySummaryList": { + "base": null, + "refs": { + "ListKeysOutput$Keys": "The list of keys created within the caller's Amazon Web Services account and Amazon Web Services Region.
" + } + }, + "KeyUsage": { + "base": null, + "refs": { + "KeyAttributes$KeyUsage": "The cryptographic usage of an Amazon Web Services Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
" + } + }, + "ListAliasesInput": { + "base": null, + "refs": { + } + }, + "ListAliasesOutput": { + "base": null, + "refs": { + } + }, + "ListKeysInput": { + "base": null, + "refs": { + } + }, + "ListKeysOutput": { + "base": null, + "refs": { + } + }, + "ListTagsForResourceInput": { + "base": null, + "refs": { + } + }, + "ListTagsForResourceOutput": { + "base": null, + "refs": { + } + }, + "MaxResults": { + "base": null, + "refs": { + "ListAliasesInput$MaxResults": "Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
", + "ListKeysInput$MaxResults": "Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
", + "ListTagsForResourceInput$MaxResults": "Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
" + } + }, + "NextToken": { + "base": null, + "refs": { + "ListAliasesInput$NextToken": "Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the truncated response you just received.
The token for the next set of results, or an empty or null value if there are no more results.
", + "ListKeysInput$NextToken": "Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the truncated response you just received.
The token for the next set of results, or an empty or null value if there are no more results.
", + "ListTagsForResourceInput$NextToken": "Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the truncated response you just received.
The token for the next set of results, or an empty or null value if there are no more results.
" + } + }, + "PrimitiveBoolean": { + "base": null, + "refs": { + "KeyModesOfUse$Decrypt": "Specifies whether an Amazon Web Services Payment Cryptography key can be used to decrypt data.
", + "KeyModesOfUse$DeriveKey": "Specifies whether an Amazon Web Services Payment Cryptography key can be used to derive new keys.
", + "KeyModesOfUse$Encrypt": "Specifies whether an Amazon Web Services Payment Cryptography key can be used to encrypt data.
", + "KeyModesOfUse$Generate": "Specifies whether an Amazon Web Services Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
", + "KeyModesOfUse$NoRestrictions": "Specifies whether an Amazon Web Services Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
Specifies whether an Amazon Web Services Payment Cryptography key can be used for signing.
", + "KeyModesOfUse$Unwrap": "Specifies whether an Amazon Web Services Payment Cryptography key can be used to unwrap other keys.
", + "KeyModesOfUse$Verify": "Specifies whether an Amazon Web Services Payment Cryptography key can be used to verify signatures.
", + "KeyModesOfUse$Wrap": "Specifies whether an Amazon Web Services Payment Cryptography key can be used to wrap other keys.
" + } + }, + "ResourceArn": { + "base": null, + "refs": { + "ListTagsForResourceInput$ResourceArn": "The KeyARN of the key whose tags you are getting.
The KeyARN of the key whose tags are being updated.
The KeyARN of the key whose tags are being removed.
The request was denied due to an invalid resource error.
", + "refs": { + } + }, + "RestoreKeyInput": { + "base": null, + "refs": { + } + }, + "RestoreKeyOutput": { + "base": null, + "refs": { + } + }, + "RootCertificatePublicKey": { + "base": "Parameter information for root public key certificate import.
", + "refs": { + "ImportKeyMaterial$RootCertificatePublicKey": "Parameter information for root public key certificate import.
" + } + }, + "ServiceQuotaExceededException": { + "base": "This request would cause a service quota to be exceeded.
", + "refs": { + } + }, + "ServiceUnavailableException": { + "base": "The service cannot complete the request.
", + "refs": { + } + }, + "StartKeyUsageInput": { + "base": null, + "refs": { + } + }, + "StartKeyUsageOutput": { + "base": null, + "refs": { + } + }, + "StopKeyUsageInput": { + "base": null, + "refs": { + } + }, + "StopKeyUsageOutput": { + "base": null, + "refs": { + } + }, + "String": { + "base": null, + "refs": { + "AccessDeniedException$Message": null, + "ConflictException$Message": null, + "InternalServerException$Message": null, + "ResourceNotFoundException$ResourceId": "The string for the exception.
", + "ServiceQuotaExceededException$Message": null, + "ServiceUnavailableException$Message": null, + "ThrottlingException$Message": null, + "ValidationException$Message": null + } + }, + "Tag": { + "base": "A structure that contains information about a tag.
", + "refs": { + "Tags$member": null + } + }, + "TagKey": { + "base": null, + "refs": { + "Tag$Key": "The key of the tag.
", + "TagKeys$member": null + } + }, + "TagKeys": { + "base": null, + "refs": { + "UntagResourceInput$TagKeys": "One or more tag keys. Don't include the tag values.
If the Amazon Web Services Payment Cryptography key doesn't have the specified tag key, Amazon Web Services Payment Cryptography doesn't throw an exception or return a response. To confirm that the operation succeeded, use the ListTagsForResource operation.
" + } + }, + "TagResourceInput": { + "base": null, + "refs": { + } + }, + "TagResourceOutput": { + "base": null, + "refs": { + } + }, + "TagValue": { + "base": null, + "refs": { + "Tag$Value": "The value of the tag.
" + } + }, + "Tags": { + "base": null, + "refs": { + "CreateKeyInput$Tags": "The tags to attach to the key. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.
To use this parameter, you must have TagResource permission.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
The tags to attach to the key. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.
You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the specified one.
To use this parameter, you must have TagResource permission.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
The list of tags associated with a ResourceArn. Each tag will list the key-value pair contained within that tag.
One or more tags. Each tag consists of a tag key and a tag value. The tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the new one.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
To use this parameter, you must have TagResource permission in an IAM policy.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
The request was denied due to request throttling.
", + "refs": { + } + }, + "Timestamp": { + "base": null, + "refs": { + "GetParametersForExportOutput$ParametersValidUntilTimestamp": "The validity period of the export token.
", + "GetParametersForImportOutput$ParametersValidUntilTimestamp": "The validity period of the import token.
", + "Key$CreateTimestamp": "The date and time when the key was created.
", + "Key$DeletePendingTimestamp": "The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when KeyState is DELETE_PENDING and the key is scheduled for deletion.
The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when when the KeyState is DELETE_COMPLETE and the Amazon Web Services Payment Cryptography key is deleted.
The date and time after which Amazon Web Services Payment Cryptography will start using the key material for cryptographic operations.
", + "Key$UsageStopTimestamp": "The date and time after which Amazon Web Services Payment Cryptography will stop using the key material for cryptographic operations.
" + } + }, + "Tr31WrappedKeyBlock": { + "base": null, + "refs": { + "ImportTr31KeyBlock$WrappedKeyBlock": "The TR-34 wrapped key block to import.
" + } + }, + "Tr34KeyBlockFormat": { + "base": null, + "refs": { + "ExportTr34KeyBlock$KeyBlockFormat": "The format of key block that Amazon Web Services Payment Cryptography will use during key export.
", + "ImportTr34KeyBlock$KeyBlockFormat": "The key block format to use during key import. The only value allowed is X9_TR34_2012.
The TR-34 wrapped key block to import.
" + } + }, + "TrustedCertificatePublicKey": { + "base": "Parameter information for trusted public key certificate import.
", + "refs": { + "ImportKeyMaterial$TrustedCertificatePublicKey": "Parameter information for trusted public key certificate import.
" + } + }, + "UntagResourceInput": { + "base": null, + "refs": { + } + }, + "UntagResourceOutput": { + "base": null, + "refs": { + } + }, + "UpdateAliasInput": { + "base": null, + "refs": { + } + }, + "UpdateAliasOutput": { + "base": null, + "refs": { + } + }, + "ValidationException": { + "base": "The request was denied due to an invalid request error.
", + "refs": { + } + }, + "WrappedKey": { + "base": "Parameter information for generating a wrapped key using TR-31 or TR-34 standard.
", + "refs": { + "ExportKeyOutput$WrappedKey": "The key material under export as a TR-34 or TR-31 wrapped key block.
" + } + }, + "WrappedKeyMaterialFormat": { + "base": null, + "refs": { + "WrappedKey$WrappedKeyMaterialFormat": "The key block format of a wrapped key.
" + } + } + } +} diff --git a/models/apis/payment-cryptography/2021-09-14/endpoint-rule-set-1.json b/models/apis/payment-cryptography/2021-09-14/endpoint-rule-set-1.json new file mode 100644 index 00000000000..ff2c3e5d3ab --- /dev/null +++ b/models/apis/payment-cryptography/2021-09-14/endpoint-rule-set-1.json @@ -0,0 +1,350 @@ +{ + "version": "1.0", + "parameters": { + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "String" + }, + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "Boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "Boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "String" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://controlplane.payment-cryptography-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://controlplane.payment-cryptography-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://controlplane.payment-cryptography.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://controlplane.payment-cryptography.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + } + ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ] + } + ] +} \ No newline at end of file diff --git a/models/apis/payment-cryptography/2021-09-14/endpoint-tests-1.json b/models/apis/payment-cryptography/2021-09-14/endpoint-tests-1.json new file mode 100644 index 00000000000..859cd0c5242 --- /dev/null +++ b/models/apis/payment-cryptography/2021-09-14/endpoint-tests-1.json @@ -0,0 +1,295 @@ +{ + "testCases": [ + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography-fips.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography-fips.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography.us-gov-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography.us-gov-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-gov-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography-fips.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography-fips.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": true, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography.cn-north-1.api.amazonwebservices.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": true + } + }, + { + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography.cn-north-1.amazonaws.com.cn" + } + }, + "params": { + "UseFIPS": false, + "Region": "cn-north-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography-fips.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-iso-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography.us-iso-east-1.c2s.ic.gov" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-iso-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography-fips.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography-fips.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography.us-east-1.api.aws" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography.us-east-1.amazonaws.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "UseFIPS": true, + "Region": "us-isob-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography-fips.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "UseFIPS": true, + "Region": "us-isob-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "UseFIPS": false, + "Region": "us-isob-east-1", + "UseDualStack": true + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "expect": { + "endpoint": { + "url": "https://controlplane.payment-cryptography.us-isob-east-1.sc2s.sgov.gov" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-isob-east-1", + "UseDualStack": false + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips enabled and dualstack disabled", + "expect": { + "error": "Invalid Configuration: FIPS and custom endpoint are not supported" + }, + "params": { + "UseFIPS": true, + "Region": "us-east-1", + "UseDualStack": false, + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with fips disabled and dualstack enabled", + "expect": { + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" + }, + "params": { + "UseFIPS": false, + "Region": "us-east-1", + "UseDualStack": true, + "Endpoint": "https://example.com" + } + } + ], + "version": "1.0" +} \ No newline at end of file diff --git a/models/apis/payment-cryptography/2021-09-14/examples-1.json b/models/apis/payment-cryptography/2021-09-14/examples-1.json new file mode 100644 index 00000000000..0ea7e3b0bbe --- /dev/null +++ b/models/apis/payment-cryptography/2021-09-14/examples-1.json @@ -0,0 +1,5 @@ +{ + "version": "1.0", + "examples": { + } +} diff --git a/models/apis/payment-cryptography/2021-09-14/paginators-1.json b/models/apis/payment-cryptography/2021-09-14/paginators-1.json new file mode 100644 index 00000000000..02af499b653 --- /dev/null +++ b/models/apis/payment-cryptography/2021-09-14/paginators-1.json @@ -0,0 +1,22 @@ +{ + "pagination": { + "ListAliases": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Aliases" + }, + "ListKeys": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Keys" + }, + "ListTagsForResource": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Tags" + } + } +} diff --git a/models/apis/servicecatalog/2015-12-10/api-2.json b/models/apis/servicecatalog/2015-12-10/api-2.json index 60be94a06eb..2ea4102bce3 100644 --- a/models/apis/servicecatalog/2015-12-10/api-2.json +++ b/models/apis/servicecatalog/2015-12-10/api-2.json @@ -2041,7 +2041,8 @@ "ProductId":{"shape":"Id"}, "ProvisioningArtifactName":{"shape":"ProvisioningArtifactName"}, "ProductName":{"shape":"ProductViewName"}, - "Verbose":{"shape":"Verbose"} + "Verbose":{"shape":"Verbose"}, + "IncludeProvisioningArtifactParameters":{"shape":"Boolean"} } }, "DescribeProvisioningArtifactOutput":{ @@ -2049,7 +2050,8 @@ "members":{ "ProvisioningArtifactDetail":{"shape":"ProvisioningArtifactDetail"}, "Info":{"shape":"ProvisioningArtifactInfo"}, - "Status":{"shape":"Status"} + "Status":{"shape":"Status"}, + "ProvisioningArtifactParameters":{"shape":"ProvisioningArtifactParameters"} } }, "DescribeProvisioningParametersInput":{ diff --git a/models/apis/servicecatalog/2015-12-10/docs-2.json b/models/apis/servicecatalog/2015-12-10/docs-2.json index 2bc3fa8c990..9b5918f0359 100644 --- a/models/apis/servicecatalog/2015-12-10/docs-2.json +++ b/models/apis/servicecatalog/2015-12-10/docs-2.json @@ -330,6 +330,7 @@ "refs": { "CreatePortfolioShareInput$ShareTagOptions": "Enables or disables TagOptions sharing when creating the portfolio share. If this flag is not provided, TagOptions sharing is disabled.
Enables or disables Principal sharing when creating the portfolio share. If this flag is not provided, principal sharing is disabled.
When you enable Principal Name Sharing for a portfolio share, the share recipient account end users with a principal that matches any of the associated IAM patterns can provision products from the portfolio. Once shared, the share recipient can view associations of PrincipalType: IAM_PATTERN on their portfolio. You can create the principals in the recipient account before or after creating the share.
Indicates if the API call response does or does not include additional details about the provisioning parameters.
", "PortfolioShareDetail$Accepted": "Indicates whether the shared portfolio is imported by the recipient account. If the recipient is in an organization node, the share is automatically imported, and the field is always set to true.
", "PortfolioShareDetail$ShareTagOptions": "Indicates whether TagOptions sharing is enabled or disabled for the portfolio share.
", "PortfolioShareDetail$SharePrincipals": "Indicates if Principal sharing is enabled or disabled for the portfolio share.
The ARN of the principal (user, role, or group). The supported value is a fully defined IAM ARN if the PrincipalType is IAM. If the PrincipalType is IAM_PATTERN, the supported value is an IAM ARN without an AccountID in the following format:
arn:partition:iam:::resource-type/resource-id
The resource-id can be either of the following:
Fully formed, for example arn:aws:iam:::role/resource-name or arn:aws:iam:::role/resource-path/resource-name
A wildcard ARN. The wildcard ARN accepts IAM_PATTERN values with a \"*\" or \"?\" in the resource-id segment of the ARN, for example arn:partition:service:::resource-type/resource-path/resource-name. The new symbols are exclusive to the resource-path and resource-name and cannot be used to replace the resource-type or other ARN values.
Examples of an acceptable wildcard ARN:
arn:aws:iam:::role/ResourceName_*
arn:aws:iam:::role/*/ResourceName_?
Examples of an unacceptable wildcard ARN:
arn:aws:iam:::*/ResourceName
You can associate multiple IAM_PATTERNs even if the account has no principal with that name.
The ARN path and principal name allow unlimited wildcard characters.
The \"?\" wildcard character matches zero or one of any character. This is similar to \".?\" in regular regex context.
The \"*\" wildcard character matches any number of any characters. This is similar \".*\" in regular regex context.
In the IAM Principal ARNs format (arn:partition:iam:::resource-type/resource-path/resource-name), valid resource-type values include user/, group/, or role/. The \"?\" and \"*\" are allowed only after the resource-type, in the resource-id segment. You can use special characters anywhere within the resource-id.
The \"*\" also matches the \"/\" character, allowing paths to be formed within the resource-id. For example, arn:aws:iam:::role/*/ResourceName_? matches both arn:aws:iam:::role/pathA/pathB/ResourceName_1 and arn:aws:iam:::role/pathA/ResourceName_1.
The ARN of the principal (user, role, or group). If the PrincipalType is IAM, the supported value is a fully defined IAM Amazon Resource Name (ARN). If the PrincipalType is IAM_PATTERN, the supported value is an IAM ARN without an AccountID in the following format:
arn:partition:iam:::resource-type/resource-id
The ARN resource-id can be either:
A fully formed resource-id. For example, arn:aws:iam:::role/resource-name or arn:aws:iam:::role/resource-path/resource-name
A wildcard ARN. The wildcard ARN accepts IAM_PATTERN values with a \"*\" or \"?\" in the resource-id segment of the ARN. For example arn:partition:service:::resource-type/resource-path/resource-name. The new symbols are exclusive to the resource-path and resource-name and cannot replace the resource-type or other ARN values.
The ARN path and principal name allow unlimited wildcard characters.
Examples of an acceptable wildcard ARN:
arn:aws:iam:::role/ResourceName_*
arn:aws:iam:::role/*/ResourceName_?
Examples of an unacceptable wildcard ARN:
arn:aws:iam:::*/ResourceName
You can associate multiple IAM_PATTERNs even if the account has no principal with that name.
The \"?\" wildcard character matches zero or one of any character. This is similar to \".?\" in regular regex context. The \"*\" wildcard character matches any number of any characters. This is similar to \".*\" in regular regex context.
In the IAM Principal ARN format (arn:partition:iam:::resource-type/resource-path/resource-name), valid resource-type values include user/, group/, or role/. The \"?\" and \"*\" characters are allowed only after the resource-type in the resource-id segment. You can use special characters anywhere within the resource-id.
The \"*\" character also matches the \"/\" character, allowing paths to be formed within the resource-id. For example, arn:aws:iam:::role/*/ResourceName_? matches both arn:aws:iam:::role/pathA/pathB/ResourceName_1 and arn:aws:iam:::role/pathA/ResourceName_1.
", "DisassociatePrincipalFromPortfolioInput$PrincipalARN": "The ARN of the principal (user, role, or group). This field allows an ARN with no accountID with or without wildcard characters if PrincipalType is IAM_PATTERN.
The ARN of the principal (user, role, or group). This field allows for an ARN with no accountID, with or without wildcard characters if the PrincipalType is an IAM_PATTERN.
For more information, review associate-principal-with-portfolio in the Amazon Web Services CLI Command Reference.
" } @@ -1908,7 +1909,7 @@ "PrincipalType": { "base": null, "refs": { - "AssociatePrincipalWithPortfolioInput$PrincipalType": "The principal type. The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use an ARN with no accountID, with or without wildcard characters.
The principal type. The supported value is IAM if you use a fully defined Amazon Resource Name (ARN), or IAM_PATTERN if you use an ARN with no accountID, with or without wildcard characters.
The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you specify an IAM ARN with no AccountId, with or without wildcard characters.
The principal type. The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use an ARN with no accountID, with or without wildcard characters.
Information about the parameters used to provision the product.
", "DescribeProvisioningParametersOutput$ProvisioningArtifactParameters": "Information about the parameters used to provision the product.
" } }, diff --git a/models/apis/timestream-write/2018-11-01/api-2.json b/models/apis/timestream-write/2018-11-01/api-2.json index d260a998599..72aac6fb406 100644 --- a/models/apis/timestream-write/2018-11-01/api-2.json +++ b/models/apis/timestream-write/2018-11-01/api-2.json @@ -506,7 +506,8 @@ "TableName":{"shape":"ResourceCreateAPIName"}, "RetentionProperties":{"shape":"RetentionProperties"}, "Tags":{"shape":"TagList"}, - "MagneticStoreWriteProperties":{"shape":"MagneticStoreWriteProperties"} + "MagneticStoreWriteProperties":{"shape":"MagneticStoreWriteProperties"}, + "Schema":{"shape":"Schema"} } }, "CreateTableResponse":{ @@ -887,6 +888,34 @@ "max":20, "min":1 }, + "PartitionKey":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{"shape":"PartitionKeyType"}, + "Name":{"shape":"SchemaName"}, + "EnforcementInRecord":{"shape":"PartitionKeyEnforcementLevel"} + } + }, + "PartitionKeyEnforcementLevel":{ + "type":"string", + "enum":[ + "REQUIRED", + "OPTIONAL" + ] + }, + "PartitionKeyList":{ + "type":"list", + "member":{"shape":"PartitionKey"}, + "min":1 + }, + "PartitionKeyType":{ + "type":"string", + "enum":[ + "DIMENSION", + "MEASURE" + ] + }, "Record":{ "type":"structure", "members":{ @@ -1037,6 +1066,12 @@ "TIMESTAMP" ] }, + "Schema":{ + "type":"structure", + "members":{ + "CompositePartitionKey":{"shape":"PartitionKeyList"} + } + }, "SchemaName":{ "type":"string", "min":1 @@ -1075,7 +1110,8 @@ "RetentionProperties":{"shape":"RetentionProperties"}, "CreationTime":{"shape":"Date"}, "LastUpdatedTime":{"shape":"Date"}, - "MagneticStoreWriteProperties":{"shape":"MagneticStoreWriteProperties"} + "MagneticStoreWriteProperties":{"shape":"MagneticStoreWriteProperties"}, + "Schema":{"shape":"Schema"} } }, "TableList":{ @@ -1199,7 +1235,8 @@ "DatabaseName":{"shape":"ResourceName"}, "TableName":{"shape":"ResourceName"}, "RetentionProperties":{"shape":"RetentionProperties"}, - "MagneticStoreWriteProperties":{"shape":"MagneticStoreWriteProperties"} + "MagneticStoreWriteProperties":{"shape":"MagneticStoreWriteProperties"}, + "Schema":{"shape":"Schema"} } }, "UpdateTableResponse":{ diff --git a/models/apis/timestream-write/2018-11-01/docs-2.json b/models/apis/timestream-write/2018-11-01/docs-2.json index eaba65ebda1..57b26ea3a17 100644 --- a/models/apis/timestream-write/2018-11-01/docs-2.json +++ b/models/apis/timestream-write/2018-11-01/docs-2.json @@ -2,7 +2,7 @@ "version": "2.0", "service": "Amazon Timestream is a fast, scalable, fully managed time-series database service that makes it easy to store and analyze trillions of time-series data points per day. With Timestream, you can easily store and analyze IoT sensor data to derive insights from your IoT applications. You can analyze industrial telemetry to streamline equipment management and maintenance. You can also store and analyze log data and metrics to improve the performance and availability of your applications.
Timestream is built from the ground up to effectively ingest, process, and store time-series data. It organizes data to optimize query processing. It automatically scales based on the volume of data ingested and on the query volume to ensure you receive optimal performance while inserting and querying data. As your data grows over time, Timestream’s adaptive query processing engine spans across storage tiers to provide fast analysis while reducing costs.
", "operations": { - "CreateBatchLoadTask": "Creates a new Timestream batch load task. A batch load task processes data from a CSV source in an S3 location and writes to a Timestream table. A mapping from source to target is defined in a batch load task. Errors and events are written to a report at an S3 location. For the report, if the KMS key is not specified, the batch load task will be encrypted with a Timestream managed KMS key located in your account. For more information, see Amazon Web Services managed keys. Service quotas apply. For details, see code sample.
", + "CreateBatchLoadTask": "Creates a new Timestream batch load task. A batch load task processes data from a CSV source in an S3 location and writes to a Timestream table. A mapping from source to target is defined in a batch load task. Errors and events are written to a report at an S3 location. For the report, if the KMS key is not specified, the report will be encrypted with an S3 managed key when SSE_S3 is the option. Otherwise an error is thrown. For more information, see Amazon Web Services managed keys. Service quotas apply. For details, see code sample.
Creates a new Timestream database. If the KMS key is not specified, the database will be encrypted with a Timestream managed KMS key located in your account. For more information, see Amazon Web Services managed keys. Service quotas apply. For details, see code sample.
", "CreateTable": "Adds a new table to an existing database in your account. In an Amazon Web Services account, table names must be at least unique within each Region if they are in the same database. You might have identical table names in the same Region if the tables are in separate databases. While creating the table, you must specify the table name, database name, and the retention properties. Service quotas apply. See code sample for details.
", "DeleteDatabase": "Deletes a given Timestream database. This is an irreversible operation. After a database is deleted, the time-series data from its tables cannot be recovered.
All tables in the database must be deleted first, or a ValidationException error will be thrown.
Due to the nature of distributed retries, the operation can return either success or a ResourceNotFoundException. Clients should consider them equivalent.
See code sample for details.
", @@ -409,7 +409,7 @@ "refs": { "MeasureValue$Type": "Contains the data type of the MeasureValue for the time-series data point.
", "MixedMeasureMapping$MeasureValueType": "", - "Record$MeasureValueType": " Contains the data type of the measure value for the time-series data point. Default type is DOUBLE.
Contains the data type of the measure value for the time-series data point. Default type is DOUBLE. For more information, see Data types.
The total number of items to return in the output. If the total number of items available is more than the value specified, a NextToken is provided in the output. To resume pagination, provide the NextToken value as argument of a subsequent API invocation.
" } }, + "PartitionKey": { + "base": "An attribute used in partitioning data in a table. A dimension key partitions data using the values of the dimension specified by the dimension-name as partition key, while a measure key partitions data using measure names (values of the 'measure_name' column).
", + "refs": { + "PartitionKeyList$member": null + } + }, + "PartitionKeyEnforcementLevel": { + "base": null, + "refs": { + "PartitionKey$EnforcementInRecord": "The level of enforcement for the specification of a dimension key in ingested records. Options are REQUIRED (dimension key must be specified) and OPTIONAL (dimension key does not have to be specified).
" + } + }, + "PartitionKeyList": { + "base": null, + "refs": { + "Schema$CompositePartitionKey": "A non-empty list of partition keys defining the attributes used to partition the table data. The order of the list determines the partition hierarchy. The name and type of each partition key as well as the partition key order cannot be changed after the table is created. However, the enforcement level of each partition key can be changed.
" + } + }, + "PartitionKeyType": { + "base": null, + "refs": { + "PartitionKey$Type": "The type of the partition key. Options are DIMENSION (dimension key) and MEASURE (measure key).
" + } + }, "Record": { "base": "Represents a time-series data point being written into Timestream. Each record contains an array of dimensions. Dimensions represent the metadata attributes of a time-series data point, such as the instance name or Availability Zone of an EC2 instance. A record also contains the measure name, which is the name of the measure being collected (for example, the CPU utilization of an EC2 instance). Additionally, a record contains the measure value and the value type, which is the data type of the measure value. Also, the record contains the timestamp of when the measure was collected and the timestamp unit, which represents the granularity of the timestamp.
Records have a Version field, which is a 64-bit long that you can use for updating data points. Writes of a duplicate record with the same dimension, timestamp, and measure name but different measure value will only succeed if the Version attribute of the record in the write request is higher than that of the existing record. Timestream defaults to a Version of 1 for records without the Version field.
A Schema specifies the expected data model of the table.
", + "refs": { + "CreateTableRequest$Schema": "The schema of the table.
", + "Table$Schema": "The schema of the table.
", + "UpdateTableRequest$Schema": "The schema of the table.
" + } + }, "SchemaName": { "base": null, "refs": { @@ -644,6 +676,7 @@ "MultiMeasureAttributeMapping$SourceColumn": "", "MultiMeasureAttributeMapping$TargetMultiMeasureAttributeName": "", "MultiMeasureMappings$TargetMultiMeasureName": "", + "PartitionKey$Name": "The name of the attribute used for a dimension key.
", "Record$MeasureName": "Measure represents the data attribute of the time series. For example, the CPU utilization of an EC2 instance or the RPM of a wind turbine are measures.
" } }, @@ -686,7 +719,7 @@ "BatchLoadTaskDescription$ErrorMessage": "", "CreateDatabaseRequest$KmsKeyId": "The KMS key for the database. If the KMS key is not specified, the database will be encrypted with a Timestream managed KMS key located in your account. For more information, see Amazon Web Services managed keys.
", "Database$KmsKeyId": "The identifier of the KMS key used to encrypt the data stored in the database.
", - "MeasureValue$Value": "The value for the MeasureValue.
", + "MeasureValue$Value": "The value for the MeasureValue. For information, see Data types.
", "Record$MeasureValue": "Contains the measure value for the time-series data point.
", "ReportS3Configuration$KmsKeyId": "", "S3Configuration$KmsKeyId": "The KMS key ID for the customer S3 location when encrypting with an Amazon Web Services managed key.
", diff --git a/models/apis/timestream-write/2018-11-01/endpoint-tests-1.json b/models/apis/timestream-write/2018-11-01/endpoint-tests-1.json index 21efa51ffd8..37439a64a27 100644 --- a/models/apis/timestream-write/2018-11-01/endpoint-tests-1.json +++ b/models/apis/timestream-write/2018-11-01/endpoint-tests-1.json @@ -8,9 +8,9 @@ } }, "params": { - "UseDualStack": true, + "Region": "us-east-1", "UseFIPS": true, - "Region": "us-east-1" + "UseDualStack": true } }, { @@ -21,9 +21,9 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-east-1", "UseFIPS": true, - "Region": "us-east-1" + "UseDualStack": false } }, { @@ -34,9 +34,9 @@ } }, "params": { - "UseDualStack": true, + "Region": "us-east-1", "UseFIPS": false, - "Region": "us-east-1" + "UseDualStack": true } }, { @@ -47,9 +47,9 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-east-1", "UseFIPS": false, - "Region": "us-east-1" + "UseDualStack": false } }, { @@ -60,9 +60,9 @@ } }, "params": { - "UseDualStack": true, + "Region": "cn-north-1", "UseFIPS": true, - "Region": "cn-north-1" + "UseDualStack": true } }, { @@ -73,9 +73,9 @@ } }, "params": { - "UseDualStack": false, + "Region": "cn-north-1", "UseFIPS": true, - "Region": "cn-north-1" + "UseDualStack": false } }, { @@ -86,9 +86,9 @@ } }, "params": { - "UseDualStack": true, + "Region": "cn-north-1", "UseFIPS": false, - "Region": "cn-north-1" + "UseDualStack": true } }, { @@ -99,9 +99,9 @@ } }, "params": { - "UseDualStack": false, + "Region": "cn-north-1", "UseFIPS": false, - "Region": "cn-north-1" + "UseDualStack": false } }, { @@ -112,9 +112,9 @@ } }, "params": { - "UseDualStack": true, + "Region": "us-gov-east-1", "UseFIPS": true, - "Region": "us-gov-east-1" + "UseDualStack": true } }, { @@ -125,9 +125,9 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-gov-east-1", "UseFIPS": true, - "Region": "us-gov-east-1" + "UseDualStack": false } }, { @@ -138,9 +138,9 @@ } }, "params": { - "UseDualStack": true, + "Region": "us-gov-east-1", "UseFIPS": false, - "Region": "us-gov-east-1" + "UseDualStack": true } }, { @@ -151,9 +151,20 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-gov-east-1", "UseFIPS": false, - "Region": "us-gov-east-1" + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { @@ -164,9 +175,20 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-iso-east-1", "UseFIPS": true, - "Region": "us-iso-east-1" + "UseDualStack": false + } + }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { @@ -177,9 +199,20 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-iso-east-1", "UseFIPS": false, - "Region": "us-iso-east-1" + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": true } }, { @@ -190,9 +223,20 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-isob-east-1", "UseFIPS": true, - "Region": "us-isob-east-1" + "UseDualStack": false + } + }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { @@ -203,9 +247,9 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-isob-east-1", "UseFIPS": false, - "Region": "us-isob-east-1" + "UseDualStack": false } }, { @@ -216,9 +260,9 @@ } }, "params": { - "UseDualStack": false, - "UseFIPS": false, "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -230,8 +274,8 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -241,9 +285,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "UseDualStack": false, - "UseFIPS": true, "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -253,11 +297,17 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "UseDualStack": true, - "UseFIPS": false, "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true, "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index 873364c295f..8a12637e534 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -10513,13 +10513,17 @@ "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -22577,6 +22581,12 @@ } } }, + "simspaceweaver" : { + "endpoints" : { + "us-gov-east-1" : { }, + "us-gov-west-1" : { } + } + }, "sms" : { "endpoints" : { "fips-us-gov-east-1" : { diff --git a/service/athena/api.go b/service/athena/api.go index f174ced008d..6bdf06f9702 100644 --- a/service/athena/api.go +++ b/service/athena/api.go @@ -8921,6 +8921,7 @@ func (s CreateWorkGroupOutput) GoString() string { } // Specifies the KMS key that is used to encrypt the user's data stores in Athena. +// This setting does not apply to Athena SQL workgroups. type CustomerContentEncryptionConfiguration struct { _ struct{} `type:"structure"` @@ -9720,6 +9721,10 @@ type EngineConfiguration struct { // // MaxConcurrentDpus is a required field MaxConcurrentDpus *int64 `min:"2" type:"integer" required:"true"` + + // Specifies custom jar files and Spark properties for use cases like cluster + // encryption, table formats, and general Spark tuning. + SparkProperties map[string]*string `type:"map"` } // String returns the string representation. @@ -9786,6 +9791,12 @@ func (s *EngineConfiguration) SetMaxConcurrentDpus(v int64) *EngineConfiguration return s } +// SetSparkProperties sets the SparkProperties field's value. +func (s *EngineConfiguration) SetSparkProperties(v map[string]*string) *EngineConfiguration { + s.SparkProperties = v + return s +} + // The Athena engine version for running queries, or the PySpark engine version // for running sessions. type EngineVersion struct { @@ -18219,6 +18230,7 @@ type WorkGroupConfiguration struct { BytesScannedCutoffPerQuery *int64 `min:"1e+07" type:"long"` // Specifies the KMS key that is used to encrypt the user's data stores in Athena. + // This setting does not apply to Athena SQL workgroups. CustomerContentEncryptionConfiguration *CustomerContentEncryptionConfiguration `type:"structure"` // Enforces a minimal level of encryption for the workgroup for query and calculation @@ -18396,6 +18408,7 @@ type WorkGroupConfigurationUpdates struct { BytesScannedCutoffPerQuery *int64 `min:"1e+07" type:"long"` // Specifies the KMS key that is used to encrypt the user's data stores in Athena. + // This setting does not apply to Athena SQL workgroups. CustomerContentEncryptionConfiguration *CustomerContentEncryptionConfiguration `type:"structure"` // Enforces a minimal level of encryption for the workgroup for query and calculation @@ -18428,7 +18441,8 @@ type WorkGroupConfigurationUpdates struct { // Indicates that the data usage control limit per query is removed. WorkGroupConfiguration$BytesScannedCutoffPerQuery RemoveBytesScannedCutoffPerQuery *bool `type:"boolean"` - // Removes content encryption configuration for a workgroup. + // Removes content encryption configuration from an Apache Spark-enabled Athena + // workgroup. RemoveCustomerContentEncryptionConfiguration *bool `type:"boolean"` // If set to true, allows members assigned to a workgroup to specify Amazon diff --git a/service/comprehendmedical/api.go b/service/comprehendmedical/api.go index 67c33095d22..dd2e624a725 100644 --- a/service/comprehendmedical/api.go +++ b/service/comprehendmedical/api.go @@ -8054,6 +8054,9 @@ const ( // ICD10CMRelationshipTypeSystemOrganSite is a ICD10CMRelationshipType enum value ICD10CMRelationshipTypeSystemOrganSite = "SYSTEM_ORGAN_SITE" + + // ICD10CMRelationshipTypeQuality is a ICD10CMRelationshipType enum value + ICD10CMRelationshipTypeQuality = "QUALITY" ) // ICD10CMRelationshipType_Values returns all elements of the ICD10CMRelationshipType enum @@ -8061,6 +8064,7 @@ func ICD10CMRelationshipType_Values() []string { return []string{ ICD10CMRelationshipTypeOverlap, ICD10CMRelationshipTypeSystemOrganSite, + ICD10CMRelationshipTypeQuality, } } @@ -8208,6 +8212,12 @@ const ( // RelationshipTypeAmount is a RelationshipType enum value RelationshipTypeAmount = "AMOUNT" + + // RelationshipTypeUsage is a RelationshipType enum value + RelationshipTypeUsage = "USAGE" + + // RelationshipTypeQuality is a RelationshipType enum value + RelationshipTypeQuality = "QUALITY" ) // RelationshipType_Values returns all elements of the RelationshipType enum @@ -8233,6 +8243,8 @@ func RelationshipType_Values() []string { RelationshipTypeDirection, RelationshipTypeSystemOrganSite, RelationshipTypeAmount, + RelationshipTypeUsage, + RelationshipTypeQuality, } } @@ -8303,12 +8315,16 @@ func RxNormEntityType_Values() []string { const ( // RxNormTraitNameNegation is a RxNormTraitName enum value RxNormTraitNameNegation = "NEGATION" + + // RxNormTraitNamePastHistory is a RxNormTraitName enum value + RxNormTraitNamePastHistory = "PAST_HISTORY" ) // RxNormTraitName_Values returns all elements of the RxNormTraitName enum func RxNormTraitName_Values() []string { return []string{ RxNormTraitNameNegation, + RxNormTraitNamePastHistory, } } @@ -8406,6 +8422,9 @@ const ( // SNOMEDCTRelationshipTypeSystemOrganSite is a SNOMEDCTRelationshipType enum value SNOMEDCTRelationshipTypeSystemOrganSite = "SYSTEM_ORGAN_SITE" + + // SNOMEDCTRelationshipTypeTestUnit is a SNOMEDCTRelationshipType enum value + SNOMEDCTRelationshipTypeTestUnit = "TEST_UNIT" ) // SNOMEDCTRelationshipType_Values returns all elements of the SNOMEDCTRelationshipType enum @@ -8417,6 +8436,7 @@ func SNOMEDCTRelationshipType_Values() []string { SNOMEDCTRelationshipTypeTestUnits, SNOMEDCTRelationshipTypeDirection, SNOMEDCTRelationshipTypeSystemOrganSite, + SNOMEDCTRelationshipTypeTestUnit, } } diff --git a/service/paymentcryptography/api.go b/service/paymentcryptography/api.go new file mode 100644 index 00000000000..580eb904314 --- /dev/null +++ b/service/paymentcryptography/api.go @@ -0,0 +1,6915 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package paymentcryptography + +import ( + "fmt" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" +) + +const opCreateAlias = "CreateAlias" + +// CreateAliasRequest generates a "aws/request.Request" representing the +// client's request for the CreateAlias operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateAlias for more information on using the CreateAlias +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateAliasRequest method. +// req, resp := client.CreateAliasRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateAlias +func (c *PaymentCryptography) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, output *CreateAliasOutput) { + op := &request.Operation{ + Name: opCreateAlias, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateAliasInput{} + } + + output = &CreateAliasOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateAlias API operation for Payment Cryptography Control Plane. +// +// Creates an alias, or a friendly name, for an Amazon Web Services Payment +// Cryptography key. You can use an alias to identify a key in the console and +// when you call cryptographic operations such as EncryptData (https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_EncryptData.html) +// or DecryptData (https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_DecryptData.html). +// +// You can associate the alias with any key in the same Amazon Web Services +// Region. Each alias is associated with only one key at a time, but a key can +// have multiple aliases. You can't create an alias without a key. The alias +// must be unique in the account and Amazon Web Services Region, but you can +// create another alias with the same name in a different Amazon Web Services +// Region. +// +// To change the key that's associated with the alias, call UpdateAlias. To +// delete the alias, call DeleteAlias. These operations don't affect the underlying +// key. To get the alias that you created, call ListAliases. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - DeleteAlias +// +// - GetAlias +// +// - ListAliases +// +// - UpdateAlias +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation CreateAlias for usage and error information. +// +// Returned Error Types: +// +// - ServiceQuotaExceededException +// This request would cause a service quota to be exceeded. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateAlias +func (c *PaymentCryptography) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) { + req, out := c.CreateAliasRequest(input) + return out, req.Send() +} + +// CreateAliasWithContext is the same as CreateAlias with the addition of +// the ability to pass a context and additional request options. +// +// See CreateAlias for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) CreateAliasWithContext(ctx aws.Context, input *CreateAliasInput, opts ...request.Option) (*CreateAliasOutput, error) { + req, out := c.CreateAliasRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateKey = "CreateKey" + +// CreateKeyRequest generates a "aws/request.Request" representing the +// client's request for the CreateKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateKey for more information on using the CreateKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateKeyRequest method. +// req, resp := client.CreateKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateKey +func (c *PaymentCryptography) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, output *CreateKeyOutput) { + op := &request.Operation{ + Name: opCreateKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &CreateKeyInput{} + } + + output = &CreateKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateKey API operation for Payment Cryptography Control Plane. +// +// Creates an Amazon Web Services Payment Cryptography key, a logical representation +// of a cryptographic key, that is unique in your account and Amazon Web Services +// Region. You use keys for cryptographic functions such as encryption and decryption. +// +// In addition to the key material used in cryptographic operations, an Amazon +// Web Services Payment Cryptography key includes metadata such as the key ARN, +// key usage, key origin, creation date, description, and key state. +// +// When you create a key, you specify both immutable and mutable data about +// the key. The immutable data contains key attributes that defines the scope +// and cryptographic operations that you can perform using the key, for example +// key class (example: SYMMETRIC_KEY), key algorithm (example: TDES_2KEY), key +// usage (example: TR31_P0_PIN_ENCRYPTION_KEY) and key modes of use (example: +// Encrypt). For information about valid combinations of key attributes, see +// Understanding key attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// in the Amazon Web Services Payment Cryptography User Guide. The mutable data +// contained within a key includes usage timestamp and key deletion timestamp +// and can be modified after creation. +// +// Amazon Web Services Payment Cryptography binds key attributes to keys using +// key blocks when you store or export them. Amazon Web Services Payment Cryptography +// stores the key contents wrapped and never stores or transmits them in the +// clear. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - DeleteKey +// +// - GetKey +// +// - ListKeys +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation CreateKey for usage and error information. +// +// Returned Error Types: +// +// - ServiceQuotaExceededException +// This request would cause a service quota to be exceeded. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateKey +func (c *PaymentCryptography) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { + req, out := c.CreateKeyRequest(input) + return out, req.Send() +} + +// CreateKeyWithContext is the same as CreateKey with the addition of +// the ability to pass a context and additional request options. +// +// See CreateKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) CreateKeyWithContext(ctx aws.Context, input *CreateKeyInput, opts ...request.Option) (*CreateKeyOutput, error) { + req, out := c.CreateKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteAlias = "DeleteAlias" + +// DeleteAliasRequest generates a "aws/request.Request" representing the +// client's request for the DeleteAlias operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteAlias for more information on using the DeleteAlias +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteAliasRequest method. +// req, resp := client.DeleteAliasRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteAlias +func (c *PaymentCryptography) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, output *DeleteAliasOutput) { + op := &request.Operation{ + Name: opDeleteAlias, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteAliasInput{} + } + + output = &DeleteAliasOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteAlias API operation for Payment Cryptography Control Plane. +// +// Deletes the alias, but doesn't affect the underlying key. +// +// Each key can have multiple aliases. To get the aliases of all keys, use the +// ListAliases operation. To change the alias of a key, first use DeleteAlias +// to delete the current alias and then use CreateAlias to create a new alias. +// To associate an existing alias with a different key, call UpdateAlias. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - CreateAlias +// +// - GetAlias +// +// - ListAliases +// +// - UpdateAlias +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation DeleteAlias for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteAlias +func (c *PaymentCryptography) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) { + req, out := c.DeleteAliasRequest(input) + return out, req.Send() +} + +// DeleteAliasWithContext is the same as DeleteAlias with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteAlias for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) DeleteAliasWithContext(ctx aws.Context, input *DeleteAliasInput, opts ...request.Option) (*DeleteAliasOutput, error) { + req, out := c.DeleteAliasRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteKey = "DeleteKey" + +// DeleteKeyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteKey for more information on using the DeleteKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteKeyRequest method. +// req, resp := client.DeleteKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteKey +func (c *PaymentCryptography) DeleteKeyRequest(input *DeleteKeyInput) (req *request.Request, output *DeleteKeyOutput) { + op := &request.Operation{ + Name: opDeleteKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteKeyInput{} + } + + output = &DeleteKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteKey API operation for Payment Cryptography Control Plane. +// +// Deletes the key material and all metadata associated with Amazon Web Services +// Payment Cryptography key. +// +// Key deletion is irreversible. After a key is deleted, you can't perform cryptographic +// operations using the key. For example, you can't decrypt data that was encrypted +// by a deleted Amazon Web Services Payment Cryptography key, and the data may +// become unrecoverable. Because key deletion is destructive, Amazon Web Services +// Payment Cryptography has a safety mechanism to prevent accidental deletion +// of a key. When you call this operation, Amazon Web Services Payment Cryptography +// disables the specified key but doesn't delete it until after a waiting period. +// The default waiting period is 7 days. To set a different waiting period, +// set DeleteKeyInDays. During the waiting period, the KeyState is DELETE_PENDING. +// After the key is deleted, the KeyState is DELETE_COMPLETE. +// +// If you delete key material, you can use ImportKey to reimport the same key +// material into the Amazon Web Services Payment Cryptography key. +// +// You should delete a key only when you are sure that you don't need to use +// it anymore and no other parties are utilizing this key. If you aren't sure, +// consider deactivating it instead by calling StopKeyUsage. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - RestoreKey +// +// - StartKeyUsage +// +// - StopKeyUsage +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation DeleteKey for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteKey +func (c *PaymentCryptography) DeleteKey(input *DeleteKeyInput) (*DeleteKeyOutput, error) { + req, out := c.DeleteKeyRequest(input) + return out, req.Send() +} + +// DeleteKeyWithContext is the same as DeleteKey with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) DeleteKeyWithContext(ctx aws.Context, input *DeleteKeyInput, opts ...request.Option) (*DeleteKeyOutput, error) { + req, out := c.DeleteKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opExportKey = "ExportKey" + +// ExportKeyRequest generates a "aws/request.Request" representing the +// client's request for the ExportKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ExportKey for more information on using the ExportKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ExportKeyRequest method. +// req, resp := client.ExportKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKey +func (c *PaymentCryptography) ExportKeyRequest(input *ExportKeyInput) (req *request.Request, output *ExportKeyOutput) { + op := &request.Operation{ + Name: opExportKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ExportKeyInput{} + } + + output = &ExportKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// ExportKey API operation for Payment Cryptography Control Plane. +// +// Exports a key from Amazon Web Services Payment Cryptography using either +// ANSI X9 TR-34 or TR-31 key export standard. +// +// Amazon Web Services Payment Cryptography simplifies main or root key exchange +// process by eliminating the need of a paper-based key exchange process. It +// takes a modern and secure approach based of the ANSI X9 TR-34 key exchange +// standard. +// +// You can use ExportKey to export main or root keys such as KEK (Key Encryption +// Key), using asymmetric key exchange technique following ANSI X9 TR-34 standard. +// The ANSI X9 TR-34 standard uses asymmetric keys to establishes bi-directional +// trust between the two parties exchanging keys. After which you can export +// working keys using the ANSI X9 TR-31 symmetric key exchange standard as mandated +// by PCI PIN. Using this operation, you can share your Amazon Web Services +// Payment Cryptography generated keys with other service partners to perform +// cryptographic operations outside of Amazon Web Services Payment Cryptography +// +// # TR-34 key export +// +// Amazon Web Services Payment Cryptography uses TR-34 asymmetric key exchange +// standard to export main keys such as KEK. In TR-34 terminology, the sending +// party of the key is called Key Distribution Host (KDH) and the receiving +// party of the key is called Key Receiving Host (KRH). In key export process, +// KDH is Amazon Web Services Payment Cryptography which initiates key export. +// KRH is the user receiving the key. Before you initiate TR-34 key export, +// you must obtain an export token by calling GetParametersForExport. This operation +// also returns the signing key certificate that KDH uses to sign the wrapped +// key to generate a TR-34 wrapped key block. The export token expires after +// 7 days. +// +// Set the following parameters: +// +// # CertificateAuthorityPublicKeyIdentifier +// +// The KeyARN of the certificate chain that will sign the wrapping key certificate. +// This must exist within Amazon Web Services Payment Cryptography before you +// initiate TR-34 key export. If it does not exist, you can import it by calling +// ImportKey for RootCertificatePublicKey. +// +// # ExportToken +// +// Obtained from KDH by calling GetParametersForExport. +// +// # WrappingKeyCertificate +// +// Amazon Web Services Payment Cryptography uses this to wrap the key under +// export. +// +// When this operation is successful, Amazon Web Services Payment Cryptography +// returns the TR-34 wrapped key block. +// +// # TR-31 key export +// +// Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange +// standard to export working keys. In TR-31, you must use a main key such as +// KEK to encrypt or wrap the key under export. To establish a KEK, you can +// use CreateKey or ImportKey. When this operation is successful, Amazon Web +// Services Payment Cryptography returns a TR-31 wrapped key block. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - GetParametersForExport +// +// - ImportKey +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation ExportKey for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKey +func (c *PaymentCryptography) ExportKey(input *ExportKeyInput) (*ExportKeyOutput, error) { + req, out := c.ExportKeyRequest(input) + return out, req.Send() +} + +// ExportKeyWithContext is the same as ExportKey with the addition of +// the ability to pass a context and additional request options. +// +// See ExportKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) ExportKeyWithContext(ctx aws.Context, input *ExportKeyInput, opts ...request.Option) (*ExportKeyOutput, error) { + req, out := c.ExportKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetAlias = "GetAlias" + +// GetAliasRequest generates a "aws/request.Request" representing the +// client's request for the GetAlias operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetAlias for more information on using the GetAlias +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetAliasRequest method. +// req, resp := client.GetAliasRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetAlias +func (c *PaymentCryptography) GetAliasRequest(input *GetAliasInput) (req *request.Request, output *GetAliasOutput) { + op := &request.Operation{ + Name: opGetAlias, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetAliasInput{} + } + + output = &GetAliasOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetAlias API operation for Payment Cryptography Control Plane. +// +// Gets the Amazon Web Services Payment Cryptography key associated with the +// alias. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - CreateAlias +// +// - DeleteAlias +// +// - ListAliases +// +// - UpdateAlias +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation GetAlias for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetAlias +func (c *PaymentCryptography) GetAlias(input *GetAliasInput) (*GetAliasOutput, error) { + req, out := c.GetAliasRequest(input) + return out, req.Send() +} + +// GetAliasWithContext is the same as GetAlias with the addition of +// the ability to pass a context and additional request options. +// +// See GetAlias for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) GetAliasWithContext(ctx aws.Context, input *GetAliasInput, opts ...request.Option) (*GetAliasOutput, error) { + req, out := c.GetAliasRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetKey = "GetKey" + +// GetKeyRequest generates a "aws/request.Request" representing the +// client's request for the GetKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetKey for more information on using the GetKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetKeyRequest method. +// req, resp := client.GetKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetKey +func (c *PaymentCryptography) GetKeyRequest(input *GetKeyInput) (req *request.Request, output *GetKeyOutput) { + op := &request.Operation{ + Name: opGetKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetKeyInput{} + } + + output = &GetKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetKey API operation for Payment Cryptography Control Plane. +// +// Gets the key material for an Amazon Web Services Payment Cryptography key, +// including the immutable and mutable data specified when the key was created. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - CreateKey +// +// - DeleteKey +// +// - ListKeys +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation GetKey for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetKey +func (c *PaymentCryptography) GetKey(input *GetKeyInput) (*GetKeyOutput, error) { + req, out := c.GetKeyRequest(input) + return out, req.Send() +} + +// GetKeyWithContext is the same as GetKey with the addition of +// the ability to pass a context and additional request options. +// +// See GetKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) GetKeyWithContext(ctx aws.Context, input *GetKeyInput, opts ...request.Option) (*GetKeyOutput, error) { + req, out := c.GetKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetParametersForExport = "GetParametersForExport" + +// GetParametersForExportRequest generates a "aws/request.Request" representing the +// client's request for the GetParametersForExport operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetParametersForExport for more information on using the GetParametersForExport +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetParametersForExportRequest method. +// req, resp := client.GetParametersForExportRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExport +func (c *PaymentCryptography) GetParametersForExportRequest(input *GetParametersForExportInput) (req *request.Request, output *GetParametersForExportOutput) { + op := &request.Operation{ + Name: opGetParametersForExport, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetParametersForExportInput{} + } + + output = &GetParametersForExportOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetParametersForExport API operation for Payment Cryptography Control Plane. +// +// Gets the export token and the signing key certificate to initiate a TR-34 +// key export from Amazon Web Services Payment Cryptography. +// +// The signing key certificate signs the wrapped key under export within the +// TR-34 key payload. The export token and signing key certificate must be in +// place and operational before calling ExportKey. The export token expires +// in 7 days. You can use the same export token to export multiple keys from +// your service account. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - ExportKey +// +// - GetParametersForImport +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation GetParametersForExport for usage and error information. +// +// Returned Error Types: +// +// - ServiceQuotaExceededException +// This request would cause a service quota to be exceeded. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExport +func (c *PaymentCryptography) GetParametersForExport(input *GetParametersForExportInput) (*GetParametersForExportOutput, error) { + req, out := c.GetParametersForExportRequest(input) + return out, req.Send() +} + +// GetParametersForExportWithContext is the same as GetParametersForExport with the addition of +// the ability to pass a context and additional request options. +// +// See GetParametersForExport for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) GetParametersForExportWithContext(ctx aws.Context, input *GetParametersForExportInput, opts ...request.Option) (*GetParametersForExportOutput, error) { + req, out := c.GetParametersForExportRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetParametersForImport = "GetParametersForImport" + +// GetParametersForImportRequest generates a "aws/request.Request" representing the +// client's request for the GetParametersForImport operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetParametersForImport for more information on using the GetParametersForImport +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetParametersForImportRequest method. +// req, resp := client.GetParametersForImportRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImport +func (c *PaymentCryptography) GetParametersForImportRequest(input *GetParametersForImportInput) (req *request.Request, output *GetParametersForImportOutput) { + op := &request.Operation{ + Name: opGetParametersForImport, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetParametersForImportInput{} + } + + output = &GetParametersForImportOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetParametersForImport API operation for Payment Cryptography Control Plane. +// +// Gets the import token and the wrapping key certificate to initiate a TR-34 +// key import into Amazon Web Services Payment Cryptography. +// +// The wrapping key certificate wraps the key under import within the TR-34 +// key payload. The import token and wrapping key certificate must be in place +// and operational before calling ImportKey. The import token expires in 7 days. +// The same import token can be used to import multiple keys into your service +// account. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - GetParametersForExport +// +// - ImportKey +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation GetParametersForImport for usage and error information. +// +// Returned Error Types: +// +// - ServiceQuotaExceededException +// This request would cause a service quota to be exceeded. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImport +func (c *PaymentCryptography) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) { + req, out := c.GetParametersForImportRequest(input) + return out, req.Send() +} + +// GetParametersForImportWithContext is the same as GetParametersForImport with the addition of +// the ability to pass a context and additional request options. +// +// See GetParametersForImport for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) GetParametersForImportWithContext(ctx aws.Context, input *GetParametersForImportInput, opts ...request.Option) (*GetParametersForImportOutput, error) { + req, out := c.GetParametersForImportRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetPublicKeyCertificate = "GetPublicKeyCertificate" + +// GetPublicKeyCertificateRequest generates a "aws/request.Request" representing the +// client's request for the GetPublicKeyCertificate operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetPublicKeyCertificate for more information on using the GetPublicKeyCertificate +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GetPublicKeyCertificateRequest method. +// req, resp := client.GetPublicKeyCertificateRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetPublicKeyCertificate +func (c *PaymentCryptography) GetPublicKeyCertificateRequest(input *GetPublicKeyCertificateInput) (req *request.Request, output *GetPublicKeyCertificateOutput) { + op := &request.Operation{ + Name: opGetPublicKeyCertificate, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetPublicKeyCertificateInput{} + } + + output = &GetPublicKeyCertificateOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetPublicKeyCertificate API operation for Payment Cryptography Control Plane. +// +// Gets the public key certificate of the asymmetric key pair that exists within +// Amazon Web Services Payment Cryptography. +// +// Unlike the private key of an asymmetric key, which never leaves Amazon Web +// Services Payment Cryptography unencrypted, callers with GetPublicKeyCertificate +// permission can download the public key certificate of the asymmetric key. +// You can share the public key certificate to allow others to encrypt messages +// and verify signatures outside of Amazon Web Services Payment Cryptography +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation GetPublicKeyCertificate for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetPublicKeyCertificate +func (c *PaymentCryptography) GetPublicKeyCertificate(input *GetPublicKeyCertificateInput) (*GetPublicKeyCertificateOutput, error) { + req, out := c.GetPublicKeyCertificateRequest(input) + return out, req.Send() +} + +// GetPublicKeyCertificateWithContext is the same as GetPublicKeyCertificate with the addition of +// the ability to pass a context and additional request options. +// +// See GetPublicKeyCertificate for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) GetPublicKeyCertificateWithContext(ctx aws.Context, input *GetPublicKeyCertificateInput, opts ...request.Option) (*GetPublicKeyCertificateOutput, error) { + req, out := c.GetPublicKeyCertificateRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opImportKey = "ImportKey" + +// ImportKeyRequest generates a "aws/request.Request" representing the +// client's request for the ImportKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ImportKey for more information on using the ImportKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ImportKeyRequest method. +// req, resp := client.ImportKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKey +func (c *PaymentCryptography) ImportKeyRequest(input *ImportKeyInput) (req *request.Request, output *ImportKeyOutput) { + op := &request.Operation{ + Name: opImportKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ImportKeyInput{} + } + + output = &ImportKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// ImportKey API operation for Payment Cryptography Control Plane. +// +// Imports keys and public key certificates into Amazon Web Services Payment +// Cryptography. +// +// Amazon Web Services Payment Cryptography simplifies main or root key exchange +// process by eliminating the need of a paper-based key exchange process. It +// takes a modern and secure approach based of the ANSI X9 TR-34 key exchange +// standard. +// +// You can use ImportKey to import main or root keys such as KEK (Key Encryption +// Key) using asymmetric key exchange technique following the ANSI X9 TR-34 +// standard. The ANSI X9 TR-34 standard uses asymmetric keys to establishes +// bi-directional trust between the two parties exchanging keys. +// +// After you have imported a main or root key, you can import working keys to +// perform various cryptographic operations within Amazon Web Services Payment +// Cryptography using the ANSI X9 TR-31 symmetric key exchange standard as mandated +// by PCI PIN. +// +// You can also import a root public key certificate, a self-signed certificate +// used to sign other public key certificates, or a trusted public key certificate +// under an already established root public key certificate. +// +// # To import a public root key certificate +// +// Using this operation, you can import the public component (in PEM cerificate +// format) of your private root key. You can use the imported public root key +// certificate for digital signatures, for example signing wrapping key or signing +// key in TR-34, within your Amazon Web Services Payment Cryptography account. +// +// Set the following parameters: +// +// - KeyMaterial: RootCertificatePublicKey +// +// - KeyClass: PUBLIC_KEY +// +// - KeyModesOfUse: Verify +// +// - KeyUsage: TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE +// +// - PublicKeyCertificate: The certificate authority used to sign the root +// public key certificate. +// +// # To import a trusted public key certificate +// +// The root public key certificate must be in place and operational before you +// import a trusted public key certificate. Set the following parameters: +// +// - KeyMaterial: TrustedCertificatePublicKey +// +// - CertificateAuthorityPublicKeyIdentifier: KeyArn of the RootCertificatePublicKey. +// +// - KeyModesOfUse and KeyUsage: Corresponding to the cryptographic operations +// such as wrap, sign, or encrypt that you will allow the trusted public +// key certificate to perform. +// +// - PublicKeyCertificate: The certificate authority used to sign the trusted +// public key certificate. +// +// # Import main keys +// +// Amazon Web Services Payment Cryptography uses TR-34 asymmetric key exchange +// standard to import main keys such as KEK. In TR-34 terminology, the sending +// party of the key is called Key Distribution Host (KDH) and the receiving +// party of the key is called Key Receiving Host (KRH). During the key import +// process, KDH is the user who initiates the key import and KRH is Amazon Web +// Services Payment Cryptography who receives the key. Before initiating TR-34 +// key import, you must obtain an import token by calling GetParametersForImport. +// This operation also returns the wrapping key certificate that KDH uses wrap +// key under import to generate a TR-34 wrapped key block. The import token +// expires after 7 days. +// +// Set the following parameters: +// +// - CertificateAuthorityPublicKeyIdentifier: The KeyArn of the certificate +// chain that will sign the signing key certificate and should exist within +// Amazon Web Services Payment Cryptography before initiating TR-34 key import. +// If it does not exist, you can import it by calling by calling ImportKey +// for RootCertificatePublicKey. +// +// - ImportToken: Obtained from KRH by calling GetParametersForImport. +// +// - WrappedKeyBlock: The TR-34 wrapped key block from KDH. It contains the +// KDH key under import, wrapped with KRH provided wrapping key certificate +// and signed by the KDH private signing key. This TR-34 key block is generated +// by the KDH Hardware Security Module (HSM) outside of Amazon Web Services +// Payment Cryptography. +// +// - SigningKeyCertificate: The public component of the private key that +// signed the KDH TR-34 wrapped key block. In PEM certificate format. +// +// TR-34 is intended primarily to exchange 3DES keys. Your ability to export +// AES-128 and larger AES keys may be dependent on your source system. +// +// # Import working keys +// +// Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange +// standard to import working keys. A KEK must be established within Amazon +// Web Services Payment Cryptography by using TR-34 key import. To initiate +// a TR-31 key import, set the following parameters: +// +// - WrappedKeyBlock: The key under import and encrypted using KEK. The TR-31 +// key block generated by your HSM outside of Amazon Web Services Payment +// Cryptography. +// +// - WrappingKeyIdentifier: The KeyArn of the KEK that Amazon Web Services +// Payment Cryptography uses to decrypt or unwrap the key under import. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - ExportKey +// +// - GetParametersForImport +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation ImportKey for usage and error information. +// +// Returned Error Types: +// +// - ServiceQuotaExceededException +// This request would cause a service quota to be exceeded. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKey +func (c *PaymentCryptography) ImportKey(input *ImportKeyInput) (*ImportKeyOutput, error) { + req, out := c.ImportKeyRequest(input) + return out, req.Send() +} + +// ImportKeyWithContext is the same as ImportKey with the addition of +// the ability to pass a context and additional request options. +// +// See ImportKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) ImportKeyWithContext(ctx aws.Context, input *ImportKeyInput, opts ...request.Option) (*ImportKeyOutput, error) { + req, out := c.ImportKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opListAliases = "ListAliases" + +// ListAliasesRequest generates a "aws/request.Request" representing the +// client's request for the ListAliases operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListAliases for more information on using the ListAliases +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListAliasesRequest method. +// req, resp := client.ListAliasesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListAliases +func (c *PaymentCryptography) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, output *ListAliasesOutput) { + op := &request.Operation{ + Name: opListAliases, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListAliasesInput{} + } + + output = &ListAliasesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListAliases API operation for Payment Cryptography Control Plane. +// +// Lists the aliases for all keys in the caller's Amazon Web Services account +// and Amazon Web Services Region. You can filter the list of aliases. For more +// information, see Using aliases (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-managealias.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// This is a paginated operation, which means that each response might contain +// only a subset of all the aliases. When the response contains only a subset +// of aliases, it includes a NextToken value. Use this value in a subsequent +// ListAliases request to get more aliases. When you receive a response with +// no NextToken (or an empty or null value), that means there are no more aliases +// to get. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - CreateAlias +// +// - DeleteAlias +// +// - GetAlias +// +// - UpdateAlias +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation ListAliases for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListAliases +func (c *PaymentCryptography) ListAliases(input *ListAliasesInput) (*ListAliasesOutput, error) { + req, out := c.ListAliasesRequest(input) + return out, req.Send() +} + +// ListAliasesWithContext is the same as ListAliases with the addition of +// the ability to pass a context and additional request options. +// +// See ListAliases for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) ListAliasesWithContext(ctx aws.Context, input *ListAliasesInput, opts ...request.Option) (*ListAliasesOutput, error) { + req, out := c.ListAliasesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListAliasesPages iterates over the pages of a ListAliases operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListAliases method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListAliases operation. +// pageNum := 0 +// err := client.ListAliasesPages(params, +// func(page *paymentcryptography.ListAliasesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *PaymentCryptography) ListAliasesPages(input *ListAliasesInput, fn func(*ListAliasesOutput, bool) bool) error { + return c.ListAliasesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListAliasesPagesWithContext same as ListAliasesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) ListAliasesPagesWithContext(ctx aws.Context, input *ListAliasesInput, fn func(*ListAliasesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListAliasesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListAliasesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListAliasesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListKeys = "ListKeys" + +// ListKeysRequest generates a "aws/request.Request" representing the +// client's request for the ListKeys operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListKeys for more information on using the ListKeys +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListKeysRequest method. +// req, resp := client.ListKeysRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListKeys +func (c *PaymentCryptography) ListKeysRequest(input *ListKeysInput) (req *request.Request, output *ListKeysOutput) { + op := &request.Operation{ + Name: opListKeys, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListKeysInput{} + } + + output = &ListKeysOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListKeys API operation for Payment Cryptography Control Plane. +// +// Lists the keys in the caller's Amazon Web Services account and Amazon Web +// Services Region. You can filter the list of keys. +// +// This is a paginated operation, which means that each response might contain +// only a subset of all the keys. When the response contains only a subset of +// keys, it includes a NextToken value. Use this value in a subsequent ListKeys +// request to get more keys. When you receive a response with no NextToken (or +// an empty or null value), that means there are no more keys to get. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - CreateKey +// +// - DeleteKey +// +// - GetKey +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation ListKeys for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListKeys +func (c *PaymentCryptography) ListKeys(input *ListKeysInput) (*ListKeysOutput, error) { + req, out := c.ListKeysRequest(input) + return out, req.Send() +} + +// ListKeysWithContext is the same as ListKeys with the addition of +// the ability to pass a context and additional request options. +// +// See ListKeys for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) ListKeysWithContext(ctx aws.Context, input *ListKeysInput, opts ...request.Option) (*ListKeysOutput, error) { + req, out := c.ListKeysRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListKeysPages iterates over the pages of a ListKeys operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListKeys method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListKeys operation. +// pageNum := 0 +// err := client.ListKeysPages(params, +// func(page *paymentcryptography.ListKeysOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *PaymentCryptography) ListKeysPages(input *ListKeysInput, fn func(*ListKeysOutput, bool) bool) error { + return c.ListKeysPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListKeysPagesWithContext same as ListKeysPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) ListKeysPagesWithContext(ctx aws.Context, input *ListKeysInput, fn func(*ListKeysOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListKeysInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListKeysRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListKeysOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListTagsForResource = "ListTagsForResource" + +// ListTagsForResourceRequest generates a "aws/request.Request" representing the +// client's request for the ListTagsForResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListTagsForResource for more information on using the ListTagsForResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListTagsForResourceRequest method. +// req, resp := client.ListTagsForResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListTagsForResource +func (c *PaymentCryptography) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { + op := &request.Operation{ + Name: opListTagsForResource, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListTagsForResourceInput{} + } + + output = &ListTagsForResourceOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListTagsForResource API operation for Payment Cryptography Control Plane. +// +// Lists the tags for an Amazon Web Services resource. +// +// This is a paginated operation, which means that each response might contain +// only a subset of all the tags. When the response contains only a subset of +// tags, it includes a NextToken value. Use this value in a subsequent ListTagsForResource +// request to get more tags. When you receive a response with no NextToken (or +// an empty or null value), that means there are no more tags to get. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - TagResource +// +// - UntagResource +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation ListTagsForResource for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListTagsForResource +func (c *PaymentCryptography) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + return out, req.Send() +} + +// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of +// the ability to pass a context and additional request options. +// +// See ListTagsForResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListTagsForResource method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListTagsForResource operation. +// pageNum := 0 +// err := client.ListTagsForResourcePages(params, +// func(page *paymentcryptography.ListTagsForResourceOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *PaymentCryptography) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error { + return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListTagsForResourceInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListTagsForResourceRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opRestoreKey = "RestoreKey" + +// RestoreKeyRequest generates a "aws/request.Request" representing the +// client's request for the RestoreKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See RestoreKey for more information on using the RestoreKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the RestoreKeyRequest method. +// req, resp := client.RestoreKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/RestoreKey +func (c *PaymentCryptography) RestoreKeyRequest(input *RestoreKeyInput) (req *request.Request, output *RestoreKeyOutput) { + op := &request.Operation{ + Name: opRestoreKey, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &RestoreKeyInput{} + } + + output = &RestoreKeyOutput{} + req = c.newRequest(op, input, output) + return +} + +// RestoreKey API operation for Payment Cryptography Control Plane. +// +// Cancels a scheduled key deletion during the waiting period. Use this operation +// to restore a Key that is scheduled for deletion. +// +// During the waiting period, the KeyState is DELETE_PENDING and deletePendingTimestamp +// contains the date and time after which the Key will be deleted. After Key +// is restored, the KeyState is CREATE_COMPLETE, and the value for deletePendingTimestamp +// is removed. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - DeleteKey +// +// - StartKeyUsage +// +// - StopKeyUsage +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation RestoreKey for usage and error information. +// +// Returned Error Types: +// +// - ServiceQuotaExceededException +// This request would cause a service quota to be exceeded. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/RestoreKey +func (c *PaymentCryptography) RestoreKey(input *RestoreKeyInput) (*RestoreKeyOutput, error) { + req, out := c.RestoreKeyRequest(input) + return out, req.Send() +} + +// RestoreKeyWithContext is the same as RestoreKey with the addition of +// the ability to pass a context and additional request options. +// +// See RestoreKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) RestoreKeyWithContext(ctx aws.Context, input *RestoreKeyInput, opts ...request.Option) (*RestoreKeyOutput, error) { + req, out := c.RestoreKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opStartKeyUsage = "StartKeyUsage" + +// StartKeyUsageRequest generates a "aws/request.Request" representing the +// client's request for the StartKeyUsage operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartKeyUsage for more information on using the StartKeyUsage +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the StartKeyUsageRequest method. +// req, resp := client.StartKeyUsageRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StartKeyUsage +func (c *PaymentCryptography) StartKeyUsageRequest(input *StartKeyUsageInput) (req *request.Request, output *StartKeyUsageOutput) { + op := &request.Operation{ + Name: opStartKeyUsage, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &StartKeyUsageInput{} + } + + output = &StartKeyUsageOutput{} + req = c.newRequest(op, input, output) + return +} + +// StartKeyUsage API operation for Payment Cryptography Control Plane. +// +// Enables an Amazon Web Services Payment Cryptography key, which makes it active +// for cryptographic operations within Amazon Web Services Payment Cryptography +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - StopKeyUsage +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation StartKeyUsage for usage and error information. +// +// Returned Error Types: +// +// - ServiceQuotaExceededException +// This request would cause a service quota to be exceeded. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StartKeyUsage +func (c *PaymentCryptography) StartKeyUsage(input *StartKeyUsageInput) (*StartKeyUsageOutput, error) { + req, out := c.StartKeyUsageRequest(input) + return out, req.Send() +} + +// StartKeyUsageWithContext is the same as StartKeyUsage with the addition of +// the ability to pass a context and additional request options. +// +// See StartKeyUsage for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) StartKeyUsageWithContext(ctx aws.Context, input *StartKeyUsageInput, opts ...request.Option) (*StartKeyUsageOutput, error) { + req, out := c.StartKeyUsageRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opStopKeyUsage = "StopKeyUsage" + +// StopKeyUsageRequest generates a "aws/request.Request" representing the +// client's request for the StopKeyUsage operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StopKeyUsage for more information on using the StopKeyUsage +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the StopKeyUsageRequest method. +// req, resp := client.StopKeyUsageRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StopKeyUsage +func (c *PaymentCryptography) StopKeyUsageRequest(input *StopKeyUsageInput) (req *request.Request, output *StopKeyUsageOutput) { + op := &request.Operation{ + Name: opStopKeyUsage, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &StopKeyUsageInput{} + } + + output = &StopKeyUsageOutput{} + req = c.newRequest(op, input, output) + return +} + +// StopKeyUsage API operation for Payment Cryptography Control Plane. +// +// Disables an Amazon Web Services Payment Cryptography key, which makes it +// inactive within Amazon Web Services Payment Cryptography. +// +// You can use this operation instead of DeleteKey to deactivate a key. You +// can enable the key in the future by calling StartKeyUsage. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - DeleteKey +// +// - StartKeyUsage +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation StopKeyUsage for usage and error information. +// +// Returned Error Types: +// +// - ServiceQuotaExceededException +// This request would cause a service quota to be exceeded. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StopKeyUsage +func (c *PaymentCryptography) StopKeyUsage(input *StopKeyUsageInput) (*StopKeyUsageOutput, error) { + req, out := c.StopKeyUsageRequest(input) + return out, req.Send() +} + +// StopKeyUsageWithContext is the same as StopKeyUsage with the addition of +// the ability to pass a context and additional request options. +// +// See StopKeyUsage for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) StopKeyUsageWithContext(ctx aws.Context, input *StopKeyUsageInput, opts ...request.Option) (*StopKeyUsageOutput, error) { + req, out := c.StopKeyUsageRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opTagResource = "TagResource" + +// TagResourceRequest generates a "aws/request.Request" representing the +// client's request for the TagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See TagResource for more information on using the TagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the TagResourceRequest method. +// req, resp := client.TagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/TagResource +func (c *PaymentCryptography) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { + op := &request.Operation{ + Name: opTagResource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &TagResourceInput{} + } + + output = &TagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// TagResource API operation for Payment Cryptography Control Plane. +// +// Adds or edits tags on an Amazon Web Services Payment Cryptography key. +// +// Tagging or untagging an Amazon Web Services Payment Cryptography key can +// allow or deny permission to the key. +// +// Each tag consists of a tag key and a tag value, both of which are case-sensitive +// strings. The tag value can be an empty (null) string. To add a tag, specify +// a new tag key and a tag value. To edit a tag, specify an existing tag key +// and a new tag value. You can also add tags to an Amazon Web Services Payment +// Cryptography key when you create it with CreateKey. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - ListTagsForResource +// +// - UntagResource +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation TagResource for usage and error information. +// +// Returned Error Types: +// +// - ServiceQuotaExceededException +// This request would cause a service quota to be exceeded. +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/TagResource +func (c *PaymentCryptography) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + return out, req.Send() +} + +// TagResourceWithContext is the same as TagResource with the addition of +// the ability to pass a context and additional request options. +// +// See TagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUntagResource = "UntagResource" + +// UntagResourceRequest generates a "aws/request.Request" representing the +// client's request for the UntagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UntagResource for more information on using the UntagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UntagResourceRequest method. +// req, resp := client.UntagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UntagResource +func (c *PaymentCryptography) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { + op := &request.Operation{ + Name: opUntagResource, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UntagResourceInput{} + } + + output = &UntagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UntagResource API operation for Payment Cryptography Control Plane. +// +// Deletes a tag from an Amazon Web Services Payment Cryptography key. +// +// Tagging or untagging an Amazon Web Services Payment Cryptography key can +// allow or deny permission to the key. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - ListTagsForResource +// +// - TagResource +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation UntagResource for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UntagResource +func (c *PaymentCryptography) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + return out, req.Send() +} + +// UntagResourceWithContext is the same as UntagResource with the addition of +// the ability to pass a context and additional request options. +// +// See UntagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateAlias = "UpdateAlias" + +// UpdateAliasRequest generates a "aws/request.Request" representing the +// client's request for the UpdateAlias operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateAlias for more information on using the UpdateAlias +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UpdateAliasRequest method. +// req, resp := client.UpdateAliasRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UpdateAlias +func (c *PaymentCryptography) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, output *UpdateAliasOutput) { + op := &request.Operation{ + Name: opUpdateAlias, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &UpdateAliasInput{} + } + + output = &UpdateAliasOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateAlias API operation for Payment Cryptography Control Plane. +// +// Associates an existing Amazon Web Services Payment Cryptography alias with +// a different key. Each alias is associated with only one Amazon Web Services +// Payment Cryptography key at a time, although a key can have multiple aliases. +// The alias and the Amazon Web Services Payment Cryptography key must be in +// the same Amazon Web Services account and Amazon Web Services Region +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - CreateAlias +// +// - DeleteAlias +// +// - GetAlias +// +// - ListAliases +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Control Plane's +// API operation UpdateAlias for usage and error information. +// +// Returned Error Types: +// +// - ServiceUnavailableException +// The service cannot complete the request. +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - ConflictException +// This request can cause an inconsistent state for the resource. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UpdateAlias +func (c *PaymentCryptography) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) { + req, out := c.UpdateAliasRequest(input) + return out, req.Send() +} + +// UpdateAliasWithContext is the same as UpdateAlias with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateAlias for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptography) UpdateAliasWithContext(ctx aws.Context, input *UpdateAliasInput, opts ...request.Option) (*UpdateAliasOutput, error) { + req, out := c.UpdateAliasRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// You do not have sufficient access to perform this action. +type AccessDeniedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) GoString() string { + return s.String() +} + +func newErrorAccessDeniedException(v protocol.ResponseMetadata) error { + return &AccessDeniedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *AccessDeniedException) Code() string { + return "AccessDeniedException" +} + +// Message returns the exception's message. +func (s *AccessDeniedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *AccessDeniedException) OrigErr() error { + return nil +} + +func (s *AccessDeniedException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *AccessDeniedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *AccessDeniedException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Contains information about an alias. +type Alias struct { + _ struct{} `type:"structure"` + + // A friendly name that you can use to refer to a key. The value must begin + // with alias/. + // + // Do not include confidential or sensitive information in this field. This + // field may be displayed in plaintext in CloudTrail logs and other output. + // + // AliasName is a required field + AliasName *string `min:"7" type:"string" required:"true"` + + // The KeyARN of the key associated with the alias. + KeyArn *string `min:"70" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Alias) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Alias) GoString() string { + return s.String() +} + +// SetAliasName sets the AliasName field's value. +func (s *Alias) SetAliasName(v string) *Alias { + s.AliasName = &v + return s +} + +// SetKeyArn sets the KeyArn field's value. +func (s *Alias) SetKeyArn(v string) *Alias { + s.KeyArn = &v + return s +} + +// This request can cause an inconsistent state for the resource. +type ConflictException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConflictException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConflictException) GoString() string { + return s.String() +} + +func newErrorConflictException(v protocol.ResponseMetadata) error { + return &ConflictException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ConflictException) Code() string { + return "ConflictException" +} + +// Message returns the exception's message. +func (s *ConflictException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ConflictException) OrigErr() error { + return nil +} + +func (s *ConflictException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ConflictException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ConflictException) RequestID() string { + return s.RespMetadata.RequestID +} + +type CreateAliasInput struct { + _ struct{} `type:"structure"` + + // A friendly name that you can use to refer a key. An alias must begin with + // alias/ followed by a name, for example alias/ExampleAlias. It can contain + // only alphanumeric characters, forward slashes (/), underscores (_), and dashes + // (-). + // + // Don't include confidential or sensitive information in this field. This field + // may be displayed in plaintext in CloudTrail logs and other output. + // + // AliasName is a required field + AliasName *string `min:"7" type:"string" required:"true"` + + // The KeyARN of the key to associate with the alias. + KeyArn *string `min:"70" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAliasInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateAliasInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateAliasInput"} + if s.AliasName == nil { + invalidParams.Add(request.NewErrParamRequired("AliasName")) + } + if s.AliasName != nil && len(*s.AliasName) < 7 { + invalidParams.Add(request.NewErrParamMinLen("AliasName", 7)) + } + if s.KeyArn != nil && len(*s.KeyArn) < 70 { + invalidParams.Add(request.NewErrParamMinLen("KeyArn", 70)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAliasName sets the AliasName field's value. +func (s *CreateAliasInput) SetAliasName(v string) *CreateAliasInput { + s.AliasName = &v + return s +} + +// SetKeyArn sets the KeyArn field's value. +func (s *CreateAliasInput) SetKeyArn(v string) *CreateAliasInput { + s.KeyArn = &v + return s +} + +type CreateAliasOutput struct { + _ struct{} `type:"structure"` + + // The alias for the key. + // + // Alias is a required field + Alias *Alias `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAliasOutput) GoString() string { + return s.String() +} + +// SetAlias sets the Alias field's value. +func (s *CreateAliasOutput) SetAlias(v *Alias) *CreateAliasOutput { + s.Alias = v + return s +} + +type CreateKeyInput struct { + _ struct{} `type:"structure"` + + // Specifies whether to enable the key. If the key is enabled, it is activated + // for use within the service. If the key not enabled, then it is created but + // not activated. The default value is enabled. + Enabled *bool `type:"boolean"` + + // Specifies whether the key is exportable from the service. + // + // Exportable is a required field + Exportable *bool `type:"boolean" required:"true"` + + // The role of the key, the algorithm it supports, and the cryptographic operations + // allowed with the key. This data is immutable after the key is created. + // + // KeyAttributes is a required field + KeyAttributes *KeyAttributes `type:"structure" required:"true"` + + // The algorithm that Amazon Web Services Payment Cryptography uses to calculate + // the key check value (KCV) for DES and AES keys. + // + // For DES key, the KCV is computed by encrypting 8 bytes, each with value '00', + // with the key to be checked and retaining the 3 highest order bytes of the + // encrypted result. For AES key, the KCV is computed by encrypting 8 bytes, + // each with value '01', with the key to be checked and retaining the 3 highest + // order bytes of the encrypted result. + KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"` + + // The tags to attach to the key. Each tag consists of a tag key and a tag value. + // Both the tag key and the tag value are required, but the tag value can be + // an empty (null) string. You can't have more than one tag on an Amazon Web + // Services Payment Cryptography key with the same tag key. + // + // To use this parameter, you must have TagResource permission. + // + // Don't include confidential or sensitive information in this field. This field + // may be displayed in plaintext in CloudTrail logs and other output. + // + // Tagging or untagging an Amazon Web Services Payment Cryptography key can + // allow or deny permission to the key. + Tags []*Tag `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateKeyInput"} + if s.Exportable == nil { + invalidParams.Add(request.NewErrParamRequired("Exportable")) + } + if s.KeyAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("KeyAttributes")) + } + if s.KeyAttributes != nil { + if err := s.KeyAttributes.Validate(); err != nil { + invalidParams.AddNested("KeyAttributes", err.(request.ErrInvalidParams)) + } + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEnabled sets the Enabled field's value. +func (s *CreateKeyInput) SetEnabled(v bool) *CreateKeyInput { + s.Enabled = &v + return s +} + +// SetExportable sets the Exportable field's value. +func (s *CreateKeyInput) SetExportable(v bool) *CreateKeyInput { + s.Exportable = &v + return s +} + +// SetKeyAttributes sets the KeyAttributes field's value. +func (s *CreateKeyInput) SetKeyAttributes(v *KeyAttributes) *CreateKeyInput { + s.KeyAttributes = v + return s +} + +// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value. +func (s *CreateKeyInput) SetKeyCheckValueAlgorithm(v string) *CreateKeyInput { + s.KeyCheckValueAlgorithm = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateKeyInput) SetTags(v []*Tag) *CreateKeyInput { + s.Tags = v + return s +} + +type CreateKeyOutput struct { + _ struct{} `type:"structure"` + + // The key material that contains all the key attributes. + // + // Key is a required field + Key *Key `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateKeyOutput) GoString() string { + return s.String() +} + +// SetKey sets the Key field's value. +func (s *CreateKeyOutput) SetKey(v *Key) *CreateKeyOutput { + s.Key = v + return s +} + +type DeleteAliasInput struct { + _ struct{} `type:"structure"` + + // A friendly name that you can use to refer Amazon Web Services Payment Cryptography + // key. This value must begin with alias/ followed by a name, such as alias/ExampleAlias. + // + // AliasName is a required field + AliasName *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAliasInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteAliasInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteAliasInput"} + if s.AliasName == nil { + invalidParams.Add(request.NewErrParamRequired("AliasName")) + } + if s.AliasName != nil && len(*s.AliasName) < 7 { + invalidParams.Add(request.NewErrParamMinLen("AliasName", 7)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAliasName sets the AliasName field's value. +func (s *DeleteAliasInput) SetAliasName(v string) *DeleteAliasInput { + s.AliasName = &v + return s +} + +type DeleteAliasOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteAliasOutput) GoString() string { + return s.String() +} + +type DeleteKeyInput struct { + _ struct{} `type:"structure"` + + // The waiting period for key deletion. The default value is seven days. + DeleteKeyInDays *int64 `min:"3" type:"integer"` + + // The KeyARN of the key that is scheduled for deletion. + // + // KeyIdentifier is a required field + KeyIdentifier *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteKeyInput"} + if s.DeleteKeyInDays != nil && *s.DeleteKeyInDays < 3 { + invalidParams.Add(request.NewErrParamMinValue("DeleteKeyInDays", 3)) + } + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDeleteKeyInDays sets the DeleteKeyInDays field's value. +func (s *DeleteKeyInput) SetDeleteKeyInDays(v int64) *DeleteKeyInput { + s.DeleteKeyInDays = &v + return s +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *DeleteKeyInput) SetKeyIdentifier(v string) *DeleteKeyInput { + s.KeyIdentifier = &v + return s +} + +type DeleteKeyOutput struct { + _ struct{} `type:"structure"` + + // The KeyARN of the key that is scheduled for deletion. + // + // Key is a required field + Key *Key `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteKeyOutput) GoString() string { + return s.String() +} + +// SetKey sets the Key field's value. +func (s *DeleteKeyOutput) SetKey(v *Key) *DeleteKeyOutput { + s.Key = v + return s +} + +type ExportKeyInput struct { + _ struct{} `type:"structure"` + + // The KeyARN of the key under export from Amazon Web Services Payment Cryptography. + // + // ExportKeyIdentifier is a required field + ExportKeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The key block format type, for example, TR-34 or TR-31, to use during key + // material export. + // + // KeyMaterial is a required field + KeyMaterial *ExportKeyMaterial `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ExportKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ExportKeyInput"} + if s.ExportKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("ExportKeyIdentifier")) + } + if s.ExportKeyIdentifier != nil && len(*s.ExportKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("ExportKeyIdentifier", 7)) + } + if s.KeyMaterial == nil { + invalidParams.Add(request.NewErrParamRequired("KeyMaterial")) + } + if s.KeyMaterial != nil { + if err := s.KeyMaterial.Validate(); err != nil { + invalidParams.AddNested("KeyMaterial", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetExportKeyIdentifier sets the ExportKeyIdentifier field's value. +func (s *ExportKeyInput) SetExportKeyIdentifier(v string) *ExportKeyInput { + s.ExportKeyIdentifier = &v + return s +} + +// SetKeyMaterial sets the KeyMaterial field's value. +func (s *ExportKeyInput) SetKeyMaterial(v *ExportKeyMaterial) *ExportKeyInput { + s.KeyMaterial = v + return s +} + +// Parameter information for key material export from Amazon Web Services Payment +// Cryptography. +type ExportKeyMaterial struct { + _ struct{} `type:"structure"` + + // Parameter information for key material export using TR-31 standard. + Tr31KeyBlock *ExportTr31KeyBlock `type:"structure"` + + // Parameter information for key material export using TR-34 standard. + Tr34KeyBlock *ExportTr34KeyBlock `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportKeyMaterial) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportKeyMaterial) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ExportKeyMaterial) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ExportKeyMaterial"} + if s.Tr31KeyBlock != nil { + if err := s.Tr31KeyBlock.Validate(); err != nil { + invalidParams.AddNested("Tr31KeyBlock", err.(request.ErrInvalidParams)) + } + } + if s.Tr34KeyBlock != nil { + if err := s.Tr34KeyBlock.Validate(); err != nil { + invalidParams.AddNested("Tr34KeyBlock", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetTr31KeyBlock sets the Tr31KeyBlock field's value. +func (s *ExportKeyMaterial) SetTr31KeyBlock(v *ExportTr31KeyBlock) *ExportKeyMaterial { + s.Tr31KeyBlock = v + return s +} + +// SetTr34KeyBlock sets the Tr34KeyBlock field's value. +func (s *ExportKeyMaterial) SetTr34KeyBlock(v *ExportTr34KeyBlock) *ExportKeyMaterial { + s.Tr34KeyBlock = v + return s +} + +type ExportKeyOutput struct { + _ struct{} `type:"structure"` + + // The key material under export as a TR-34 or TR-31 wrapped key block. + WrappedKey *WrappedKey `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportKeyOutput) GoString() string { + return s.String() +} + +// SetWrappedKey sets the WrappedKey field's value. +func (s *ExportKeyOutput) SetWrappedKey(v *WrappedKey) *ExportKeyOutput { + s.WrappedKey = v + return s +} + +// Parameter information for key material export using TR-31 standard. +type ExportTr31KeyBlock struct { + _ struct{} `type:"structure"` + + // The KeyARN of the the wrapping key. This key encrypts or wraps the key under + // export for TR-31 key block generation. + // + // WrappingKeyIdentifier is a required field + WrappingKeyIdentifier *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportTr31KeyBlock) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportTr31KeyBlock) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ExportTr31KeyBlock) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ExportTr31KeyBlock"} + if s.WrappingKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("WrappingKeyIdentifier")) + } + if s.WrappingKeyIdentifier != nil && len(*s.WrappingKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("WrappingKeyIdentifier", 7)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetWrappingKeyIdentifier sets the WrappingKeyIdentifier field's value. +func (s *ExportTr31KeyBlock) SetWrappingKeyIdentifier(v string) *ExportTr31KeyBlock { + s.WrappingKeyIdentifier = &v + return s +} + +// Parameter information for key material export using TR-34 standard. +type ExportTr34KeyBlock struct { + _ struct{} `type:"structure"` + + // The KeyARN of the certificate chain that signs the wrapping key certificate + // during TR-34 key export. + // + // CertificateAuthorityPublicKeyIdentifier is a required field + CertificateAuthorityPublicKeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The export token to initiate key export from Amazon Web Services Payment + // Cryptography. It also contains the signing key certificate that will sign + // the wrapped key during TR-34 key block generation. Call GetParametersForExport + // to receive an export token. It expires after 7 days. You can use the same + // export token to export multiple keys from the same service account. + // + // ExportToken is a required field + ExportToken *string `type:"string" required:"true"` + + // The format of key block that Amazon Web Services Payment Cryptography will + // use during key export. + // + // KeyBlockFormat is a required field + KeyBlockFormat *string `type:"string" required:"true" enum:"Tr34KeyBlockFormat"` + + // A random number value that is unique to the TR-34 key block generated using + // 2 pass. The operation will fail, if a random nonce value is not provided + // for a TR-34 key block generated using 2 pass. + RandomNonce *string `min:"16" type:"string"` + + // The KeyARN of the wrapping key certificate. Amazon Web Services Payment Cryptography + // uses this certificate to wrap the key under export. + // + // WrappingKeyCertificate is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ExportTr34KeyBlock's + // String and GoString methods. + // + // WrappingKeyCertificate is a required field + WrappingKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportTr34KeyBlock) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ExportTr34KeyBlock) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ExportTr34KeyBlock) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ExportTr34KeyBlock"} + if s.CertificateAuthorityPublicKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityPublicKeyIdentifier")) + } + if s.CertificateAuthorityPublicKeyIdentifier != nil && len(*s.CertificateAuthorityPublicKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityPublicKeyIdentifier", 7)) + } + if s.ExportToken == nil { + invalidParams.Add(request.NewErrParamRequired("ExportToken")) + } + if s.KeyBlockFormat == nil { + invalidParams.Add(request.NewErrParamRequired("KeyBlockFormat")) + } + if s.RandomNonce != nil && len(*s.RandomNonce) < 16 { + invalidParams.Add(request.NewErrParamMinLen("RandomNonce", 16)) + } + if s.WrappingKeyCertificate == nil { + invalidParams.Add(request.NewErrParamRequired("WrappingKeyCertificate")) + } + if s.WrappingKeyCertificate != nil && len(*s.WrappingKeyCertificate) < 1 { + invalidParams.Add(request.NewErrParamMinLen("WrappingKeyCertificate", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCertificateAuthorityPublicKeyIdentifier sets the CertificateAuthorityPublicKeyIdentifier field's value. +func (s *ExportTr34KeyBlock) SetCertificateAuthorityPublicKeyIdentifier(v string) *ExportTr34KeyBlock { + s.CertificateAuthorityPublicKeyIdentifier = &v + return s +} + +// SetExportToken sets the ExportToken field's value. +func (s *ExportTr34KeyBlock) SetExportToken(v string) *ExportTr34KeyBlock { + s.ExportToken = &v + return s +} + +// SetKeyBlockFormat sets the KeyBlockFormat field's value. +func (s *ExportTr34KeyBlock) SetKeyBlockFormat(v string) *ExportTr34KeyBlock { + s.KeyBlockFormat = &v + return s +} + +// SetRandomNonce sets the RandomNonce field's value. +func (s *ExportTr34KeyBlock) SetRandomNonce(v string) *ExportTr34KeyBlock { + s.RandomNonce = &v + return s +} + +// SetWrappingKeyCertificate sets the WrappingKeyCertificate field's value. +func (s *ExportTr34KeyBlock) SetWrappingKeyCertificate(v string) *ExportTr34KeyBlock { + s.WrappingKeyCertificate = &v + return s +} + +type GetAliasInput struct { + _ struct{} `type:"structure"` + + // The alias of the Amazon Web Services Payment Cryptography key. + // + // AliasName is a required field + AliasName *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAliasInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetAliasInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetAliasInput"} + if s.AliasName == nil { + invalidParams.Add(request.NewErrParamRequired("AliasName")) + } + if s.AliasName != nil && len(*s.AliasName) < 7 { + invalidParams.Add(request.NewErrParamMinLen("AliasName", 7)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAliasName sets the AliasName field's value. +func (s *GetAliasInput) SetAliasName(v string) *GetAliasInput { + s.AliasName = &v + return s +} + +type GetAliasOutput struct { + _ struct{} `type:"structure"` + + // The alias of the Amazon Web Services Payment Cryptography key. + // + // Alias is a required field + Alias *Alias `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetAliasOutput) GoString() string { + return s.String() +} + +// SetAlias sets the Alias field's value. +func (s *GetAliasOutput) SetAlias(v *Alias) *GetAliasOutput { + s.Alias = v + return s +} + +type GetKeyInput struct { + _ struct{} `type:"structure"` + + // The KeyARN of the Amazon Web Services Payment Cryptography key. + // + // KeyIdentifier is a required field + KeyIdentifier *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetKeyInput"} + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *GetKeyInput) SetKeyIdentifier(v string) *GetKeyInput { + s.KeyIdentifier = &v + return s +} + +type GetKeyOutput struct { + _ struct{} `type:"structure"` + + // The key material, including the immutable and mutable data for the key. + // + // Key is a required field + Key *Key `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetKeyOutput) GoString() string { + return s.String() +} + +// SetKey sets the Key field's value. +func (s *GetKeyOutput) SetKey(v *Key) *GetKeyOutput { + s.Key = v + return s +} + +type GetParametersForExportInput struct { + _ struct{} `type:"structure"` + + // The key block format type (for example, TR-34 or TR-31) to use during key + // material export. Export token is only required for a TR-34 key export, TR34_KEY_BLOCK. + // Export token is not required for TR-31 key export. + // + // KeyMaterialType is a required field + KeyMaterialType *string `type:"string" required:"true" enum:"KeyMaterialType"` + + // The signing key algorithm to generate a signing key certificate. This certificate + // signs the wrapped key under export within the TR-34 key block cryptogram. + // RSA_2048 is the only signing key algorithm allowed. + // + // SigningKeyAlgorithm is a required field + SigningKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetParametersForExportInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetParametersForExportInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetParametersForExportInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetParametersForExportInput"} + if s.KeyMaterialType == nil { + invalidParams.Add(request.NewErrParamRequired("KeyMaterialType")) + } + if s.SigningKeyAlgorithm == nil { + invalidParams.Add(request.NewErrParamRequired("SigningKeyAlgorithm")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyMaterialType sets the KeyMaterialType field's value. +func (s *GetParametersForExportInput) SetKeyMaterialType(v string) *GetParametersForExportInput { + s.KeyMaterialType = &v + return s +} + +// SetSigningKeyAlgorithm sets the SigningKeyAlgorithm field's value. +func (s *GetParametersForExportInput) SetSigningKeyAlgorithm(v string) *GetParametersForExportInput { + s.SigningKeyAlgorithm = &v + return s +} + +type GetParametersForExportOutput struct { + _ struct{} `type:"structure"` + + // The export token to initiate key export from Amazon Web Services Payment + // Cryptography. The export token expires after 7 days. You can use the same + // export token to export multiple keys from the same service account. + // + // ExportToken is a required field + ExportToken *string `type:"string" required:"true"` + + // The validity period of the export token. + // + // ParametersValidUntilTimestamp is a required field + ParametersValidUntilTimestamp *time.Time `type:"timestamp" required:"true"` + + // The algorithm of the signing key certificate for use in TR-34 key block generation. + // RSA_2048 is the only signing key algorithm allowed. + // + // SigningKeyAlgorithm is a required field + SigningKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` + + // The signing key certificate of the public key for signature within the TR-34 + // key block cryptogram. The certificate expires after 7 days. + // + // SigningKeyCertificate is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetParametersForExportOutput's + // String and GoString methods. + // + // SigningKeyCertificate is a required field + SigningKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"` + + // The certificate chain that signed the signing key certificate. This is the + // root certificate authority (CA) within your service account. + // + // SigningKeyCertificateChain is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetParametersForExportOutput's + // String and GoString methods. + // + // SigningKeyCertificateChain is a required field + SigningKeyCertificateChain *string `min:"1" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetParametersForExportOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetParametersForExportOutput) GoString() string { + return s.String() +} + +// SetExportToken sets the ExportToken field's value. +func (s *GetParametersForExportOutput) SetExportToken(v string) *GetParametersForExportOutput { + s.ExportToken = &v + return s +} + +// SetParametersValidUntilTimestamp sets the ParametersValidUntilTimestamp field's value. +func (s *GetParametersForExportOutput) SetParametersValidUntilTimestamp(v time.Time) *GetParametersForExportOutput { + s.ParametersValidUntilTimestamp = &v + return s +} + +// SetSigningKeyAlgorithm sets the SigningKeyAlgorithm field's value. +func (s *GetParametersForExportOutput) SetSigningKeyAlgorithm(v string) *GetParametersForExportOutput { + s.SigningKeyAlgorithm = &v + return s +} + +// SetSigningKeyCertificate sets the SigningKeyCertificate field's value. +func (s *GetParametersForExportOutput) SetSigningKeyCertificate(v string) *GetParametersForExportOutput { + s.SigningKeyCertificate = &v + return s +} + +// SetSigningKeyCertificateChain sets the SigningKeyCertificateChain field's value. +func (s *GetParametersForExportOutput) SetSigningKeyCertificateChain(v string) *GetParametersForExportOutput { + s.SigningKeyCertificateChain = &v + return s +} + +type GetParametersForImportInput struct { + _ struct{} `type:"structure"` + + // The key block format type such as TR-34 or TR-31 to use during key material + // import. Import token is only required for TR-34 key import TR34_KEY_BLOCK. + // Import token is not required for TR-31 key import. + // + // KeyMaterialType is a required field + KeyMaterialType *string `type:"string" required:"true" enum:"KeyMaterialType"` + + // The wrapping key algorithm to generate a wrapping key certificate. This certificate + // wraps the key under import within the TR-34 key block cryptogram. RSA_2048 + // is the only wrapping key algorithm allowed. + // + // WrappingKeyAlgorithm is a required field + WrappingKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetParametersForImportInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetParametersForImportInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetParametersForImportInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetParametersForImportInput"} + if s.KeyMaterialType == nil { + invalidParams.Add(request.NewErrParamRequired("KeyMaterialType")) + } + if s.WrappingKeyAlgorithm == nil { + invalidParams.Add(request.NewErrParamRequired("WrappingKeyAlgorithm")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyMaterialType sets the KeyMaterialType field's value. +func (s *GetParametersForImportInput) SetKeyMaterialType(v string) *GetParametersForImportInput { + s.KeyMaterialType = &v + return s +} + +// SetWrappingKeyAlgorithm sets the WrappingKeyAlgorithm field's value. +func (s *GetParametersForImportInput) SetWrappingKeyAlgorithm(v string) *GetParametersForImportInput { + s.WrappingKeyAlgorithm = &v + return s +} + +type GetParametersForImportOutput struct { + _ struct{} `type:"structure"` + + // The import token to initiate key import into Amazon Web Services Payment + // Cryptography. The import token expires after 7 days. You can use the same + // import token to import multiple keys to the same service account. + // + // ImportToken is a required field + ImportToken *string `type:"string" required:"true"` + + // The validity period of the import token. + // + // ParametersValidUntilTimestamp is a required field + ParametersValidUntilTimestamp *time.Time `type:"timestamp" required:"true"` + + // The algorithm of the wrapping key for use within TR-34 key block. RSA_2048 + // is the only wrapping key algorithm allowed. + // + // WrappingKeyAlgorithm is a required field + WrappingKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` + + // The wrapping key certificate of the wrapping key for use within the TR-34 + // key block. The certificate expires in 7 days. + // + // WrappingKeyCertificate is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetParametersForImportOutput's + // String and GoString methods. + // + // WrappingKeyCertificate is a required field + WrappingKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"` + + // The Amazon Web Services Payment Cryptography certificate chain that signed + // the wrapping key certificate. This is the root certificate authority (CA) + // within your service account. + // + // WrappingKeyCertificateChain is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetParametersForImportOutput's + // String and GoString methods. + // + // WrappingKeyCertificateChain is a required field + WrappingKeyCertificateChain *string `min:"1" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetParametersForImportOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetParametersForImportOutput) GoString() string { + return s.String() +} + +// SetImportToken sets the ImportToken field's value. +func (s *GetParametersForImportOutput) SetImportToken(v string) *GetParametersForImportOutput { + s.ImportToken = &v + return s +} + +// SetParametersValidUntilTimestamp sets the ParametersValidUntilTimestamp field's value. +func (s *GetParametersForImportOutput) SetParametersValidUntilTimestamp(v time.Time) *GetParametersForImportOutput { + s.ParametersValidUntilTimestamp = &v + return s +} + +// SetWrappingKeyAlgorithm sets the WrappingKeyAlgorithm field's value. +func (s *GetParametersForImportOutput) SetWrappingKeyAlgorithm(v string) *GetParametersForImportOutput { + s.WrappingKeyAlgorithm = &v + return s +} + +// SetWrappingKeyCertificate sets the WrappingKeyCertificate field's value. +func (s *GetParametersForImportOutput) SetWrappingKeyCertificate(v string) *GetParametersForImportOutput { + s.WrappingKeyCertificate = &v + return s +} + +// SetWrappingKeyCertificateChain sets the WrappingKeyCertificateChain field's value. +func (s *GetParametersForImportOutput) SetWrappingKeyCertificateChain(v string) *GetParametersForImportOutput { + s.WrappingKeyCertificateChain = &v + return s +} + +type GetPublicKeyCertificateInput struct { + _ struct{} `type:"structure"` + + // The KeyARN of the asymmetric key pair. + // + // KeyIdentifier is a required field + KeyIdentifier *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetPublicKeyCertificateInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetPublicKeyCertificateInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetPublicKeyCertificateInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetPublicKeyCertificateInput"} + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *GetPublicKeyCertificateInput) SetKeyIdentifier(v string) *GetPublicKeyCertificateInput { + s.KeyIdentifier = &v + return s +} + +type GetPublicKeyCertificateOutput struct { + _ struct{} `type:"structure"` + + // The public key component of the asymmetric key pair in a certificate (PEM) + // format. It is signed by the root certificate authority (CA) within your service + // account. The certificate expires in 90 days. + // + // KeyCertificate is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetPublicKeyCertificateOutput's + // String and GoString methods. + // + // KeyCertificate is a required field + KeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"` + + // The certificate chain that signed the public key certificate of the asymmetric + // key pair. This is the root certificate authority (CA) within your service + // account. + // + // KeyCertificateChain is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetPublicKeyCertificateOutput's + // String and GoString methods. + // + // KeyCertificateChain is a required field + KeyCertificateChain *string `min:"1" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetPublicKeyCertificateOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetPublicKeyCertificateOutput) GoString() string { + return s.String() +} + +// SetKeyCertificate sets the KeyCertificate field's value. +func (s *GetPublicKeyCertificateOutput) SetKeyCertificate(v string) *GetPublicKeyCertificateOutput { + s.KeyCertificate = &v + return s +} + +// SetKeyCertificateChain sets the KeyCertificateChain field's value. +func (s *GetPublicKeyCertificateOutput) SetKeyCertificateChain(v string) *GetPublicKeyCertificateOutput { + s.KeyCertificateChain = &v + return s +} + +type ImportKeyInput struct { + _ struct{} `type:"structure"` + + // Specifies whether import key is enabled. + Enabled *bool `type:"boolean"` + + // The algorithm that Amazon Web Services Payment Cryptography uses to calculate + // the key check value (KCV) for DES and AES keys. + // + // For DES key, the KCV is computed by encrypting 8 bytes, each with value '00', + // with the key to be checked and retaining the 3 highest order bytes of the + // encrypted result. For AES key, the KCV is computed by encrypting 8 bytes, + // each with value '01', with the key to be checked and retaining the 3 highest + // order bytes of the encrypted result. + KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"` + + // The key or public key certificate type to use during key material import, + // for example TR-34 or RootCertificatePublicKey. + // + // KeyMaterial is a required field + KeyMaterial *ImportKeyMaterial `type:"structure" required:"true"` + + // The tags to attach to the key. Each tag consists of a tag key and a tag value. + // Both the tag key and the tag value are required, but the tag value can be + // an empty (null) string. You can't have more than one tag on an Amazon Web + // Services Payment Cryptography key with the same tag key. + // + // You can't have more than one tag on an Amazon Web Services Payment Cryptography + // key with the same tag key. If you specify an existing tag key with a different + // tag value, Amazon Web Services Payment Cryptography replaces the current + // tag value with the specified one. + // + // To use this parameter, you must have TagResource permission. + // + // Don't include confidential or sensitive information in this field. This field + // may be displayed in plaintext in CloudTrail logs and other output. + // + // Tagging or untagging an Amazon Web Services Payment Cryptography key can + // allow or deny permission to the key. + Tags []*Tag `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ImportKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ImportKeyInput"} + if s.KeyMaterial == nil { + invalidParams.Add(request.NewErrParamRequired("KeyMaterial")) + } + if s.KeyMaterial != nil { + if err := s.KeyMaterial.Validate(); err != nil { + invalidParams.AddNested("KeyMaterial", err.(request.ErrInvalidParams)) + } + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEnabled sets the Enabled field's value. +func (s *ImportKeyInput) SetEnabled(v bool) *ImportKeyInput { + s.Enabled = &v + return s +} + +// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value. +func (s *ImportKeyInput) SetKeyCheckValueAlgorithm(v string) *ImportKeyInput { + s.KeyCheckValueAlgorithm = &v + return s +} + +// SetKeyMaterial sets the KeyMaterial field's value. +func (s *ImportKeyInput) SetKeyMaterial(v *ImportKeyMaterial) *ImportKeyInput { + s.KeyMaterial = v + return s +} + +// SetTags sets the Tags field's value. +func (s *ImportKeyInput) SetTags(v []*Tag) *ImportKeyInput { + s.Tags = v + return s +} + +// Parameter information for key material import. +type ImportKeyMaterial struct { + _ struct{} `type:"structure"` + + // Parameter information for root public key certificate import. + RootCertificatePublicKey *RootCertificatePublicKey `type:"structure"` + + // Parameter information for key material import using TR-31 standard. + Tr31KeyBlock *ImportTr31KeyBlock `type:"structure"` + + // Parameter information for key material import using TR-34 standard. + Tr34KeyBlock *ImportTr34KeyBlock `type:"structure"` + + // Parameter information for trusted public key certificate import. + TrustedCertificatePublicKey *TrustedCertificatePublicKey `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportKeyMaterial) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportKeyMaterial) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ImportKeyMaterial) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ImportKeyMaterial"} + if s.RootCertificatePublicKey != nil { + if err := s.RootCertificatePublicKey.Validate(); err != nil { + invalidParams.AddNested("RootCertificatePublicKey", err.(request.ErrInvalidParams)) + } + } + if s.Tr31KeyBlock != nil { + if err := s.Tr31KeyBlock.Validate(); err != nil { + invalidParams.AddNested("Tr31KeyBlock", err.(request.ErrInvalidParams)) + } + } + if s.Tr34KeyBlock != nil { + if err := s.Tr34KeyBlock.Validate(); err != nil { + invalidParams.AddNested("Tr34KeyBlock", err.(request.ErrInvalidParams)) + } + } + if s.TrustedCertificatePublicKey != nil { + if err := s.TrustedCertificatePublicKey.Validate(); err != nil { + invalidParams.AddNested("TrustedCertificatePublicKey", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetRootCertificatePublicKey sets the RootCertificatePublicKey field's value. +func (s *ImportKeyMaterial) SetRootCertificatePublicKey(v *RootCertificatePublicKey) *ImportKeyMaterial { + s.RootCertificatePublicKey = v + return s +} + +// SetTr31KeyBlock sets the Tr31KeyBlock field's value. +func (s *ImportKeyMaterial) SetTr31KeyBlock(v *ImportTr31KeyBlock) *ImportKeyMaterial { + s.Tr31KeyBlock = v + return s +} + +// SetTr34KeyBlock sets the Tr34KeyBlock field's value. +func (s *ImportKeyMaterial) SetTr34KeyBlock(v *ImportTr34KeyBlock) *ImportKeyMaterial { + s.Tr34KeyBlock = v + return s +} + +// SetTrustedCertificatePublicKey sets the TrustedCertificatePublicKey field's value. +func (s *ImportKeyMaterial) SetTrustedCertificatePublicKey(v *TrustedCertificatePublicKey) *ImportKeyMaterial { + s.TrustedCertificatePublicKey = v + return s +} + +type ImportKeyOutput struct { + _ struct{} `type:"structure"` + + // The KeyARN of the key material imported within Amazon Web Services Payment + // Cryptography. + // + // Key is a required field + Key *Key `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportKeyOutput) GoString() string { + return s.String() +} + +// SetKey sets the Key field's value. +func (s *ImportKeyOutput) SetKey(v *Key) *ImportKeyOutput { + s.Key = v + return s +} + +// Parameter information for key material import using TR-31 standard. +type ImportTr31KeyBlock struct { + _ struct{} `type:"structure"` + + // The TR-34 wrapped key block to import. + // + // WrappedKeyBlock is a required field + WrappedKeyBlock *string `min:"56" type:"string" required:"true"` + + // The KeyARN of the key that will decrypt or unwrap a TR-31 key block during + // import. + // + // WrappingKeyIdentifier is a required field + WrappingKeyIdentifier *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportTr31KeyBlock) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportTr31KeyBlock) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ImportTr31KeyBlock) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ImportTr31KeyBlock"} + if s.WrappedKeyBlock == nil { + invalidParams.Add(request.NewErrParamRequired("WrappedKeyBlock")) + } + if s.WrappedKeyBlock != nil && len(*s.WrappedKeyBlock) < 56 { + invalidParams.Add(request.NewErrParamMinLen("WrappedKeyBlock", 56)) + } + if s.WrappingKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("WrappingKeyIdentifier")) + } + if s.WrappingKeyIdentifier != nil && len(*s.WrappingKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("WrappingKeyIdentifier", 7)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetWrappedKeyBlock sets the WrappedKeyBlock field's value. +func (s *ImportTr31KeyBlock) SetWrappedKeyBlock(v string) *ImportTr31KeyBlock { + s.WrappedKeyBlock = &v + return s +} + +// SetWrappingKeyIdentifier sets the WrappingKeyIdentifier field's value. +func (s *ImportTr31KeyBlock) SetWrappingKeyIdentifier(v string) *ImportTr31KeyBlock { + s.WrappingKeyIdentifier = &v + return s +} + +// Parameter information for key material import using TR-34 standard. +type ImportTr34KeyBlock struct { + _ struct{} `type:"structure"` + + // The KeyARN of the certificate chain that signs the signing key certificate + // during TR-34 key import. + // + // CertificateAuthorityPublicKeyIdentifier is a required field + CertificateAuthorityPublicKeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The import token that initiates key import into Amazon Web Services Payment + // Cryptography. It expires after 7 days. You can use the same import token + // to import multiple keys to the same service account. + // + // ImportToken is a required field + ImportToken *string `type:"string" required:"true"` + + // The key block format to use during key import. The only value allowed is + // X9_TR34_2012. + // + // KeyBlockFormat is a required field + KeyBlockFormat *string `type:"string" required:"true" enum:"Tr34KeyBlockFormat"` + + // A random number value that is unique to the TR-34 key block generated using + // 2 pass. The operation will fail, if a random nonce value is not provided + // for a TR-34 key block generated using 2 pass. + RandomNonce *string `min:"16" type:"string"` + + // The public key component in PEM certificate format of the private key that + // signs the KDH TR-34 wrapped key block. + // + // SigningKeyCertificate is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ImportTr34KeyBlock's + // String and GoString methods. + // + // SigningKeyCertificate is a required field + SigningKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"` + + // The TR-34 wrapped key block to import. + // + // WrappedKeyBlock is a required field + WrappedKeyBlock *string `min:"2" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportTr34KeyBlock) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportTr34KeyBlock) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ImportTr34KeyBlock) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ImportTr34KeyBlock"} + if s.CertificateAuthorityPublicKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityPublicKeyIdentifier")) + } + if s.CertificateAuthorityPublicKeyIdentifier != nil && len(*s.CertificateAuthorityPublicKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityPublicKeyIdentifier", 7)) + } + if s.ImportToken == nil { + invalidParams.Add(request.NewErrParamRequired("ImportToken")) + } + if s.KeyBlockFormat == nil { + invalidParams.Add(request.NewErrParamRequired("KeyBlockFormat")) + } + if s.RandomNonce != nil && len(*s.RandomNonce) < 16 { + invalidParams.Add(request.NewErrParamMinLen("RandomNonce", 16)) + } + if s.SigningKeyCertificate == nil { + invalidParams.Add(request.NewErrParamRequired("SigningKeyCertificate")) + } + if s.SigningKeyCertificate != nil && len(*s.SigningKeyCertificate) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SigningKeyCertificate", 1)) + } + if s.WrappedKeyBlock == nil { + invalidParams.Add(request.NewErrParamRequired("WrappedKeyBlock")) + } + if s.WrappedKeyBlock != nil && len(*s.WrappedKeyBlock) < 2 { + invalidParams.Add(request.NewErrParamMinLen("WrappedKeyBlock", 2)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCertificateAuthorityPublicKeyIdentifier sets the CertificateAuthorityPublicKeyIdentifier field's value. +func (s *ImportTr34KeyBlock) SetCertificateAuthorityPublicKeyIdentifier(v string) *ImportTr34KeyBlock { + s.CertificateAuthorityPublicKeyIdentifier = &v + return s +} + +// SetImportToken sets the ImportToken field's value. +func (s *ImportTr34KeyBlock) SetImportToken(v string) *ImportTr34KeyBlock { + s.ImportToken = &v + return s +} + +// SetKeyBlockFormat sets the KeyBlockFormat field's value. +func (s *ImportTr34KeyBlock) SetKeyBlockFormat(v string) *ImportTr34KeyBlock { + s.KeyBlockFormat = &v + return s +} + +// SetRandomNonce sets the RandomNonce field's value. +func (s *ImportTr34KeyBlock) SetRandomNonce(v string) *ImportTr34KeyBlock { + s.RandomNonce = &v + return s +} + +// SetSigningKeyCertificate sets the SigningKeyCertificate field's value. +func (s *ImportTr34KeyBlock) SetSigningKeyCertificate(v string) *ImportTr34KeyBlock { + s.SigningKeyCertificate = &v + return s +} + +// SetWrappedKeyBlock sets the WrappedKeyBlock field's value. +func (s *ImportTr34KeyBlock) SetWrappedKeyBlock(v string) *ImportTr34KeyBlock { + s.WrappedKeyBlock = &v + return s +} + +// The request processing has failed because of an unknown error, exception, +// or failure. +type InternalServerException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServerException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServerException) GoString() string { + return s.String() +} + +func newErrorInternalServerException(v protocol.ResponseMetadata) error { + return &InternalServerException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InternalServerException) Code() string { + return "InternalServerException" +} + +// Message returns the exception's message. +func (s *InternalServerException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InternalServerException) OrigErr() error { + return nil +} + +func (s *InternalServerException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InternalServerException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InternalServerException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Metadata about an Amazon Web Services Payment Cryptography key. +type Key struct { + _ struct{} `type:"structure"` + + // The date and time when the key was created. + // + // CreateTimestamp is a required field + CreateTimestamp *time.Time `type:"timestamp" required:"true"` + + // The date and time after which Amazon Web Services Payment Cryptography will + // delete the key. This value is present only when KeyState is DELETE_PENDING + // and the key is scheduled for deletion. + DeletePendingTimestamp *time.Time `type:"timestamp"` + + // The date and time after which Amazon Web Services Payment Cryptography will + // delete the key. This value is present only when when the KeyState is DELETE_COMPLETE + // and the Amazon Web Services Payment Cryptography key is deleted. + DeleteTimestamp *time.Time `type:"timestamp"` + + // Specifies whether the key is enabled. + // + // Enabled is a required field + Enabled *bool `type:"boolean" required:"true"` + + // Specifies whether the key is exportable. This data is immutable after the + // key is created. + // + // Exportable is a required field + Exportable *bool `type:"boolean" required:"true"` + + // The Amazon Resource Name (ARN) of the key. + // + // KeyArn is a required field + KeyArn *string `min:"70" type:"string" required:"true"` + + // The role of the key, the algorithm it supports, and the cryptographic operations + // allowed with the key. This data is immutable after the key is created. + // + // KeyAttributes is a required field + KeyAttributes *KeyAttributes `type:"structure" required:"true"` + + // The key check value (KCV) is used to check if all parties holding a given + // key have the same key or to detect that a key has changed. Amazon Web Services + // Payment Cryptography calculates the KCV by using standard algorithms, typically + // by encrypting 8 or 16 bytes or "00" or "01" and then truncating the result + // to the first 3 bytes, or 6 hex digits, of the resulting cryptogram. + // + // KeyCheckValue is a required field + KeyCheckValue *string `min:"4" type:"string" required:"true"` + + // The algorithm used for calculating key check value (KCV) for DES and AES + // keys. For a DES key, Amazon Web Services Payment Cryptography computes the + // KCV by encrypting 8 bytes, each with value '00', with the key to be checked + // and retaining the 3 highest order bytes of the encrypted result. For an AES + // key, Amazon Web Services Payment Cryptography computes the KCV by encrypting + // 8 bytes, each with value '01', with the key to be checked and retaining the + // 3 highest order bytes of the encrypted result. + // + // KeyCheckValueAlgorithm is a required field + KeyCheckValueAlgorithm *string `type:"string" required:"true" enum:"KeyCheckValueAlgorithm"` + + // The source of the key material. For keys created within Amazon Web Services + // Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY. For keys imported + // into Amazon Web Services Payment Cryptography, the value is EXTERNAL. + // + // KeyOrigin is a required field + KeyOrigin *string `type:"string" required:"true" enum:"KeyOrigin"` + + // The state of key that is being created or deleted. + // + // KeyState is a required field + KeyState *string `type:"string" required:"true" enum:"KeyState"` + + // The date and time after which Amazon Web Services Payment Cryptography will + // start using the key material for cryptographic operations. + UsageStartTimestamp *time.Time `type:"timestamp"` + + // The date and time after which Amazon Web Services Payment Cryptography will + // stop using the key material for cryptographic operations. + UsageStopTimestamp *time.Time `type:"timestamp"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Key) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Key) GoString() string { + return s.String() +} + +// SetCreateTimestamp sets the CreateTimestamp field's value. +func (s *Key) SetCreateTimestamp(v time.Time) *Key { + s.CreateTimestamp = &v + return s +} + +// SetDeletePendingTimestamp sets the DeletePendingTimestamp field's value. +func (s *Key) SetDeletePendingTimestamp(v time.Time) *Key { + s.DeletePendingTimestamp = &v + return s +} + +// SetDeleteTimestamp sets the DeleteTimestamp field's value. +func (s *Key) SetDeleteTimestamp(v time.Time) *Key { + s.DeleteTimestamp = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *Key) SetEnabled(v bool) *Key { + s.Enabled = &v + return s +} + +// SetExportable sets the Exportable field's value. +func (s *Key) SetExportable(v bool) *Key { + s.Exportable = &v + return s +} + +// SetKeyArn sets the KeyArn field's value. +func (s *Key) SetKeyArn(v string) *Key { + s.KeyArn = &v + return s +} + +// SetKeyAttributes sets the KeyAttributes field's value. +func (s *Key) SetKeyAttributes(v *KeyAttributes) *Key { + s.KeyAttributes = v + return s +} + +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *Key) SetKeyCheckValue(v string) *Key { + s.KeyCheckValue = &v + return s +} + +// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value. +func (s *Key) SetKeyCheckValueAlgorithm(v string) *Key { + s.KeyCheckValueAlgorithm = &v + return s +} + +// SetKeyOrigin sets the KeyOrigin field's value. +func (s *Key) SetKeyOrigin(v string) *Key { + s.KeyOrigin = &v + return s +} + +// SetKeyState sets the KeyState field's value. +func (s *Key) SetKeyState(v string) *Key { + s.KeyState = &v + return s +} + +// SetUsageStartTimestamp sets the UsageStartTimestamp field's value. +func (s *Key) SetUsageStartTimestamp(v time.Time) *Key { + s.UsageStartTimestamp = &v + return s +} + +// SetUsageStopTimestamp sets the UsageStopTimestamp field's value. +func (s *Key) SetUsageStopTimestamp(v time.Time) *Key { + s.UsageStopTimestamp = &v + return s +} + +// The role of the key, the algorithm it supports, and the cryptographic operations +// allowed with the key. This data is immutable after the key is created. +type KeyAttributes struct { + _ struct{} `type:"structure"` + + // The key algorithm to be use during creation of an Amazon Web Services Payment + // Cryptography key. + // + // For symmetric keys, Amazon Web Services Payment Cryptography supports AES + // and TDES algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography + // supports RSA and ECC_NIST algorithms. + // + // KeyAlgorithm is a required field + KeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"` + + // The type of Amazon Web Services Payment Cryptography key to create, which + // determines the classification of the cryptographic method and whether Amazon + // Web Services Payment Cryptography key contains a symmetric key or an asymmetric + // key pair. + // + // KeyClass is a required field + KeyClass *string `type:"string" required:"true" enum:"KeyClass"` + + // The list of cryptographic operations that you can perform using the key. + // + // KeyModesOfUse is a required field + KeyModesOfUse *KeyModesOfUse `type:"structure" required:"true"` + + // The cryptographic usage of an Amazon Web Services Payment Cryptography key + // as defined in section A.5.2 of the TR-31 spec. + // + // KeyUsage is a required field + KeyUsage *string `type:"string" required:"true" enum:"KeyUsage"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KeyAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KeyAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *KeyAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "KeyAttributes"} + if s.KeyAlgorithm == nil { + invalidParams.Add(request.NewErrParamRequired("KeyAlgorithm")) + } + if s.KeyClass == nil { + invalidParams.Add(request.NewErrParamRequired("KeyClass")) + } + if s.KeyModesOfUse == nil { + invalidParams.Add(request.NewErrParamRequired("KeyModesOfUse")) + } + if s.KeyUsage == nil { + invalidParams.Add(request.NewErrParamRequired("KeyUsage")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyAlgorithm sets the KeyAlgorithm field's value. +func (s *KeyAttributes) SetKeyAlgorithm(v string) *KeyAttributes { + s.KeyAlgorithm = &v + return s +} + +// SetKeyClass sets the KeyClass field's value. +func (s *KeyAttributes) SetKeyClass(v string) *KeyAttributes { + s.KeyClass = &v + return s +} + +// SetKeyModesOfUse sets the KeyModesOfUse field's value. +func (s *KeyAttributes) SetKeyModesOfUse(v *KeyModesOfUse) *KeyAttributes { + s.KeyModesOfUse = v + return s +} + +// SetKeyUsage sets the KeyUsage field's value. +func (s *KeyAttributes) SetKeyUsage(v string) *KeyAttributes { + s.KeyUsage = &v + return s +} + +// The list of cryptographic operations that you can perform using the key. +// The modes of use are defined in section A.5.3 of the TR-31 spec. +type KeyModesOfUse struct { + _ struct{} `type:"structure"` + + // Specifies whether an Amazon Web Services Payment Cryptography key can be + // used to decrypt data. + Decrypt *bool `type:"boolean"` + + // Specifies whether an Amazon Web Services Payment Cryptography key can be + // used to derive new keys. + DeriveKey *bool `type:"boolean"` + + // Specifies whether an Amazon Web Services Payment Cryptography key can be + // used to encrypt data. + Encrypt *bool `type:"boolean"` + + // Specifies whether an Amazon Web Services Payment Cryptography key can be + // used to generate and verify other card and PIN verification keys. + Generate *bool `type:"boolean"` + + // Specifies whether an Amazon Web Services Payment Cryptography key has no + // special restrictions other than the restrictions implied by KeyUsage. + NoRestrictions *bool `type:"boolean"` + + // Specifies whether an Amazon Web Services Payment Cryptography key can be + // used for signing. + Sign *bool `type:"boolean"` + + // Specifies whether an Amazon Web Services Payment Cryptography key can be + // used to unwrap other keys. + Unwrap *bool `type:"boolean"` + + // Specifies whether an Amazon Web Services Payment Cryptography key can be + // used to verify signatures. + Verify *bool `type:"boolean"` + + // Specifies whether an Amazon Web Services Payment Cryptography key can be + // used to wrap other keys. + Wrap *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KeyModesOfUse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KeyModesOfUse) GoString() string { + return s.String() +} + +// SetDecrypt sets the Decrypt field's value. +func (s *KeyModesOfUse) SetDecrypt(v bool) *KeyModesOfUse { + s.Decrypt = &v + return s +} + +// SetDeriveKey sets the DeriveKey field's value. +func (s *KeyModesOfUse) SetDeriveKey(v bool) *KeyModesOfUse { + s.DeriveKey = &v + return s +} + +// SetEncrypt sets the Encrypt field's value. +func (s *KeyModesOfUse) SetEncrypt(v bool) *KeyModesOfUse { + s.Encrypt = &v + return s +} + +// SetGenerate sets the Generate field's value. +func (s *KeyModesOfUse) SetGenerate(v bool) *KeyModesOfUse { + s.Generate = &v + return s +} + +// SetNoRestrictions sets the NoRestrictions field's value. +func (s *KeyModesOfUse) SetNoRestrictions(v bool) *KeyModesOfUse { + s.NoRestrictions = &v + return s +} + +// SetSign sets the Sign field's value. +func (s *KeyModesOfUse) SetSign(v bool) *KeyModesOfUse { + s.Sign = &v + return s +} + +// SetUnwrap sets the Unwrap field's value. +func (s *KeyModesOfUse) SetUnwrap(v bool) *KeyModesOfUse { + s.Unwrap = &v + return s +} + +// SetVerify sets the Verify field's value. +func (s *KeyModesOfUse) SetVerify(v bool) *KeyModesOfUse { + s.Verify = &v + return s +} + +// SetWrap sets the Wrap field's value. +func (s *KeyModesOfUse) SetWrap(v bool) *KeyModesOfUse { + s.Wrap = &v + return s +} + +// Metadata about an Amazon Web Services Payment Cryptography key. +type KeySummary struct { + _ struct{} `type:"structure"` + + // Specifies whether the key is enabled. + // + // Enabled is a required field + Enabled *bool `type:"boolean" required:"true"` + + // Specifies whether the key is exportable. This data is immutable after the + // key is created. + // + // Exportable is a required field + Exportable *bool `type:"boolean" required:"true"` + + // The Amazon Resource Name (ARN) of the key. + // + // KeyArn is a required field + KeyArn *string `min:"70" type:"string" required:"true"` + + // The role of the key, the algorithm it supports, and the cryptographic operations + // allowed with the key. This data is immutable after the key is created. + // + // KeyAttributes is a required field + KeyAttributes *KeyAttributes `type:"structure" required:"true"` + + // The key check value (KCV) is used to check if all parties holding a given + // key have the same key or to detect that a key has changed. Amazon Web Services + // Payment Cryptography calculates the KCV by using standard algorithms, typically + // by encrypting 8 or 16 bytes or "00" or "01" and then truncating the result + // to the first 3 bytes, or 6 hex digits, of the resulting cryptogram. + // + // KeyCheckValue is a required field + KeyCheckValue *string `min:"4" type:"string" required:"true"` + + // The state of an Amazon Web Services Payment Cryptography that is being created + // or deleted. + // + // KeyState is a required field + KeyState *string `type:"string" required:"true" enum:"KeyState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KeySummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s KeySummary) GoString() string { + return s.String() +} + +// SetEnabled sets the Enabled field's value. +func (s *KeySummary) SetEnabled(v bool) *KeySummary { + s.Enabled = &v + return s +} + +// SetExportable sets the Exportable field's value. +func (s *KeySummary) SetExportable(v bool) *KeySummary { + s.Exportable = &v + return s +} + +// SetKeyArn sets the KeyArn field's value. +func (s *KeySummary) SetKeyArn(v string) *KeySummary { + s.KeyArn = &v + return s +} + +// SetKeyAttributes sets the KeyAttributes field's value. +func (s *KeySummary) SetKeyAttributes(v *KeyAttributes) *KeySummary { + s.KeyAttributes = v + return s +} + +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *KeySummary) SetKeyCheckValue(v string) *KeySummary { + s.KeyCheckValue = &v + return s +} + +// SetKeyState sets the KeyState field's value. +func (s *KeySummary) SetKeyState(v string) *KeySummary { + s.KeyState = &v + return s +} + +type ListAliasesInput struct { + _ struct{} `type:"structure"` + + // Use this parameter to specify the maximum number of items to return. When + // this value is present, Amazon Web Services Payment Cryptography does not + // return more than the specified number of items, but it might return fewer. + // + // This value is optional. If you include a value, it must be between 1 and + // 100, inclusive. If you do not include a value, it defaults to 50. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter in a subsequent request after you receive a response with + // truncated results. Set it to the value of NextToken from the truncated response + // you just received. + NextToken *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAliasesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAliasesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListAliasesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAliasesInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListAliasesInput) SetMaxResults(v int64) *ListAliasesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAliasesInput) SetNextToken(v string) *ListAliasesInput { + s.NextToken = &v + return s +} + +type ListAliasesOutput struct { + _ struct{} `type:"structure"` + + // The list of aliases. Each alias describes the KeyArn contained within. + // + // Aliases is a required field + Aliases []*Alias `type:"list" required:"true"` + + // The token for the next set of results, or an empty or null value if there + // are no more results. + NextToken *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAliasesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListAliasesOutput) GoString() string { + return s.String() +} + +// SetAliases sets the Aliases field's value. +func (s *ListAliasesOutput) SetAliases(v []*Alias) *ListAliasesOutput { + s.Aliases = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAliasesOutput) SetNextToken(v string) *ListAliasesOutput { + s.NextToken = &v + return s +} + +type ListKeysInput struct { + _ struct{} `type:"structure"` + + // The key state of the keys you want to list. + KeyState *string `type:"string" enum:"KeyState"` + + // Use this parameter to specify the maximum number of items to return. When + // this value is present, Amazon Web Services Payment Cryptography does not + // return more than the specified number of items, but it might return fewer. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter in a subsequent request after you receive a response with + // truncated results. Set it to the value of NextToken from the truncated response + // you just received. + NextToken *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeysInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeysInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListKeysInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListKeysInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyState sets the KeyState field's value. +func (s *ListKeysInput) SetKeyState(v string) *ListKeysInput { + s.KeyState = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListKeysInput) SetMaxResults(v int64) *ListKeysInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListKeysInput) SetNextToken(v string) *ListKeysInput { + s.NextToken = &v + return s +} + +type ListKeysOutput struct { + _ struct{} `type:"structure"` + + // The list of keys created within the caller's Amazon Web Services account + // and Amazon Web Services Region. + // + // Keys is a required field + Keys []*KeySummary `type:"list" required:"true"` + + // The token for the next set of results, or an empty or null value if there + // are no more results. + NextToken *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeysOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeysOutput) GoString() string { + return s.String() +} + +// SetKeys sets the Keys field's value. +func (s *ListKeysOutput) SetKeys(v []*KeySummary) *ListKeysOutput { + s.Keys = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListKeysOutput) SetNextToken(v string) *ListKeysOutput { + s.NextToken = &v + return s +} + +type ListTagsForResourceInput struct { + _ struct{} `type:"structure"` + + // Use this parameter to specify the maximum number of items to return. When + // this value is present, Amazon Web Services Payment Cryptography does not + // return more than the specified number of items, but it might return fewer. + MaxResults *int64 `min:"1" type:"integer"` + + // Use this parameter in a subsequent request after you receive a response with + // truncated results. Set it to the value of NextToken from the truncated response + // you just received. + NextToken *string `min:"1" type:"string"` + + // The KeyARN of the key whose tags you are getting. + // + // ResourceArn is a required field + ResourceArn *string `min:"70" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListTagsForResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 70 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 70)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListTagsForResourceInput) SetMaxResults(v int64) *ListTagsForResourceInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput { + s.NextToken = &v + return s +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput { + s.ResourceArn = &v + return s +} + +type ListTagsForResourceOutput struct { + _ struct{} `type:"structure"` + + // The token for the next set of results, or an empty or null value if there + // are no more results. + NextToken *string `min:"1" type:"string"` + + // The list of tags associated with a ResourceArn. Each tag will list the key-value + // pair contained within that tag. + // + // Tags is a required field + Tags []*Tag `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput { + s.NextToken = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput { + s.Tags = v + return s +} + +// The request was denied due to an invalid resource error. +type ResourceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` + + // The string for the exception. + ResourceId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) GoString() string { + return s.String() +} + +func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { + return &ResourceNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ResourceNotFoundException) Code() string { + return "ResourceNotFoundException" +} + +// Message returns the exception's message. +func (s *ResourceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ResourceNotFoundException) OrigErr() error { + return nil +} + +func (s *ResourceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ResourceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ResourceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +type RestoreKeyInput struct { + _ struct{} `type:"structure"` + + // The KeyARN of the key to be restored within Amazon Web Services Payment Cryptography. + // + // KeyIdentifier is a required field + KeyIdentifier *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RestoreKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RestoreKeyInput"} + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *RestoreKeyInput) SetKeyIdentifier(v string) *RestoreKeyInput { + s.KeyIdentifier = &v + return s +} + +type RestoreKeyOutput struct { + _ struct{} `type:"structure"` + + // The key material of the restored key. The KeyState will change to CREATE_COMPLETE + // and value for DeletePendingTimestamp gets removed. + // + // Key is a required field + Key *Key `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RestoreKeyOutput) GoString() string { + return s.String() +} + +// SetKey sets the Key field's value. +func (s *RestoreKeyOutput) SetKey(v *Key) *RestoreKeyOutput { + s.Key = v + return s +} + +// Parameter information for root public key certificate import. +type RootCertificatePublicKey struct { + _ struct{} `type:"structure"` + + // The role of the key, the algorithm it supports, and the cryptographic operations + // allowed with the key. This data is immutable after the root public key is + // imported. + // + // KeyAttributes is a required field + KeyAttributes *KeyAttributes `type:"structure" required:"true"` + + // Parameter information for root public key certificate import. + // + // PublicKeyCertificate is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RootCertificatePublicKey's + // String and GoString methods. + // + // PublicKeyCertificate is a required field + PublicKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RootCertificatePublicKey) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s RootCertificatePublicKey) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *RootCertificatePublicKey) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "RootCertificatePublicKey"} + if s.KeyAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("KeyAttributes")) + } + if s.PublicKeyCertificate == nil { + invalidParams.Add(request.NewErrParamRequired("PublicKeyCertificate")) + } + if s.PublicKeyCertificate != nil && len(*s.PublicKeyCertificate) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PublicKeyCertificate", 1)) + } + if s.KeyAttributes != nil { + if err := s.KeyAttributes.Validate(); err != nil { + invalidParams.AddNested("KeyAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyAttributes sets the KeyAttributes field's value. +func (s *RootCertificatePublicKey) SetKeyAttributes(v *KeyAttributes) *RootCertificatePublicKey { + s.KeyAttributes = v + return s +} + +// SetPublicKeyCertificate sets the PublicKeyCertificate field's value. +func (s *RootCertificatePublicKey) SetPublicKeyCertificate(v string) *RootCertificatePublicKey { + s.PublicKeyCertificate = &v + return s +} + +// This request would cause a service quota to be exceeded. +type ServiceQuotaExceededException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceQuotaExceededException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceQuotaExceededException) GoString() string { + return s.String() +} + +func newErrorServiceQuotaExceededException(v protocol.ResponseMetadata) error { + return &ServiceQuotaExceededException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ServiceQuotaExceededException) Code() string { + return "ServiceQuotaExceededException" +} + +// Message returns the exception's message. +func (s *ServiceQuotaExceededException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ServiceQuotaExceededException) OrigErr() error { + return nil +} + +func (s *ServiceQuotaExceededException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ServiceQuotaExceededException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ServiceQuotaExceededException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The service cannot complete the request. +type ServiceUnavailableException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceUnavailableException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceUnavailableException) GoString() string { + return s.String() +} + +func newErrorServiceUnavailableException(v protocol.ResponseMetadata) error { + return &ServiceUnavailableException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ServiceUnavailableException) Code() string { + return "ServiceUnavailableException" +} + +// Message returns the exception's message. +func (s *ServiceUnavailableException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ServiceUnavailableException) OrigErr() error { + return nil +} + +func (s *ServiceUnavailableException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ServiceUnavailableException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ServiceUnavailableException) RequestID() string { + return s.RespMetadata.RequestID +} + +type StartKeyUsageInput struct { + _ struct{} `type:"structure"` + + // The KeyArn of the key. + // + // KeyIdentifier is a required field + KeyIdentifier *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartKeyUsageInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartKeyUsageInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StartKeyUsageInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StartKeyUsageInput"} + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *StartKeyUsageInput) SetKeyIdentifier(v string) *StartKeyUsageInput { + s.KeyIdentifier = &v + return s +} + +type StartKeyUsageOutput struct { + _ struct{} `type:"structure"` + + // The KeyARN of the Amazon Web Services Payment Cryptography key activated + // for use. + // + // Key is a required field + Key *Key `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartKeyUsageOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartKeyUsageOutput) GoString() string { + return s.String() +} + +// SetKey sets the Key field's value. +func (s *StartKeyUsageOutput) SetKey(v *Key) *StartKeyUsageOutput { + s.Key = v + return s +} + +type StopKeyUsageInput struct { + _ struct{} `type:"structure"` + + // The KeyArn of the key. + // + // KeyIdentifier is a required field + KeyIdentifier *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopKeyUsageInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopKeyUsageInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StopKeyUsageInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StopKeyUsageInput"} + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *StopKeyUsageInput) SetKeyIdentifier(v string) *StopKeyUsageInput { + s.KeyIdentifier = &v + return s +} + +type StopKeyUsageOutput struct { + _ struct{} `type:"structure"` + + // The KeyARN of the key. + // + // Key is a required field + Key *Key `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopKeyUsageOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StopKeyUsageOutput) GoString() string { + return s.String() +} + +// SetKey sets the Key field's value. +func (s *StopKeyUsageOutput) SetKey(v *Key) *StopKeyUsageOutput { + s.Key = v + return s +} + +// A structure that contains information about a tag. +type Tag struct { + _ struct{} `type:"structure"` + + // The key of the tag. + // + // Key is a required field + Key *string `min:"1" type:"string" required:"true"` + + // The value of the tag. + Value *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Tag) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Tag) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Tag) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Tag"} + if s.Key == nil { + invalidParams.Add(request.NewErrParamRequired("Key")) + } + if s.Key != nil && len(*s.Key) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Key", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKey sets the Key field's value. +func (s *Tag) SetKey(v string) *Tag { + s.Key = &v + return s +} + +// SetValue sets the Value field's value. +func (s *Tag) SetValue(v string) *Tag { + s.Value = &v + return s +} + +type TagResourceInput struct { + _ struct{} `type:"structure"` + + // The KeyARN of the key whose tags are being updated. + // + // ResourceArn is a required field + ResourceArn *string `min:"70" type:"string" required:"true"` + + // One or more tags. Each tag consists of a tag key and a tag value. The tag + // value can be an empty (null) string. You can't have more than one tag on + // an Amazon Web Services Payment Cryptography key with the same tag key. If + // you specify an existing tag key with a different tag value, Amazon Web Services + // Payment Cryptography replaces the current tag value with the new one. + // + // Don't include confidential or sensitive information in this field. This field + // may be displayed in plaintext in CloudTrail logs and other output. + // + // To use this parameter, you must have TagResource permission in an IAM policy. + // + // Don't include confidential or sensitive information in this field. This field + // may be displayed in plaintext in CloudTrail logs and other output. + // + // Tags is a required field + Tags []*Tag `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 70 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 70)) + } + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput { + s.ResourceArn = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { + s.Tags = v + return s +} + +type TagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) GoString() string { + return s.String() +} + +// The request was denied due to request throttling. +type ThrottlingException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThrottlingException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThrottlingException) GoString() string { + return s.String() +} + +func newErrorThrottlingException(v protocol.ResponseMetadata) error { + return &ThrottlingException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ThrottlingException) Code() string { + return "ThrottlingException" +} + +// Message returns the exception's message. +func (s *ThrottlingException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ThrottlingException) OrigErr() error { + return nil +} + +func (s *ThrottlingException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ThrottlingException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ThrottlingException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Parameter information for trusted public key certificate import. +type TrustedCertificatePublicKey struct { + _ struct{} `type:"structure"` + + // The KeyARN of the root public key certificate or certificate chain that signs + // the trusted public key certificate import. + // + // CertificateAuthorityPublicKeyIdentifier is a required field + CertificateAuthorityPublicKeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The role of the key, the algorithm it supports, and the cryptographic operations + // allowed with the key. This data is immutable after a trusted public key is + // imported. + // + // KeyAttributes is a required field + KeyAttributes *KeyAttributes `type:"structure" required:"true"` + + // Parameter information for trusted public key certificate import. + // + // PublicKeyCertificate is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by TrustedCertificatePublicKey's + // String and GoString methods. + // + // PublicKeyCertificate is a required field + PublicKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustedCertificatePublicKey) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustedCertificatePublicKey) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TrustedCertificatePublicKey) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TrustedCertificatePublicKey"} + if s.CertificateAuthorityPublicKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityPublicKeyIdentifier")) + } + if s.CertificateAuthorityPublicKeyIdentifier != nil && len(*s.CertificateAuthorityPublicKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityPublicKeyIdentifier", 7)) + } + if s.KeyAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("KeyAttributes")) + } + if s.PublicKeyCertificate == nil { + invalidParams.Add(request.NewErrParamRequired("PublicKeyCertificate")) + } + if s.PublicKeyCertificate != nil && len(*s.PublicKeyCertificate) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PublicKeyCertificate", 1)) + } + if s.KeyAttributes != nil { + if err := s.KeyAttributes.Validate(); err != nil { + invalidParams.AddNested("KeyAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCertificateAuthorityPublicKeyIdentifier sets the CertificateAuthorityPublicKeyIdentifier field's value. +func (s *TrustedCertificatePublicKey) SetCertificateAuthorityPublicKeyIdentifier(v string) *TrustedCertificatePublicKey { + s.CertificateAuthorityPublicKeyIdentifier = &v + return s +} + +// SetKeyAttributes sets the KeyAttributes field's value. +func (s *TrustedCertificatePublicKey) SetKeyAttributes(v *KeyAttributes) *TrustedCertificatePublicKey { + s.KeyAttributes = v + return s +} + +// SetPublicKeyCertificate sets the PublicKeyCertificate field's value. +func (s *TrustedCertificatePublicKey) SetPublicKeyCertificate(v string) *TrustedCertificatePublicKey { + s.PublicKeyCertificate = &v + return s +} + +type UntagResourceInput struct { + _ struct{} `type:"structure"` + + // The KeyARN of the key whose tags are being removed. + // + // ResourceArn is a required field + ResourceArn *string `min:"70" type:"string" required:"true"` + + // One or more tag keys. Don't include the tag values. + // + // If the Amazon Web Services Payment Cryptography key doesn't have the specified + // tag key, Amazon Web Services Payment Cryptography doesn't throw an exception + // or return a response. To confirm that the operation succeeded, use the ListTagsForResource + // operation. + // + // TagKeys is a required field + TagKeys []*string `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UntagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 70 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 70)) + } + if s.TagKeys == nil { + invalidParams.Add(request.NewErrParamRequired("TagKeys")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput { + s.ResourceArn = &v + return s +} + +// SetTagKeys sets the TagKeys field's value. +func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { + s.TagKeys = v + return s +} + +type UntagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) GoString() string { + return s.String() +} + +type UpdateAliasInput struct { + _ struct{} `type:"structure"` + + // The alias whose associated key is changing. + // + // AliasName is a required field + AliasName *string `min:"7" type:"string" required:"true"` + + // The KeyARN for the key that you are updating or removing from the alias. + KeyArn *string `min:"70" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAliasInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateAliasInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateAliasInput"} + if s.AliasName == nil { + invalidParams.Add(request.NewErrParamRequired("AliasName")) + } + if s.AliasName != nil && len(*s.AliasName) < 7 { + invalidParams.Add(request.NewErrParamMinLen("AliasName", 7)) + } + if s.KeyArn != nil && len(*s.KeyArn) < 70 { + invalidParams.Add(request.NewErrParamMinLen("KeyArn", 70)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAliasName sets the AliasName field's value. +func (s *UpdateAliasInput) SetAliasName(v string) *UpdateAliasInput { + s.AliasName = &v + return s +} + +// SetKeyArn sets the KeyArn field's value. +func (s *UpdateAliasInput) SetKeyArn(v string) *UpdateAliasInput { + s.KeyArn = &v + return s +} + +type UpdateAliasOutput struct { + _ struct{} `type:"structure"` + + // The alias name. + // + // Alias is a required field + Alias *Alias `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateAliasOutput) GoString() string { + return s.String() +} + +// SetAlias sets the Alias field's value. +func (s *UpdateAliasOutput) SetAlias(v *Alias) *UpdateAliasOutput { + s.Alias = v + return s +} + +// The request was denied due to an invalid request error. +type ValidationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationException) GoString() string { + return s.String() +} + +func newErrorValidationException(v protocol.ResponseMetadata) error { + return &ValidationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ValidationException) Code() string { + return "ValidationException" +} + +// Message returns the exception's message. +func (s *ValidationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ValidationException) OrigErr() error { + return nil +} + +func (s *ValidationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ValidationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ValidationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Parameter information for generating a wrapped key using TR-31 or TR-34 standard. +type WrappedKey struct { + _ struct{} `type:"structure"` + + // Parameter information for generating a wrapped key using TR-31 or TR-34 standard. + // + // KeyMaterial is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by WrappedKey's + // String and GoString methods. + // + // KeyMaterial is a required field + KeyMaterial *string `min:"48" type:"string" required:"true" sensitive:"true"` + + // The key block format of a wrapped key. + // + // WrappedKeyMaterialFormat is a required field + WrappedKeyMaterialFormat *string `type:"string" required:"true" enum:"WrappedKeyMaterialFormat"` + + // The KeyARN of the wrapped key. + // + // WrappingKeyArn is a required field + WrappingKeyArn *string `min:"70" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s WrappedKey) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s WrappedKey) GoString() string { + return s.String() +} + +// SetKeyMaterial sets the KeyMaterial field's value. +func (s *WrappedKey) SetKeyMaterial(v string) *WrappedKey { + s.KeyMaterial = &v + return s +} + +// SetWrappedKeyMaterialFormat sets the WrappedKeyMaterialFormat field's value. +func (s *WrappedKey) SetWrappedKeyMaterialFormat(v string) *WrappedKey { + s.WrappedKeyMaterialFormat = &v + return s +} + +// SetWrappingKeyArn sets the WrappingKeyArn field's value. +func (s *WrappedKey) SetWrappingKeyArn(v string) *WrappedKey { + s.WrappingKeyArn = &v + return s +} + +const ( + // KeyAlgorithmTdes2key is a KeyAlgorithm enum value + KeyAlgorithmTdes2key = "TDES_2KEY" + + // KeyAlgorithmTdes3key is a KeyAlgorithm enum value + KeyAlgorithmTdes3key = "TDES_3KEY" + + // KeyAlgorithmAes128 is a KeyAlgorithm enum value + KeyAlgorithmAes128 = "AES_128" + + // KeyAlgorithmAes192 is a KeyAlgorithm enum value + KeyAlgorithmAes192 = "AES_192" + + // KeyAlgorithmAes256 is a KeyAlgorithm enum value + KeyAlgorithmAes256 = "AES_256" + + // KeyAlgorithmRsa2048 is a KeyAlgorithm enum value + KeyAlgorithmRsa2048 = "RSA_2048" + + // KeyAlgorithmRsa3072 is a KeyAlgorithm enum value + KeyAlgorithmRsa3072 = "RSA_3072" + + // KeyAlgorithmRsa4096 is a KeyAlgorithm enum value + KeyAlgorithmRsa4096 = "RSA_4096" +) + +// KeyAlgorithm_Values returns all elements of the KeyAlgorithm enum +func KeyAlgorithm_Values() []string { + return []string{ + KeyAlgorithmTdes2key, + KeyAlgorithmTdes3key, + KeyAlgorithmAes128, + KeyAlgorithmAes192, + KeyAlgorithmAes256, + KeyAlgorithmRsa2048, + KeyAlgorithmRsa3072, + KeyAlgorithmRsa4096, + } +} + +const ( + // KeyCheckValueAlgorithmCmac is a KeyCheckValueAlgorithm enum value + KeyCheckValueAlgorithmCmac = "CMAC" + + // KeyCheckValueAlgorithmAnsiX924 is a KeyCheckValueAlgorithm enum value + KeyCheckValueAlgorithmAnsiX924 = "ANSI_X9_24" +) + +// KeyCheckValueAlgorithm_Values returns all elements of the KeyCheckValueAlgorithm enum +func KeyCheckValueAlgorithm_Values() []string { + return []string{ + KeyCheckValueAlgorithmCmac, + KeyCheckValueAlgorithmAnsiX924, + } +} + +const ( + // KeyClassSymmetricKey is a KeyClass enum value + KeyClassSymmetricKey = "SYMMETRIC_KEY" + + // KeyClassAsymmetricKeyPair is a KeyClass enum value + KeyClassAsymmetricKeyPair = "ASYMMETRIC_KEY_PAIR" + + // KeyClassPrivateKey is a KeyClass enum value + KeyClassPrivateKey = "PRIVATE_KEY" + + // KeyClassPublicKey is a KeyClass enum value + KeyClassPublicKey = "PUBLIC_KEY" +) + +// KeyClass_Values returns all elements of the KeyClass enum +func KeyClass_Values() []string { + return []string{ + KeyClassSymmetricKey, + KeyClassAsymmetricKeyPair, + KeyClassPrivateKey, + KeyClassPublicKey, + } +} + +const ( + // KeyMaterialTypeTr34KeyBlock is a KeyMaterialType enum value + KeyMaterialTypeTr34KeyBlock = "TR34_KEY_BLOCK" + + // KeyMaterialTypeTr31KeyBlock is a KeyMaterialType enum value + KeyMaterialTypeTr31KeyBlock = "TR31_KEY_BLOCK" + + // KeyMaterialTypeRootPublicKeyCertificate is a KeyMaterialType enum value + KeyMaterialTypeRootPublicKeyCertificate = "ROOT_PUBLIC_KEY_CERTIFICATE" + + // KeyMaterialTypeTrustedPublicKeyCertificate is a KeyMaterialType enum value + KeyMaterialTypeTrustedPublicKeyCertificate = "TRUSTED_PUBLIC_KEY_CERTIFICATE" +) + +// KeyMaterialType_Values returns all elements of the KeyMaterialType enum +func KeyMaterialType_Values() []string { + return []string{ + KeyMaterialTypeTr34KeyBlock, + KeyMaterialTypeTr31KeyBlock, + KeyMaterialTypeRootPublicKeyCertificate, + KeyMaterialTypeTrustedPublicKeyCertificate, + } +} + +// Defines the source of a key +const ( + // KeyOriginExternal is a KeyOrigin enum value + KeyOriginExternal = "EXTERNAL" + + // KeyOriginAwsPaymentCryptography is a KeyOrigin enum value + KeyOriginAwsPaymentCryptography = "AWS_PAYMENT_CRYPTOGRAPHY" +) + +// KeyOrigin_Values returns all elements of the KeyOrigin enum +func KeyOrigin_Values() []string { + return []string{ + KeyOriginExternal, + KeyOriginAwsPaymentCryptography, + } +} + +// Defines the state of a key +const ( + // KeyStateCreateInProgress is a KeyState enum value + KeyStateCreateInProgress = "CREATE_IN_PROGRESS" + + // KeyStateCreateComplete is a KeyState enum value + KeyStateCreateComplete = "CREATE_COMPLETE" + + // KeyStateDeletePending is a KeyState enum value + KeyStateDeletePending = "DELETE_PENDING" + + // KeyStateDeleteComplete is a KeyState enum value + KeyStateDeleteComplete = "DELETE_COMPLETE" +) + +// KeyState_Values returns all elements of the KeyState enum +func KeyState_Values() []string { + return []string{ + KeyStateCreateInProgress, + KeyStateCreateComplete, + KeyStateDeletePending, + KeyStateDeleteComplete, + } +} + +const ( + // KeyUsageTr31B0BaseDerivationKey is a KeyUsage enum value + KeyUsageTr31B0BaseDerivationKey = "TR31_B0_BASE_DERIVATION_KEY" + + // KeyUsageTr31C0CardVerificationKey is a KeyUsage enum value + KeyUsageTr31C0CardVerificationKey = "TR31_C0_CARD_VERIFICATION_KEY" + + // KeyUsageTr31D0SymmetricDataEncryptionKey is a KeyUsage enum value + KeyUsageTr31D0SymmetricDataEncryptionKey = "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY" + + // KeyUsageTr31D1AsymmetricKeyForDataEncryption is a KeyUsage enum value + KeyUsageTr31D1AsymmetricKeyForDataEncryption = "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION" + + // KeyUsageTr31E0EmvMkeyAppCryptograms is a KeyUsage enum value + KeyUsageTr31E0EmvMkeyAppCryptograms = "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS" + + // KeyUsageTr31E1EmvMkeyConfidentiality is a KeyUsage enum value + KeyUsageTr31E1EmvMkeyConfidentiality = "TR31_E1_EMV_MKEY_CONFIDENTIALITY" + + // KeyUsageTr31E2EmvMkeyIntegrity is a KeyUsage enum value + KeyUsageTr31E2EmvMkeyIntegrity = "TR31_E2_EMV_MKEY_INTEGRITY" + + // KeyUsageTr31E4EmvMkeyDynamicNumbers is a KeyUsage enum value + KeyUsageTr31E4EmvMkeyDynamicNumbers = "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS" + + // KeyUsageTr31E5EmvMkeyCardPersonalization is a KeyUsage enum value + KeyUsageTr31E5EmvMkeyCardPersonalization = "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION" + + // KeyUsageTr31E6EmvMkeyOther is a KeyUsage enum value + KeyUsageTr31E6EmvMkeyOther = "TR31_E6_EMV_MKEY_OTHER" + + // KeyUsageTr31K0KeyEncryptionKey is a KeyUsage enum value + KeyUsageTr31K0KeyEncryptionKey = "TR31_K0_KEY_ENCRYPTION_KEY" + + // KeyUsageTr31K1KeyBlockProtectionKey is a KeyUsage enum value + KeyUsageTr31K1KeyBlockProtectionKey = "TR31_K1_KEY_BLOCK_PROTECTION_KEY" + + // KeyUsageTr31K3AsymmetricKeyForKeyAgreement is a KeyUsage enum value + KeyUsageTr31K3AsymmetricKeyForKeyAgreement = "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT" + + // KeyUsageTr31M3Iso97973MacKey is a KeyUsage enum value + KeyUsageTr31M3Iso97973MacKey = "TR31_M3_ISO_9797_3_MAC_KEY" + + // KeyUsageTr31M6Iso97975CmacKey is a KeyUsage enum value + KeyUsageTr31M6Iso97975CmacKey = "TR31_M6_ISO_9797_5_CMAC_KEY" + + // KeyUsageTr31M7HmacKey is a KeyUsage enum value + KeyUsageTr31M7HmacKey = "TR31_M7_HMAC_KEY" + + // KeyUsageTr31P0PinEncryptionKey is a KeyUsage enum value + KeyUsageTr31P0PinEncryptionKey = "TR31_P0_PIN_ENCRYPTION_KEY" + + // KeyUsageTr31P1PinGenerationKey is a KeyUsage enum value + KeyUsageTr31P1PinGenerationKey = "TR31_P1_PIN_GENERATION_KEY" + + // KeyUsageTr31S0AsymmetricKeyForDigitalSignature is a KeyUsage enum value + KeyUsageTr31S0AsymmetricKeyForDigitalSignature = "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE" + + // KeyUsageTr31V1Ibm3624PinVerificationKey is a KeyUsage enum value + KeyUsageTr31V1Ibm3624PinVerificationKey = "TR31_V1_IBM3624_PIN_VERIFICATION_KEY" + + // KeyUsageTr31V2VisaPinVerificationKey is a KeyUsage enum value + KeyUsageTr31V2VisaPinVerificationKey = "TR31_V2_VISA_PIN_VERIFICATION_KEY" + + // KeyUsageTr31K2Tr34AsymmetricKey is a KeyUsage enum value + KeyUsageTr31K2Tr34AsymmetricKey = "TR31_K2_TR34_ASYMMETRIC_KEY" +) + +// KeyUsage_Values returns all elements of the KeyUsage enum +func KeyUsage_Values() []string { + return []string{ + KeyUsageTr31B0BaseDerivationKey, + KeyUsageTr31C0CardVerificationKey, + KeyUsageTr31D0SymmetricDataEncryptionKey, + KeyUsageTr31D1AsymmetricKeyForDataEncryption, + KeyUsageTr31E0EmvMkeyAppCryptograms, + KeyUsageTr31E1EmvMkeyConfidentiality, + KeyUsageTr31E2EmvMkeyIntegrity, + KeyUsageTr31E4EmvMkeyDynamicNumbers, + KeyUsageTr31E5EmvMkeyCardPersonalization, + KeyUsageTr31E6EmvMkeyOther, + KeyUsageTr31K0KeyEncryptionKey, + KeyUsageTr31K1KeyBlockProtectionKey, + KeyUsageTr31K3AsymmetricKeyForKeyAgreement, + KeyUsageTr31M3Iso97973MacKey, + KeyUsageTr31M6Iso97975CmacKey, + KeyUsageTr31M7HmacKey, + KeyUsageTr31P0PinEncryptionKey, + KeyUsageTr31P1PinGenerationKey, + KeyUsageTr31S0AsymmetricKeyForDigitalSignature, + KeyUsageTr31V1Ibm3624PinVerificationKey, + KeyUsageTr31V2VisaPinVerificationKey, + KeyUsageTr31K2Tr34AsymmetricKey, + } +} + +const ( + // Tr34KeyBlockFormatX9Tr342012 is a Tr34KeyBlockFormat enum value + Tr34KeyBlockFormatX9Tr342012 = "X9_TR34_2012" +) + +// Tr34KeyBlockFormat_Values returns all elements of the Tr34KeyBlockFormat enum +func Tr34KeyBlockFormat_Values() []string { + return []string{ + Tr34KeyBlockFormatX9Tr342012, + } +} + +const ( + // WrappedKeyMaterialFormatKeyCryptogram is a WrappedKeyMaterialFormat enum value + WrappedKeyMaterialFormatKeyCryptogram = "KEY_CRYPTOGRAM" + + // WrappedKeyMaterialFormatTr31KeyBlock is a WrappedKeyMaterialFormat enum value + WrappedKeyMaterialFormatTr31KeyBlock = "TR31_KEY_BLOCK" + + // WrappedKeyMaterialFormatTr34KeyBlock is a WrappedKeyMaterialFormat enum value + WrappedKeyMaterialFormatTr34KeyBlock = "TR34_KEY_BLOCK" +) + +// WrappedKeyMaterialFormat_Values returns all elements of the WrappedKeyMaterialFormat enum +func WrappedKeyMaterialFormat_Values() []string { + return []string{ + WrappedKeyMaterialFormatKeyCryptogram, + WrappedKeyMaterialFormatTr31KeyBlock, + WrappedKeyMaterialFormatTr34KeyBlock, + } +} diff --git a/service/paymentcryptography/doc.go b/service/paymentcryptography/doc.go new file mode 100644 index 00000000000..218eddc705e --- /dev/null +++ b/service/paymentcryptography/doc.go @@ -0,0 +1,52 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package paymentcryptography provides the client and types for making API +// requests to Payment Cryptography Control Plane. +// +// You use the Amazon Web Services Payment Cryptography Control Plane to manage +// the encryption keys you use for payment-related cryptographic operations. +// You can create, import, export, share, manage, and delete keys. You can also +// manage Identity and Access Management (IAM) policies for keys. For more information, +// see Identity and access management (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security-iam.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// To use encryption keys for payment-related transaction processing and associated +// cryptographic operations, you use the Amazon Web Services Payment Cryptography +// Data Plane (https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/Welcome.html). +// You can encrypt, decrypt, generate, verify, and translate payment-related +// cryptographic operations. +// +// All Amazon Web Services Payment Cryptography API calls must be signed and +// transmitted using Transport Layer Security (TLS). We recommend you always +// use the latest supported TLS version for logging API requests. +// +// Amazon Web Services Payment Cryptography supports CloudTrail, a service that +// logs Amazon Web Services API calls and related events for your Amazon Web +// Services account and delivers them to an Amazon S3 bucket that you specify. +// By using the information collected by CloudTrail, you can determine what +// requests were made to Amazon Web Services Payment Cryptography, who made +// the request, when it was made, and so on. If you don't configure a trail, +// you can still view the most recent events in the CloudTrail console. For +// more information, see the CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). +// +// See https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14 for more information on this service. +// +// See paymentcryptography package documentation for more information. +// https://docs.aws.amazon.com/sdk-for-go/api/service/paymentcryptography/ +// +// # Using the Client +// +// To contact Payment Cryptography Control Plane with the SDK use the New function to create +// a new service client. With that client you can make API requests to the service. +// These clients are safe to use concurrently. +// +// See the SDK's documentation for more information on how to use the SDK. +// https://docs.aws.amazon.com/sdk-for-go/api/ +// +// See aws.Config documentation for more information on configuring SDK clients. +// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config +// +// See the Payment Cryptography Control Plane client PaymentCryptography for more +// information on creating client for this service. +// https://docs.aws.amazon.com/sdk-for-go/api/service/paymentcryptography/#New +package paymentcryptography diff --git a/service/paymentcryptography/errors.go b/service/paymentcryptography/errors.go new file mode 100644 index 00000000000..f49c515a0fb --- /dev/null +++ b/service/paymentcryptography/errors.go @@ -0,0 +1,70 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package paymentcryptography + +import ( + "github.com/aws/aws-sdk-go/private/protocol" +) + +const ( + + // ErrCodeAccessDeniedException for service response error code + // "AccessDeniedException". + // + // You do not have sufficient access to perform this action. + ErrCodeAccessDeniedException = "AccessDeniedException" + + // ErrCodeConflictException for service response error code + // "ConflictException". + // + // This request can cause an inconsistent state for the resource. + ErrCodeConflictException = "ConflictException" + + // ErrCodeInternalServerException for service response error code + // "InternalServerException". + // + // The request processing has failed because of an unknown error, exception, + // or failure. + ErrCodeInternalServerException = "InternalServerException" + + // ErrCodeResourceNotFoundException for service response error code + // "ResourceNotFoundException". + // + // The request was denied due to an invalid resource error. + ErrCodeResourceNotFoundException = "ResourceNotFoundException" + + // ErrCodeServiceQuotaExceededException for service response error code + // "ServiceQuotaExceededException". + // + // This request would cause a service quota to be exceeded. + ErrCodeServiceQuotaExceededException = "ServiceQuotaExceededException" + + // ErrCodeServiceUnavailableException for service response error code + // "ServiceUnavailableException". + // + // The service cannot complete the request. + ErrCodeServiceUnavailableException = "ServiceUnavailableException" + + // ErrCodeThrottlingException for service response error code + // "ThrottlingException". + // + // The request was denied due to request throttling. + ErrCodeThrottlingException = "ThrottlingException" + + // ErrCodeValidationException for service response error code + // "ValidationException". + // + // The request was denied due to an invalid request error. + ErrCodeValidationException = "ValidationException" +) + +var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "AccessDeniedException": newErrorAccessDeniedException, + "ConflictException": newErrorConflictException, + "InternalServerException": newErrorInternalServerException, + "ResourceNotFoundException": newErrorResourceNotFoundException, + "ServiceQuotaExceededException": newErrorServiceQuotaExceededException, + "ServiceUnavailableException": newErrorServiceUnavailableException, + "ThrottlingException": newErrorThrottlingException, + "ValidationException": newErrorValidationException, +} diff --git a/service/paymentcryptography/paymentcryptographyiface/interface.go b/service/paymentcryptography/paymentcryptographyiface/interface.go new file mode 100644 index 00000000000..8206d93f73a --- /dev/null +++ b/service/paymentcryptography/paymentcryptographyiface/interface.go @@ -0,0 +1,153 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package paymentcryptographyiface provides an interface to enable mocking the Payment Cryptography Control Plane service client +// for testing your code. +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. +package paymentcryptographyiface + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/service/paymentcryptography" +) + +// PaymentCryptographyAPI provides an interface to enable mocking the +// paymentcryptography.PaymentCryptography service client's API operation, +// paginators, and waiters. This make unit testing your code that calls out +// to the SDK's service client's calls easier. +// +// The best way to use this interface is so the SDK's service client's calls +// can be stubbed out for unit testing your code with the SDK without needing +// to inject custom request handlers into the SDK's request pipeline. +// +// // myFunc uses an SDK service client to make a request to +// // Payment Cryptography Control Plane. +// func myFunc(svc paymentcryptographyiface.PaymentCryptographyAPI) bool { +// // Make svc.CreateAlias request +// } +// +// func main() { +// sess := session.New() +// svc := paymentcryptography.New(sess) +// +// myFunc(svc) +// } +// +// In your _test.go file: +// +// // Define a mock struct to be used in your unit tests of myFunc. +// type mockPaymentCryptographyClient struct { +// paymentcryptographyiface.PaymentCryptographyAPI +// } +// func (m *mockPaymentCryptographyClient) CreateAlias(input *paymentcryptography.CreateAliasInput) (*paymentcryptography.CreateAliasOutput, error) { +// // mock response/functionality +// } +// +// func TestMyFunc(t *testing.T) { +// // Setup Test +// mockSvc := &mockPaymentCryptographyClient{} +// +// myfunc(mockSvc) +// +// // Verify myFunc's functionality +// } +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. Its suggested to use the pattern above for testing, or using +// tooling to generate mocks to satisfy the interfaces. +type PaymentCryptographyAPI interface { + CreateAlias(*paymentcryptography.CreateAliasInput) (*paymentcryptography.CreateAliasOutput, error) + CreateAliasWithContext(aws.Context, *paymentcryptography.CreateAliasInput, ...request.Option) (*paymentcryptography.CreateAliasOutput, error) + CreateAliasRequest(*paymentcryptography.CreateAliasInput) (*request.Request, *paymentcryptography.CreateAliasOutput) + + CreateKey(*paymentcryptography.CreateKeyInput) (*paymentcryptography.CreateKeyOutput, error) + CreateKeyWithContext(aws.Context, *paymentcryptography.CreateKeyInput, ...request.Option) (*paymentcryptography.CreateKeyOutput, error) + CreateKeyRequest(*paymentcryptography.CreateKeyInput) (*request.Request, *paymentcryptography.CreateKeyOutput) + + DeleteAlias(*paymentcryptography.DeleteAliasInput) (*paymentcryptography.DeleteAliasOutput, error) + DeleteAliasWithContext(aws.Context, *paymentcryptography.DeleteAliasInput, ...request.Option) (*paymentcryptography.DeleteAliasOutput, error) + DeleteAliasRequest(*paymentcryptography.DeleteAliasInput) (*request.Request, *paymentcryptography.DeleteAliasOutput) + + DeleteKey(*paymentcryptography.DeleteKeyInput) (*paymentcryptography.DeleteKeyOutput, error) + DeleteKeyWithContext(aws.Context, *paymentcryptography.DeleteKeyInput, ...request.Option) (*paymentcryptography.DeleteKeyOutput, error) + DeleteKeyRequest(*paymentcryptography.DeleteKeyInput) (*request.Request, *paymentcryptography.DeleteKeyOutput) + + ExportKey(*paymentcryptography.ExportKeyInput) (*paymentcryptography.ExportKeyOutput, error) + ExportKeyWithContext(aws.Context, *paymentcryptography.ExportKeyInput, ...request.Option) (*paymentcryptography.ExportKeyOutput, error) + ExportKeyRequest(*paymentcryptography.ExportKeyInput) (*request.Request, *paymentcryptography.ExportKeyOutput) + + GetAlias(*paymentcryptography.GetAliasInput) (*paymentcryptography.GetAliasOutput, error) + GetAliasWithContext(aws.Context, *paymentcryptography.GetAliasInput, ...request.Option) (*paymentcryptography.GetAliasOutput, error) + GetAliasRequest(*paymentcryptography.GetAliasInput) (*request.Request, *paymentcryptography.GetAliasOutput) + + GetKey(*paymentcryptography.GetKeyInput) (*paymentcryptography.GetKeyOutput, error) + GetKeyWithContext(aws.Context, *paymentcryptography.GetKeyInput, ...request.Option) (*paymentcryptography.GetKeyOutput, error) + GetKeyRequest(*paymentcryptography.GetKeyInput) (*request.Request, *paymentcryptography.GetKeyOutput) + + GetParametersForExport(*paymentcryptography.GetParametersForExportInput) (*paymentcryptography.GetParametersForExportOutput, error) + GetParametersForExportWithContext(aws.Context, *paymentcryptography.GetParametersForExportInput, ...request.Option) (*paymentcryptography.GetParametersForExportOutput, error) + GetParametersForExportRequest(*paymentcryptography.GetParametersForExportInput) (*request.Request, *paymentcryptography.GetParametersForExportOutput) + + GetParametersForImport(*paymentcryptography.GetParametersForImportInput) (*paymentcryptography.GetParametersForImportOutput, error) + GetParametersForImportWithContext(aws.Context, *paymentcryptography.GetParametersForImportInput, ...request.Option) (*paymentcryptography.GetParametersForImportOutput, error) + GetParametersForImportRequest(*paymentcryptography.GetParametersForImportInput) (*request.Request, *paymentcryptography.GetParametersForImportOutput) + + GetPublicKeyCertificate(*paymentcryptography.GetPublicKeyCertificateInput) (*paymentcryptography.GetPublicKeyCertificateOutput, error) + GetPublicKeyCertificateWithContext(aws.Context, *paymentcryptography.GetPublicKeyCertificateInput, ...request.Option) (*paymentcryptography.GetPublicKeyCertificateOutput, error) + GetPublicKeyCertificateRequest(*paymentcryptography.GetPublicKeyCertificateInput) (*request.Request, *paymentcryptography.GetPublicKeyCertificateOutput) + + ImportKey(*paymentcryptography.ImportKeyInput) (*paymentcryptography.ImportKeyOutput, error) + ImportKeyWithContext(aws.Context, *paymentcryptography.ImportKeyInput, ...request.Option) (*paymentcryptography.ImportKeyOutput, error) + ImportKeyRequest(*paymentcryptography.ImportKeyInput) (*request.Request, *paymentcryptography.ImportKeyOutput) + + ListAliases(*paymentcryptography.ListAliasesInput) (*paymentcryptography.ListAliasesOutput, error) + ListAliasesWithContext(aws.Context, *paymentcryptography.ListAliasesInput, ...request.Option) (*paymentcryptography.ListAliasesOutput, error) + ListAliasesRequest(*paymentcryptography.ListAliasesInput) (*request.Request, *paymentcryptography.ListAliasesOutput) + + ListAliasesPages(*paymentcryptography.ListAliasesInput, func(*paymentcryptography.ListAliasesOutput, bool) bool) error + ListAliasesPagesWithContext(aws.Context, *paymentcryptography.ListAliasesInput, func(*paymentcryptography.ListAliasesOutput, bool) bool, ...request.Option) error + + ListKeys(*paymentcryptography.ListKeysInput) (*paymentcryptography.ListKeysOutput, error) + ListKeysWithContext(aws.Context, *paymentcryptography.ListKeysInput, ...request.Option) (*paymentcryptography.ListKeysOutput, error) + ListKeysRequest(*paymentcryptography.ListKeysInput) (*request.Request, *paymentcryptography.ListKeysOutput) + + ListKeysPages(*paymentcryptography.ListKeysInput, func(*paymentcryptography.ListKeysOutput, bool) bool) error + ListKeysPagesWithContext(aws.Context, *paymentcryptography.ListKeysInput, func(*paymentcryptography.ListKeysOutput, bool) bool, ...request.Option) error + + ListTagsForResource(*paymentcryptography.ListTagsForResourceInput) (*paymentcryptography.ListTagsForResourceOutput, error) + ListTagsForResourceWithContext(aws.Context, *paymentcryptography.ListTagsForResourceInput, ...request.Option) (*paymentcryptography.ListTagsForResourceOutput, error) + ListTagsForResourceRequest(*paymentcryptography.ListTagsForResourceInput) (*request.Request, *paymentcryptography.ListTagsForResourceOutput) + + ListTagsForResourcePages(*paymentcryptography.ListTagsForResourceInput, func(*paymentcryptography.ListTagsForResourceOutput, bool) bool) error + ListTagsForResourcePagesWithContext(aws.Context, *paymentcryptography.ListTagsForResourceInput, func(*paymentcryptography.ListTagsForResourceOutput, bool) bool, ...request.Option) error + + RestoreKey(*paymentcryptography.RestoreKeyInput) (*paymentcryptography.RestoreKeyOutput, error) + RestoreKeyWithContext(aws.Context, *paymentcryptography.RestoreKeyInput, ...request.Option) (*paymentcryptography.RestoreKeyOutput, error) + RestoreKeyRequest(*paymentcryptography.RestoreKeyInput) (*request.Request, *paymentcryptography.RestoreKeyOutput) + + StartKeyUsage(*paymentcryptography.StartKeyUsageInput) (*paymentcryptography.StartKeyUsageOutput, error) + StartKeyUsageWithContext(aws.Context, *paymentcryptography.StartKeyUsageInput, ...request.Option) (*paymentcryptography.StartKeyUsageOutput, error) + StartKeyUsageRequest(*paymentcryptography.StartKeyUsageInput) (*request.Request, *paymentcryptography.StartKeyUsageOutput) + + StopKeyUsage(*paymentcryptography.StopKeyUsageInput) (*paymentcryptography.StopKeyUsageOutput, error) + StopKeyUsageWithContext(aws.Context, *paymentcryptography.StopKeyUsageInput, ...request.Option) (*paymentcryptography.StopKeyUsageOutput, error) + StopKeyUsageRequest(*paymentcryptography.StopKeyUsageInput) (*request.Request, *paymentcryptography.StopKeyUsageOutput) + + TagResource(*paymentcryptography.TagResourceInput) (*paymentcryptography.TagResourceOutput, error) + TagResourceWithContext(aws.Context, *paymentcryptography.TagResourceInput, ...request.Option) (*paymentcryptography.TagResourceOutput, error) + TagResourceRequest(*paymentcryptography.TagResourceInput) (*request.Request, *paymentcryptography.TagResourceOutput) + + UntagResource(*paymentcryptography.UntagResourceInput) (*paymentcryptography.UntagResourceOutput, error) + UntagResourceWithContext(aws.Context, *paymentcryptography.UntagResourceInput, ...request.Option) (*paymentcryptography.UntagResourceOutput, error) + UntagResourceRequest(*paymentcryptography.UntagResourceInput) (*request.Request, *paymentcryptography.UntagResourceOutput) + + UpdateAlias(*paymentcryptography.UpdateAliasInput) (*paymentcryptography.UpdateAliasOutput, error) + UpdateAliasWithContext(aws.Context, *paymentcryptography.UpdateAliasInput, ...request.Option) (*paymentcryptography.UpdateAliasOutput, error) + UpdateAliasRequest(*paymentcryptography.UpdateAliasInput) (*request.Request, *paymentcryptography.UpdateAliasOutput) +} + +var _ PaymentCryptographyAPI = (*paymentcryptography.PaymentCryptography)(nil) diff --git a/service/paymentcryptography/service.go b/service/paymentcryptography/service.go new file mode 100644 index 00000000000..745bf249adc --- /dev/null +++ b/service/paymentcryptography/service.go @@ -0,0 +1,108 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package paymentcryptography + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" +) + +// PaymentCryptography provides the API operation methods for making requests to +// Payment Cryptography Control Plane. See this package's package overview docs +// for details on the service. +// +// PaymentCryptography methods are safe to use concurrently. It is not safe to +// modify mutate any of the struct's properties though. +type PaymentCryptography struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "Payment Cryptography" // Name of service. + EndpointsID = "controlplane.payment-cryptography" // ID to lookup a service endpoint with. + ServiceID = "Payment Cryptography" // ServiceID is a unique identifier of a specific service. +) + +// New creates a new instance of the PaymentCryptography client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// +// mySession := session.Must(session.NewSession()) +// +// // Create a PaymentCryptography client from just a session. +// svc := paymentcryptography.New(mySession) +// +// // Create a PaymentCryptography client with additional configuration +// svc := paymentcryptography.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *PaymentCryptography { + c := p.ClientConfig(EndpointsID, cfgs...) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = "payment-cryptography" + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *PaymentCryptography { + svc := &PaymentCryptography{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2021-09-14", + ResolvedRegion: resolvedRegion, + JSONVersion: "1.0", + TargetPrefix: "PaymentCryptographyControlPlane", + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed( + protocol.NewUnmarshalErrorHandler(jsonrpc.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), + ) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a PaymentCryptography operation and runs any +// custom request initialization. +func (c *PaymentCryptography) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/service/paymentcryptographydata/api.go b/service/paymentcryptographydata/api.go new file mode 100644 index 00000000000..17a8618c743 --- /dev/null +++ b/service/paymentcryptographydata/api.go @@ -0,0 +1,7662 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package paymentcryptographydata + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" +) + +const opDecryptData = "DecryptData" + +// DecryptDataRequest generates a "aws/request.Request" representing the +// client's request for the DecryptData operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DecryptData for more information on using the DecryptData +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DecryptDataRequest method. +// req, resp := client.DecryptDataRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DecryptData +func (c *PaymentCryptographyData) DecryptDataRequest(input *DecryptDataInput) (req *request.Request, output *DecryptDataOutput) { + op := &request.Operation{ + Name: opDecryptData, + HTTPMethod: "POST", + HTTPPath: "/keys/{KeyIdentifier}/decrypt", + } + + if input == nil { + input = &DecryptDataInput{} + } + + output = &DecryptDataOutput{} + req = c.newRequest(op, input, output) + return +} + +// DecryptData API operation for Payment Cryptography Data Plane. +// +// Decrypts ciphertext data to plaintext using symmetric, asymmetric, or DUKPT +// data encryption key. For more information, see Decrypt data (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/decrypt-data.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// You can use an encryption key generated within Amazon Web Services Payment +// Cryptography, or you can import your own encryption key by calling ImportKey +// (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html). +// For this operation, the key must have KeyModesOfUse set to Decrypt. In asymmetric +// decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext +// using the private component of the asymmetric encryption key pair. For data +// encryption outside of Amazon Web Services Payment Cryptography, you can export +// the public component of the asymmetric key pair by calling GetPublicCertificate +// (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html). +// +// For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography +// supports TDES and AES algorithms. For asymmetric decryption, Amazon Web Services +// Payment Cryptography supports RSA. When you use DUKPT, for TDES algorithm, +// the ciphertext data length must be a multiple of 16 bytes. For AES algorithm, +// the ciphertext data length must be a multiple of 32 bytes. +// +// For information about valid keys for this operation, see Understanding key +// attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// and Key types for specific data operations (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - EncryptData +// +// - GetPublicCertificate (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html) +// +// - ImportKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html) +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Data Plane's +// API operation DecryptData for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DecryptData +func (c *PaymentCryptographyData) DecryptData(input *DecryptDataInput) (*DecryptDataOutput, error) { + req, out := c.DecryptDataRequest(input) + return out, req.Send() +} + +// DecryptDataWithContext is the same as DecryptData with the addition of +// the ability to pass a context and additional request options. +// +// See DecryptData for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptographyData) DecryptDataWithContext(ctx aws.Context, input *DecryptDataInput, opts ...request.Option) (*DecryptDataOutput, error) { + req, out := c.DecryptDataRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opEncryptData = "EncryptData" + +// EncryptDataRequest generates a "aws/request.Request" representing the +// client's request for the EncryptData operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EncryptData for more information on using the EncryptData +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the EncryptDataRequest method. +// req, resp := client.EncryptDataRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/EncryptData +func (c *PaymentCryptographyData) EncryptDataRequest(input *EncryptDataInput) (req *request.Request, output *EncryptDataOutput) { + op := &request.Operation{ + Name: opEncryptData, + HTTPMethod: "POST", + HTTPPath: "/keys/{KeyIdentifier}/encrypt", + } + + if input == nil { + input = &EncryptDataInput{} + } + + output = &EncryptDataOutput{} + req = c.newRequest(op, input, output) + return +} + +// EncryptData API operation for Payment Cryptography Data Plane. +// +// Encrypts plaintext data to ciphertext using symmetric, asymmetric, or DUKPT +// data encryption key. For more information, see Encrypt data (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/encrypt-data.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// You can generate an encryption key within Amazon Web Services Payment Cryptography +// by calling CreateKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html). +// You can import your own encryption key by calling ImportKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html). +// For this operation, the key must have KeyModesOfUse set to Encrypt. In asymmetric +// encryption, plaintext is encrypted using public component. You can import +// the public component of an asymmetric key pair created outside Amazon Web +// Services Payment Cryptography by calling ImportKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html)). +// +// for symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography +// supports TDES and AES algorithms. For asymmetric encryption, Amazon Web Services +// Payment Cryptography supports RSA. To encrypt using DUKPT, you must already +// have a DUKPT key in your account with KeyModesOfUse set to DeriveKey, or +// you can generate a new DUKPT key by calling CreateKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html). +// +// For information about valid keys for this operation, see Understanding key +// attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// and Key types for specific data operations (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - DecryptData +// +// - GetPublicCertificate (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html) +// +// - ImportKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html) +// +// - ReEncryptData +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Data Plane's +// API operation EncryptData for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/EncryptData +func (c *PaymentCryptographyData) EncryptData(input *EncryptDataInput) (*EncryptDataOutput, error) { + req, out := c.EncryptDataRequest(input) + return out, req.Send() +} + +// EncryptDataWithContext is the same as EncryptData with the addition of +// the ability to pass a context and additional request options. +// +// See EncryptData for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptographyData) EncryptDataWithContext(ctx aws.Context, input *EncryptDataInput, opts ...request.Option) (*EncryptDataOutput, error) { + req, out := c.EncryptDataRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGenerateCardValidationData = "GenerateCardValidationData" + +// GenerateCardValidationDataRequest generates a "aws/request.Request" representing the +// client's request for the GenerateCardValidationData operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GenerateCardValidationData for more information on using the GenerateCardValidationData +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GenerateCardValidationDataRequest method. +// req, resp := client.GenerateCardValidationDataRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateCardValidationData +func (c *PaymentCryptographyData) GenerateCardValidationDataRequest(input *GenerateCardValidationDataInput) (req *request.Request, output *GenerateCardValidationDataOutput) { + op := &request.Operation{ + Name: opGenerateCardValidationData, + HTTPMethod: "POST", + HTTPPath: "/cardvalidationdata/generate", + } + + if input == nil { + input = &GenerateCardValidationDataInput{} + } + + output = &GenerateCardValidationDataOutput{} + req = c.newRequest(op, input, output) + return +} + +// GenerateCardValidationData API operation for Payment Cryptography Data Plane. +// +// Generates card-related validation data using algorithms such as Card Verification +// Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2), or Card +// Security Codes (CSC). For more information, see Generate card data (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/generate-card-data.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// This operation generates a CVV or CSC value that is printed on a payment +// credit or debit card during card production. The CVV or CSC, PAN (Primary +// Account Number) and expiration date of the card are required to check its +// validity during transaction processing. To begin this operation, a CVK (Card +// Verification Key) encryption key is required. You can use CreateKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html) +// or ImportKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html) +// to establish a CVK within Amazon Web Services Payment Cryptography. The KeyModesOfUse +// should be set to Generate and Verify for a CVK encryption key. +// +// For information about valid keys for this operation, see Understanding key +// attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// and Key types for specific data operations (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - ImportKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html) +// +// - VerifyCardValidationData +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Data Plane's +// API operation GenerateCardValidationData for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateCardValidationData +func (c *PaymentCryptographyData) GenerateCardValidationData(input *GenerateCardValidationDataInput) (*GenerateCardValidationDataOutput, error) { + req, out := c.GenerateCardValidationDataRequest(input) + return out, req.Send() +} + +// GenerateCardValidationDataWithContext is the same as GenerateCardValidationData with the addition of +// the ability to pass a context and additional request options. +// +// See GenerateCardValidationData for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptographyData) GenerateCardValidationDataWithContext(ctx aws.Context, input *GenerateCardValidationDataInput, opts ...request.Option) (*GenerateCardValidationDataOutput, error) { + req, out := c.GenerateCardValidationDataRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGenerateMac = "GenerateMac" + +// GenerateMacRequest generates a "aws/request.Request" representing the +// client's request for the GenerateMac operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GenerateMac for more information on using the GenerateMac +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GenerateMacRequest method. +// req, resp := client.GenerateMacRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateMac +func (c *PaymentCryptographyData) GenerateMacRequest(input *GenerateMacInput) (req *request.Request, output *GenerateMacOutput) { + op := &request.Operation{ + Name: opGenerateMac, + HTTPMethod: "POST", + HTTPPath: "/mac/generate", + } + + if input == nil { + input = &GenerateMacInput{} + } + + output = &GenerateMacOutput{} + req = c.newRequest(op, input, output) + return +} + +// GenerateMac API operation for Payment Cryptography Data Plane. +// +// Generates a Message Authentication Code (MAC) cryptogram within Amazon Web +// Services Payment Cryptography. +// +// You can use this operation when keys won't be shared but mutual data is present +// on both ends for validation. In this case, known data values are used to +// generate a MAC on both ends for comparision without sending or receiving +// data in ciphertext or plaintext. You can use this operation to generate a +// DUPKT, HMAC or EMV MAC by setting generation attributes and algorithm to +// the associated values. The MAC generation encryption key must have valid +// values for KeyUsage such as TR31_M7_HMAC_KEY for HMAC generation, and they +// key must have KeyModesOfUse set to Generate and Verify. +// +// For information about valid keys for this operation, see Understanding key +// attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// and Key types for specific data operations (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - VerifyMac +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Data Plane's +// API operation GenerateMac for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateMac +func (c *PaymentCryptographyData) GenerateMac(input *GenerateMacInput) (*GenerateMacOutput, error) { + req, out := c.GenerateMacRequest(input) + return out, req.Send() +} + +// GenerateMacWithContext is the same as GenerateMac with the addition of +// the ability to pass a context and additional request options. +// +// See GenerateMac for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptographyData) GenerateMacWithContext(ctx aws.Context, input *GenerateMacInput, opts ...request.Option) (*GenerateMacOutput, error) { + req, out := c.GenerateMacRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGeneratePinData = "GeneratePinData" + +// GeneratePinDataRequest generates a "aws/request.Request" representing the +// client's request for the GeneratePinData operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GeneratePinData for more information on using the GeneratePinData +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the GeneratePinDataRequest method. +// req, resp := client.GeneratePinDataRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GeneratePinData +func (c *PaymentCryptographyData) GeneratePinDataRequest(input *GeneratePinDataInput) (req *request.Request, output *GeneratePinDataOutput) { + op := &request.Operation{ + Name: opGeneratePinData, + HTTPMethod: "POST", + HTTPPath: "/pindata/generate", + } + + if input == nil { + input = &GeneratePinDataInput{} + } + + output = &GeneratePinDataOutput{} + req = c.newRequest(op, input, output) + return +} + +// GeneratePinData API operation for Payment Cryptography Data Plane. +// +// Generates pin-related data such as PIN, PIN Verification Value (PVV), PIN +// Block, and PIN Offset during new card issuance or reissuance. For more information, +// see Generate PIN data (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/generate-pin-data.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// PIN data is never transmitted in clear to or from Amazon Web Services Payment +// Cryptography. This operation generates PIN, PVV, or PIN Offset and then encrypts +// it using Pin Encryption Key (PEK) to create an EncryptedPinBlock for transmission +// from Amazon Web Services Payment Cryptography. This operation uses a separate +// Pin Verification Key (PVK) for VISA PVV generation. +// +// For information about valid keys for this operation, see Understanding key +// attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// and Key types for specific data operations (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - GenerateCardValidationData +// +// - TranslatePinData +// +// - VerifyPinData +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Data Plane's +// API operation GeneratePinData for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GeneratePinData +func (c *PaymentCryptographyData) GeneratePinData(input *GeneratePinDataInput) (*GeneratePinDataOutput, error) { + req, out := c.GeneratePinDataRequest(input) + return out, req.Send() +} + +// GeneratePinDataWithContext is the same as GeneratePinData with the addition of +// the ability to pass a context and additional request options. +// +// See GeneratePinData for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptographyData) GeneratePinDataWithContext(ctx aws.Context, input *GeneratePinDataInput, opts ...request.Option) (*GeneratePinDataOutput, error) { + req, out := c.GeneratePinDataRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opReEncryptData = "ReEncryptData" + +// ReEncryptDataRequest generates a "aws/request.Request" representing the +// client's request for the ReEncryptData operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ReEncryptData for more information on using the ReEncryptData +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ReEncryptDataRequest method. +// req, resp := client.ReEncryptDataRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/ReEncryptData +func (c *PaymentCryptographyData) ReEncryptDataRequest(input *ReEncryptDataInput) (req *request.Request, output *ReEncryptDataOutput) { + op := &request.Operation{ + Name: opReEncryptData, + HTTPMethod: "POST", + HTTPPath: "/keys/{IncomingKeyIdentifier}/reencrypt", + } + + if input == nil { + input = &ReEncryptDataInput{} + } + + output = &ReEncryptDataOutput{} + req = c.newRequest(op, input, output) + return +} + +// ReEncryptData API operation for Payment Cryptography Data Plane. +// +// Re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data Encryption +// Keys. +// +// You can either generate an encryption key within Amazon Web Services Payment +// Cryptography by calling CreateKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html) +// or import your own encryption key by calling ImportKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html). +// The KeyArn for use with this operation must be in a compatible key state +// with KeyModesOfUse set to Encrypt. In asymmetric encryption, ciphertext is +// encrypted using public component (imported by calling ImportKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html)) +// of the asymmetric key pair created outside of Amazon Web Services Payment +// Cryptography. +// +// For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography +// supports TDES and AES algorithms. For asymmetric encryption, Amazon Web Services +// Payment Cryptography supports RSA. To encrypt using DUKPT, a DUKPT key must +// already exist within your account with KeyModesOfUse set to DeriveKey or +// a new DUKPT can be generated by calling CreateKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html). +// +// For information about valid keys for this operation, see Understanding key +// attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// and Key types for specific data operations (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - DecryptData +// +// - EncryptData +// +// - GetPublicCertificate (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html) +// +// - ImportKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html) +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Data Plane's +// API operation ReEncryptData for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/ReEncryptData +func (c *PaymentCryptographyData) ReEncryptData(input *ReEncryptDataInput) (*ReEncryptDataOutput, error) { + req, out := c.ReEncryptDataRequest(input) + return out, req.Send() +} + +// ReEncryptDataWithContext is the same as ReEncryptData with the addition of +// the ability to pass a context and additional request options. +// +// See ReEncryptData for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptographyData) ReEncryptDataWithContext(ctx aws.Context, input *ReEncryptDataInput, opts ...request.Option) (*ReEncryptDataOutput, error) { + req, out := c.ReEncryptDataRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opTranslatePinData = "TranslatePinData" + +// TranslatePinDataRequest generates a "aws/request.Request" representing the +// client's request for the TranslatePinData operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See TranslatePinData for more information on using the TranslatePinData +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the TranslatePinDataRequest method. +// req, resp := client.TranslatePinDataRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslatePinData +func (c *PaymentCryptographyData) TranslatePinDataRequest(input *TranslatePinDataInput) (req *request.Request, output *TranslatePinDataOutput) { + op := &request.Operation{ + Name: opTranslatePinData, + HTTPMethod: "POST", + HTTPPath: "/pindata/translate", + } + + if input == nil { + input = &TranslatePinDataInput{} + } + + output = &TranslatePinDataOutput{} + req = c.newRequest(op, input, output) + return +} + +// TranslatePinData API operation for Payment Cryptography Data Plane. +// +// Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For +// more information, see Translate PIN data (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/translate-pin-data.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// PIN block translation involves changing the encrytion of PIN block from one +// encryption key to another encryption key and changing PIN block format from +// one to another without PIN block data leaving Amazon Web Services Payment +// Cryptography. The encryption key transformation can be from PEK (Pin Encryption +// Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. +// Amazon Web Services Payment Cryptography supports TDES and AES key derivation +// type for DUKPT tranlations. You can use this operation for P2PE (Point to +// Point Encryption) use cases where the encryption keys should change but the +// processing system either does not need to, or is not permitted to, decrypt +// the data. +// +// The allowed combinations of PIN block format translations are guided by PCI. +// It is important to note that not all encrypted PIN block formats (example, +// format 1) require PAN (Primary Account Number) as input. And as such, PIN +// block format that requires PAN (example, formats 0,3,4) cannot be translated +// to a format (format 1) that does not require a PAN for generation. +// +// For information about valid keys for this operation, see Understanding key +// attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// and Key types for specific data operations (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// At this time, Amazon Web Services Payment Cryptography does not support translations +// to PIN format 4. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - GeneratePinData +// +// - VerifyPinData +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Data Plane's +// API operation TranslatePinData for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslatePinData +func (c *PaymentCryptographyData) TranslatePinData(input *TranslatePinDataInput) (*TranslatePinDataOutput, error) { + req, out := c.TranslatePinDataRequest(input) + return out, req.Send() +} + +// TranslatePinDataWithContext is the same as TranslatePinData with the addition of +// the ability to pass a context and additional request options. +// +// See TranslatePinData for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptographyData) TranslatePinDataWithContext(ctx aws.Context, input *TranslatePinDataInput, opts ...request.Option) (*TranslatePinDataOutput, error) { + req, out := c.TranslatePinDataRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opVerifyAuthRequestCryptogram = "VerifyAuthRequestCryptogram" + +// VerifyAuthRequestCryptogramRequest generates a "aws/request.Request" representing the +// client's request for the VerifyAuthRequestCryptogram operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See VerifyAuthRequestCryptogram for more information on using the VerifyAuthRequestCryptogram +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the VerifyAuthRequestCryptogramRequest method. +// req, resp := client.VerifyAuthRequestCryptogramRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyAuthRequestCryptogram +func (c *PaymentCryptographyData) VerifyAuthRequestCryptogramRequest(input *VerifyAuthRequestCryptogramInput) (req *request.Request, output *VerifyAuthRequestCryptogramOutput) { + op := &request.Operation{ + Name: opVerifyAuthRequestCryptogram, + HTTPMethod: "POST", + HTTPPath: "/cryptogram/verify", + } + + if input == nil { + input = &VerifyAuthRequestCryptogramInput{} + } + + output = &VerifyAuthRequestCryptogramOutput{} + req = c.newRequest(op, input, output) + return +} + +// VerifyAuthRequestCryptogram API operation for Payment Cryptography Data Plane. +// +// Verifies Authorization Request Cryptogram (ARQC) for a EMV chip payment card +// authorization. For more information, see Verify auth request cryptogram (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/data-operations.verifyauthrequestcryptogram.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// ARQC generation is done outside of Amazon Web Services Payment Cryptography +// and is typically generated on a point of sale terminal for an EMV chip card +// to obtain payment authorization during transaction time. For ARQC verification, +// you must first import the ARQC generated outside of Amazon Web Services Payment +// Cryptography by calling ImportKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html). +// This operation uses the imported ARQC and an major encryption key (DUKPT) +// created by calling CreateKey (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html) +// to either provide a boolean ARQC verification result or provide an APRC (Authorization +// Response Cryptogram) response using Method 1 or Method 2. The ARPC_METHOD_1 +// uses AuthResponseCode to generate ARPC and ARPC_METHOD_2 uses CardStatusUpdate +// to generate ARPC. +// +// For information about valid keys for this operation, see Understanding key +// attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// and Key types for specific data operations (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - VerifyCardValidationData +// +// - VerifyPinData +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Data Plane's +// API operation VerifyAuthRequestCryptogram for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - VerificationFailedException +// This request failed verification. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyAuthRequestCryptogram +func (c *PaymentCryptographyData) VerifyAuthRequestCryptogram(input *VerifyAuthRequestCryptogramInput) (*VerifyAuthRequestCryptogramOutput, error) { + req, out := c.VerifyAuthRequestCryptogramRequest(input) + return out, req.Send() +} + +// VerifyAuthRequestCryptogramWithContext is the same as VerifyAuthRequestCryptogram with the addition of +// the ability to pass a context and additional request options. +// +// See VerifyAuthRequestCryptogram for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptographyData) VerifyAuthRequestCryptogramWithContext(ctx aws.Context, input *VerifyAuthRequestCryptogramInput, opts ...request.Option) (*VerifyAuthRequestCryptogramOutput, error) { + req, out := c.VerifyAuthRequestCryptogramRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opVerifyCardValidationData = "VerifyCardValidationData" + +// VerifyCardValidationDataRequest generates a "aws/request.Request" representing the +// client's request for the VerifyCardValidationData operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See VerifyCardValidationData for more information on using the VerifyCardValidationData +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the VerifyCardValidationDataRequest method. +// req, resp := client.VerifyCardValidationDataRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyCardValidationData +func (c *PaymentCryptographyData) VerifyCardValidationDataRequest(input *VerifyCardValidationDataInput) (req *request.Request, output *VerifyCardValidationDataOutput) { + op := &request.Operation{ + Name: opVerifyCardValidationData, + HTTPMethod: "POST", + HTTPPath: "/cardvalidationdata/verify", + } + + if input == nil { + input = &VerifyCardValidationDataInput{} + } + + output = &VerifyCardValidationDataOutput{} + req = c.newRequest(op, input, output) + return +} + +// VerifyCardValidationData API operation for Payment Cryptography Data Plane. +// +// Verifies card-related validation data using algorithms such as Card Verification +// Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) and Card +// Security Codes (CSC). For more information, see Verify card data (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/verify-card-data.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// This operation validates the CVV or CSC codes that is printed on a payment +// credit or debit card during card payment transaction. The input values are +// typically provided as part of an inbound transaction to an issuer or supporting +// platform partner. Amazon Web Services Payment Cryptography uses CVV or CSC, +// PAN (Primary Account Number) and expiration date of the card to check its +// validity during transaction processing. In this operation, the CVK (Card +// Verification Key) encryption key for use with card data verification is same +// as the one in used for GenerateCardValidationData. +// +// For information about valid keys for this operation, see Understanding key +// attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// and Key types for specific data operations (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - GenerateCardValidationData +// +// - VerifyAuthRequestCryptogram +// +// - VerifyPinData +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Data Plane's +// API operation VerifyCardValidationData for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - VerificationFailedException +// This request failed verification. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyCardValidationData +func (c *PaymentCryptographyData) VerifyCardValidationData(input *VerifyCardValidationDataInput) (*VerifyCardValidationDataOutput, error) { + req, out := c.VerifyCardValidationDataRequest(input) + return out, req.Send() +} + +// VerifyCardValidationDataWithContext is the same as VerifyCardValidationData with the addition of +// the ability to pass a context and additional request options. +// +// See VerifyCardValidationData for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptographyData) VerifyCardValidationDataWithContext(ctx aws.Context, input *VerifyCardValidationDataInput, opts ...request.Option) (*VerifyCardValidationDataOutput, error) { + req, out := c.VerifyCardValidationDataRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opVerifyMac = "VerifyMac" + +// VerifyMacRequest generates a "aws/request.Request" representing the +// client's request for the VerifyMac operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See VerifyMac for more information on using the VerifyMac +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the VerifyMacRequest method. +// req, resp := client.VerifyMacRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyMac +func (c *PaymentCryptographyData) VerifyMacRequest(input *VerifyMacInput) (req *request.Request, output *VerifyMacOutput) { + op := &request.Operation{ + Name: opVerifyMac, + HTTPMethod: "POST", + HTTPPath: "/mac/verify", + } + + if input == nil { + input = &VerifyMacInput{} + } + + output = &VerifyMacOutput{} + req = c.newRequest(op, input, output) + return +} + +// VerifyMac API operation for Payment Cryptography Data Plane. +// +// Verifies a Message Authentication Code (MAC). +// +// You can use this operation when keys won't be shared but mutual data is present +// on both ends for validation. In this case, known data values are used to +// generate a MAC on both ends for verification without sending or receiving +// data in ciphertext or plaintext. You can use this operation to verify a DUPKT, +// HMAC or EMV MAC by setting generation attributes and algorithm to the associated +// values. Use the same encryption key for MAC verification as you use for GenerateMac. +// +// For information about valid keys for this operation, see Understanding key +// attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// and Key types for specific data operations (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - GenerateMac +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Data Plane's +// API operation VerifyMac for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - VerificationFailedException +// This request failed verification. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyMac +func (c *PaymentCryptographyData) VerifyMac(input *VerifyMacInput) (*VerifyMacOutput, error) { + req, out := c.VerifyMacRequest(input) + return out, req.Send() +} + +// VerifyMacWithContext is the same as VerifyMac with the addition of +// the ability to pass a context and additional request options. +// +// See VerifyMac for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptographyData) VerifyMacWithContext(ctx aws.Context, input *VerifyMacInput, opts ...request.Option) (*VerifyMacOutput, error) { + req, out := c.VerifyMacRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opVerifyPinData = "VerifyPinData" + +// VerifyPinDataRequest generates a "aws/request.Request" representing the +// client's request for the VerifyPinData operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See VerifyPinData for more information on using the VerifyPinData +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the VerifyPinDataRequest method. +// req, resp := client.VerifyPinDataRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyPinData +func (c *PaymentCryptographyData) VerifyPinDataRequest(input *VerifyPinDataInput) (req *request.Request, output *VerifyPinDataOutput) { + op := &request.Operation{ + Name: opVerifyPinData, + HTTPMethod: "POST", + HTTPPath: "/pindata/verify", + } + + if input == nil { + input = &VerifyPinDataInput{} + } + + output = &VerifyPinDataOutput{} + req = c.newRequest(op, input, output) + return +} + +// VerifyPinData API operation for Payment Cryptography Data Plane. +// +// Verifies pin-related data such as PIN and PIN Offset using algorithms including +// VISA PVV and IBM3624. For more information, see Verify PIN data (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/verify-pin-data.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// This operation verifies PIN data for user payment card. A card holder PIN +// data is never transmitted in clear to or from Amazon Web Services Payment +// Cryptography. This operation uses PIN Verification Key (PVK) for PIN or PIN +// Offset generation and then encrypts it using PIN Encryption Key (PEK) to +// create an EncryptedPinBlock for transmission from Amazon Web Services Payment +// Cryptography. +// +// For information about valid keys for this operation, see Understanding key +// attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) +// and Key types for specific data operations (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// Cross-account use: This operation can't be used across different Amazon Web +// Services accounts. +// +// Related operations: +// +// - GeneratePinData +// +// - TranslatePinData +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Payment Cryptography Data Plane's +// API operation VerifyPinData for usage and error information. +// +// Returned Error Types: +// +// - ValidationException +// The request was denied due to an invalid request error. +// +// - VerificationFailedException +// This request failed verification. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ResourceNotFoundException +// The request was denied due to an invalid resource error. +// +// - ThrottlingException +// The request was denied due to request throttling. +// +// - InternalServerException +// The request processing has failed because of an unknown error, exception, +// or failure. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyPinData +func (c *PaymentCryptographyData) VerifyPinData(input *VerifyPinDataInput) (*VerifyPinDataOutput, error) { + req, out := c.VerifyPinDataRequest(input) + return out, req.Send() +} + +// VerifyPinDataWithContext is the same as VerifyPinData with the addition of +// the ability to pass a context and additional request options. +// +// See VerifyPinData for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *PaymentCryptographyData) VerifyPinDataWithContext(ctx aws.Context, input *VerifyPinDataInput, opts ...request.Option) (*VerifyPinDataOutput, error) { + req, out := c.VerifyPinDataRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// You do not have sufficient access to perform this action. +type AccessDeniedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) GoString() string { + return s.String() +} + +func newErrorAccessDeniedException(v protocol.ResponseMetadata) error { + return &AccessDeniedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *AccessDeniedException) Code() string { + return "AccessDeniedException" +} + +// Message returns the exception's message. +func (s *AccessDeniedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *AccessDeniedException) OrigErr() error { + return nil +} + +func (s *AccessDeniedException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *AccessDeniedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *AccessDeniedException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Card data parameters that are required to generate a Card Security Code (CSC2) +// for an AMEX payment card. +type AmexCardSecurityCodeVersion1 struct { + _ struct{} `type:"structure"` + + // The expiry date of a payment card. + // + // CardExpiryDate is a required field + CardExpiryDate *string `min:"4" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AmexCardSecurityCodeVersion1) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AmexCardSecurityCodeVersion1) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AmexCardSecurityCodeVersion1) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AmexCardSecurityCodeVersion1"} + if s.CardExpiryDate == nil { + invalidParams.Add(request.NewErrParamRequired("CardExpiryDate")) + } + if s.CardExpiryDate != nil && len(*s.CardExpiryDate) < 4 { + invalidParams.Add(request.NewErrParamMinLen("CardExpiryDate", 4)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCardExpiryDate sets the CardExpiryDate field's value. +func (s *AmexCardSecurityCodeVersion1) SetCardExpiryDate(v string) *AmexCardSecurityCodeVersion1 { + s.CardExpiryDate = &v + return s +} + +// Card data parameters that are required to generate a Card Security Code (CSC2) +// for an AMEX payment card. +type AmexCardSecurityCodeVersion2 struct { + _ struct{} `type:"structure"` + + // The expiry date of a payment card. + // + // CardExpiryDate is a required field + CardExpiryDate *string `min:"4" type:"string" required:"true"` + + // The service code of the AMEX payment card. This is different from the Card + // Security Code (CSC). + // + // ServiceCode is a required field + ServiceCode *string `min:"3" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AmexCardSecurityCodeVersion2) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AmexCardSecurityCodeVersion2) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AmexCardSecurityCodeVersion2) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AmexCardSecurityCodeVersion2"} + if s.CardExpiryDate == nil { + invalidParams.Add(request.NewErrParamRequired("CardExpiryDate")) + } + if s.CardExpiryDate != nil && len(*s.CardExpiryDate) < 4 { + invalidParams.Add(request.NewErrParamMinLen("CardExpiryDate", 4)) + } + if s.ServiceCode == nil { + invalidParams.Add(request.NewErrParamRequired("ServiceCode")) + } + if s.ServiceCode != nil && len(*s.ServiceCode) < 3 { + invalidParams.Add(request.NewErrParamMinLen("ServiceCode", 3)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCardExpiryDate sets the CardExpiryDate field's value. +func (s *AmexCardSecurityCodeVersion2) SetCardExpiryDate(v string) *AmexCardSecurityCodeVersion2 { + s.CardExpiryDate = &v + return s +} + +// SetServiceCode sets the ServiceCode field's value. +func (s *AmexCardSecurityCodeVersion2) SetServiceCode(v string) *AmexCardSecurityCodeVersion2 { + s.ServiceCode = &v + return s +} + +// Parameters for plaintext encryption using asymmetric keys. +type AsymmetricEncryptionAttributes struct { + _ struct{} `type:"structure"` + + // The padding to be included with the data. + PaddingType *string `type:"string" enum:"PaddingType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AsymmetricEncryptionAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AsymmetricEncryptionAttributes) GoString() string { + return s.String() +} + +// SetPaddingType sets the PaddingType field's value. +func (s *AsymmetricEncryptionAttributes) SetPaddingType(v string) *AsymmetricEncryptionAttributes { + s.PaddingType = &v + return s +} + +// Card data parameters that are required to generate Card Verification Values +// (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2), or Card Security +// Codes (CSC). +type CardGenerationAttributes struct { + _ struct{} `type:"structure"` + + // Card data parameters that are required to generate a Card Security Code (CSC2) + // for an AMEX payment card. + AmexCardSecurityCodeVersion1 *AmexCardSecurityCodeVersion1 `type:"structure"` + + // Card data parameters that are required to generate a Card Security Code (CSC2) + // for an AMEX payment card. + AmexCardSecurityCodeVersion2 *AmexCardSecurityCodeVersion2 `type:"structure"` + + // Card data parameters that are required to generate a cardholder verification + // value for the payment card. + CardHolderVerificationValue *CardHolderVerificationValue `type:"structure"` + + // Card data parameters that are required to generate Card Verification Value + // (CVV) for the payment card. + CardVerificationValue1 *CardVerificationValue1 `type:"structure"` + + // Card data parameters that are required to generate Card Verification Value + // (CVV2) for the payment card. + CardVerificationValue2 *CardVerificationValue2 `type:"structure"` + + // Card data parameters that are required to generate CDynamic Card Verification + // Code (dCVC) for the payment card. + DynamicCardVerificationCode *DynamicCardVerificationCode `type:"structure"` + + // Card data parameters that are required to generate CDynamic Card Verification + // Value (dCVV) for the payment card. + DynamicCardVerificationValue *DynamicCardVerificationValue `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CardGenerationAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CardGenerationAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CardGenerationAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CardGenerationAttributes"} + if s.AmexCardSecurityCodeVersion1 != nil { + if err := s.AmexCardSecurityCodeVersion1.Validate(); err != nil { + invalidParams.AddNested("AmexCardSecurityCodeVersion1", err.(request.ErrInvalidParams)) + } + } + if s.AmexCardSecurityCodeVersion2 != nil { + if err := s.AmexCardSecurityCodeVersion2.Validate(); err != nil { + invalidParams.AddNested("AmexCardSecurityCodeVersion2", err.(request.ErrInvalidParams)) + } + } + if s.CardHolderVerificationValue != nil { + if err := s.CardHolderVerificationValue.Validate(); err != nil { + invalidParams.AddNested("CardHolderVerificationValue", err.(request.ErrInvalidParams)) + } + } + if s.CardVerificationValue1 != nil { + if err := s.CardVerificationValue1.Validate(); err != nil { + invalidParams.AddNested("CardVerificationValue1", err.(request.ErrInvalidParams)) + } + } + if s.CardVerificationValue2 != nil { + if err := s.CardVerificationValue2.Validate(); err != nil { + invalidParams.AddNested("CardVerificationValue2", err.(request.ErrInvalidParams)) + } + } + if s.DynamicCardVerificationCode != nil { + if err := s.DynamicCardVerificationCode.Validate(); err != nil { + invalidParams.AddNested("DynamicCardVerificationCode", err.(request.ErrInvalidParams)) + } + } + if s.DynamicCardVerificationValue != nil { + if err := s.DynamicCardVerificationValue.Validate(); err != nil { + invalidParams.AddNested("DynamicCardVerificationValue", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAmexCardSecurityCodeVersion1 sets the AmexCardSecurityCodeVersion1 field's value. +func (s *CardGenerationAttributes) SetAmexCardSecurityCodeVersion1(v *AmexCardSecurityCodeVersion1) *CardGenerationAttributes { + s.AmexCardSecurityCodeVersion1 = v + return s +} + +// SetAmexCardSecurityCodeVersion2 sets the AmexCardSecurityCodeVersion2 field's value. +func (s *CardGenerationAttributes) SetAmexCardSecurityCodeVersion2(v *AmexCardSecurityCodeVersion2) *CardGenerationAttributes { + s.AmexCardSecurityCodeVersion2 = v + return s +} + +// SetCardHolderVerificationValue sets the CardHolderVerificationValue field's value. +func (s *CardGenerationAttributes) SetCardHolderVerificationValue(v *CardHolderVerificationValue) *CardGenerationAttributes { + s.CardHolderVerificationValue = v + return s +} + +// SetCardVerificationValue1 sets the CardVerificationValue1 field's value. +func (s *CardGenerationAttributes) SetCardVerificationValue1(v *CardVerificationValue1) *CardGenerationAttributes { + s.CardVerificationValue1 = v + return s +} + +// SetCardVerificationValue2 sets the CardVerificationValue2 field's value. +func (s *CardGenerationAttributes) SetCardVerificationValue2(v *CardVerificationValue2) *CardGenerationAttributes { + s.CardVerificationValue2 = v + return s +} + +// SetDynamicCardVerificationCode sets the DynamicCardVerificationCode field's value. +func (s *CardGenerationAttributes) SetDynamicCardVerificationCode(v *DynamicCardVerificationCode) *CardGenerationAttributes { + s.DynamicCardVerificationCode = v + return s +} + +// SetDynamicCardVerificationValue sets the DynamicCardVerificationValue field's value. +func (s *CardGenerationAttributes) SetDynamicCardVerificationValue(v *DynamicCardVerificationValue) *CardGenerationAttributes { + s.DynamicCardVerificationValue = v + return s +} + +// Card data parameters that are required to generate a cardholder verification +// value for the payment card. +type CardHolderVerificationValue struct { + _ struct{} `type:"structure"` + + // The transaction counter value that comes from a point of sale terminal. + // + // ApplicationTransactionCounter is a required field + ApplicationTransactionCounter *string `min:"2" type:"string" required:"true"` + + // A number that identifies and differentiates payment cards with the same Primary + // Account Number (PAN). + // + // PanSequenceNumber is a required field + PanSequenceNumber *string `min:"2" type:"string" required:"true"` + + // A random number generated by the issuer. + // + // UnpredictableNumber is a required field + UnpredictableNumber *string `min:"2" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CardHolderVerificationValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CardHolderVerificationValue) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CardHolderVerificationValue) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CardHolderVerificationValue"} + if s.ApplicationTransactionCounter == nil { + invalidParams.Add(request.NewErrParamRequired("ApplicationTransactionCounter")) + } + if s.ApplicationTransactionCounter != nil && len(*s.ApplicationTransactionCounter) < 2 { + invalidParams.Add(request.NewErrParamMinLen("ApplicationTransactionCounter", 2)) + } + if s.PanSequenceNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PanSequenceNumber")) + } + if s.PanSequenceNumber != nil && len(*s.PanSequenceNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("PanSequenceNumber", 2)) + } + if s.UnpredictableNumber == nil { + invalidParams.Add(request.NewErrParamRequired("UnpredictableNumber")) + } + if s.UnpredictableNumber != nil && len(*s.UnpredictableNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("UnpredictableNumber", 2)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplicationTransactionCounter sets the ApplicationTransactionCounter field's value. +func (s *CardHolderVerificationValue) SetApplicationTransactionCounter(v string) *CardHolderVerificationValue { + s.ApplicationTransactionCounter = &v + return s +} + +// SetPanSequenceNumber sets the PanSequenceNumber field's value. +func (s *CardHolderVerificationValue) SetPanSequenceNumber(v string) *CardHolderVerificationValue { + s.PanSequenceNumber = &v + return s +} + +// SetUnpredictableNumber sets the UnpredictableNumber field's value. +func (s *CardHolderVerificationValue) SetUnpredictableNumber(v string) *CardHolderVerificationValue { + s.UnpredictableNumber = &v + return s +} + +// Card data parameters that are requried to verify Card Verification Values +// (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2), or Card Security +// Codes (CSC). +type CardVerificationAttributes struct { + _ struct{} `type:"structure"` + + // Card data parameters that are required to generate a Card Security Code (CSC2) + // for an AMEX payment card. + AmexCardSecurityCodeVersion1 *AmexCardSecurityCodeVersion1 `type:"structure"` + + // Card data parameters that are required to verify a Card Security Code (CSC2) + // for an AMEX payment card. + AmexCardSecurityCodeVersion2 *AmexCardSecurityCodeVersion2 `type:"structure"` + + // Card data parameters that are required to verify a cardholder verification + // value for the payment card. + CardHolderVerificationValue *CardHolderVerificationValue `type:"structure"` + + // Card data parameters that are required to verify Card Verification Value + // (CVV) for the payment card. + CardVerificationValue1 *CardVerificationValue1 `type:"structure"` + + // Card data parameters that are required to verify Card Verification Value + // (CVV2) for the payment card. + CardVerificationValue2 *CardVerificationValue2 `type:"structure"` + + // Card data parameters that are required to verify CDynamic Card Verification + // Code (dCVC) for the payment card. + DiscoverDynamicCardVerificationCode *DiscoverDynamicCardVerificationCode `type:"structure"` + + // Card data parameters that are required to verify CDynamic Card Verification + // Code (dCVC) for the payment card. + DynamicCardVerificationCode *DynamicCardVerificationCode `type:"structure"` + + // Card data parameters that are required to verify CDynamic Card Verification + // Value (dCVV) for the payment card. + DynamicCardVerificationValue *DynamicCardVerificationValue `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CardVerificationAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CardVerificationAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CardVerificationAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CardVerificationAttributes"} + if s.AmexCardSecurityCodeVersion1 != nil { + if err := s.AmexCardSecurityCodeVersion1.Validate(); err != nil { + invalidParams.AddNested("AmexCardSecurityCodeVersion1", err.(request.ErrInvalidParams)) + } + } + if s.AmexCardSecurityCodeVersion2 != nil { + if err := s.AmexCardSecurityCodeVersion2.Validate(); err != nil { + invalidParams.AddNested("AmexCardSecurityCodeVersion2", err.(request.ErrInvalidParams)) + } + } + if s.CardHolderVerificationValue != nil { + if err := s.CardHolderVerificationValue.Validate(); err != nil { + invalidParams.AddNested("CardHolderVerificationValue", err.(request.ErrInvalidParams)) + } + } + if s.CardVerificationValue1 != nil { + if err := s.CardVerificationValue1.Validate(); err != nil { + invalidParams.AddNested("CardVerificationValue1", err.(request.ErrInvalidParams)) + } + } + if s.CardVerificationValue2 != nil { + if err := s.CardVerificationValue2.Validate(); err != nil { + invalidParams.AddNested("CardVerificationValue2", err.(request.ErrInvalidParams)) + } + } + if s.DiscoverDynamicCardVerificationCode != nil { + if err := s.DiscoverDynamicCardVerificationCode.Validate(); err != nil { + invalidParams.AddNested("DiscoverDynamicCardVerificationCode", err.(request.ErrInvalidParams)) + } + } + if s.DynamicCardVerificationCode != nil { + if err := s.DynamicCardVerificationCode.Validate(); err != nil { + invalidParams.AddNested("DynamicCardVerificationCode", err.(request.ErrInvalidParams)) + } + } + if s.DynamicCardVerificationValue != nil { + if err := s.DynamicCardVerificationValue.Validate(); err != nil { + invalidParams.AddNested("DynamicCardVerificationValue", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAmexCardSecurityCodeVersion1 sets the AmexCardSecurityCodeVersion1 field's value. +func (s *CardVerificationAttributes) SetAmexCardSecurityCodeVersion1(v *AmexCardSecurityCodeVersion1) *CardVerificationAttributes { + s.AmexCardSecurityCodeVersion1 = v + return s +} + +// SetAmexCardSecurityCodeVersion2 sets the AmexCardSecurityCodeVersion2 field's value. +func (s *CardVerificationAttributes) SetAmexCardSecurityCodeVersion2(v *AmexCardSecurityCodeVersion2) *CardVerificationAttributes { + s.AmexCardSecurityCodeVersion2 = v + return s +} + +// SetCardHolderVerificationValue sets the CardHolderVerificationValue field's value. +func (s *CardVerificationAttributes) SetCardHolderVerificationValue(v *CardHolderVerificationValue) *CardVerificationAttributes { + s.CardHolderVerificationValue = v + return s +} + +// SetCardVerificationValue1 sets the CardVerificationValue1 field's value. +func (s *CardVerificationAttributes) SetCardVerificationValue1(v *CardVerificationValue1) *CardVerificationAttributes { + s.CardVerificationValue1 = v + return s +} + +// SetCardVerificationValue2 sets the CardVerificationValue2 field's value. +func (s *CardVerificationAttributes) SetCardVerificationValue2(v *CardVerificationValue2) *CardVerificationAttributes { + s.CardVerificationValue2 = v + return s +} + +// SetDiscoverDynamicCardVerificationCode sets the DiscoverDynamicCardVerificationCode field's value. +func (s *CardVerificationAttributes) SetDiscoverDynamicCardVerificationCode(v *DiscoverDynamicCardVerificationCode) *CardVerificationAttributes { + s.DiscoverDynamicCardVerificationCode = v + return s +} + +// SetDynamicCardVerificationCode sets the DynamicCardVerificationCode field's value. +func (s *CardVerificationAttributes) SetDynamicCardVerificationCode(v *DynamicCardVerificationCode) *CardVerificationAttributes { + s.DynamicCardVerificationCode = v + return s +} + +// SetDynamicCardVerificationValue sets the DynamicCardVerificationValue field's value. +func (s *CardVerificationAttributes) SetDynamicCardVerificationValue(v *DynamicCardVerificationValue) *CardVerificationAttributes { + s.DynamicCardVerificationValue = v + return s +} + +// Card data parameters that are required to verify CVV (Card Verification Value) +// for the payment card. +type CardVerificationValue1 struct { + _ struct{} `type:"structure"` + + // The expiry date of a payment card. + // + // CardExpiryDate is a required field + CardExpiryDate *string `min:"4" type:"string" required:"true"` + + // The service code of the payment card. This is different from Card Security + // Code (CSC). + // + // ServiceCode is a required field + ServiceCode *string `min:"3" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CardVerificationValue1) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CardVerificationValue1) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CardVerificationValue1) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CardVerificationValue1"} + if s.CardExpiryDate == nil { + invalidParams.Add(request.NewErrParamRequired("CardExpiryDate")) + } + if s.CardExpiryDate != nil && len(*s.CardExpiryDate) < 4 { + invalidParams.Add(request.NewErrParamMinLen("CardExpiryDate", 4)) + } + if s.ServiceCode == nil { + invalidParams.Add(request.NewErrParamRequired("ServiceCode")) + } + if s.ServiceCode != nil && len(*s.ServiceCode) < 3 { + invalidParams.Add(request.NewErrParamMinLen("ServiceCode", 3)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCardExpiryDate sets the CardExpiryDate field's value. +func (s *CardVerificationValue1) SetCardExpiryDate(v string) *CardVerificationValue1 { + s.CardExpiryDate = &v + return s +} + +// SetServiceCode sets the ServiceCode field's value. +func (s *CardVerificationValue1) SetServiceCode(v string) *CardVerificationValue1 { + s.ServiceCode = &v + return s +} + +// Card data parameters that are required to verify Card Verification Value +// (CVV2) for the payment card. +type CardVerificationValue2 struct { + _ struct{} `type:"structure"` + + // The expiry date of a payment card. + // + // CardExpiryDate is a required field + CardExpiryDate *string `min:"4" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CardVerificationValue2) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CardVerificationValue2) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CardVerificationValue2) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CardVerificationValue2"} + if s.CardExpiryDate == nil { + invalidParams.Add(request.NewErrParamRequired("CardExpiryDate")) + } + if s.CardExpiryDate != nil && len(*s.CardExpiryDate) < 4 { + invalidParams.Add(request.NewErrParamMinLen("CardExpiryDate", 4)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCardExpiryDate sets the CardExpiryDate field's value. +func (s *CardVerificationValue2) SetCardExpiryDate(v string) *CardVerificationValue2 { + s.CardExpiryDate = &v + return s +} + +// Parameters that are required for Authorization Response Cryptogram (ARPC) +// generation after Authorization Request Cryptogram (ARQC) verification is +// successful. +type CryptogramAuthResponse struct { + _ struct{} `type:"structure"` + + // Parameters that are required for ARPC response generation using method1 after + // ARQC verification is successful. + ArpcMethod1 *CryptogramVerificationArpcMethod1 `type:"structure"` + + // Parameters that are required for ARPC response generation using method2 after + // ARQC verification is successful. + ArpcMethod2 *CryptogramVerificationArpcMethod2 `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CryptogramAuthResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CryptogramAuthResponse) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CryptogramAuthResponse) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CryptogramAuthResponse"} + if s.ArpcMethod1 != nil { + if err := s.ArpcMethod1.Validate(); err != nil { + invalidParams.AddNested("ArpcMethod1", err.(request.ErrInvalidParams)) + } + } + if s.ArpcMethod2 != nil { + if err := s.ArpcMethod2.Validate(); err != nil { + invalidParams.AddNested("ArpcMethod2", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetArpcMethod1 sets the ArpcMethod1 field's value. +func (s *CryptogramAuthResponse) SetArpcMethod1(v *CryptogramVerificationArpcMethod1) *CryptogramAuthResponse { + s.ArpcMethod1 = v + return s +} + +// SetArpcMethod2 sets the ArpcMethod2 field's value. +func (s *CryptogramAuthResponse) SetArpcMethod2(v *CryptogramVerificationArpcMethod2) *CryptogramAuthResponse { + s.ArpcMethod2 = v + return s +} + +// Parameters that are required for ARPC response generation using method1 after +// ARQC verification is successful. +type CryptogramVerificationArpcMethod1 struct { + _ struct{} `type:"structure"` + + // The auth code used to calculate APRC after ARQC verification is successful. + // This is the same auth code used for ARQC generation outside of Amazon Web + // Services Payment Cryptography. + // + // AuthResponseCode is a required field + AuthResponseCode *string `min:"4" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CryptogramVerificationArpcMethod1) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CryptogramVerificationArpcMethod1) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CryptogramVerificationArpcMethod1) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CryptogramVerificationArpcMethod1"} + if s.AuthResponseCode == nil { + invalidParams.Add(request.NewErrParamRequired("AuthResponseCode")) + } + if s.AuthResponseCode != nil && len(*s.AuthResponseCode) < 4 { + invalidParams.Add(request.NewErrParamMinLen("AuthResponseCode", 4)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAuthResponseCode sets the AuthResponseCode field's value. +func (s *CryptogramVerificationArpcMethod1) SetAuthResponseCode(v string) *CryptogramVerificationArpcMethod1 { + s.AuthResponseCode = &v + return s +} + +// Parameters that are required for ARPC response generation using method2 after +// ARQC verification is successful. +type CryptogramVerificationArpcMethod2 struct { + _ struct{} `type:"structure"` + + // The data indicating whether the issuer approves or declines an online transaction + // using an EMV chip card. + // + // CardStatusUpdate is a required field + CardStatusUpdate *string `min:"8" type:"string" required:"true"` + + // The proprietary authentication data used by issuer for communication during + // online transaction using an EMV chip card. + ProprietaryAuthenticationData *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CryptogramVerificationArpcMethod2) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CryptogramVerificationArpcMethod2) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CryptogramVerificationArpcMethod2) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CryptogramVerificationArpcMethod2"} + if s.CardStatusUpdate == nil { + invalidParams.Add(request.NewErrParamRequired("CardStatusUpdate")) + } + if s.CardStatusUpdate != nil && len(*s.CardStatusUpdate) < 8 { + invalidParams.Add(request.NewErrParamMinLen("CardStatusUpdate", 8)) + } + if s.ProprietaryAuthenticationData != nil && len(*s.ProprietaryAuthenticationData) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ProprietaryAuthenticationData", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCardStatusUpdate sets the CardStatusUpdate field's value. +func (s *CryptogramVerificationArpcMethod2) SetCardStatusUpdate(v string) *CryptogramVerificationArpcMethod2 { + s.CardStatusUpdate = &v + return s +} + +// SetProprietaryAuthenticationData sets the ProprietaryAuthenticationData field's value. +func (s *CryptogramVerificationArpcMethod2) SetProprietaryAuthenticationData(v string) *CryptogramVerificationArpcMethod2 { + s.ProprietaryAuthenticationData = &v + return s +} + +type DecryptDataInput struct { + _ struct{} `type:"structure"` + + // The ciphertext to decrypt. + // + // CipherText is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DecryptDataInput's + // String and GoString methods. + // + // CipherText is a required field + CipherText *string `min:"16" type:"string" required:"true" sensitive:"true"` + + // The encryption key type and attributes for ciphertext decryption. + // + // DecryptionAttributes is a required field + DecryptionAttributes *EncryptionDecryptionAttributes `type:"structure" required:"true"` + + // The keyARN of the encryption key that Amazon Web Services Payment Cryptography + // uses for ciphertext decryption. + // + // KeyIdentifier is a required field + KeyIdentifier *string `location:"uri" locationName:"KeyIdentifier" min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DecryptDataInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DecryptDataInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DecryptDataInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DecryptDataInput"} + if s.CipherText == nil { + invalidParams.Add(request.NewErrParamRequired("CipherText")) + } + if s.CipherText != nil && len(*s.CipherText) < 16 { + invalidParams.Add(request.NewErrParamMinLen("CipherText", 16)) + } + if s.DecryptionAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("DecryptionAttributes")) + } + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + if s.DecryptionAttributes != nil { + if err := s.DecryptionAttributes.Validate(); err != nil { + invalidParams.AddNested("DecryptionAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCipherText sets the CipherText field's value. +func (s *DecryptDataInput) SetCipherText(v string) *DecryptDataInput { + s.CipherText = &v + return s +} + +// SetDecryptionAttributes sets the DecryptionAttributes field's value. +func (s *DecryptDataInput) SetDecryptionAttributes(v *EncryptionDecryptionAttributes) *DecryptDataInput { + s.DecryptionAttributes = v + return s +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *DecryptDataInput) SetKeyIdentifier(v string) *DecryptDataInput { + s.KeyIdentifier = &v + return s +} + +type DecryptDataOutput struct { + _ struct{} `type:"structure"` + + // The keyARN of the encryption key that Amazon Web Services Payment Cryptography + // uses for ciphertext decryption. + // + // KeyArn is a required field + KeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // KeyCheckValue is a required field + KeyCheckValue *string `min:"4" type:"string" required:"true"` + + // The decrypted plaintext data. + // + // PlainText is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DecryptDataOutput's + // String and GoString methods. + // + // PlainText is a required field + PlainText *string `min:"16" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DecryptDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DecryptDataOutput) GoString() string { + return s.String() +} + +// SetKeyArn sets the KeyArn field's value. +func (s *DecryptDataOutput) SetKeyArn(v string) *DecryptDataOutput { + s.KeyArn = &v + return s +} + +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *DecryptDataOutput) SetKeyCheckValue(v string) *DecryptDataOutput { + s.KeyCheckValue = &v + return s +} + +// SetPlainText sets the PlainText field's value. +func (s *DecryptDataOutput) SetPlainText(v string) *DecryptDataOutput { + s.PlainText = &v + return s +} + +// Parameters that are required to generate or verify dCVC (Dynamic Card Verification +// Code). +type DiscoverDynamicCardVerificationCode struct { + _ struct{} `type:"structure"` + + // The transaction counter value that comes from the terminal. + // + // ApplicationTransactionCounter is a required field + ApplicationTransactionCounter *string `min:"2" type:"string" required:"true"` + + // The expiry date of a payment card. + // + // CardExpiryDate is a required field + CardExpiryDate *string `min:"4" type:"string" required:"true"` + + // A random number that is generated by the issuer. + // + // UnpredictableNumber is a required field + UnpredictableNumber *string `min:"2" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DiscoverDynamicCardVerificationCode) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DiscoverDynamicCardVerificationCode) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DiscoverDynamicCardVerificationCode) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DiscoverDynamicCardVerificationCode"} + if s.ApplicationTransactionCounter == nil { + invalidParams.Add(request.NewErrParamRequired("ApplicationTransactionCounter")) + } + if s.ApplicationTransactionCounter != nil && len(*s.ApplicationTransactionCounter) < 2 { + invalidParams.Add(request.NewErrParamMinLen("ApplicationTransactionCounter", 2)) + } + if s.CardExpiryDate == nil { + invalidParams.Add(request.NewErrParamRequired("CardExpiryDate")) + } + if s.CardExpiryDate != nil && len(*s.CardExpiryDate) < 4 { + invalidParams.Add(request.NewErrParamMinLen("CardExpiryDate", 4)) + } + if s.UnpredictableNumber == nil { + invalidParams.Add(request.NewErrParamRequired("UnpredictableNumber")) + } + if s.UnpredictableNumber != nil && len(*s.UnpredictableNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("UnpredictableNumber", 2)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplicationTransactionCounter sets the ApplicationTransactionCounter field's value. +func (s *DiscoverDynamicCardVerificationCode) SetApplicationTransactionCounter(v string) *DiscoverDynamicCardVerificationCode { + s.ApplicationTransactionCounter = &v + return s +} + +// SetCardExpiryDate sets the CardExpiryDate field's value. +func (s *DiscoverDynamicCardVerificationCode) SetCardExpiryDate(v string) *DiscoverDynamicCardVerificationCode { + s.CardExpiryDate = &v + return s +} + +// SetUnpredictableNumber sets the UnpredictableNumber field's value. +func (s *DiscoverDynamicCardVerificationCode) SetUnpredictableNumber(v string) *DiscoverDynamicCardVerificationCode { + s.UnpredictableNumber = &v + return s +} + +// Parameters that are used for Derived Unique Key Per Transaction (DUKPT) derivation +// algorithm. +type DukptAttributes struct { + _ struct{} `type:"structure"` + + // The key type derived using DUKPT from a Base Derivation Key (BDK) and Key + // Serial Number (KSN). This must be less than or equal to the strength of the + // BDK. For example, you can't use AES_128 as a derivation type for a BDK of + // AES_128 or TDES_2KEY. + // + // DukptDerivationType is a required field + DukptDerivationType *string `type:"string" required:"true" enum:"DukptDerivationType"` + + // The unique identifier known as Key Serial Number (KSN) that comes from an + // encrypting device using DUKPT encryption method. The KSN is derived from + // the encrypting device unique identifier and an internal transaction counter. + // + // KeySerialNumber is a required field + KeySerialNumber *string `min:"10" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DukptAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DukptAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DukptAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DukptAttributes"} + if s.DukptDerivationType == nil { + invalidParams.Add(request.NewErrParamRequired("DukptDerivationType")) + } + if s.KeySerialNumber == nil { + invalidParams.Add(request.NewErrParamRequired("KeySerialNumber")) + } + if s.KeySerialNumber != nil && len(*s.KeySerialNumber) < 10 { + invalidParams.Add(request.NewErrParamMinLen("KeySerialNumber", 10)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDukptDerivationType sets the DukptDerivationType field's value. +func (s *DukptAttributes) SetDukptDerivationType(v string) *DukptAttributes { + s.DukptDerivationType = &v + return s +} + +// SetKeySerialNumber sets the KeySerialNumber field's value. +func (s *DukptAttributes) SetKeySerialNumber(v string) *DukptAttributes { + s.KeySerialNumber = &v + return s +} + +// Parameters required for encryption or decryption of data using DUKPT. +type DukptDerivationAttributes struct { + _ struct{} `type:"structure"` + + // The key type derived using DUKPT from a Base Derivation Key (BDK) and Key + // Serial Number (KSN). This must be less than or equal to the strength of the + // BDK. For example, you can't use AES_128 as a derivation type for a BDK of + // AES_128 or TDES_2KEY + DukptKeyDerivationType *string `type:"string" enum:"DukptDerivationType"` + + // The type of use of DUKPT, which can be for incoming data decryption, outgoing + // data encryption, or both. + DukptKeyVariant *string `type:"string" enum:"DukptKeyVariant"` + + // The unique identifier known as Key Serial Number (KSN) that comes from an + // encrypting device using DUKPT encryption method. The KSN is derived from + // the encrypting device unique identifier and an internal transaction counter. + // + // KeySerialNumber is a required field + KeySerialNumber *string `min:"10" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DukptDerivationAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DukptDerivationAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DukptDerivationAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DukptDerivationAttributes"} + if s.KeySerialNumber == nil { + invalidParams.Add(request.NewErrParamRequired("KeySerialNumber")) + } + if s.KeySerialNumber != nil && len(*s.KeySerialNumber) < 10 { + invalidParams.Add(request.NewErrParamMinLen("KeySerialNumber", 10)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDukptKeyDerivationType sets the DukptKeyDerivationType field's value. +func (s *DukptDerivationAttributes) SetDukptKeyDerivationType(v string) *DukptDerivationAttributes { + s.DukptKeyDerivationType = &v + return s +} + +// SetDukptKeyVariant sets the DukptKeyVariant field's value. +func (s *DukptDerivationAttributes) SetDukptKeyVariant(v string) *DukptDerivationAttributes { + s.DukptKeyVariant = &v + return s +} + +// SetKeySerialNumber sets the KeySerialNumber field's value. +func (s *DukptDerivationAttributes) SetKeySerialNumber(v string) *DukptDerivationAttributes { + s.KeySerialNumber = &v + return s +} + +// Parameters that are required to encrypt plaintext data using DUKPT. +type DukptEncryptionAttributes struct { + _ struct{} `type:"structure"` + + // The key type encrypted using DUKPT from a Base Derivation Key (BDK) and Key + // Serial Number (KSN). This must be less than or equal to the strength of the + // BDK. For example, you can't use AES_128 as a derivation type for a BDK of + // AES_128 or TDES_2KEY + DukptKeyDerivationType *string `type:"string" enum:"DukptDerivationType"` + + // The type of use of DUKPT, which can be incoming data decryption, outgoing + // data encryption, or both. + DukptKeyVariant *string `type:"string" enum:"DukptKeyVariant"` + + // An input to cryptographic primitive used to provide the intial state. Typically + // the InitializationVector must have a random or psuedo-random value, but sometimes + // it only needs to be unpredictable or unique. If you don't provide a value, + // Amazon Web Services Payment Cryptography generates a random value. + // + // InitializationVector is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DukptEncryptionAttributes's + // String and GoString methods. + InitializationVector *string `min:"16" type:"string" sensitive:"true"` + + // The unique identifier known as Key Serial Number (KSN) that comes from an + // encrypting device using DUKPT encryption method. The KSN is derived from + // the encrypting device unique identifier and an internal transaction counter. + // + // KeySerialNumber is a required field + KeySerialNumber *string `min:"10" type:"string" required:"true"` + + // The block cipher mode of operation. Block ciphers are designed to encrypt + // a block of data of fixed size, for example, 128 bits. The size of the input + // block is usually same as the size of the encrypted output block, while the + // key length can be different. A mode of operation describes how to repeatedly + // apply a cipher's single-block operation to securely transform amounts of + // data larger than a block. + // + // The default is CBC. + Mode *string `type:"string" enum:"DukptEncryptionMode"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DukptEncryptionAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DukptEncryptionAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DukptEncryptionAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DukptEncryptionAttributes"} + if s.InitializationVector != nil && len(*s.InitializationVector) < 16 { + invalidParams.Add(request.NewErrParamMinLen("InitializationVector", 16)) + } + if s.KeySerialNumber == nil { + invalidParams.Add(request.NewErrParamRequired("KeySerialNumber")) + } + if s.KeySerialNumber != nil && len(*s.KeySerialNumber) < 10 { + invalidParams.Add(request.NewErrParamMinLen("KeySerialNumber", 10)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDukptKeyDerivationType sets the DukptKeyDerivationType field's value. +func (s *DukptEncryptionAttributes) SetDukptKeyDerivationType(v string) *DukptEncryptionAttributes { + s.DukptKeyDerivationType = &v + return s +} + +// SetDukptKeyVariant sets the DukptKeyVariant field's value. +func (s *DukptEncryptionAttributes) SetDukptKeyVariant(v string) *DukptEncryptionAttributes { + s.DukptKeyVariant = &v + return s +} + +// SetInitializationVector sets the InitializationVector field's value. +func (s *DukptEncryptionAttributes) SetInitializationVector(v string) *DukptEncryptionAttributes { + s.InitializationVector = &v + return s +} + +// SetKeySerialNumber sets the KeySerialNumber field's value. +func (s *DukptEncryptionAttributes) SetKeySerialNumber(v string) *DukptEncryptionAttributes { + s.KeySerialNumber = &v + return s +} + +// SetMode sets the Mode field's value. +func (s *DukptEncryptionAttributes) SetMode(v string) *DukptEncryptionAttributes { + s.Mode = &v + return s +} + +// Parameters that are required to generate or verify Dynamic Card Verification +// Value (dCVV). +type DynamicCardVerificationCode struct { + _ struct{} `type:"structure"` + + // The transaction counter value that comes from the terminal. + // + // ApplicationTransactionCounter is a required field + ApplicationTransactionCounter *string `min:"2" type:"string" required:"true"` + + // A number that identifies and differentiates payment cards with the same Primary + // Account Number (PAN). + // + // PanSequenceNumber is a required field + PanSequenceNumber *string `min:"2" type:"string" required:"true"` + + // The data on the two tracks of magnetic cards used for financial transactions. + // This includes the cardholder name, PAN, expiration date, bank ID (BIN) and + // several other numbers the issuing bank uses to validate the data received. + // + // TrackData is a required field + TrackData *string `min:"2" type:"string" required:"true"` + + // A random number generated by the issuer. + // + // UnpredictableNumber is a required field + UnpredictableNumber *string `min:"2" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DynamicCardVerificationCode) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DynamicCardVerificationCode) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DynamicCardVerificationCode) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DynamicCardVerificationCode"} + if s.ApplicationTransactionCounter == nil { + invalidParams.Add(request.NewErrParamRequired("ApplicationTransactionCounter")) + } + if s.ApplicationTransactionCounter != nil && len(*s.ApplicationTransactionCounter) < 2 { + invalidParams.Add(request.NewErrParamMinLen("ApplicationTransactionCounter", 2)) + } + if s.PanSequenceNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PanSequenceNumber")) + } + if s.PanSequenceNumber != nil && len(*s.PanSequenceNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("PanSequenceNumber", 2)) + } + if s.TrackData == nil { + invalidParams.Add(request.NewErrParamRequired("TrackData")) + } + if s.TrackData != nil && len(*s.TrackData) < 2 { + invalidParams.Add(request.NewErrParamMinLen("TrackData", 2)) + } + if s.UnpredictableNumber == nil { + invalidParams.Add(request.NewErrParamRequired("UnpredictableNumber")) + } + if s.UnpredictableNumber != nil && len(*s.UnpredictableNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("UnpredictableNumber", 2)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplicationTransactionCounter sets the ApplicationTransactionCounter field's value. +func (s *DynamicCardVerificationCode) SetApplicationTransactionCounter(v string) *DynamicCardVerificationCode { + s.ApplicationTransactionCounter = &v + return s +} + +// SetPanSequenceNumber sets the PanSequenceNumber field's value. +func (s *DynamicCardVerificationCode) SetPanSequenceNumber(v string) *DynamicCardVerificationCode { + s.PanSequenceNumber = &v + return s +} + +// SetTrackData sets the TrackData field's value. +func (s *DynamicCardVerificationCode) SetTrackData(v string) *DynamicCardVerificationCode { + s.TrackData = &v + return s +} + +// SetUnpredictableNumber sets the UnpredictableNumber field's value. +func (s *DynamicCardVerificationCode) SetUnpredictableNumber(v string) *DynamicCardVerificationCode { + s.UnpredictableNumber = &v + return s +} + +// Parameters that are required to generate or verify Dynamic Card Verification +// Value (dCVV). +type DynamicCardVerificationValue struct { + _ struct{} `type:"structure"` + + // The transaction counter value that comes from the terminal. + // + // ApplicationTransactionCounter is a required field + ApplicationTransactionCounter *string `min:"2" type:"string" required:"true"` + + // The expiry date of a payment card. + // + // CardExpiryDate is a required field + CardExpiryDate *string `min:"4" type:"string" required:"true"` + + // A number that identifies and differentiates payment cards with the same Primary + // Account Number (PAN). + // + // PanSequenceNumber is a required field + PanSequenceNumber *string `min:"2" type:"string" required:"true"` + + // The service code of the payment card. This is different from Card Security + // Code (CSC). + // + // ServiceCode is a required field + ServiceCode *string `min:"3" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DynamicCardVerificationValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DynamicCardVerificationValue) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DynamicCardVerificationValue) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DynamicCardVerificationValue"} + if s.ApplicationTransactionCounter == nil { + invalidParams.Add(request.NewErrParamRequired("ApplicationTransactionCounter")) + } + if s.ApplicationTransactionCounter != nil && len(*s.ApplicationTransactionCounter) < 2 { + invalidParams.Add(request.NewErrParamMinLen("ApplicationTransactionCounter", 2)) + } + if s.CardExpiryDate == nil { + invalidParams.Add(request.NewErrParamRequired("CardExpiryDate")) + } + if s.CardExpiryDate != nil && len(*s.CardExpiryDate) < 4 { + invalidParams.Add(request.NewErrParamMinLen("CardExpiryDate", 4)) + } + if s.PanSequenceNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PanSequenceNumber")) + } + if s.PanSequenceNumber != nil && len(*s.PanSequenceNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("PanSequenceNumber", 2)) + } + if s.ServiceCode == nil { + invalidParams.Add(request.NewErrParamRequired("ServiceCode")) + } + if s.ServiceCode != nil && len(*s.ServiceCode) < 3 { + invalidParams.Add(request.NewErrParamMinLen("ServiceCode", 3)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplicationTransactionCounter sets the ApplicationTransactionCounter field's value. +func (s *DynamicCardVerificationValue) SetApplicationTransactionCounter(v string) *DynamicCardVerificationValue { + s.ApplicationTransactionCounter = &v + return s +} + +// SetCardExpiryDate sets the CardExpiryDate field's value. +func (s *DynamicCardVerificationValue) SetCardExpiryDate(v string) *DynamicCardVerificationValue { + s.CardExpiryDate = &v + return s +} + +// SetPanSequenceNumber sets the PanSequenceNumber field's value. +func (s *DynamicCardVerificationValue) SetPanSequenceNumber(v string) *DynamicCardVerificationValue { + s.PanSequenceNumber = &v + return s +} + +// SetServiceCode sets the ServiceCode field's value. +func (s *DynamicCardVerificationValue) SetServiceCode(v string) *DynamicCardVerificationValue { + s.ServiceCode = &v + return s +} + +type EncryptDataInput struct { + _ struct{} `type:"structure"` + + // The encryption key type and attributes for plaintext encryption. + // + // EncryptionAttributes is a required field + EncryptionAttributes *EncryptionDecryptionAttributes `type:"structure" required:"true"` + + // The keyARN of the encryption key that Amazon Web Services Payment Cryptography + // uses for plaintext encryption. + // + // KeyIdentifier is a required field + KeyIdentifier *string `location:"uri" locationName:"KeyIdentifier" min:"7" type:"string" required:"true"` + + // The plaintext to be encrypted. + // + // PlainText is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by EncryptDataInput's + // String and GoString methods. + // + // PlainText is a required field + PlainText *string `min:"16" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EncryptDataInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EncryptDataInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EncryptDataInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EncryptDataInput"} + if s.EncryptionAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("EncryptionAttributes")) + } + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + if s.PlainText == nil { + invalidParams.Add(request.NewErrParamRequired("PlainText")) + } + if s.PlainText != nil && len(*s.PlainText) < 16 { + invalidParams.Add(request.NewErrParamMinLen("PlainText", 16)) + } + if s.EncryptionAttributes != nil { + if err := s.EncryptionAttributes.Validate(); err != nil { + invalidParams.AddNested("EncryptionAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncryptionAttributes sets the EncryptionAttributes field's value. +func (s *EncryptDataInput) SetEncryptionAttributes(v *EncryptionDecryptionAttributes) *EncryptDataInput { + s.EncryptionAttributes = v + return s +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *EncryptDataInput) SetKeyIdentifier(v string) *EncryptDataInput { + s.KeyIdentifier = &v + return s +} + +// SetPlainText sets the PlainText field's value. +func (s *EncryptDataInput) SetPlainText(v string) *EncryptDataInput { + s.PlainText = &v + return s +} + +type EncryptDataOutput struct { + _ struct{} `type:"structure"` + + // The encrypted ciphertext. + // + // CipherText is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by EncryptDataOutput's + // String and GoString methods. + // + // CipherText is a required field + CipherText *string `min:"16" type:"string" required:"true" sensitive:"true"` + + // The keyARN of the encryption key that Amazon Web Services Payment Cryptography + // uses for plaintext encryption. + // + // KeyArn is a required field + KeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // KeyCheckValue is a required field + KeyCheckValue *string `min:"4" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EncryptDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EncryptDataOutput) GoString() string { + return s.String() +} + +// SetCipherText sets the CipherText field's value. +func (s *EncryptDataOutput) SetCipherText(v string) *EncryptDataOutput { + s.CipherText = &v + return s +} + +// SetKeyArn sets the KeyArn field's value. +func (s *EncryptDataOutput) SetKeyArn(v string) *EncryptDataOutput { + s.KeyArn = &v + return s +} + +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *EncryptDataOutput) SetKeyCheckValue(v string) *EncryptDataOutput { + s.KeyCheckValue = &v + return s +} + +// Parameters that are required to perform encryption and decryption operations. +type EncryptionDecryptionAttributes struct { + _ struct{} `type:"structure"` + + // Parameters for plaintext encryption using asymmetric keys. + Asymmetric *AsymmetricEncryptionAttributes `type:"structure"` + + // Parameters that are required to encrypt plaintext data using DUKPT. + Dukpt *DukptEncryptionAttributes `type:"structure"` + + // Parameters that are required to perform encryption and decryption using symmetric + // keys. + Symmetric *SymmetricEncryptionAttributes `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EncryptionDecryptionAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EncryptionDecryptionAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EncryptionDecryptionAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EncryptionDecryptionAttributes"} + if s.Dukpt != nil { + if err := s.Dukpt.Validate(); err != nil { + invalidParams.AddNested("Dukpt", err.(request.ErrInvalidParams)) + } + } + if s.Symmetric != nil { + if err := s.Symmetric.Validate(); err != nil { + invalidParams.AddNested("Symmetric", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAsymmetric sets the Asymmetric field's value. +func (s *EncryptionDecryptionAttributes) SetAsymmetric(v *AsymmetricEncryptionAttributes) *EncryptionDecryptionAttributes { + s.Asymmetric = v + return s +} + +// SetDukpt sets the Dukpt field's value. +func (s *EncryptionDecryptionAttributes) SetDukpt(v *DukptEncryptionAttributes) *EncryptionDecryptionAttributes { + s.Dukpt = v + return s +} + +// SetSymmetric sets the Symmetric field's value. +func (s *EncryptionDecryptionAttributes) SetSymmetric(v *SymmetricEncryptionAttributes) *EncryptionDecryptionAttributes { + s.Symmetric = v + return s +} + +type GenerateCardValidationDataInput struct { + _ struct{} `type:"structure"` + + // The algorithm for generating CVV or CSC values for the card within Amazon + // Web Services Payment Cryptography. + // + // GenerationAttributes is a required field + GenerationAttributes *CardGenerationAttributes `type:"structure" required:"true"` + + // The keyARN of the CVK encryption key that Amazon Web Services Payment Cryptography + // uses to generate card data. + // + // KeyIdentifier is a required field + KeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The Primary Account Number (PAN), a unique identifier for a payment credit + // or debit card that associates the card with a specific account holder. + // + // PrimaryAccountNumber is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GenerateCardValidationDataInput's + // String and GoString methods. + // + // PrimaryAccountNumber is a required field + PrimaryAccountNumber *string `min:"12" type:"string" required:"true" sensitive:"true"` + + // The length of the CVV or CSC to be generated. The default value is 3. + ValidationDataLength *int64 `min:"3" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateCardValidationDataInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateCardValidationDataInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GenerateCardValidationDataInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GenerateCardValidationDataInput"} + if s.GenerationAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("GenerationAttributes")) + } + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + if s.PrimaryAccountNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryAccountNumber")) + } + if s.PrimaryAccountNumber != nil && len(*s.PrimaryAccountNumber) < 12 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryAccountNumber", 12)) + } + if s.ValidationDataLength != nil && *s.ValidationDataLength < 3 { + invalidParams.Add(request.NewErrParamMinValue("ValidationDataLength", 3)) + } + if s.GenerationAttributes != nil { + if err := s.GenerationAttributes.Validate(); err != nil { + invalidParams.AddNested("GenerationAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetGenerationAttributes sets the GenerationAttributes field's value. +func (s *GenerateCardValidationDataInput) SetGenerationAttributes(v *CardGenerationAttributes) *GenerateCardValidationDataInput { + s.GenerationAttributes = v + return s +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *GenerateCardValidationDataInput) SetKeyIdentifier(v string) *GenerateCardValidationDataInput { + s.KeyIdentifier = &v + return s +} + +// SetPrimaryAccountNumber sets the PrimaryAccountNumber field's value. +func (s *GenerateCardValidationDataInput) SetPrimaryAccountNumber(v string) *GenerateCardValidationDataInput { + s.PrimaryAccountNumber = &v + return s +} + +// SetValidationDataLength sets the ValidationDataLength field's value. +func (s *GenerateCardValidationDataInput) SetValidationDataLength(v int64) *GenerateCardValidationDataInput { + s.ValidationDataLength = &v + return s +} + +type GenerateCardValidationDataOutput struct { + _ struct{} `type:"structure"` + + // The keyARN of the CVK encryption key that Amazon Web Services Payment Cryptography + // uses to generate CVV or CSC. + // + // KeyArn is a required field + KeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // KeyCheckValue is a required field + KeyCheckValue *string `min:"4" type:"string" required:"true"` + + // The CVV or CSC value that Amazon Web Services Payment Cryptography generates + // for the card. + // + // ValidationData is a required field + ValidationData *string `min:"3" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateCardValidationDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateCardValidationDataOutput) GoString() string { + return s.String() +} + +// SetKeyArn sets the KeyArn field's value. +func (s *GenerateCardValidationDataOutput) SetKeyArn(v string) *GenerateCardValidationDataOutput { + s.KeyArn = &v + return s +} + +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *GenerateCardValidationDataOutput) SetKeyCheckValue(v string) *GenerateCardValidationDataOutput { + s.KeyCheckValue = &v + return s +} + +// SetValidationData sets the ValidationData field's value. +func (s *GenerateCardValidationDataOutput) SetValidationData(v string) *GenerateCardValidationDataOutput { + s.ValidationData = &v + return s +} + +type GenerateMacInput struct { + _ struct{} `type:"structure"` + + // The attributes and data values to use for MAC generation within Amazon Web + // Services Payment Cryptography. + // + // GenerationAttributes is a required field + GenerationAttributes *MacAttributes `type:"structure" required:"true"` + + // The keyARN of the MAC generation encryption key. + // + // KeyIdentifier is a required field + KeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The length of a MAC under generation. + MacLength *int64 `min:"4" type:"integer"` + + // The data for which a MAC is under generation. + // + // MessageData is a required field + MessageData *string `min:"2" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateMacInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateMacInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GenerateMacInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GenerateMacInput"} + if s.GenerationAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("GenerationAttributes")) + } + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + if s.MacLength != nil && *s.MacLength < 4 { + invalidParams.Add(request.NewErrParamMinValue("MacLength", 4)) + } + if s.MessageData == nil { + invalidParams.Add(request.NewErrParamRequired("MessageData")) + } + if s.MessageData != nil && len(*s.MessageData) < 2 { + invalidParams.Add(request.NewErrParamMinLen("MessageData", 2)) + } + if s.GenerationAttributes != nil { + if err := s.GenerationAttributes.Validate(); err != nil { + invalidParams.AddNested("GenerationAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetGenerationAttributes sets the GenerationAttributes field's value. +func (s *GenerateMacInput) SetGenerationAttributes(v *MacAttributes) *GenerateMacInput { + s.GenerationAttributes = v + return s +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *GenerateMacInput) SetKeyIdentifier(v string) *GenerateMacInput { + s.KeyIdentifier = &v + return s +} + +// SetMacLength sets the MacLength field's value. +func (s *GenerateMacInput) SetMacLength(v int64) *GenerateMacInput { + s.MacLength = &v + return s +} + +// SetMessageData sets the MessageData field's value. +func (s *GenerateMacInput) SetMessageData(v string) *GenerateMacInput { + s.MessageData = &v + return s +} + +type GenerateMacOutput struct { + _ struct{} `type:"structure"` + + // The keyARN of the encryption key that Amazon Web Services Payment Cryptography + // uses for MAC generation. + // + // KeyArn is a required field + KeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // KeyCheckValue is a required field + KeyCheckValue *string `min:"4" type:"string" required:"true"` + + // The MAC cryptogram generated within Amazon Web Services Payment Cryptography. + // + // Mac is a required field + Mac *string `min:"4" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateMacOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GenerateMacOutput) GoString() string { + return s.String() +} + +// SetKeyArn sets the KeyArn field's value. +func (s *GenerateMacOutput) SetKeyArn(v string) *GenerateMacOutput { + s.KeyArn = &v + return s +} + +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *GenerateMacOutput) SetKeyCheckValue(v string) *GenerateMacOutput { + s.KeyCheckValue = &v + return s +} + +// SetMac sets the Mac field's value. +func (s *GenerateMacOutput) SetMac(v string) *GenerateMacOutput { + s.Mac = &v + return s +} + +type GeneratePinDataInput struct { + _ struct{} `type:"structure"` + + // The keyARN of the PEK that Amazon Web Services Payment Cryptography uses + // to encrypt the PIN Block. + // + // EncryptionKeyIdentifier is a required field + EncryptionKeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The attributes and values to use for PIN, PVV, or PIN Offset generation. + // + // GenerationAttributes is a required field + GenerationAttributes *PinGenerationAttributes `type:"structure" required:"true"` + + // The keyARN of the PEK that Amazon Web Services Payment Cryptography uses + // for pin data generation. + // + // GenerationKeyIdentifier is a required field + GenerationKeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The PIN encoding format for pin data generation as specified in ISO 9564. + // Amazon Web Services Payment Cryptography supports ISO_Format_0 and ISO_Format_3. + // + // The ISO_Format_0 PIN block format is equivalent to the ANSI X9.8, VISA-1, + // and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. + // It supports a PIN from 4 to 12 digits in length. + // + // The ISO_Format_3 PIN block format is the same as ISO_Format_0 except that + // the fill digits are random values from 10 to 15. + // + // PinBlockFormat is a required field + PinBlockFormat *string `type:"string" required:"true" enum:"PinBlockFormatForPinData"` + + // The length of PIN under generation. + PinDataLength *int64 `min:"4" type:"integer"` + + // The Primary Account Number (PAN), a unique identifier for a payment credit + // or debit card that associates the card with a specific account holder. + // + // PrimaryAccountNumber is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GeneratePinDataInput's + // String and GoString methods. + // + // PrimaryAccountNumber is a required field + PrimaryAccountNumber *string `min:"12" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GeneratePinDataInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GeneratePinDataInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GeneratePinDataInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GeneratePinDataInput"} + if s.EncryptionKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("EncryptionKeyIdentifier")) + } + if s.EncryptionKeyIdentifier != nil && len(*s.EncryptionKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("EncryptionKeyIdentifier", 7)) + } + if s.GenerationAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("GenerationAttributes")) + } + if s.GenerationKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("GenerationKeyIdentifier")) + } + if s.GenerationKeyIdentifier != nil && len(*s.GenerationKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("GenerationKeyIdentifier", 7)) + } + if s.PinBlockFormat == nil { + invalidParams.Add(request.NewErrParamRequired("PinBlockFormat")) + } + if s.PinDataLength != nil && *s.PinDataLength < 4 { + invalidParams.Add(request.NewErrParamMinValue("PinDataLength", 4)) + } + if s.PrimaryAccountNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryAccountNumber")) + } + if s.PrimaryAccountNumber != nil && len(*s.PrimaryAccountNumber) < 12 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryAccountNumber", 12)) + } + if s.GenerationAttributes != nil { + if err := s.GenerationAttributes.Validate(); err != nil { + invalidParams.AddNested("GenerationAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncryptionKeyIdentifier sets the EncryptionKeyIdentifier field's value. +func (s *GeneratePinDataInput) SetEncryptionKeyIdentifier(v string) *GeneratePinDataInput { + s.EncryptionKeyIdentifier = &v + return s +} + +// SetGenerationAttributes sets the GenerationAttributes field's value. +func (s *GeneratePinDataInput) SetGenerationAttributes(v *PinGenerationAttributes) *GeneratePinDataInput { + s.GenerationAttributes = v + return s +} + +// SetGenerationKeyIdentifier sets the GenerationKeyIdentifier field's value. +func (s *GeneratePinDataInput) SetGenerationKeyIdentifier(v string) *GeneratePinDataInput { + s.GenerationKeyIdentifier = &v + return s +} + +// SetPinBlockFormat sets the PinBlockFormat field's value. +func (s *GeneratePinDataInput) SetPinBlockFormat(v string) *GeneratePinDataInput { + s.PinBlockFormat = &v + return s +} + +// SetPinDataLength sets the PinDataLength field's value. +func (s *GeneratePinDataInput) SetPinDataLength(v int64) *GeneratePinDataInput { + s.PinDataLength = &v + return s +} + +// SetPrimaryAccountNumber sets the PrimaryAccountNumber field's value. +func (s *GeneratePinDataInput) SetPrimaryAccountNumber(v string) *GeneratePinDataInput { + s.PrimaryAccountNumber = &v + return s +} + +type GeneratePinDataOutput struct { + _ struct{} `type:"structure"` + + // The PIN block encrypted under PEK from Amazon Web Services Payment Cryptography. + // The encrypted PIN block is a composite of PAN (Primary Account Number) and + // PIN (Personal Identification Number), generated in accordance with ISO 9564 + // standard. + // + // EncryptedPinBlock is a required field + EncryptedPinBlock *string `min:"16" type:"string" required:"true"` + + // The keyARN of the PEK that Amazon Web Services Payment Cryptography uses + // for encrypted pin block generation. + // + // EncryptionKeyArn is a required field + EncryptionKeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // EncryptionKeyCheckValue is a required field + EncryptionKeyCheckValue *string `min:"4" type:"string" required:"true"` + + // The keyARN of the pin data generation key that Amazon Web Services Payment + // Cryptography uses for PIN, PVV or PIN Offset generation. + // + // GenerationKeyArn is a required field + GenerationKeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // GenerationKeyCheckValue is a required field + GenerationKeyCheckValue *string `min:"4" type:"string" required:"true"` + + // The attributes and values Amazon Web Services Payment Cryptography uses for + // pin data generation. + // + // PinData is a required field + PinData *PinData `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GeneratePinDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GeneratePinDataOutput) GoString() string { + return s.String() +} + +// SetEncryptedPinBlock sets the EncryptedPinBlock field's value. +func (s *GeneratePinDataOutput) SetEncryptedPinBlock(v string) *GeneratePinDataOutput { + s.EncryptedPinBlock = &v + return s +} + +// SetEncryptionKeyArn sets the EncryptionKeyArn field's value. +func (s *GeneratePinDataOutput) SetEncryptionKeyArn(v string) *GeneratePinDataOutput { + s.EncryptionKeyArn = &v + return s +} + +// SetEncryptionKeyCheckValue sets the EncryptionKeyCheckValue field's value. +func (s *GeneratePinDataOutput) SetEncryptionKeyCheckValue(v string) *GeneratePinDataOutput { + s.EncryptionKeyCheckValue = &v + return s +} + +// SetGenerationKeyArn sets the GenerationKeyArn field's value. +func (s *GeneratePinDataOutput) SetGenerationKeyArn(v string) *GeneratePinDataOutput { + s.GenerationKeyArn = &v + return s +} + +// SetGenerationKeyCheckValue sets the GenerationKeyCheckValue field's value. +func (s *GeneratePinDataOutput) SetGenerationKeyCheckValue(v string) *GeneratePinDataOutput { + s.GenerationKeyCheckValue = &v + return s +} + +// SetPinData sets the PinData field's value. +func (s *GeneratePinDataOutput) SetPinData(v *PinData) *GeneratePinDataOutput { + s.PinData = v + return s +} + +// Parameters that are required to generate or verify Ibm3624 natural PIN. +type Ibm3624NaturalPin struct { + _ struct{} `type:"structure"` + + // The decimalization table to use for IBM 3624 PIN algorithm. The table is + // used to convert the algorithm intermediate result from hexadecimal characters + // to decimal. + // + // DecimalizationTable is a required field + DecimalizationTable *string `min:"16" type:"string" required:"true"` + + // The unique data for cardholder identification. + // + // PinValidationData is a required field + PinValidationData *string `min:"4" type:"string" required:"true"` + + // The padding character for validation data. + // + // PinValidationDataPadCharacter is a required field + PinValidationDataPadCharacter *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ibm3624NaturalPin) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ibm3624NaturalPin) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Ibm3624NaturalPin) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Ibm3624NaturalPin"} + if s.DecimalizationTable == nil { + invalidParams.Add(request.NewErrParamRequired("DecimalizationTable")) + } + if s.DecimalizationTable != nil && len(*s.DecimalizationTable) < 16 { + invalidParams.Add(request.NewErrParamMinLen("DecimalizationTable", 16)) + } + if s.PinValidationData == nil { + invalidParams.Add(request.NewErrParamRequired("PinValidationData")) + } + if s.PinValidationData != nil && len(*s.PinValidationData) < 4 { + invalidParams.Add(request.NewErrParamMinLen("PinValidationData", 4)) + } + if s.PinValidationDataPadCharacter == nil { + invalidParams.Add(request.NewErrParamRequired("PinValidationDataPadCharacter")) + } + if s.PinValidationDataPadCharacter != nil && len(*s.PinValidationDataPadCharacter) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PinValidationDataPadCharacter", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDecimalizationTable sets the DecimalizationTable field's value. +func (s *Ibm3624NaturalPin) SetDecimalizationTable(v string) *Ibm3624NaturalPin { + s.DecimalizationTable = &v + return s +} + +// SetPinValidationData sets the PinValidationData field's value. +func (s *Ibm3624NaturalPin) SetPinValidationData(v string) *Ibm3624NaturalPin { + s.PinValidationData = &v + return s +} + +// SetPinValidationDataPadCharacter sets the PinValidationDataPadCharacter field's value. +func (s *Ibm3624NaturalPin) SetPinValidationDataPadCharacter(v string) *Ibm3624NaturalPin { + s.PinValidationDataPadCharacter = &v + return s +} + +// Parameters that are required to generate or verify Ibm3624 PIN from offset +// PIN. +type Ibm3624PinFromOffset struct { + _ struct{} `type:"structure"` + + // The decimalization table to use for IBM 3624 PIN algorithm. The table is + // used to convert the algorithm intermediate result from hexadecimal characters + // to decimal. + // + // DecimalizationTable is a required field + DecimalizationTable *string `min:"16" type:"string" required:"true"` + + // The PIN offset value. + // + // PinOffset is a required field + PinOffset *string `min:"4" type:"string" required:"true"` + + // The unique data for cardholder identification. + // + // PinValidationData is a required field + PinValidationData *string `min:"4" type:"string" required:"true"` + + // The padding character for validation data. + // + // PinValidationDataPadCharacter is a required field + PinValidationDataPadCharacter *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ibm3624PinFromOffset) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ibm3624PinFromOffset) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Ibm3624PinFromOffset) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Ibm3624PinFromOffset"} + if s.DecimalizationTable == nil { + invalidParams.Add(request.NewErrParamRequired("DecimalizationTable")) + } + if s.DecimalizationTable != nil && len(*s.DecimalizationTable) < 16 { + invalidParams.Add(request.NewErrParamMinLen("DecimalizationTable", 16)) + } + if s.PinOffset == nil { + invalidParams.Add(request.NewErrParamRequired("PinOffset")) + } + if s.PinOffset != nil && len(*s.PinOffset) < 4 { + invalidParams.Add(request.NewErrParamMinLen("PinOffset", 4)) + } + if s.PinValidationData == nil { + invalidParams.Add(request.NewErrParamRequired("PinValidationData")) + } + if s.PinValidationData != nil && len(*s.PinValidationData) < 4 { + invalidParams.Add(request.NewErrParamMinLen("PinValidationData", 4)) + } + if s.PinValidationDataPadCharacter == nil { + invalidParams.Add(request.NewErrParamRequired("PinValidationDataPadCharacter")) + } + if s.PinValidationDataPadCharacter != nil && len(*s.PinValidationDataPadCharacter) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PinValidationDataPadCharacter", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDecimalizationTable sets the DecimalizationTable field's value. +func (s *Ibm3624PinFromOffset) SetDecimalizationTable(v string) *Ibm3624PinFromOffset { + s.DecimalizationTable = &v + return s +} + +// SetPinOffset sets the PinOffset field's value. +func (s *Ibm3624PinFromOffset) SetPinOffset(v string) *Ibm3624PinFromOffset { + s.PinOffset = &v + return s +} + +// SetPinValidationData sets the PinValidationData field's value. +func (s *Ibm3624PinFromOffset) SetPinValidationData(v string) *Ibm3624PinFromOffset { + s.PinValidationData = &v + return s +} + +// SetPinValidationDataPadCharacter sets the PinValidationDataPadCharacter field's value. +func (s *Ibm3624PinFromOffset) SetPinValidationDataPadCharacter(v string) *Ibm3624PinFromOffset { + s.PinValidationDataPadCharacter = &v + return s +} + +// Pparameters that are required to generate or verify Ibm3624 PIN offset PIN. +type Ibm3624PinOffset struct { + _ struct{} `type:"structure"` + + // The decimalization table to use for IBM 3624 PIN algorithm. The table is + // used to convert the algorithm intermediate result from hexadecimal characters + // to decimal. + // + // DecimalizationTable is a required field + DecimalizationTable *string `min:"16" type:"string" required:"true"` + + // The encrypted PIN block data. According to ISO 9564 standard, a PIN Block + // is an encoded representation of a payment card Personal Account Number (PAN) + // and the cardholder Personal Identification Number (PIN). + // + // EncryptedPinBlock is a required field + EncryptedPinBlock *string `min:"16" type:"string" required:"true"` + + // The unique data for cardholder identification. + // + // PinValidationData is a required field + PinValidationData *string `min:"4" type:"string" required:"true"` + + // The padding character for validation data. + // + // PinValidationDataPadCharacter is a required field + PinValidationDataPadCharacter *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ibm3624PinOffset) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ibm3624PinOffset) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Ibm3624PinOffset) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Ibm3624PinOffset"} + if s.DecimalizationTable == nil { + invalidParams.Add(request.NewErrParamRequired("DecimalizationTable")) + } + if s.DecimalizationTable != nil && len(*s.DecimalizationTable) < 16 { + invalidParams.Add(request.NewErrParamMinLen("DecimalizationTable", 16)) + } + if s.EncryptedPinBlock == nil { + invalidParams.Add(request.NewErrParamRequired("EncryptedPinBlock")) + } + if s.EncryptedPinBlock != nil && len(*s.EncryptedPinBlock) < 16 { + invalidParams.Add(request.NewErrParamMinLen("EncryptedPinBlock", 16)) + } + if s.PinValidationData == nil { + invalidParams.Add(request.NewErrParamRequired("PinValidationData")) + } + if s.PinValidationData != nil && len(*s.PinValidationData) < 4 { + invalidParams.Add(request.NewErrParamMinLen("PinValidationData", 4)) + } + if s.PinValidationDataPadCharacter == nil { + invalidParams.Add(request.NewErrParamRequired("PinValidationDataPadCharacter")) + } + if s.PinValidationDataPadCharacter != nil && len(*s.PinValidationDataPadCharacter) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PinValidationDataPadCharacter", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDecimalizationTable sets the DecimalizationTable field's value. +func (s *Ibm3624PinOffset) SetDecimalizationTable(v string) *Ibm3624PinOffset { + s.DecimalizationTable = &v + return s +} + +// SetEncryptedPinBlock sets the EncryptedPinBlock field's value. +func (s *Ibm3624PinOffset) SetEncryptedPinBlock(v string) *Ibm3624PinOffset { + s.EncryptedPinBlock = &v + return s +} + +// SetPinValidationData sets the PinValidationData field's value. +func (s *Ibm3624PinOffset) SetPinValidationData(v string) *Ibm3624PinOffset { + s.PinValidationData = &v + return s +} + +// SetPinValidationDataPadCharacter sets the PinValidationDataPadCharacter field's value. +func (s *Ibm3624PinOffset) SetPinValidationDataPadCharacter(v string) *Ibm3624PinOffset { + s.PinValidationDataPadCharacter = &v + return s +} + +// Parameters that are required to generate or verify Ibm3624 PIN verification +// PIN. +type Ibm3624PinVerification struct { + _ struct{} `type:"structure"` + + // The decimalization table to use for IBM 3624 PIN algorithm. The table is + // used to convert the algorithm intermediate result from hexadecimal characters + // to decimal. + // + // DecimalizationTable is a required field + DecimalizationTable *string `min:"16" type:"string" required:"true"` + + // The PIN offset value. + // + // PinOffset is a required field + PinOffset *string `min:"4" type:"string" required:"true"` + + // The unique data for cardholder identification. + // + // PinValidationData is a required field + PinValidationData *string `min:"4" type:"string" required:"true"` + + // The padding character for validation data. + // + // PinValidationDataPadCharacter is a required field + PinValidationDataPadCharacter *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ibm3624PinVerification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ibm3624PinVerification) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Ibm3624PinVerification) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Ibm3624PinVerification"} + if s.DecimalizationTable == nil { + invalidParams.Add(request.NewErrParamRequired("DecimalizationTable")) + } + if s.DecimalizationTable != nil && len(*s.DecimalizationTable) < 16 { + invalidParams.Add(request.NewErrParamMinLen("DecimalizationTable", 16)) + } + if s.PinOffset == nil { + invalidParams.Add(request.NewErrParamRequired("PinOffset")) + } + if s.PinOffset != nil && len(*s.PinOffset) < 4 { + invalidParams.Add(request.NewErrParamMinLen("PinOffset", 4)) + } + if s.PinValidationData == nil { + invalidParams.Add(request.NewErrParamRequired("PinValidationData")) + } + if s.PinValidationData != nil && len(*s.PinValidationData) < 4 { + invalidParams.Add(request.NewErrParamMinLen("PinValidationData", 4)) + } + if s.PinValidationDataPadCharacter == nil { + invalidParams.Add(request.NewErrParamRequired("PinValidationDataPadCharacter")) + } + if s.PinValidationDataPadCharacter != nil && len(*s.PinValidationDataPadCharacter) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PinValidationDataPadCharacter", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDecimalizationTable sets the DecimalizationTable field's value. +func (s *Ibm3624PinVerification) SetDecimalizationTable(v string) *Ibm3624PinVerification { + s.DecimalizationTable = &v + return s +} + +// SetPinOffset sets the PinOffset field's value. +func (s *Ibm3624PinVerification) SetPinOffset(v string) *Ibm3624PinVerification { + s.PinOffset = &v + return s +} + +// SetPinValidationData sets the PinValidationData field's value. +func (s *Ibm3624PinVerification) SetPinValidationData(v string) *Ibm3624PinVerification { + s.PinValidationData = &v + return s +} + +// SetPinValidationDataPadCharacter sets the PinValidationDataPadCharacter field's value. +func (s *Ibm3624PinVerification) SetPinValidationDataPadCharacter(v string) *Ibm3624PinVerification { + s.PinValidationDataPadCharacter = &v + return s +} + +// Parameters that are required to generate or verify Ibm3624 random PIN. +type Ibm3624RandomPin struct { + _ struct{} `type:"structure"` + + // The decimalization table to use for IBM 3624 PIN algorithm. The table is + // used to convert the algorithm intermediate result from hexadecimal characters + // to decimal. + // + // DecimalizationTable is a required field + DecimalizationTable *string `min:"16" type:"string" required:"true"` + + // The unique data for cardholder identification. + // + // PinValidationData is a required field + PinValidationData *string `min:"4" type:"string" required:"true"` + + // The padding character for validation data. + // + // PinValidationDataPadCharacter is a required field + PinValidationDataPadCharacter *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ibm3624RandomPin) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Ibm3624RandomPin) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Ibm3624RandomPin) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Ibm3624RandomPin"} + if s.DecimalizationTable == nil { + invalidParams.Add(request.NewErrParamRequired("DecimalizationTable")) + } + if s.DecimalizationTable != nil && len(*s.DecimalizationTable) < 16 { + invalidParams.Add(request.NewErrParamMinLen("DecimalizationTable", 16)) + } + if s.PinValidationData == nil { + invalidParams.Add(request.NewErrParamRequired("PinValidationData")) + } + if s.PinValidationData != nil && len(*s.PinValidationData) < 4 { + invalidParams.Add(request.NewErrParamMinLen("PinValidationData", 4)) + } + if s.PinValidationDataPadCharacter == nil { + invalidParams.Add(request.NewErrParamRequired("PinValidationDataPadCharacter")) + } + if s.PinValidationDataPadCharacter != nil && len(*s.PinValidationDataPadCharacter) < 1 { + invalidParams.Add(request.NewErrParamMinLen("PinValidationDataPadCharacter", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDecimalizationTable sets the DecimalizationTable field's value. +func (s *Ibm3624RandomPin) SetDecimalizationTable(v string) *Ibm3624RandomPin { + s.DecimalizationTable = &v + return s +} + +// SetPinValidationData sets the PinValidationData field's value. +func (s *Ibm3624RandomPin) SetPinValidationData(v string) *Ibm3624RandomPin { + s.PinValidationData = &v + return s +} + +// SetPinValidationDataPadCharacter sets the PinValidationDataPadCharacter field's value. +func (s *Ibm3624RandomPin) SetPinValidationDataPadCharacter(v string) *Ibm3624RandomPin { + s.PinValidationDataPadCharacter = &v + return s +} + +// The request processing has failed because of an unknown error, exception, +// or failure. +type InternalServerException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServerException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InternalServerException) GoString() string { + return s.String() +} + +func newErrorInternalServerException(v protocol.ResponseMetadata) error { + return &InternalServerException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InternalServerException) Code() string { + return "InternalServerException" +} + +// Message returns the exception's message. +func (s *InternalServerException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InternalServerException) OrigErr() error { + return nil +} + +func (s *InternalServerException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InternalServerException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InternalServerException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Parameters required for DUKPT MAC generation and verification. +type MacAlgorithmDukpt struct { + _ struct{} `type:"structure"` + + // The key type derived using DUKPT from a Base Derivation Key (BDK) and Key + // Serial Number (KSN). This must be less than or equal to the strength of the + // BDK. For example, you can't use AES_128 as a derivation type for a BDK of + // AES_128 or TDES_2KEY. + DukptDerivationType *string `type:"string" enum:"DukptDerivationType"` + + // The type of use of DUKPT, which can be MAC generation, MAC verification, + // or both. + // + // DukptKeyVariant is a required field + DukptKeyVariant *string `type:"string" required:"true" enum:"DukptKeyVariant"` + + // The unique identifier known as Key Serial Number (KSN) that comes from an + // encrypting device using DUKPT encryption method. The KSN is derived from + // the encrypting device unique identifier and an internal transaction counter. + // + // KeySerialNumber is a required field + KeySerialNumber *string `min:"10" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MacAlgorithmDukpt) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MacAlgorithmDukpt) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MacAlgorithmDukpt) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MacAlgorithmDukpt"} + if s.DukptKeyVariant == nil { + invalidParams.Add(request.NewErrParamRequired("DukptKeyVariant")) + } + if s.KeySerialNumber == nil { + invalidParams.Add(request.NewErrParamRequired("KeySerialNumber")) + } + if s.KeySerialNumber != nil && len(*s.KeySerialNumber) < 10 { + invalidParams.Add(request.NewErrParamMinLen("KeySerialNumber", 10)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDukptDerivationType sets the DukptDerivationType field's value. +func (s *MacAlgorithmDukpt) SetDukptDerivationType(v string) *MacAlgorithmDukpt { + s.DukptDerivationType = &v + return s +} + +// SetDukptKeyVariant sets the DukptKeyVariant field's value. +func (s *MacAlgorithmDukpt) SetDukptKeyVariant(v string) *MacAlgorithmDukpt { + s.DukptKeyVariant = &v + return s +} + +// SetKeySerialNumber sets the KeySerialNumber field's value. +func (s *MacAlgorithmDukpt) SetKeySerialNumber(v string) *MacAlgorithmDukpt { + s.KeySerialNumber = &v + return s +} + +// Parameters that are required for EMV MAC generation and verification. +type MacAlgorithmEmv struct { + _ struct{} `type:"structure"` + + // The method to use when deriving the master key for EMV MAC generation or + // verification. + // + // MajorKeyDerivationMode is a required field + MajorKeyDerivationMode *string `type:"string" required:"true" enum:"MajorKeyDerivationMode"` + + // A number that identifies and differentiates payment cards with the same Primary + // Account Number (PAN). + // + // PanSequenceNumber is a required field + PanSequenceNumber *string `min:"2" type:"string" required:"true"` + + // The Primary Account Number (PAN), a unique identifier for a payment credit + // or debit card and associates the card to a specific account holder. + // + // PrimaryAccountNumber is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by MacAlgorithmEmv's + // String and GoString methods. + // + // PrimaryAccountNumber is a required field + PrimaryAccountNumber *string `min:"12" type:"string" required:"true" sensitive:"true"` + + // The method of deriving a session key for EMV MAC generation or verification. + // + // SessionKeyDerivationMode is a required field + SessionKeyDerivationMode *string `type:"string" required:"true" enum:"SessionKeyDerivationMode"` + + // Parameters that are required to generate session key for EMV generation and + // verification. + // + // SessionKeyDerivationValue is a required field + SessionKeyDerivationValue *SessionKeyDerivationValue `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MacAlgorithmEmv) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MacAlgorithmEmv) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MacAlgorithmEmv) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MacAlgorithmEmv"} + if s.MajorKeyDerivationMode == nil { + invalidParams.Add(request.NewErrParamRequired("MajorKeyDerivationMode")) + } + if s.PanSequenceNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PanSequenceNumber")) + } + if s.PanSequenceNumber != nil && len(*s.PanSequenceNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("PanSequenceNumber", 2)) + } + if s.PrimaryAccountNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryAccountNumber")) + } + if s.PrimaryAccountNumber != nil && len(*s.PrimaryAccountNumber) < 12 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryAccountNumber", 12)) + } + if s.SessionKeyDerivationMode == nil { + invalidParams.Add(request.NewErrParamRequired("SessionKeyDerivationMode")) + } + if s.SessionKeyDerivationValue == nil { + invalidParams.Add(request.NewErrParamRequired("SessionKeyDerivationValue")) + } + if s.SessionKeyDerivationValue != nil { + if err := s.SessionKeyDerivationValue.Validate(); err != nil { + invalidParams.AddNested("SessionKeyDerivationValue", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMajorKeyDerivationMode sets the MajorKeyDerivationMode field's value. +func (s *MacAlgorithmEmv) SetMajorKeyDerivationMode(v string) *MacAlgorithmEmv { + s.MajorKeyDerivationMode = &v + return s +} + +// SetPanSequenceNumber sets the PanSequenceNumber field's value. +func (s *MacAlgorithmEmv) SetPanSequenceNumber(v string) *MacAlgorithmEmv { + s.PanSequenceNumber = &v + return s +} + +// SetPrimaryAccountNumber sets the PrimaryAccountNumber field's value. +func (s *MacAlgorithmEmv) SetPrimaryAccountNumber(v string) *MacAlgorithmEmv { + s.PrimaryAccountNumber = &v + return s +} + +// SetSessionKeyDerivationMode sets the SessionKeyDerivationMode field's value. +func (s *MacAlgorithmEmv) SetSessionKeyDerivationMode(v string) *MacAlgorithmEmv { + s.SessionKeyDerivationMode = &v + return s +} + +// SetSessionKeyDerivationValue sets the SessionKeyDerivationValue field's value. +func (s *MacAlgorithmEmv) SetSessionKeyDerivationValue(v *SessionKeyDerivationValue) *MacAlgorithmEmv { + s.SessionKeyDerivationValue = v + return s +} + +// Parameters that are required for DUKPT, HMAC, or EMV MAC generation or verification. +type MacAttributes struct { + _ struct{} `type:"structure"` + + // The encryption algorithm for MAC generation or verification. + Algorithm *string `type:"string" enum:"MacAlgorithm"` + + // Parameters that are required for MAC generation or verification using DUKPT + // CMAC algorithm. + DukptCmac *MacAlgorithmDukpt `type:"structure"` + + // Parameters that are required for MAC generation or verification using DUKPT + // ISO 9797 algorithm1. + DukptIso9797Algorithm1 *MacAlgorithmDukpt `type:"structure"` + + // Parameters that are required for MAC generation or verification using DUKPT + // ISO 9797 algorithm2. + DukptIso9797Algorithm3 *MacAlgorithmDukpt `type:"structure"` + + // Parameters that are required for MAC generation or verification using EMV + // MAC algorithm. + EmvMac *MacAlgorithmEmv `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MacAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MacAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MacAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MacAttributes"} + if s.DukptCmac != nil { + if err := s.DukptCmac.Validate(); err != nil { + invalidParams.AddNested("DukptCmac", err.(request.ErrInvalidParams)) + } + } + if s.DukptIso9797Algorithm1 != nil { + if err := s.DukptIso9797Algorithm1.Validate(); err != nil { + invalidParams.AddNested("DukptIso9797Algorithm1", err.(request.ErrInvalidParams)) + } + } + if s.DukptIso9797Algorithm3 != nil { + if err := s.DukptIso9797Algorithm3.Validate(); err != nil { + invalidParams.AddNested("DukptIso9797Algorithm3", err.(request.ErrInvalidParams)) + } + } + if s.EmvMac != nil { + if err := s.EmvMac.Validate(); err != nil { + invalidParams.AddNested("EmvMac", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAlgorithm sets the Algorithm field's value. +func (s *MacAttributes) SetAlgorithm(v string) *MacAttributes { + s.Algorithm = &v + return s +} + +// SetDukptCmac sets the DukptCmac field's value. +func (s *MacAttributes) SetDukptCmac(v *MacAlgorithmDukpt) *MacAttributes { + s.DukptCmac = v + return s +} + +// SetDukptIso9797Algorithm1 sets the DukptIso9797Algorithm1 field's value. +func (s *MacAttributes) SetDukptIso9797Algorithm1(v *MacAlgorithmDukpt) *MacAttributes { + s.DukptIso9797Algorithm1 = v + return s +} + +// SetDukptIso9797Algorithm3 sets the DukptIso9797Algorithm3 field's value. +func (s *MacAttributes) SetDukptIso9797Algorithm3(v *MacAlgorithmDukpt) *MacAttributes { + s.DukptIso9797Algorithm3 = v + return s +} + +// SetEmvMac sets the EmvMac field's value. +func (s *MacAttributes) SetEmvMac(v *MacAlgorithmEmv) *MacAttributes { + s.EmvMac = v + return s +} + +// Parameters that are required to generate, translate, or verify PIN data. +type PinData struct { + _ struct{} `type:"structure"` + + // The PIN offset value. + PinOffset *string `min:"4" type:"string"` + + // The unique data to identify a cardholder. In most cases, this is the same + // as cardholder's Primary Account Number (PAN). If a value is not provided, + // it defaults to PAN. + VerificationValue *string `min:"4" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PinData) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PinData) GoString() string { + return s.String() +} + +// SetPinOffset sets the PinOffset field's value. +func (s *PinData) SetPinOffset(v string) *PinData { + s.PinOffset = &v + return s +} + +// SetVerificationValue sets the VerificationValue field's value. +func (s *PinData) SetVerificationValue(v string) *PinData { + s.VerificationValue = &v + return s +} + +// Parameters that are required for PIN data generation. +type PinGenerationAttributes struct { + _ struct{} `type:"structure"` + + // Parameters that are required to generate or verify Ibm3624 natural PIN. + Ibm3624NaturalPin *Ibm3624NaturalPin `type:"structure"` + + // Parameters that are required to generate or verify Ibm3624 PIN from offset + // PIN. + Ibm3624PinFromOffset *Ibm3624PinFromOffset `type:"structure"` + + // Parameters that are required to generate or verify Ibm3624 PIN offset PIN. + Ibm3624PinOffset *Ibm3624PinOffset `type:"structure"` + + // Parameters that are required to generate or verify Ibm3624 random PIN. + Ibm3624RandomPin *Ibm3624RandomPin `type:"structure"` + + // Parameters that are required to generate or verify Visa PIN. + VisaPin *VisaPin `type:"structure"` + + // Parameters that are required to generate or verify Visa PIN Verification + // Value (PVV). + VisaPinVerificationValue *VisaPinVerificationValue `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PinGenerationAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PinGenerationAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PinGenerationAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PinGenerationAttributes"} + if s.Ibm3624NaturalPin != nil { + if err := s.Ibm3624NaturalPin.Validate(); err != nil { + invalidParams.AddNested("Ibm3624NaturalPin", err.(request.ErrInvalidParams)) + } + } + if s.Ibm3624PinFromOffset != nil { + if err := s.Ibm3624PinFromOffset.Validate(); err != nil { + invalidParams.AddNested("Ibm3624PinFromOffset", err.(request.ErrInvalidParams)) + } + } + if s.Ibm3624PinOffset != nil { + if err := s.Ibm3624PinOffset.Validate(); err != nil { + invalidParams.AddNested("Ibm3624PinOffset", err.(request.ErrInvalidParams)) + } + } + if s.Ibm3624RandomPin != nil { + if err := s.Ibm3624RandomPin.Validate(); err != nil { + invalidParams.AddNested("Ibm3624RandomPin", err.(request.ErrInvalidParams)) + } + } + if s.VisaPin != nil { + if err := s.VisaPin.Validate(); err != nil { + invalidParams.AddNested("VisaPin", err.(request.ErrInvalidParams)) + } + } + if s.VisaPinVerificationValue != nil { + if err := s.VisaPinVerificationValue.Validate(); err != nil { + invalidParams.AddNested("VisaPinVerificationValue", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetIbm3624NaturalPin sets the Ibm3624NaturalPin field's value. +func (s *PinGenerationAttributes) SetIbm3624NaturalPin(v *Ibm3624NaturalPin) *PinGenerationAttributes { + s.Ibm3624NaturalPin = v + return s +} + +// SetIbm3624PinFromOffset sets the Ibm3624PinFromOffset field's value. +func (s *PinGenerationAttributes) SetIbm3624PinFromOffset(v *Ibm3624PinFromOffset) *PinGenerationAttributes { + s.Ibm3624PinFromOffset = v + return s +} + +// SetIbm3624PinOffset sets the Ibm3624PinOffset field's value. +func (s *PinGenerationAttributes) SetIbm3624PinOffset(v *Ibm3624PinOffset) *PinGenerationAttributes { + s.Ibm3624PinOffset = v + return s +} + +// SetIbm3624RandomPin sets the Ibm3624RandomPin field's value. +func (s *PinGenerationAttributes) SetIbm3624RandomPin(v *Ibm3624RandomPin) *PinGenerationAttributes { + s.Ibm3624RandomPin = v + return s +} + +// SetVisaPin sets the VisaPin field's value. +func (s *PinGenerationAttributes) SetVisaPin(v *VisaPin) *PinGenerationAttributes { + s.VisaPin = v + return s +} + +// SetVisaPinVerificationValue sets the VisaPinVerificationValue field's value. +func (s *PinGenerationAttributes) SetVisaPinVerificationValue(v *VisaPinVerificationValue) *PinGenerationAttributes { + s.VisaPinVerificationValue = v + return s +} + +// Parameters that are required for PIN data verification. +type PinVerificationAttributes struct { + _ struct{} `type:"structure"` + + // Parameters that are required to generate or verify Ibm3624 PIN. + Ibm3624Pin *Ibm3624PinVerification `type:"structure"` + + // Parameters that are required to generate or verify Visa PIN. + VisaPin *VisaPinVerification `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PinVerificationAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PinVerificationAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PinVerificationAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PinVerificationAttributes"} + if s.Ibm3624Pin != nil { + if err := s.Ibm3624Pin.Validate(); err != nil { + invalidParams.AddNested("Ibm3624Pin", err.(request.ErrInvalidParams)) + } + } + if s.VisaPin != nil { + if err := s.VisaPin.Validate(); err != nil { + invalidParams.AddNested("VisaPin", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetIbm3624Pin sets the Ibm3624Pin field's value. +func (s *PinVerificationAttributes) SetIbm3624Pin(v *Ibm3624PinVerification) *PinVerificationAttributes { + s.Ibm3624Pin = v + return s +} + +// SetVisaPin sets the VisaPin field's value. +func (s *PinVerificationAttributes) SetVisaPin(v *VisaPinVerification) *PinVerificationAttributes { + s.VisaPin = v + return s +} + +type ReEncryptDataInput struct { + _ struct{} `type:"structure"` + + // Ciphertext to be encrypted. The minimum allowed length is 16 bytes and maximum + // allowed length is 4096 bytes. + // + // CipherText is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ReEncryptDataInput's + // String and GoString methods. + // + // CipherText is a required field + CipherText *string `min:"16" type:"string" required:"true" sensitive:"true"` + + // The attributes and values for incoming ciphertext. + // + // IncomingEncryptionAttributes is a required field + IncomingEncryptionAttributes *ReEncryptionAttributes `type:"structure" required:"true"` + + // The keyARN of the encryption key of incoming ciphertext data. + // + // IncomingKeyIdentifier is a required field + IncomingKeyIdentifier *string `location:"uri" locationName:"IncomingKeyIdentifier" min:"7" type:"string" required:"true"` + + // The attributes and values for outgoing ciphertext data after encryption by + // Amazon Web Services Payment Cryptography. + // + // OutgoingEncryptionAttributes is a required field + OutgoingEncryptionAttributes *ReEncryptionAttributes `type:"structure" required:"true"` + + // The keyARN of the encryption key of outgoing ciphertext data after encryption + // by Amazon Web Services Payment Cryptography. + // + // OutgoingKeyIdentifier is a required field + OutgoingKeyIdentifier *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReEncryptDataInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReEncryptDataInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ReEncryptDataInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ReEncryptDataInput"} + if s.CipherText == nil { + invalidParams.Add(request.NewErrParamRequired("CipherText")) + } + if s.CipherText != nil && len(*s.CipherText) < 16 { + invalidParams.Add(request.NewErrParamMinLen("CipherText", 16)) + } + if s.IncomingEncryptionAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("IncomingEncryptionAttributes")) + } + if s.IncomingKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("IncomingKeyIdentifier")) + } + if s.IncomingKeyIdentifier != nil && len(*s.IncomingKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("IncomingKeyIdentifier", 7)) + } + if s.OutgoingEncryptionAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("OutgoingEncryptionAttributes")) + } + if s.OutgoingKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("OutgoingKeyIdentifier")) + } + if s.OutgoingKeyIdentifier != nil && len(*s.OutgoingKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("OutgoingKeyIdentifier", 7)) + } + if s.IncomingEncryptionAttributes != nil { + if err := s.IncomingEncryptionAttributes.Validate(); err != nil { + invalidParams.AddNested("IncomingEncryptionAttributes", err.(request.ErrInvalidParams)) + } + } + if s.OutgoingEncryptionAttributes != nil { + if err := s.OutgoingEncryptionAttributes.Validate(); err != nil { + invalidParams.AddNested("OutgoingEncryptionAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCipherText sets the CipherText field's value. +func (s *ReEncryptDataInput) SetCipherText(v string) *ReEncryptDataInput { + s.CipherText = &v + return s +} + +// SetIncomingEncryptionAttributes sets the IncomingEncryptionAttributes field's value. +func (s *ReEncryptDataInput) SetIncomingEncryptionAttributes(v *ReEncryptionAttributes) *ReEncryptDataInput { + s.IncomingEncryptionAttributes = v + return s +} + +// SetIncomingKeyIdentifier sets the IncomingKeyIdentifier field's value. +func (s *ReEncryptDataInput) SetIncomingKeyIdentifier(v string) *ReEncryptDataInput { + s.IncomingKeyIdentifier = &v + return s +} + +// SetOutgoingEncryptionAttributes sets the OutgoingEncryptionAttributes field's value. +func (s *ReEncryptDataInput) SetOutgoingEncryptionAttributes(v *ReEncryptionAttributes) *ReEncryptDataInput { + s.OutgoingEncryptionAttributes = v + return s +} + +// SetOutgoingKeyIdentifier sets the OutgoingKeyIdentifier field's value. +func (s *ReEncryptDataInput) SetOutgoingKeyIdentifier(v string) *ReEncryptDataInput { + s.OutgoingKeyIdentifier = &v + return s +} + +type ReEncryptDataOutput struct { + _ struct{} `type:"structure"` + + // The encrypted ciphertext. + // + // CipherText is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ReEncryptDataOutput's + // String and GoString methods. + // + // CipherText is a required field + CipherText *string `min:"16" type:"string" required:"true" sensitive:"true"` + + // The keyARN (Amazon Resource Name) of the encryption key that Amazon Web Services + // Payment Cryptography uses for plaintext encryption. + // + // KeyArn is a required field + KeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // KeyCheckValue is a required field + KeyCheckValue *string `min:"4" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReEncryptDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReEncryptDataOutput) GoString() string { + return s.String() +} + +// SetCipherText sets the CipherText field's value. +func (s *ReEncryptDataOutput) SetCipherText(v string) *ReEncryptDataOutput { + s.CipherText = &v + return s +} + +// SetKeyArn sets the KeyArn field's value. +func (s *ReEncryptDataOutput) SetKeyArn(v string) *ReEncryptDataOutput { + s.KeyArn = &v + return s +} + +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *ReEncryptDataOutput) SetKeyCheckValue(v string) *ReEncryptDataOutput { + s.KeyCheckValue = &v + return s +} + +// Parameters that are required to perform reencryption operation. +type ReEncryptionAttributes struct { + _ struct{} `type:"structure"` + + // Parameters that are required to encrypt plaintext data using DUKPT. + Dukpt *DukptEncryptionAttributes `type:"structure"` + + // Parameters that are required to encrypt data using symmetric keys. + Symmetric *SymmetricEncryptionAttributes `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReEncryptionAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ReEncryptionAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ReEncryptionAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ReEncryptionAttributes"} + if s.Dukpt != nil { + if err := s.Dukpt.Validate(); err != nil { + invalidParams.AddNested("Dukpt", err.(request.ErrInvalidParams)) + } + } + if s.Symmetric != nil { + if err := s.Symmetric.Validate(); err != nil { + invalidParams.AddNested("Symmetric", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDukpt sets the Dukpt field's value. +func (s *ReEncryptionAttributes) SetDukpt(v *DukptEncryptionAttributes) *ReEncryptionAttributes { + s.Dukpt = v + return s +} + +// SetSymmetric sets the Symmetric field's value. +func (s *ReEncryptionAttributes) SetSymmetric(v *SymmetricEncryptionAttributes) *ReEncryptionAttributes { + s.Symmetric = v + return s +} + +// The request was denied due to an invalid resource error. +type ResourceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` + + // The resource that is missing. + ResourceId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) GoString() string { + return s.String() +} + +func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { + return &ResourceNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ResourceNotFoundException) Code() string { + return "ResourceNotFoundException" +} + +// Message returns the exception's message. +func (s *ResourceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ResourceNotFoundException) OrigErr() error { + return nil +} + +func (s *ResourceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ResourceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ResourceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +// Parameters to derive session key for an Amex payment card. +type SessionKeyAmex struct { + _ struct{} `type:"structure"` + + // A number that identifies and differentiates payment cards with the same Primary + // Account Number (PAN). + // + // PanSequenceNumber is a required field + PanSequenceNumber *string `min:"2" type:"string" required:"true"` + + // The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier + // for a payment credit or debit card and associates the card to a specific + // account holder. + // + // PrimaryAccountNumber is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionKeyAmex's + // String and GoString methods. + // + // PrimaryAccountNumber is a required field + PrimaryAccountNumber *string `min:"12" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyAmex) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyAmex) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SessionKeyAmex) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SessionKeyAmex"} + if s.PanSequenceNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PanSequenceNumber")) + } + if s.PanSequenceNumber != nil && len(*s.PanSequenceNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("PanSequenceNumber", 2)) + } + if s.PrimaryAccountNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryAccountNumber")) + } + if s.PrimaryAccountNumber != nil && len(*s.PrimaryAccountNumber) < 12 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryAccountNumber", 12)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPanSequenceNumber sets the PanSequenceNumber field's value. +func (s *SessionKeyAmex) SetPanSequenceNumber(v string) *SessionKeyAmex { + s.PanSequenceNumber = &v + return s +} + +// SetPrimaryAccountNumber sets the PrimaryAccountNumber field's value. +func (s *SessionKeyAmex) SetPrimaryAccountNumber(v string) *SessionKeyAmex { + s.PrimaryAccountNumber = &v + return s +} + +// Parameters to derive a session key for Authorization Response Cryptogram +// (ARQC) verification. +type SessionKeyDerivation struct { + _ struct{} `type:"structure"` + + // Parameters to derive session key for an Amex payment card for ARQC verification. + Amex *SessionKeyAmex `type:"structure"` + + // Parameters to derive session key for an Emv2000 payment card for ARQC verification. + Emv2000 *SessionKeyEmv2000 `type:"structure"` + + // Parameters to derive session key for an Emv common payment card for ARQC + // verification. + EmvCommon *SessionKeyEmvCommon `type:"structure"` + + // Parameters to derive session key for a Mastercard payment card for ARQC verification. + Mastercard *SessionKeyMastercard `type:"structure"` + + // Parameters to derive session key for a Visa payment cardfor ARQC verification. + Visa *SessionKeyVisa `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyDerivation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyDerivation) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SessionKeyDerivation) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SessionKeyDerivation"} + if s.Amex != nil { + if err := s.Amex.Validate(); err != nil { + invalidParams.AddNested("Amex", err.(request.ErrInvalidParams)) + } + } + if s.Emv2000 != nil { + if err := s.Emv2000.Validate(); err != nil { + invalidParams.AddNested("Emv2000", err.(request.ErrInvalidParams)) + } + } + if s.EmvCommon != nil { + if err := s.EmvCommon.Validate(); err != nil { + invalidParams.AddNested("EmvCommon", err.(request.ErrInvalidParams)) + } + } + if s.Mastercard != nil { + if err := s.Mastercard.Validate(); err != nil { + invalidParams.AddNested("Mastercard", err.(request.ErrInvalidParams)) + } + } + if s.Visa != nil { + if err := s.Visa.Validate(); err != nil { + invalidParams.AddNested("Visa", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAmex sets the Amex field's value. +func (s *SessionKeyDerivation) SetAmex(v *SessionKeyAmex) *SessionKeyDerivation { + s.Amex = v + return s +} + +// SetEmv2000 sets the Emv2000 field's value. +func (s *SessionKeyDerivation) SetEmv2000(v *SessionKeyEmv2000) *SessionKeyDerivation { + s.Emv2000 = v + return s +} + +// SetEmvCommon sets the EmvCommon field's value. +func (s *SessionKeyDerivation) SetEmvCommon(v *SessionKeyEmvCommon) *SessionKeyDerivation { + s.EmvCommon = v + return s +} + +// SetMastercard sets the Mastercard field's value. +func (s *SessionKeyDerivation) SetMastercard(v *SessionKeyMastercard) *SessionKeyDerivation { + s.Mastercard = v + return s +} + +// SetVisa sets the Visa field's value. +func (s *SessionKeyDerivation) SetVisa(v *SessionKeyVisa) *SessionKeyDerivation { + s.Visa = v + return s +} + +// Parameters to derive session key value using a MAC EMV algorithm. +type SessionKeyDerivationValue struct { + _ struct{} `type:"structure"` + + // The cryptogram provided by the terminal during transaction processing. + ApplicationCryptogram *string `min:"16" type:"string"` + + // The transaction counter that is provided by the terminal during transaction + // processing. + ApplicationTransactionCounter *string `min:"2" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyDerivationValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyDerivationValue) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SessionKeyDerivationValue) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SessionKeyDerivationValue"} + if s.ApplicationCryptogram != nil && len(*s.ApplicationCryptogram) < 16 { + invalidParams.Add(request.NewErrParamMinLen("ApplicationCryptogram", 16)) + } + if s.ApplicationTransactionCounter != nil && len(*s.ApplicationTransactionCounter) < 2 { + invalidParams.Add(request.NewErrParamMinLen("ApplicationTransactionCounter", 2)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplicationCryptogram sets the ApplicationCryptogram field's value. +func (s *SessionKeyDerivationValue) SetApplicationCryptogram(v string) *SessionKeyDerivationValue { + s.ApplicationCryptogram = &v + return s +} + +// SetApplicationTransactionCounter sets the ApplicationTransactionCounter field's value. +func (s *SessionKeyDerivationValue) SetApplicationTransactionCounter(v string) *SessionKeyDerivationValue { + s.ApplicationTransactionCounter = &v + return s +} + +// Parameters to derive session key for an Emv2000 payment card for ARQC verification. +type SessionKeyEmv2000 struct { + _ struct{} `type:"structure"` + + // The transaction counter that is provided by the terminal during transaction + // processing. + // + // ApplicationTransactionCounter is a required field + ApplicationTransactionCounter *string `min:"2" type:"string" required:"true"` + + // A number that identifies and differentiates payment cards with the same Primary + // Account Number (PAN). + // + // PanSequenceNumber is a required field + PanSequenceNumber *string `min:"2" type:"string" required:"true"` + + // The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier + // for a payment credit or debit card and associates the card to a specific + // account holder. + // + // PrimaryAccountNumber is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionKeyEmv2000's + // String and GoString methods. + // + // PrimaryAccountNumber is a required field + PrimaryAccountNumber *string `min:"12" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyEmv2000) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyEmv2000) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SessionKeyEmv2000) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SessionKeyEmv2000"} + if s.ApplicationTransactionCounter == nil { + invalidParams.Add(request.NewErrParamRequired("ApplicationTransactionCounter")) + } + if s.ApplicationTransactionCounter != nil && len(*s.ApplicationTransactionCounter) < 2 { + invalidParams.Add(request.NewErrParamMinLen("ApplicationTransactionCounter", 2)) + } + if s.PanSequenceNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PanSequenceNumber")) + } + if s.PanSequenceNumber != nil && len(*s.PanSequenceNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("PanSequenceNumber", 2)) + } + if s.PrimaryAccountNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryAccountNumber")) + } + if s.PrimaryAccountNumber != nil && len(*s.PrimaryAccountNumber) < 12 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryAccountNumber", 12)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplicationTransactionCounter sets the ApplicationTransactionCounter field's value. +func (s *SessionKeyEmv2000) SetApplicationTransactionCounter(v string) *SessionKeyEmv2000 { + s.ApplicationTransactionCounter = &v + return s +} + +// SetPanSequenceNumber sets the PanSequenceNumber field's value. +func (s *SessionKeyEmv2000) SetPanSequenceNumber(v string) *SessionKeyEmv2000 { + s.PanSequenceNumber = &v + return s +} + +// SetPrimaryAccountNumber sets the PrimaryAccountNumber field's value. +func (s *SessionKeyEmv2000) SetPrimaryAccountNumber(v string) *SessionKeyEmv2000 { + s.PrimaryAccountNumber = &v + return s +} + +// Parameters to derive session key for an Emv common payment card for ARQC +// verification. +type SessionKeyEmvCommon struct { + _ struct{} `type:"structure"` + + // The transaction counter that is provided by the terminal during transaction + // processing. + // + // ApplicationTransactionCounter is a required field + ApplicationTransactionCounter *string `min:"2" type:"string" required:"true"` + + // A number that identifies and differentiates payment cards with the same Primary + // Account Number (PAN). + // + // PanSequenceNumber is a required field + PanSequenceNumber *string `min:"2" type:"string" required:"true"` + + // The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier + // for a payment credit or debit card and associates the card to a specific + // account holder. + // + // PrimaryAccountNumber is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionKeyEmvCommon's + // String and GoString methods. + // + // PrimaryAccountNumber is a required field + PrimaryAccountNumber *string `min:"12" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyEmvCommon) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyEmvCommon) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SessionKeyEmvCommon) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SessionKeyEmvCommon"} + if s.ApplicationTransactionCounter == nil { + invalidParams.Add(request.NewErrParamRequired("ApplicationTransactionCounter")) + } + if s.ApplicationTransactionCounter != nil && len(*s.ApplicationTransactionCounter) < 2 { + invalidParams.Add(request.NewErrParamMinLen("ApplicationTransactionCounter", 2)) + } + if s.PanSequenceNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PanSequenceNumber")) + } + if s.PanSequenceNumber != nil && len(*s.PanSequenceNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("PanSequenceNumber", 2)) + } + if s.PrimaryAccountNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryAccountNumber")) + } + if s.PrimaryAccountNumber != nil && len(*s.PrimaryAccountNumber) < 12 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryAccountNumber", 12)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplicationTransactionCounter sets the ApplicationTransactionCounter field's value. +func (s *SessionKeyEmvCommon) SetApplicationTransactionCounter(v string) *SessionKeyEmvCommon { + s.ApplicationTransactionCounter = &v + return s +} + +// SetPanSequenceNumber sets the PanSequenceNumber field's value. +func (s *SessionKeyEmvCommon) SetPanSequenceNumber(v string) *SessionKeyEmvCommon { + s.PanSequenceNumber = &v + return s +} + +// SetPrimaryAccountNumber sets the PrimaryAccountNumber field's value. +func (s *SessionKeyEmvCommon) SetPrimaryAccountNumber(v string) *SessionKeyEmvCommon { + s.PrimaryAccountNumber = &v + return s +} + +// Parameters to derive session key for Mastercard payment card for ARQC verification. +type SessionKeyMastercard struct { + _ struct{} `type:"structure"` + + // The transaction counter that is provided by the terminal during transaction + // processing. + // + // ApplicationTransactionCounter is a required field + ApplicationTransactionCounter *string `min:"2" type:"string" required:"true"` + + // A number that identifies and differentiates payment cards with the same Primary + // Account Number (PAN). + // + // PanSequenceNumber is a required field + PanSequenceNumber *string `min:"2" type:"string" required:"true"` + + // The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier + // for a payment credit or debit card and associates the card to a specific + // account holder. + // + // PrimaryAccountNumber is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionKeyMastercard's + // String and GoString methods. + // + // PrimaryAccountNumber is a required field + PrimaryAccountNumber *string `min:"12" type:"string" required:"true" sensitive:"true"` + + // A random number generated by the issuer. + // + // UnpredictableNumber is a required field + UnpredictableNumber *string `min:"2" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyMastercard) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyMastercard) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SessionKeyMastercard) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SessionKeyMastercard"} + if s.ApplicationTransactionCounter == nil { + invalidParams.Add(request.NewErrParamRequired("ApplicationTransactionCounter")) + } + if s.ApplicationTransactionCounter != nil && len(*s.ApplicationTransactionCounter) < 2 { + invalidParams.Add(request.NewErrParamMinLen("ApplicationTransactionCounter", 2)) + } + if s.PanSequenceNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PanSequenceNumber")) + } + if s.PanSequenceNumber != nil && len(*s.PanSequenceNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("PanSequenceNumber", 2)) + } + if s.PrimaryAccountNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryAccountNumber")) + } + if s.PrimaryAccountNumber != nil && len(*s.PrimaryAccountNumber) < 12 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryAccountNumber", 12)) + } + if s.UnpredictableNumber == nil { + invalidParams.Add(request.NewErrParamRequired("UnpredictableNumber")) + } + if s.UnpredictableNumber != nil && len(*s.UnpredictableNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("UnpredictableNumber", 2)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetApplicationTransactionCounter sets the ApplicationTransactionCounter field's value. +func (s *SessionKeyMastercard) SetApplicationTransactionCounter(v string) *SessionKeyMastercard { + s.ApplicationTransactionCounter = &v + return s +} + +// SetPanSequenceNumber sets the PanSequenceNumber field's value. +func (s *SessionKeyMastercard) SetPanSequenceNumber(v string) *SessionKeyMastercard { + s.PanSequenceNumber = &v + return s +} + +// SetPrimaryAccountNumber sets the PrimaryAccountNumber field's value. +func (s *SessionKeyMastercard) SetPrimaryAccountNumber(v string) *SessionKeyMastercard { + s.PrimaryAccountNumber = &v + return s +} + +// SetUnpredictableNumber sets the UnpredictableNumber field's value. +func (s *SessionKeyMastercard) SetUnpredictableNumber(v string) *SessionKeyMastercard { + s.UnpredictableNumber = &v + return s +} + +// Parameters to derive session key for Visa payment card for ARQC verification. +type SessionKeyVisa struct { + _ struct{} `type:"structure"` + + // A number that identifies and differentiates payment cards with the same Primary + // Account Number (PAN). + // + // PanSequenceNumber is a required field + PanSequenceNumber *string `min:"2" type:"string" required:"true"` + + // The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier + // for a payment credit or debit card and associates the card to a specific + // account holder. + // + // PrimaryAccountNumber is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionKeyVisa's + // String and GoString methods. + // + // PrimaryAccountNumber is a required field + PrimaryAccountNumber *string `min:"12" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyVisa) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionKeyVisa) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SessionKeyVisa) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SessionKeyVisa"} + if s.PanSequenceNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PanSequenceNumber")) + } + if s.PanSequenceNumber != nil && len(*s.PanSequenceNumber) < 2 { + invalidParams.Add(request.NewErrParamMinLen("PanSequenceNumber", 2)) + } + if s.PrimaryAccountNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryAccountNumber")) + } + if s.PrimaryAccountNumber != nil && len(*s.PrimaryAccountNumber) < 12 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryAccountNumber", 12)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPanSequenceNumber sets the PanSequenceNumber field's value. +func (s *SessionKeyVisa) SetPanSequenceNumber(v string) *SessionKeyVisa { + s.PanSequenceNumber = &v + return s +} + +// SetPrimaryAccountNumber sets the PrimaryAccountNumber field's value. +func (s *SessionKeyVisa) SetPrimaryAccountNumber(v string) *SessionKeyVisa { + s.PrimaryAccountNumber = &v + return s +} + +// Parameters requried to encrypt plaintext data using symmetric keys. +type SymmetricEncryptionAttributes struct { + _ struct{} `type:"structure"` + + // An input to cryptographic primitive used to provide the intial state. The + // InitializationVector is typically required have a random or psuedo-random + // value, but sometimes it only needs to be unpredictable or unique. If a value + // is not provided, Amazon Web Services Payment Cryptography generates a random + // value. + // + // InitializationVector is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SymmetricEncryptionAttributes's + // String and GoString methods. + InitializationVector *string `min:"16" type:"string" sensitive:"true"` + + // The block cipher mode of operation. Block ciphers are designed to encrypt + // a block of data of fixed size (for example, 128 bits). The size of the input + // block is usually same as the size of the encrypted output block, while the + // key length can be different. A mode of operation describes how to repeatedly + // apply a cipher's single-block operation to securely transform amounts of + // data larger than a block. + // + // Mode is a required field + Mode *string `type:"string" required:"true" enum:"EncryptionMode"` + + // The padding to be included with the data. + PaddingType *string `type:"string" enum:"PaddingType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SymmetricEncryptionAttributes) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SymmetricEncryptionAttributes) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SymmetricEncryptionAttributes) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SymmetricEncryptionAttributes"} + if s.InitializationVector != nil && len(*s.InitializationVector) < 16 { + invalidParams.Add(request.NewErrParamMinLen("InitializationVector", 16)) + } + if s.Mode == nil { + invalidParams.Add(request.NewErrParamRequired("Mode")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetInitializationVector sets the InitializationVector field's value. +func (s *SymmetricEncryptionAttributes) SetInitializationVector(v string) *SymmetricEncryptionAttributes { + s.InitializationVector = &v + return s +} + +// SetMode sets the Mode field's value. +func (s *SymmetricEncryptionAttributes) SetMode(v string) *SymmetricEncryptionAttributes { + s.Mode = &v + return s +} + +// SetPaddingType sets the PaddingType field's value. +func (s *SymmetricEncryptionAttributes) SetPaddingType(v string) *SymmetricEncryptionAttributes { + s.PaddingType = &v + return s +} + +// The request was denied due to request throttling. +type ThrottlingException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThrottlingException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThrottlingException) GoString() string { + return s.String() +} + +func newErrorThrottlingException(v protocol.ResponseMetadata) error { + return &ThrottlingException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ThrottlingException) Code() string { + return "ThrottlingException" +} + +// Message returns the exception's message. +func (s *ThrottlingException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ThrottlingException) OrigErr() error { + return nil +} + +func (s *ThrottlingException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ThrottlingException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ThrottlingException) RequestID() string { + return s.RespMetadata.RequestID +} + +type TranslatePinDataInput struct { + _ struct{} `type:"structure"` + + // The encrypted PIN block data that Amazon Web Services Payment Cryptography + // translates. + // + // EncryptedPinBlock is a required field + EncryptedPinBlock *string `min:"16" type:"string" required:"true"` + + // The attributes and values to use for incoming DUKPT encryption key for PIN + // block tranlation. + IncomingDukptAttributes *DukptDerivationAttributes `type:"structure"` + + // The keyARN of the encryption key under which incoming PIN block data is encrypted. + // This key type can be PEK or BDK. + // + // IncomingKeyIdentifier is a required field + IncomingKeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The format of the incoming PIN block data for tranlation within Amazon Web + // Services Payment Cryptography. + // + // IncomingTranslationAttributes is a required field + IncomingTranslationAttributes *TranslationIsoFormats `type:"structure" required:"true"` + + // The attributes and values to use for outgoing DUKPT encryption key after + // PIN block translation. + OutgoingDukptAttributes *DukptDerivationAttributes `type:"structure"` + + // The keyARN of the encryption key for encrypting outgoing PIN block data. + // This key type can be PEK or BDK. + // + // OutgoingKeyIdentifier is a required field + OutgoingKeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The format of the outgoing PIN block data after tranlation by Amazon Web + // Services Payment Cryptography. + // + // OutgoingTranslationAttributes is a required field + OutgoingTranslationAttributes *TranslationIsoFormats `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TranslatePinDataInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TranslatePinDataInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TranslatePinDataInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TranslatePinDataInput"} + if s.EncryptedPinBlock == nil { + invalidParams.Add(request.NewErrParamRequired("EncryptedPinBlock")) + } + if s.EncryptedPinBlock != nil && len(*s.EncryptedPinBlock) < 16 { + invalidParams.Add(request.NewErrParamMinLen("EncryptedPinBlock", 16)) + } + if s.IncomingKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("IncomingKeyIdentifier")) + } + if s.IncomingKeyIdentifier != nil && len(*s.IncomingKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("IncomingKeyIdentifier", 7)) + } + if s.IncomingTranslationAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("IncomingTranslationAttributes")) + } + if s.OutgoingKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("OutgoingKeyIdentifier")) + } + if s.OutgoingKeyIdentifier != nil && len(*s.OutgoingKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("OutgoingKeyIdentifier", 7)) + } + if s.OutgoingTranslationAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("OutgoingTranslationAttributes")) + } + if s.IncomingDukptAttributes != nil { + if err := s.IncomingDukptAttributes.Validate(); err != nil { + invalidParams.AddNested("IncomingDukptAttributes", err.(request.ErrInvalidParams)) + } + } + if s.IncomingTranslationAttributes != nil { + if err := s.IncomingTranslationAttributes.Validate(); err != nil { + invalidParams.AddNested("IncomingTranslationAttributes", err.(request.ErrInvalidParams)) + } + } + if s.OutgoingDukptAttributes != nil { + if err := s.OutgoingDukptAttributes.Validate(); err != nil { + invalidParams.AddNested("OutgoingDukptAttributes", err.(request.ErrInvalidParams)) + } + } + if s.OutgoingTranslationAttributes != nil { + if err := s.OutgoingTranslationAttributes.Validate(); err != nil { + invalidParams.AddNested("OutgoingTranslationAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncryptedPinBlock sets the EncryptedPinBlock field's value. +func (s *TranslatePinDataInput) SetEncryptedPinBlock(v string) *TranslatePinDataInput { + s.EncryptedPinBlock = &v + return s +} + +// SetIncomingDukptAttributes sets the IncomingDukptAttributes field's value. +func (s *TranslatePinDataInput) SetIncomingDukptAttributes(v *DukptDerivationAttributes) *TranslatePinDataInput { + s.IncomingDukptAttributes = v + return s +} + +// SetIncomingKeyIdentifier sets the IncomingKeyIdentifier field's value. +func (s *TranslatePinDataInput) SetIncomingKeyIdentifier(v string) *TranslatePinDataInput { + s.IncomingKeyIdentifier = &v + return s +} + +// SetIncomingTranslationAttributes sets the IncomingTranslationAttributes field's value. +func (s *TranslatePinDataInput) SetIncomingTranslationAttributes(v *TranslationIsoFormats) *TranslatePinDataInput { + s.IncomingTranslationAttributes = v + return s +} + +// SetOutgoingDukptAttributes sets the OutgoingDukptAttributes field's value. +func (s *TranslatePinDataInput) SetOutgoingDukptAttributes(v *DukptDerivationAttributes) *TranslatePinDataInput { + s.OutgoingDukptAttributes = v + return s +} + +// SetOutgoingKeyIdentifier sets the OutgoingKeyIdentifier field's value. +func (s *TranslatePinDataInput) SetOutgoingKeyIdentifier(v string) *TranslatePinDataInput { + s.OutgoingKeyIdentifier = &v + return s +} + +// SetOutgoingTranslationAttributes sets the OutgoingTranslationAttributes field's value. +func (s *TranslatePinDataInput) SetOutgoingTranslationAttributes(v *TranslationIsoFormats) *TranslatePinDataInput { + s.OutgoingTranslationAttributes = v + return s +} + +type TranslatePinDataOutput struct { + _ struct{} `type:"structure"` + + // The keyARN of the encryption key that Amazon Web Services Payment Cryptography + // uses to encrypt outgoing PIN block data after translation. + // + // KeyArn is a required field + KeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // KeyCheckValue is a required field + KeyCheckValue *string `min:"4" type:"string" required:"true"` + + // The ougoing encrypted PIN block data after tranlation. + // + // PinBlock is a required field + PinBlock *string `min:"16" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TranslatePinDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TranslatePinDataOutput) GoString() string { + return s.String() +} + +// SetKeyArn sets the KeyArn field's value. +func (s *TranslatePinDataOutput) SetKeyArn(v string) *TranslatePinDataOutput { + s.KeyArn = &v + return s +} + +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *TranslatePinDataOutput) SetKeyCheckValue(v string) *TranslatePinDataOutput { + s.KeyCheckValue = &v + return s +} + +// SetPinBlock sets the PinBlock field's value. +func (s *TranslatePinDataOutput) SetPinBlock(v string) *TranslatePinDataOutput { + s.PinBlock = &v + return s +} + +// Parameters that are required for translation between ISO9564 PIN block formats +// 0,1,3,4. +type TranslationIsoFormats struct { + _ struct{} `type:"structure"` + + // Parameters that are required for ISO9564 PIN format 0 tranlation. + IsoFormat0 *TranslationPinDataIsoFormat034 `type:"structure"` + + // Parameters that are required for ISO9564 PIN format 1 tranlation. + IsoFormat1 *TranslationPinDataIsoFormat1 `type:"structure"` + + // Parameters that are required for ISO9564 PIN format 3 tranlation. + IsoFormat3 *TranslationPinDataIsoFormat034 `type:"structure"` + + // Parameters that are required for ISO9564 PIN format 4 tranlation. + IsoFormat4 *TranslationPinDataIsoFormat034 `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TranslationIsoFormats) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TranslationIsoFormats) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TranslationIsoFormats) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TranslationIsoFormats"} + if s.IsoFormat0 != nil { + if err := s.IsoFormat0.Validate(); err != nil { + invalidParams.AddNested("IsoFormat0", err.(request.ErrInvalidParams)) + } + } + if s.IsoFormat3 != nil { + if err := s.IsoFormat3.Validate(); err != nil { + invalidParams.AddNested("IsoFormat3", err.(request.ErrInvalidParams)) + } + } + if s.IsoFormat4 != nil { + if err := s.IsoFormat4.Validate(); err != nil { + invalidParams.AddNested("IsoFormat4", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetIsoFormat0 sets the IsoFormat0 field's value. +func (s *TranslationIsoFormats) SetIsoFormat0(v *TranslationPinDataIsoFormat034) *TranslationIsoFormats { + s.IsoFormat0 = v + return s +} + +// SetIsoFormat1 sets the IsoFormat1 field's value. +func (s *TranslationIsoFormats) SetIsoFormat1(v *TranslationPinDataIsoFormat1) *TranslationIsoFormats { + s.IsoFormat1 = v + return s +} + +// SetIsoFormat3 sets the IsoFormat3 field's value. +func (s *TranslationIsoFormats) SetIsoFormat3(v *TranslationPinDataIsoFormat034) *TranslationIsoFormats { + s.IsoFormat3 = v + return s +} + +// SetIsoFormat4 sets the IsoFormat4 field's value. +func (s *TranslationIsoFormats) SetIsoFormat4(v *TranslationPinDataIsoFormat034) *TranslationIsoFormats { + s.IsoFormat4 = v + return s +} + +// Parameters that are required for tranlation between ISO9564 PIN format 0,3,4 +// tranlation. +type TranslationPinDataIsoFormat034 struct { + _ struct{} `type:"structure"` + + // The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier + // for a payment credit or debit card and associates the card to a specific + // account holder. + // + // PrimaryAccountNumber is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by TranslationPinDataIsoFormat034's + // String and GoString methods. + // + // PrimaryAccountNumber is a required field + PrimaryAccountNumber *string `min:"12" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TranslationPinDataIsoFormat034) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TranslationPinDataIsoFormat034) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TranslationPinDataIsoFormat034) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TranslationPinDataIsoFormat034"} + if s.PrimaryAccountNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryAccountNumber")) + } + if s.PrimaryAccountNumber != nil && len(*s.PrimaryAccountNumber) < 12 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryAccountNumber", 12)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPrimaryAccountNumber sets the PrimaryAccountNumber field's value. +func (s *TranslationPinDataIsoFormat034) SetPrimaryAccountNumber(v string) *TranslationPinDataIsoFormat034 { + s.PrimaryAccountNumber = &v + return s +} + +// Parameters that are required for ISO9564 PIN format 1 tranlation. +type TranslationPinDataIsoFormat1 struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TranslationPinDataIsoFormat1) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TranslationPinDataIsoFormat1) GoString() string { + return s.String() +} + +// The request was denied due to an invalid request error. +type ValidationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // The request was denied due to an invalid request error. + FieldList []*ValidationExceptionField `locationName:"fieldList" type:"list"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationException) GoString() string { + return s.String() +} + +func newErrorValidationException(v protocol.ResponseMetadata) error { + return &ValidationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ValidationException) Code() string { + return "ValidationException" +} + +// Message returns the exception's message. +func (s *ValidationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ValidationException) OrigErr() error { + return nil +} + +func (s *ValidationException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ValidationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ValidationException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The request was denied due to an invalid request error. +type ValidationExceptionField struct { + _ struct{} `type:"structure"` + + // The request was denied due to an invalid request error. + // + // Message is a required field + Message *string `locationName:"message" type:"string" required:"true"` + + // The request was denied due to an invalid request error. + // + // Path is a required field + Path *string `locationName:"path" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationExceptionField) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationExceptionField) GoString() string { + return s.String() +} + +// SetMessage sets the Message field's value. +func (s *ValidationExceptionField) SetMessage(v string) *ValidationExceptionField { + s.Message = &v + return s +} + +// SetPath sets the Path field's value. +func (s *ValidationExceptionField) SetPath(v string) *ValidationExceptionField { + s.Path = &v + return s +} + +// This request failed verification. +type VerificationFailedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` + + // The reason for the exception. + // + // Reason is a required field + Reason *string `type:"string" required:"true" enum:"VerificationFailedReason"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerificationFailedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerificationFailedException) GoString() string { + return s.String() +} + +func newErrorVerificationFailedException(v protocol.ResponseMetadata) error { + return &VerificationFailedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *VerificationFailedException) Code() string { + return "VerificationFailedException" +} + +// Message returns the exception's message. +func (s *VerificationFailedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *VerificationFailedException) OrigErr() error { + return nil +} + +func (s *VerificationFailedException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *VerificationFailedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *VerificationFailedException) RequestID() string { + return s.RespMetadata.RequestID +} + +type VerifyAuthRequestCryptogramInput struct { + _ struct{} `type:"structure"` + + // The auth request cryptogram imported into Amazon Web Services Payment Cryptography + // for ARQC verification using a major encryption key and transaction data. + // + // AuthRequestCryptogram is a required field + AuthRequestCryptogram *string `min:"16" type:"string" required:"true"` + + // The attributes and values for auth request cryptogram verification. These + // parameters are required in case using ARPC Method 1 or Method 2 for ARQC + // verification. + AuthResponseAttributes *CryptogramAuthResponse `type:"structure"` + + // The keyARN of the major encryption key that Amazon Web Services Payment Cryptography + // uses for ARQC verification. + // + // KeyIdentifier is a required field + KeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The method to use when deriving the major encryption key for ARQC verification + // within Amazon Web Services Payment Cryptography. The same key derivation + // mode was used for ARQC generation outside of Amazon Web Services Payment + // Cryptography. + // + // MajorKeyDerivationMode is a required field + MajorKeyDerivationMode *string `type:"string" required:"true" enum:"MajorKeyDerivationMode"` + + // The attributes and values to use for deriving a session key for ARQC verification + // within Amazon Web Services Payment Cryptography. The same attributes were + // used for ARQC generation outside of Amazon Web Services Payment Cryptography. + // + // SessionKeyDerivationAttributes is a required field + SessionKeyDerivationAttributes *SessionKeyDerivation `type:"structure" required:"true"` + + // The transaction data that Amazon Web Services Payment Cryptography uses for + // ARQC verification. The same transaction is used for ARQC generation outside + // of Amazon Web Services Payment Cryptography. + // + // TransactionData is a required field + TransactionData *string `min:"2" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyAuthRequestCryptogramInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyAuthRequestCryptogramInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifyAuthRequestCryptogramInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifyAuthRequestCryptogramInput"} + if s.AuthRequestCryptogram == nil { + invalidParams.Add(request.NewErrParamRequired("AuthRequestCryptogram")) + } + if s.AuthRequestCryptogram != nil && len(*s.AuthRequestCryptogram) < 16 { + invalidParams.Add(request.NewErrParamMinLen("AuthRequestCryptogram", 16)) + } + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + if s.MajorKeyDerivationMode == nil { + invalidParams.Add(request.NewErrParamRequired("MajorKeyDerivationMode")) + } + if s.SessionKeyDerivationAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("SessionKeyDerivationAttributes")) + } + if s.TransactionData == nil { + invalidParams.Add(request.NewErrParamRequired("TransactionData")) + } + if s.TransactionData != nil && len(*s.TransactionData) < 2 { + invalidParams.Add(request.NewErrParamMinLen("TransactionData", 2)) + } + if s.AuthResponseAttributes != nil { + if err := s.AuthResponseAttributes.Validate(); err != nil { + invalidParams.AddNested("AuthResponseAttributes", err.(request.ErrInvalidParams)) + } + } + if s.SessionKeyDerivationAttributes != nil { + if err := s.SessionKeyDerivationAttributes.Validate(); err != nil { + invalidParams.AddNested("SessionKeyDerivationAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAuthRequestCryptogram sets the AuthRequestCryptogram field's value. +func (s *VerifyAuthRequestCryptogramInput) SetAuthRequestCryptogram(v string) *VerifyAuthRequestCryptogramInput { + s.AuthRequestCryptogram = &v + return s +} + +// SetAuthResponseAttributes sets the AuthResponseAttributes field's value. +func (s *VerifyAuthRequestCryptogramInput) SetAuthResponseAttributes(v *CryptogramAuthResponse) *VerifyAuthRequestCryptogramInput { + s.AuthResponseAttributes = v + return s +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *VerifyAuthRequestCryptogramInput) SetKeyIdentifier(v string) *VerifyAuthRequestCryptogramInput { + s.KeyIdentifier = &v + return s +} + +// SetMajorKeyDerivationMode sets the MajorKeyDerivationMode field's value. +func (s *VerifyAuthRequestCryptogramInput) SetMajorKeyDerivationMode(v string) *VerifyAuthRequestCryptogramInput { + s.MajorKeyDerivationMode = &v + return s +} + +// SetSessionKeyDerivationAttributes sets the SessionKeyDerivationAttributes field's value. +func (s *VerifyAuthRequestCryptogramInput) SetSessionKeyDerivationAttributes(v *SessionKeyDerivation) *VerifyAuthRequestCryptogramInput { + s.SessionKeyDerivationAttributes = v + return s +} + +// SetTransactionData sets the TransactionData field's value. +func (s *VerifyAuthRequestCryptogramInput) SetTransactionData(v string) *VerifyAuthRequestCryptogramInput { + s.TransactionData = &v + return s +} + +type VerifyAuthRequestCryptogramOutput struct { + _ struct{} `type:"structure"` + + // The result for ARQC verification or ARPC generation within Amazon Web Services + // Payment Cryptography. + AuthResponseValue *string `min:"1" type:"string"` + + // The keyARN of the major encryption key that Amazon Web Services Payment Cryptography + // uses for ARQC verification. + // + // KeyArn is a required field + KeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // KeyCheckValue is a required field + KeyCheckValue *string `min:"4" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyAuthRequestCryptogramOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyAuthRequestCryptogramOutput) GoString() string { + return s.String() +} + +// SetAuthResponseValue sets the AuthResponseValue field's value. +func (s *VerifyAuthRequestCryptogramOutput) SetAuthResponseValue(v string) *VerifyAuthRequestCryptogramOutput { + s.AuthResponseValue = &v + return s +} + +// SetKeyArn sets the KeyArn field's value. +func (s *VerifyAuthRequestCryptogramOutput) SetKeyArn(v string) *VerifyAuthRequestCryptogramOutput { + s.KeyArn = &v + return s +} + +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *VerifyAuthRequestCryptogramOutput) SetKeyCheckValue(v string) *VerifyAuthRequestCryptogramOutput { + s.KeyCheckValue = &v + return s +} + +type VerifyCardValidationDataInput struct { + _ struct{} `type:"structure"` + + // The keyARN of the CVK encryption key that Amazon Web Services Payment Cryptography + // uses to verify card data. + // + // KeyIdentifier is a required field + KeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The Primary Account Number (PAN), a unique identifier for a payment credit + // or debit card that associates the card with a specific account holder. + // + // PrimaryAccountNumber is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by VerifyCardValidationDataInput's + // String and GoString methods. + // + // PrimaryAccountNumber is a required field + PrimaryAccountNumber *string `min:"12" type:"string" required:"true" sensitive:"true"` + + // The CVV or CSC value for use for card data verification within Amazon Web + // Services Payment Cryptography. + // + // ValidationData is a required field + ValidationData *string `min:"3" type:"string" required:"true"` + + // The algorithm to use for verification of card data within Amazon Web Services + // Payment Cryptography. + // + // VerificationAttributes is a required field + VerificationAttributes *CardVerificationAttributes `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyCardValidationDataInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyCardValidationDataInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifyCardValidationDataInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifyCardValidationDataInput"} + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + if s.PrimaryAccountNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryAccountNumber")) + } + if s.PrimaryAccountNumber != nil && len(*s.PrimaryAccountNumber) < 12 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryAccountNumber", 12)) + } + if s.ValidationData == nil { + invalidParams.Add(request.NewErrParamRequired("ValidationData")) + } + if s.ValidationData != nil && len(*s.ValidationData) < 3 { + invalidParams.Add(request.NewErrParamMinLen("ValidationData", 3)) + } + if s.VerificationAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("VerificationAttributes")) + } + if s.VerificationAttributes != nil { + if err := s.VerificationAttributes.Validate(); err != nil { + invalidParams.AddNested("VerificationAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *VerifyCardValidationDataInput) SetKeyIdentifier(v string) *VerifyCardValidationDataInput { + s.KeyIdentifier = &v + return s +} + +// SetPrimaryAccountNumber sets the PrimaryAccountNumber field's value. +func (s *VerifyCardValidationDataInput) SetPrimaryAccountNumber(v string) *VerifyCardValidationDataInput { + s.PrimaryAccountNumber = &v + return s +} + +// SetValidationData sets the ValidationData field's value. +func (s *VerifyCardValidationDataInput) SetValidationData(v string) *VerifyCardValidationDataInput { + s.ValidationData = &v + return s +} + +// SetVerificationAttributes sets the VerificationAttributes field's value. +func (s *VerifyCardValidationDataInput) SetVerificationAttributes(v *CardVerificationAttributes) *VerifyCardValidationDataInput { + s.VerificationAttributes = v + return s +} + +type VerifyCardValidationDataOutput struct { + _ struct{} `type:"structure"` + + // The keyARN of the CVK encryption key that Amazon Web Services Payment Cryptography + // uses to verify CVV or CSC. + // + // KeyArn is a required field + KeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // KeyCheckValue is a required field + KeyCheckValue *string `min:"4" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyCardValidationDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyCardValidationDataOutput) GoString() string { + return s.String() +} + +// SetKeyArn sets the KeyArn field's value. +func (s *VerifyCardValidationDataOutput) SetKeyArn(v string) *VerifyCardValidationDataOutput { + s.KeyArn = &v + return s +} + +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *VerifyCardValidationDataOutput) SetKeyCheckValue(v string) *VerifyCardValidationDataOutput { + s.KeyCheckValue = &v + return s +} + +type VerifyMacInput struct { + _ struct{} `type:"structure"` + + // The keyARN of the encryption key that Amazon Web Services Payment Cryptography + // uses to verify MAC data. + // + // KeyIdentifier is a required field + KeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The MAC being verified. + // + // Mac is a required field + Mac *string `min:"4" type:"string" required:"true"` + + // The length of the MAC. + MacLength *int64 `min:"4" type:"integer"` + + // The data on for which MAC is under verification. + // + // MessageData is a required field + MessageData *string `min:"2" type:"string" required:"true"` + + // The attributes and data values to use for MAC verification within Amazon + // Web Services Payment Cryptography. + // + // VerificationAttributes is a required field + VerificationAttributes *MacAttributes `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyMacInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyMacInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifyMacInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifyMacInput"} + if s.KeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("KeyIdentifier")) + } + if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7)) + } + if s.Mac == nil { + invalidParams.Add(request.NewErrParamRequired("Mac")) + } + if s.Mac != nil && len(*s.Mac) < 4 { + invalidParams.Add(request.NewErrParamMinLen("Mac", 4)) + } + if s.MacLength != nil && *s.MacLength < 4 { + invalidParams.Add(request.NewErrParamMinValue("MacLength", 4)) + } + if s.MessageData == nil { + invalidParams.Add(request.NewErrParamRequired("MessageData")) + } + if s.MessageData != nil && len(*s.MessageData) < 2 { + invalidParams.Add(request.NewErrParamMinLen("MessageData", 2)) + } + if s.VerificationAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("VerificationAttributes")) + } + if s.VerificationAttributes != nil { + if err := s.VerificationAttributes.Validate(); err != nil { + invalidParams.AddNested("VerificationAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyIdentifier sets the KeyIdentifier field's value. +func (s *VerifyMacInput) SetKeyIdentifier(v string) *VerifyMacInput { + s.KeyIdentifier = &v + return s +} + +// SetMac sets the Mac field's value. +func (s *VerifyMacInput) SetMac(v string) *VerifyMacInput { + s.Mac = &v + return s +} + +// SetMacLength sets the MacLength field's value. +func (s *VerifyMacInput) SetMacLength(v int64) *VerifyMacInput { + s.MacLength = &v + return s +} + +// SetMessageData sets the MessageData field's value. +func (s *VerifyMacInput) SetMessageData(v string) *VerifyMacInput { + s.MessageData = &v + return s +} + +// SetVerificationAttributes sets the VerificationAttributes field's value. +func (s *VerifyMacInput) SetVerificationAttributes(v *MacAttributes) *VerifyMacInput { + s.VerificationAttributes = v + return s +} + +type VerifyMacOutput struct { + _ struct{} `type:"structure"` + + // The keyARN of the encryption key that Amazon Web Services Payment Cryptography + // uses for MAC verification. + // + // KeyArn is a required field + KeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // KeyCheckValue is a required field + KeyCheckValue *string `min:"4" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyMacOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyMacOutput) GoString() string { + return s.String() +} + +// SetKeyArn sets the KeyArn field's value. +func (s *VerifyMacOutput) SetKeyArn(v string) *VerifyMacOutput { + s.KeyArn = &v + return s +} + +// SetKeyCheckValue sets the KeyCheckValue field's value. +func (s *VerifyMacOutput) SetKeyCheckValue(v string) *VerifyMacOutput { + s.KeyCheckValue = &v + return s +} + +type VerifyPinDataInput struct { + _ struct{} `type:"structure"` + + // The attributes and values for the DUKPT encrypted PIN block data. + DukptAttributes *DukptAttributes `type:"structure"` + + // The encrypted PIN block data that Amazon Web Services Payment Cryptography + // verifies. + // + // EncryptedPinBlock is a required field + EncryptedPinBlock *string `min:"16" type:"string" required:"true"` + + // The keyARN of the encryption key under which the PIN block data is encrypted. + // This key type can be PEK or BDK. + // + // EncryptionKeyIdentifier is a required field + EncryptionKeyIdentifier *string `min:"7" type:"string" required:"true"` + + // The PIN encoding format for pin data generation as specified in ISO 9564. + // Amazon Web Services Payment Cryptography supports ISO_Format_0 and ISO_Format_3. + // + // The ISO_Format_0 PIN block format is equivalent to the ANSI X9.8, VISA-1, + // and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. + // It supports a PIN from 4 to 12 digits in length. + // + // The ISO_Format_3 PIN block format is the same as ISO_Format_0 except that + // the fill digits are random values from 10 to 15. + // + // PinBlockFormat is a required field + PinBlockFormat *string `type:"string" required:"true" enum:"PinBlockFormatForPinData"` + + // The length of PIN being verified. + PinDataLength *int64 `min:"4" type:"integer"` + + // The Primary Account Number (PAN), a unique identifier for a payment credit + // or debit card that associates the card with a specific account holder. + // + // PrimaryAccountNumber is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by VerifyPinDataInput's + // String and GoString methods. + // + // PrimaryAccountNumber is a required field + PrimaryAccountNumber *string `min:"12" type:"string" required:"true" sensitive:"true"` + + // The attributes and values for PIN data verification. + // + // VerificationAttributes is a required field + VerificationAttributes *PinVerificationAttributes `type:"structure" required:"true"` + + // The keyARN of the PIN verification key. + // + // VerificationKeyIdentifier is a required field + VerificationKeyIdentifier *string `min:"7" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyPinDataInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyPinDataInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VerifyPinDataInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VerifyPinDataInput"} + if s.EncryptedPinBlock == nil { + invalidParams.Add(request.NewErrParamRequired("EncryptedPinBlock")) + } + if s.EncryptedPinBlock != nil && len(*s.EncryptedPinBlock) < 16 { + invalidParams.Add(request.NewErrParamMinLen("EncryptedPinBlock", 16)) + } + if s.EncryptionKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("EncryptionKeyIdentifier")) + } + if s.EncryptionKeyIdentifier != nil && len(*s.EncryptionKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("EncryptionKeyIdentifier", 7)) + } + if s.PinBlockFormat == nil { + invalidParams.Add(request.NewErrParamRequired("PinBlockFormat")) + } + if s.PinDataLength != nil && *s.PinDataLength < 4 { + invalidParams.Add(request.NewErrParamMinValue("PinDataLength", 4)) + } + if s.PrimaryAccountNumber == nil { + invalidParams.Add(request.NewErrParamRequired("PrimaryAccountNumber")) + } + if s.PrimaryAccountNumber != nil && len(*s.PrimaryAccountNumber) < 12 { + invalidParams.Add(request.NewErrParamMinLen("PrimaryAccountNumber", 12)) + } + if s.VerificationAttributes == nil { + invalidParams.Add(request.NewErrParamRequired("VerificationAttributes")) + } + if s.VerificationKeyIdentifier == nil { + invalidParams.Add(request.NewErrParamRequired("VerificationKeyIdentifier")) + } + if s.VerificationKeyIdentifier != nil && len(*s.VerificationKeyIdentifier) < 7 { + invalidParams.Add(request.NewErrParamMinLen("VerificationKeyIdentifier", 7)) + } + if s.DukptAttributes != nil { + if err := s.DukptAttributes.Validate(); err != nil { + invalidParams.AddNested("DukptAttributes", err.(request.ErrInvalidParams)) + } + } + if s.VerificationAttributes != nil { + if err := s.VerificationAttributes.Validate(); err != nil { + invalidParams.AddNested("VerificationAttributes", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDukptAttributes sets the DukptAttributes field's value. +func (s *VerifyPinDataInput) SetDukptAttributes(v *DukptAttributes) *VerifyPinDataInput { + s.DukptAttributes = v + return s +} + +// SetEncryptedPinBlock sets the EncryptedPinBlock field's value. +func (s *VerifyPinDataInput) SetEncryptedPinBlock(v string) *VerifyPinDataInput { + s.EncryptedPinBlock = &v + return s +} + +// SetEncryptionKeyIdentifier sets the EncryptionKeyIdentifier field's value. +func (s *VerifyPinDataInput) SetEncryptionKeyIdentifier(v string) *VerifyPinDataInput { + s.EncryptionKeyIdentifier = &v + return s +} + +// SetPinBlockFormat sets the PinBlockFormat field's value. +func (s *VerifyPinDataInput) SetPinBlockFormat(v string) *VerifyPinDataInput { + s.PinBlockFormat = &v + return s +} + +// SetPinDataLength sets the PinDataLength field's value. +func (s *VerifyPinDataInput) SetPinDataLength(v int64) *VerifyPinDataInput { + s.PinDataLength = &v + return s +} + +// SetPrimaryAccountNumber sets the PrimaryAccountNumber field's value. +func (s *VerifyPinDataInput) SetPrimaryAccountNumber(v string) *VerifyPinDataInput { + s.PrimaryAccountNumber = &v + return s +} + +// SetVerificationAttributes sets the VerificationAttributes field's value. +func (s *VerifyPinDataInput) SetVerificationAttributes(v *PinVerificationAttributes) *VerifyPinDataInput { + s.VerificationAttributes = v + return s +} + +// SetVerificationKeyIdentifier sets the VerificationKeyIdentifier field's value. +func (s *VerifyPinDataInput) SetVerificationKeyIdentifier(v string) *VerifyPinDataInput { + s.VerificationKeyIdentifier = &v + return s +} + +type VerifyPinDataOutput struct { + _ struct{} `type:"structure"` + + // The keyARN of the PEK that Amazon Web Services Payment Cryptography uses + // for encrypted pin block generation. + // + // EncryptionKeyArn is a required field + EncryptionKeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // EncryptionKeyCheckValue is a required field + EncryptionKeyCheckValue *string `min:"4" type:"string" required:"true"` + + // The keyARN of the PIN encryption key that Amazon Web Services Payment Cryptography + // uses for PIN or PIN Offset verification. + // + // VerificationKeyArn is a required field + VerificationKeyArn *string `min:"70" type:"string" required:"true"` + + // The key check value (KCV) of the encryption key. The KCV is used to check + // if all parties holding a given key have the same key or to detect that a + // key has changed. Amazon Web Services Payment Cryptography calculates the + // KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or + // "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex + // digits, of the resulting cryptogram. + // + // VerificationKeyCheckValue is a required field + VerificationKeyCheckValue *string `min:"4" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyPinDataOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VerifyPinDataOutput) GoString() string { + return s.String() +} + +// SetEncryptionKeyArn sets the EncryptionKeyArn field's value. +func (s *VerifyPinDataOutput) SetEncryptionKeyArn(v string) *VerifyPinDataOutput { + s.EncryptionKeyArn = &v + return s +} + +// SetEncryptionKeyCheckValue sets the EncryptionKeyCheckValue field's value. +func (s *VerifyPinDataOutput) SetEncryptionKeyCheckValue(v string) *VerifyPinDataOutput { + s.EncryptionKeyCheckValue = &v + return s +} + +// SetVerificationKeyArn sets the VerificationKeyArn field's value. +func (s *VerifyPinDataOutput) SetVerificationKeyArn(v string) *VerifyPinDataOutput { + s.VerificationKeyArn = &v + return s +} + +// SetVerificationKeyCheckValue sets the VerificationKeyCheckValue field's value. +func (s *VerifyPinDataOutput) SetVerificationKeyCheckValue(v string) *VerifyPinDataOutput { + s.VerificationKeyCheckValue = &v + return s +} + +// Parameters that are required to generate or verify Visa PIN. +type VisaPin struct { + _ struct{} `type:"structure"` + + // The value for PIN verification index. It is used in the Visa PIN algorithm + // to calculate the PVV (PIN Verification Value). + // + // PinVerificationKeyIndex is a required field + PinVerificationKeyIndex *int64 `type:"integer" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VisaPin) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VisaPin) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VisaPin) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VisaPin"} + if s.PinVerificationKeyIndex == nil { + invalidParams.Add(request.NewErrParamRequired("PinVerificationKeyIndex")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPinVerificationKeyIndex sets the PinVerificationKeyIndex field's value. +func (s *VisaPin) SetPinVerificationKeyIndex(v int64) *VisaPin { + s.PinVerificationKeyIndex = &v + return s +} + +// Parameters that are required to generate or verify Visa PIN. +type VisaPinVerification struct { + _ struct{} `type:"structure"` + + // The value for PIN verification index. It is used in the Visa PIN algorithm + // to calculate the PVV (PIN Verification Value). + // + // PinVerificationKeyIndex is a required field + PinVerificationKeyIndex *int64 `type:"integer" required:"true"` + + // Parameters that are required to generate or verify Visa PVV (PIN Verification + // Value). + // + // VerificationValue is a required field + VerificationValue *string `min:"4" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VisaPinVerification) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VisaPinVerification) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VisaPinVerification) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VisaPinVerification"} + if s.PinVerificationKeyIndex == nil { + invalidParams.Add(request.NewErrParamRequired("PinVerificationKeyIndex")) + } + if s.VerificationValue == nil { + invalidParams.Add(request.NewErrParamRequired("VerificationValue")) + } + if s.VerificationValue != nil && len(*s.VerificationValue) < 4 { + invalidParams.Add(request.NewErrParamMinLen("VerificationValue", 4)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetPinVerificationKeyIndex sets the PinVerificationKeyIndex field's value. +func (s *VisaPinVerification) SetPinVerificationKeyIndex(v int64) *VisaPinVerification { + s.PinVerificationKeyIndex = &v + return s +} + +// SetVerificationValue sets the VerificationValue field's value. +func (s *VisaPinVerification) SetVerificationValue(v string) *VisaPinVerification { + s.VerificationValue = &v + return s +} + +// Parameters that are required to generate or verify Visa PVV (PIN Verification +// Value). +type VisaPinVerificationValue struct { + _ struct{} `type:"structure"` + + // The encrypted PIN block data to verify. + // + // EncryptedPinBlock is a required field + EncryptedPinBlock *string `min:"16" type:"string" required:"true"` + + // The value for PIN verification index. It is used in the Visa PIN algorithm + // to calculate the PVV (PIN Verification Value). + // + // PinVerificationKeyIndex is a required field + PinVerificationKeyIndex *int64 `type:"integer" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VisaPinVerificationValue) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s VisaPinVerificationValue) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VisaPinVerificationValue) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VisaPinVerificationValue"} + if s.EncryptedPinBlock == nil { + invalidParams.Add(request.NewErrParamRequired("EncryptedPinBlock")) + } + if s.EncryptedPinBlock != nil && len(*s.EncryptedPinBlock) < 16 { + invalidParams.Add(request.NewErrParamMinLen("EncryptedPinBlock", 16)) + } + if s.PinVerificationKeyIndex == nil { + invalidParams.Add(request.NewErrParamRequired("PinVerificationKeyIndex")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEncryptedPinBlock sets the EncryptedPinBlock field's value. +func (s *VisaPinVerificationValue) SetEncryptedPinBlock(v string) *VisaPinVerificationValue { + s.EncryptedPinBlock = &v + return s +} + +// SetPinVerificationKeyIndex sets the PinVerificationKeyIndex field's value. +func (s *VisaPinVerificationValue) SetPinVerificationKeyIndex(v int64) *VisaPinVerificationValue { + s.PinVerificationKeyIndex = &v + return s +} + +const ( + // DukptDerivationTypeTdes2key is a DukptDerivationType enum value + DukptDerivationTypeTdes2key = "TDES_2KEY" + + // DukptDerivationTypeTdes3key is a DukptDerivationType enum value + DukptDerivationTypeTdes3key = "TDES_3KEY" + + // DukptDerivationTypeAes128 is a DukptDerivationType enum value + DukptDerivationTypeAes128 = "AES_128" + + // DukptDerivationTypeAes192 is a DukptDerivationType enum value + DukptDerivationTypeAes192 = "AES_192" + + // DukptDerivationTypeAes256 is a DukptDerivationType enum value + DukptDerivationTypeAes256 = "AES_256" +) + +// DukptDerivationType_Values returns all elements of the DukptDerivationType enum +func DukptDerivationType_Values() []string { + return []string{ + DukptDerivationTypeTdes2key, + DukptDerivationTypeTdes3key, + DukptDerivationTypeAes128, + DukptDerivationTypeAes192, + DukptDerivationTypeAes256, + } +} + +const ( + // DukptEncryptionModeEcb is a DukptEncryptionMode enum value + DukptEncryptionModeEcb = "ECB" + + // DukptEncryptionModeCbc is a DukptEncryptionMode enum value + DukptEncryptionModeCbc = "CBC" +) + +// DukptEncryptionMode_Values returns all elements of the DukptEncryptionMode enum +func DukptEncryptionMode_Values() []string { + return []string{ + DukptEncryptionModeEcb, + DukptEncryptionModeCbc, + } +} + +const ( + // DukptKeyVariantBidirectional is a DukptKeyVariant enum value + DukptKeyVariantBidirectional = "BIDIRECTIONAL" + + // DukptKeyVariantRequest is a DukptKeyVariant enum value + DukptKeyVariantRequest = "REQUEST" + + // DukptKeyVariantResponse is a DukptKeyVariant enum value + DukptKeyVariantResponse = "RESPONSE" +) + +// DukptKeyVariant_Values returns all elements of the DukptKeyVariant enum +func DukptKeyVariant_Values() []string { + return []string{ + DukptKeyVariantBidirectional, + DukptKeyVariantRequest, + DukptKeyVariantResponse, + } +} + +const ( + // EncryptionModeEcb is a EncryptionMode enum value + EncryptionModeEcb = "ECB" + + // EncryptionModeCbc is a EncryptionMode enum value + EncryptionModeCbc = "CBC" + + // EncryptionModeCfb is a EncryptionMode enum value + EncryptionModeCfb = "CFB" + + // EncryptionModeCfb1 is a EncryptionMode enum value + EncryptionModeCfb1 = "CFB1" + + // EncryptionModeCfb8 is a EncryptionMode enum value + EncryptionModeCfb8 = "CFB8" + + // EncryptionModeCfb64 is a EncryptionMode enum value + EncryptionModeCfb64 = "CFB64" + + // EncryptionModeCfb128 is a EncryptionMode enum value + EncryptionModeCfb128 = "CFB128" + + // EncryptionModeOfb is a EncryptionMode enum value + EncryptionModeOfb = "OFB" +) + +// EncryptionMode_Values returns all elements of the EncryptionMode enum +func EncryptionMode_Values() []string { + return []string{ + EncryptionModeEcb, + EncryptionModeCbc, + EncryptionModeCfb, + EncryptionModeCfb1, + EncryptionModeCfb8, + EncryptionModeCfb64, + EncryptionModeCfb128, + EncryptionModeOfb, + } +} + +const ( + // MacAlgorithmIso9797Algorithm1 is a MacAlgorithm enum value + MacAlgorithmIso9797Algorithm1 = "ISO9797_ALGORITHM1" + + // MacAlgorithmIso9797Algorithm3 is a MacAlgorithm enum value + MacAlgorithmIso9797Algorithm3 = "ISO9797_ALGORITHM3" + + // MacAlgorithmCmac is a MacAlgorithm enum value + MacAlgorithmCmac = "CMAC" + + // MacAlgorithmHmacSha224 is a MacAlgorithm enum value + MacAlgorithmHmacSha224 = "HMAC_SHA224" + + // MacAlgorithmHmacSha256 is a MacAlgorithm enum value + MacAlgorithmHmacSha256 = "HMAC_SHA256" + + // MacAlgorithmHmacSha384 is a MacAlgorithm enum value + MacAlgorithmHmacSha384 = "HMAC_SHA384" + + // MacAlgorithmHmacSha512 is a MacAlgorithm enum value + MacAlgorithmHmacSha512 = "HMAC_SHA512" +) + +// MacAlgorithm_Values returns all elements of the MacAlgorithm enum +func MacAlgorithm_Values() []string { + return []string{ + MacAlgorithmIso9797Algorithm1, + MacAlgorithmIso9797Algorithm3, + MacAlgorithmCmac, + MacAlgorithmHmacSha224, + MacAlgorithmHmacSha256, + MacAlgorithmHmacSha384, + MacAlgorithmHmacSha512, + } +} + +const ( + // MajorKeyDerivationModeEmvOptionA is a MajorKeyDerivationMode enum value + MajorKeyDerivationModeEmvOptionA = "EMV_OPTION_A" + + // MajorKeyDerivationModeEmvOptionB is a MajorKeyDerivationMode enum value + MajorKeyDerivationModeEmvOptionB = "EMV_OPTION_B" +) + +// MajorKeyDerivationMode_Values returns all elements of the MajorKeyDerivationMode enum +func MajorKeyDerivationMode_Values() []string { + return []string{ + MajorKeyDerivationModeEmvOptionA, + MajorKeyDerivationModeEmvOptionB, + } +} + +const ( + // PaddingTypePkcs1 is a PaddingType enum value + PaddingTypePkcs1 = "PKCS1" + + // PaddingTypeOaepSha1 is a PaddingType enum value + PaddingTypeOaepSha1 = "OAEP_SHA1" + + // PaddingTypeOaepSha256 is a PaddingType enum value + PaddingTypeOaepSha256 = "OAEP_SHA256" + + // PaddingTypeOaepSha512 is a PaddingType enum value + PaddingTypeOaepSha512 = "OAEP_SHA512" +) + +// PaddingType_Values returns all elements of the PaddingType enum +func PaddingType_Values() []string { + return []string{ + PaddingTypePkcs1, + PaddingTypeOaepSha1, + PaddingTypeOaepSha256, + PaddingTypeOaepSha512, + } +} + +const ( + // PinBlockFormatForPinDataIsoFormat0 is a PinBlockFormatForPinData enum value + PinBlockFormatForPinDataIsoFormat0 = "ISO_FORMAT_0" + + // PinBlockFormatForPinDataIsoFormat3 is a PinBlockFormatForPinData enum value + PinBlockFormatForPinDataIsoFormat3 = "ISO_FORMAT_3" +) + +// PinBlockFormatForPinData_Values returns all elements of the PinBlockFormatForPinData enum +func PinBlockFormatForPinData_Values() []string { + return []string{ + PinBlockFormatForPinDataIsoFormat0, + PinBlockFormatForPinDataIsoFormat3, + } +} + +const ( + // SessionKeyDerivationModeEmvCommonSessionKey is a SessionKeyDerivationMode enum value + SessionKeyDerivationModeEmvCommonSessionKey = "EMV_COMMON_SESSION_KEY" + + // SessionKeyDerivationModeEmv2000 is a SessionKeyDerivationMode enum value + SessionKeyDerivationModeEmv2000 = "EMV2000" + + // SessionKeyDerivationModeAmex is a SessionKeyDerivationMode enum value + SessionKeyDerivationModeAmex = "AMEX" + + // SessionKeyDerivationModeMastercardSessionKey is a SessionKeyDerivationMode enum value + SessionKeyDerivationModeMastercardSessionKey = "MASTERCARD_SESSION_KEY" + + // SessionKeyDerivationModeVisa is a SessionKeyDerivationMode enum value + SessionKeyDerivationModeVisa = "VISA" +) + +// SessionKeyDerivationMode_Values returns all elements of the SessionKeyDerivationMode enum +func SessionKeyDerivationMode_Values() []string { + return []string{ + SessionKeyDerivationModeEmvCommonSessionKey, + SessionKeyDerivationModeEmv2000, + SessionKeyDerivationModeAmex, + SessionKeyDerivationModeMastercardSessionKey, + SessionKeyDerivationModeVisa, + } +} + +const ( + // VerificationFailedReasonInvalidMac is a VerificationFailedReason enum value + VerificationFailedReasonInvalidMac = "INVALID_MAC" + + // VerificationFailedReasonInvalidPin is a VerificationFailedReason enum value + VerificationFailedReasonInvalidPin = "INVALID_PIN" + + // VerificationFailedReasonInvalidValidationData is a VerificationFailedReason enum value + VerificationFailedReasonInvalidValidationData = "INVALID_VALIDATION_DATA" + + // VerificationFailedReasonInvalidAuthRequestCryptogram is a VerificationFailedReason enum value + VerificationFailedReasonInvalidAuthRequestCryptogram = "INVALID_AUTH_REQUEST_CRYPTOGRAM" +) + +// VerificationFailedReason_Values returns all elements of the VerificationFailedReason enum +func VerificationFailedReason_Values() []string { + return []string{ + VerificationFailedReasonInvalidMac, + VerificationFailedReasonInvalidPin, + VerificationFailedReasonInvalidValidationData, + VerificationFailedReasonInvalidAuthRequestCryptogram, + } +} diff --git a/service/paymentcryptographydata/doc.go b/service/paymentcryptographydata/doc.go new file mode 100644 index 00000000000..1867979efcc --- /dev/null +++ b/service/paymentcryptographydata/doc.go @@ -0,0 +1,39 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package paymentcryptographydata provides the client and types for making API +// requests to Payment Cryptography Data Plane. +// +// You use the Amazon Web Services Payment Cryptography Data Plane to manage +// how encryption keys are used for payment-related transaction processing and +// associated cryptographic operations. You can encrypt, decrypt, generate, +// verify, and translate payment-related cryptographic operations in Amazon +// Web Services Payment Cryptography. For more information, see Data operations +// (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/data-operations.html) +// in the Amazon Web Services Payment Cryptography User Guide. +// +// To manage your encryption keys, you use the Amazon Web Services Payment Cryptography +// Control Plane (https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/Welcome.html). +// You can create, import, export, share, manage, and delete keys. You can also +// manage Identity and Access Management (IAM) policies for keys. +// +// See https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03 for more information on this service. +// +// See paymentcryptographydata package documentation for more information. +// https://docs.aws.amazon.com/sdk-for-go/api/service/paymentcryptographydata/ +// +// # Using the Client +// +// To contact Payment Cryptography Data Plane with the SDK use the New function to create +// a new service client. With that client you can make API requests to the service. +// These clients are safe to use concurrently. +// +// See the SDK's documentation for more information on how to use the SDK. +// https://docs.aws.amazon.com/sdk-for-go/api/ +// +// See aws.Config documentation for more information on configuring SDK clients. +// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config +// +// See the Payment Cryptography Data Plane client PaymentCryptographyData for more +// information on creating client for this service. +// https://docs.aws.amazon.com/sdk-for-go/api/service/paymentcryptographydata/#New +package paymentcryptographydata diff --git a/service/paymentcryptographydata/errors.go b/service/paymentcryptographydata/errors.go new file mode 100644 index 00000000000..d764929e73f --- /dev/null +++ b/service/paymentcryptographydata/errors.go @@ -0,0 +1,56 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package paymentcryptographydata + +import ( + "github.com/aws/aws-sdk-go/private/protocol" +) + +const ( + + // ErrCodeAccessDeniedException for service response error code + // "AccessDeniedException". + // + // You do not have sufficient access to perform this action. + ErrCodeAccessDeniedException = "AccessDeniedException" + + // ErrCodeInternalServerException for service response error code + // "InternalServerException". + // + // The request processing has failed because of an unknown error, exception, + // or failure. + ErrCodeInternalServerException = "InternalServerException" + + // ErrCodeResourceNotFoundException for service response error code + // "ResourceNotFoundException". + // + // The request was denied due to an invalid resource error. + ErrCodeResourceNotFoundException = "ResourceNotFoundException" + + // ErrCodeThrottlingException for service response error code + // "ThrottlingException". + // + // The request was denied due to request throttling. + ErrCodeThrottlingException = "ThrottlingException" + + // ErrCodeValidationException for service response error code + // "ValidationException". + // + // The request was denied due to an invalid request error. + ErrCodeValidationException = "ValidationException" + + // ErrCodeVerificationFailedException for service response error code + // "VerificationFailedException". + // + // This request failed verification. + ErrCodeVerificationFailedException = "VerificationFailedException" +) + +var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "AccessDeniedException": newErrorAccessDeniedException, + "InternalServerException": newErrorInternalServerException, + "ResourceNotFoundException": newErrorResourceNotFoundException, + "ThrottlingException": newErrorThrottlingException, + "ValidationException": newErrorValidationException, + "VerificationFailedException": newErrorVerificationFailedException, +} diff --git a/service/paymentcryptographydata/paymentcryptographydataiface/interface.go b/service/paymentcryptographydata/paymentcryptographydataiface/interface.go new file mode 100644 index 00000000000..ce0bd8a94e6 --- /dev/null +++ b/service/paymentcryptographydata/paymentcryptographydataiface/interface.go @@ -0,0 +1,108 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package paymentcryptographydataiface provides an interface to enable mocking the Payment Cryptography Data Plane service client +// for testing your code. +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. +package paymentcryptographydataiface + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/service/paymentcryptographydata" +) + +// PaymentCryptographyDataAPI provides an interface to enable mocking the +// paymentcryptographydata.PaymentCryptographyData service client's API operation, +// paginators, and waiters. This make unit testing your code that calls out +// to the SDK's service client's calls easier. +// +// The best way to use this interface is so the SDK's service client's calls +// can be stubbed out for unit testing your code with the SDK without needing +// to inject custom request handlers into the SDK's request pipeline. +// +// // myFunc uses an SDK service client to make a request to +// // Payment Cryptography Data Plane. +// func myFunc(svc paymentcryptographydataiface.PaymentCryptographyDataAPI) bool { +// // Make svc.DecryptData request +// } +// +// func main() { +// sess := session.New() +// svc := paymentcryptographydata.New(sess) +// +// myFunc(svc) +// } +// +// In your _test.go file: +// +// // Define a mock struct to be used in your unit tests of myFunc. +// type mockPaymentCryptographyDataClient struct { +// paymentcryptographydataiface.PaymentCryptographyDataAPI +// } +// func (m *mockPaymentCryptographyDataClient) DecryptData(input *paymentcryptographydata.DecryptDataInput) (*paymentcryptographydata.DecryptDataOutput, error) { +// // mock response/functionality +// } +// +// func TestMyFunc(t *testing.T) { +// // Setup Test +// mockSvc := &mockPaymentCryptographyDataClient{} +// +// myfunc(mockSvc) +// +// // Verify myFunc's functionality +// } +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. Its suggested to use the pattern above for testing, or using +// tooling to generate mocks to satisfy the interfaces. +type PaymentCryptographyDataAPI interface { + DecryptData(*paymentcryptographydata.DecryptDataInput) (*paymentcryptographydata.DecryptDataOutput, error) + DecryptDataWithContext(aws.Context, *paymentcryptographydata.DecryptDataInput, ...request.Option) (*paymentcryptographydata.DecryptDataOutput, error) + DecryptDataRequest(*paymentcryptographydata.DecryptDataInput) (*request.Request, *paymentcryptographydata.DecryptDataOutput) + + EncryptData(*paymentcryptographydata.EncryptDataInput) (*paymentcryptographydata.EncryptDataOutput, error) + EncryptDataWithContext(aws.Context, *paymentcryptographydata.EncryptDataInput, ...request.Option) (*paymentcryptographydata.EncryptDataOutput, error) + EncryptDataRequest(*paymentcryptographydata.EncryptDataInput) (*request.Request, *paymentcryptographydata.EncryptDataOutput) + + GenerateCardValidationData(*paymentcryptographydata.GenerateCardValidationDataInput) (*paymentcryptographydata.GenerateCardValidationDataOutput, error) + GenerateCardValidationDataWithContext(aws.Context, *paymentcryptographydata.GenerateCardValidationDataInput, ...request.Option) (*paymentcryptographydata.GenerateCardValidationDataOutput, error) + GenerateCardValidationDataRequest(*paymentcryptographydata.GenerateCardValidationDataInput) (*request.Request, *paymentcryptographydata.GenerateCardValidationDataOutput) + + GenerateMac(*paymentcryptographydata.GenerateMacInput) (*paymentcryptographydata.GenerateMacOutput, error) + GenerateMacWithContext(aws.Context, *paymentcryptographydata.GenerateMacInput, ...request.Option) (*paymentcryptographydata.GenerateMacOutput, error) + GenerateMacRequest(*paymentcryptographydata.GenerateMacInput) (*request.Request, *paymentcryptographydata.GenerateMacOutput) + + GeneratePinData(*paymentcryptographydata.GeneratePinDataInput) (*paymentcryptographydata.GeneratePinDataOutput, error) + GeneratePinDataWithContext(aws.Context, *paymentcryptographydata.GeneratePinDataInput, ...request.Option) (*paymentcryptographydata.GeneratePinDataOutput, error) + GeneratePinDataRequest(*paymentcryptographydata.GeneratePinDataInput) (*request.Request, *paymentcryptographydata.GeneratePinDataOutput) + + ReEncryptData(*paymentcryptographydata.ReEncryptDataInput) (*paymentcryptographydata.ReEncryptDataOutput, error) + ReEncryptDataWithContext(aws.Context, *paymentcryptographydata.ReEncryptDataInput, ...request.Option) (*paymentcryptographydata.ReEncryptDataOutput, error) + ReEncryptDataRequest(*paymentcryptographydata.ReEncryptDataInput) (*request.Request, *paymentcryptographydata.ReEncryptDataOutput) + + TranslatePinData(*paymentcryptographydata.TranslatePinDataInput) (*paymentcryptographydata.TranslatePinDataOutput, error) + TranslatePinDataWithContext(aws.Context, *paymentcryptographydata.TranslatePinDataInput, ...request.Option) (*paymentcryptographydata.TranslatePinDataOutput, error) + TranslatePinDataRequest(*paymentcryptographydata.TranslatePinDataInput) (*request.Request, *paymentcryptographydata.TranslatePinDataOutput) + + VerifyAuthRequestCryptogram(*paymentcryptographydata.VerifyAuthRequestCryptogramInput) (*paymentcryptographydata.VerifyAuthRequestCryptogramOutput, error) + VerifyAuthRequestCryptogramWithContext(aws.Context, *paymentcryptographydata.VerifyAuthRequestCryptogramInput, ...request.Option) (*paymentcryptographydata.VerifyAuthRequestCryptogramOutput, error) + VerifyAuthRequestCryptogramRequest(*paymentcryptographydata.VerifyAuthRequestCryptogramInput) (*request.Request, *paymentcryptographydata.VerifyAuthRequestCryptogramOutput) + + VerifyCardValidationData(*paymentcryptographydata.VerifyCardValidationDataInput) (*paymentcryptographydata.VerifyCardValidationDataOutput, error) + VerifyCardValidationDataWithContext(aws.Context, *paymentcryptographydata.VerifyCardValidationDataInput, ...request.Option) (*paymentcryptographydata.VerifyCardValidationDataOutput, error) + VerifyCardValidationDataRequest(*paymentcryptographydata.VerifyCardValidationDataInput) (*request.Request, *paymentcryptographydata.VerifyCardValidationDataOutput) + + VerifyMac(*paymentcryptographydata.VerifyMacInput) (*paymentcryptographydata.VerifyMacOutput, error) + VerifyMacWithContext(aws.Context, *paymentcryptographydata.VerifyMacInput, ...request.Option) (*paymentcryptographydata.VerifyMacOutput, error) + VerifyMacRequest(*paymentcryptographydata.VerifyMacInput) (*request.Request, *paymentcryptographydata.VerifyMacOutput) + + VerifyPinData(*paymentcryptographydata.VerifyPinDataInput) (*paymentcryptographydata.VerifyPinDataOutput, error) + VerifyPinDataWithContext(aws.Context, *paymentcryptographydata.VerifyPinDataInput, ...request.Option) (*paymentcryptographydata.VerifyPinDataOutput, error) + VerifyPinDataRequest(*paymentcryptographydata.VerifyPinDataInput) (*request.Request, *paymentcryptographydata.VerifyPinDataOutput) +} + +var _ PaymentCryptographyDataAPI = (*paymentcryptographydata.PaymentCryptographyData)(nil) diff --git a/service/paymentcryptographydata/service.go b/service/paymentcryptographydata/service.go new file mode 100644 index 00000000000..4ab748087df --- /dev/null +++ b/service/paymentcryptographydata/service.go @@ -0,0 +1,106 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package paymentcryptographydata + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/restjson" +) + +// PaymentCryptographyData provides the API operation methods for making requests to +// Payment Cryptography Data Plane. See this package's package overview docs +// for details on the service. +// +// PaymentCryptographyData methods are safe to use concurrently. It is not safe to +// modify mutate any of the struct's properties though. +type PaymentCryptographyData struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "Payment Cryptography Data" // Name of service. + EndpointsID = "dataplane.payment-cryptography" // ID to lookup a service endpoint with. + ServiceID = "Payment Cryptography Data" // ServiceID is a unique identifier of a specific service. +) + +// New creates a new instance of the PaymentCryptographyData client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// +// mySession := session.Must(session.NewSession()) +// +// // Create a PaymentCryptographyData client from just a session. +// svc := paymentcryptographydata.New(mySession) +// +// // Create a PaymentCryptographyData client with additional configuration +// svc := paymentcryptographydata.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *PaymentCryptographyData { + c := p.ClientConfig(EndpointsID, cfgs...) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = "payment-cryptography" + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *PaymentCryptographyData { + svc := &PaymentCryptographyData{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2022-02-03", + ResolvedRegion: resolvedRegion, + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(restjson.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed( + protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), + ) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a PaymentCryptographyData operation and runs any +// custom request initialization. +func (c *PaymentCryptographyData) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/service/servicecatalog/api.go b/service/servicecatalog/api.go index 9c57236dd8b..c56823dc663 100644 --- a/service/servicecatalog/api.go +++ b/service/servicecatalog/api.go @@ -9230,21 +9230,24 @@ type AssociatePrincipalWithPortfolioInput struct { // PortfolioId is a required field PortfolioId *string `min:"1" type:"string" required:"true"` - // The ARN of the principal (user, role, or group). The supported value is a - // fully defined IAM ARN (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns) - // if the PrincipalType is IAM. If the PrincipalType is IAM_PATTERN, the supported - // value is an IAM ARN without an AccountID in the following format: + // The ARN of the principal (user, role, or group). If the PrincipalType is + // IAM, the supported value is a fully defined IAM Amazon Resource Name (ARN) + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + // If the PrincipalType is IAM_PATTERN, the supported value is an IAM ARN without + // an AccountID in the following format: // // arn:partition:iam:::resource-type/resource-id // - // The resource-id can be either of the following: + // The ARN resource-id can be either: // - // * Fully formed, for example arn:aws:iam:::role/resource-name or arn:aws:iam:::role/resource-path/resource-name + // * A fully formed resource-id. For example, arn:aws:iam:::role/resource-name + // or arn:aws:iam:::role/resource-path/resource-name // // * A wildcard ARN. The wildcard ARN accepts IAM_PATTERN values with a "*" - // or "?" in the resource-id segment of the ARN, for example arn:partition:service:::resource-type/resource-path/resource-name. + // or "?" in the resource-id segment of the ARN. For example arn:partition:service:::resource-type/resource-path/resource-name. // The new symbols are exclusive to the resource-path and resource-name and - // cannot be used to replace the resource-type or other ARN values. + // cannot replace the resource-type or other ARN values. The ARN path and + // principal name allow unlimited wildcard characters. // // Examples of an acceptable wildcard ARN: // @@ -9259,29 +9262,25 @@ type AssociatePrincipalWithPortfolioInput struct { // You can associate multiple IAM_PATTERNs even if the account has no principal // with that name. // - // * The ARN path and principal name allow unlimited wildcard characters. + // The "?" wildcard character matches zero or one of any character. This is + // similar to ".?" in regular regex context. The "*" wildcard character matches + // any number of any characters. This is similar to ".*" in regular regex context. // - // * The "?" wildcard character matches zero or one of any character. This - // is similar to ".?" in regular regex context. + // In the IAM Principal ARN format (arn:partition:iam:::resource-type/resource-path/resource-name), + // valid resource-type values include user/, group/, or role/. The "?" and "*" + // characters are allowed only after the resource-type in the resource-id segment. + // You can use special characters anywhere within the resource-id. // - // * The "*" wildcard character matches any number of any characters. This - // is similar ".*" in regular regex context. - // - // * In the IAM Principal ARNs format (arn:partition:iam:::resource-type/resource-path/resource-name), - // valid resource-type values include user/, group/, or role/. The "?" and - // "*" are allowed only after the resource-type, in the resource-id segment. - // You can use special characters anywhere within the resource-id. - // - // * The "*" also matches the "/" character, allowing paths to be formed - // within the resource-id. For example, arn:aws:iam:::role/*/ResourceName_? - // matches both arn:aws:iam:::role/pathA/pathB/ResourceName_1 and arn:aws:iam:::role/pathA/ResourceName_1. + // The "*" character also matches the "/" character, allowing paths to be formed + // within the resource-id. For example, arn:aws:iam:::role/*/ResourceName_? + // matches both arn:aws:iam:::role/pathA/pathB/ResourceName_1 and arn:aws:iam:::role/pathA/ResourceName_1. // // PrincipalARN is a required field PrincipalARN *string `min:"1" type:"string" required:"true"` // The principal type. The supported value is IAM if you use a fully defined - // ARN, or IAM_PATTERN if you use an ARN with no accountID, with or without - // wildcard characters. + // Amazon Resource Name (ARN), or IAM_PATTERN if you use an ARN with no accountID, + // with or without wildcard characters. // // PrincipalType is a required field PrincipalType *string `type:"string" required:"true" enum:"PrincipalType"` @@ -13811,6 +13810,10 @@ type DescribeProvisioningArtifactInput struct { // * zh - Chinese AcceptLanguage *string `type:"string"` + // Indicates if the API call response does or does not include additional details + // about the provisioning parameters. + IncludeProvisioningArtifactParameters *bool `type:"boolean"` + // The product identifier. ProductId *string `min:"1" type:"string"` @@ -13867,6 +13870,12 @@ func (s *DescribeProvisioningArtifactInput) SetAcceptLanguage(v string) *Describ return s } +// SetIncludeProvisioningArtifactParameters sets the IncludeProvisioningArtifactParameters field's value. +func (s *DescribeProvisioningArtifactInput) SetIncludeProvisioningArtifactParameters(v bool) *DescribeProvisioningArtifactInput { + s.IncludeProvisioningArtifactParameters = &v + return s +} + // SetProductId sets the ProductId field's value. func (s *DescribeProvisioningArtifactInput) SetProductId(v string) *DescribeProvisioningArtifactInput { s.ProductId = &v @@ -13906,6 +13915,9 @@ type DescribeProvisioningArtifactOutput struct { // Information about the provisioning artifact. ProvisioningArtifactDetail *ProvisioningArtifactDetail `type:"structure"` + // Information about the parameters used to provision the product. + ProvisioningArtifactParameters []*ProvisioningArtifactParameter `type:"list"` + // The status of the current request. Status *string `type:"string" enum:"Status"` } @@ -13940,6 +13952,12 @@ func (s *DescribeProvisioningArtifactOutput) SetProvisioningArtifactDetail(v *Pr return s } +// SetProvisioningArtifactParameters sets the ProvisioningArtifactParameters field's value. +func (s *DescribeProvisioningArtifactOutput) SetProvisioningArtifactParameters(v []*ProvisioningArtifactParameter) *DescribeProvisioningArtifactOutput { + s.ProvisioningArtifactParameters = v + return s +} + // SetStatus sets the Status field's value. func (s *DescribeProvisioningArtifactOutput) SetStatus(v string) *DescribeProvisioningArtifactOutput { s.Status = &v diff --git a/service/timestreamwrite/api.go b/service/timestreamwrite/api.go index 68066f33a98..36687d6ed2f 100644 --- a/service/timestreamwrite/api.go +++ b/service/timestreamwrite/api.go @@ -86,9 +86,9 @@ func (c *TimestreamWrite) CreateBatchLoadTaskRequest(input *CreateBatchLoadTaskI // from a CSV source in an S3 location and writes to a Timestream table. A mapping // from source to target is defined in a batch load task. Errors and events // are written to a report at an S3 location. For the report, if the KMS key -// is not specified, the batch load task will be encrypted with a Timestream -// managed KMS key located in your account. For more information, see Amazon -// Web Services managed keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). +// is not specified, the report will be encrypted with an S3 managed key when +// SSE_S3 is the option. Otherwise an error is thrown. For more information, +// see Amazon Web Services managed keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // Service quotas apply (https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html). // For details, see code sample (https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.create-batch-load.html). // @@ -3373,6 +3373,9 @@ type CreateTableInput struct { // store and the magnetic store. RetentionProperties *RetentionProperties `type:"structure"` + // The schema of the table. + Schema *Schema `type:"structure"` + // The name of the Timestream table. // // TableName is a required field @@ -3419,6 +3422,11 @@ func (s *CreateTableInput) Validate() error { invalidParams.AddNested("RetentionProperties", err.(request.ErrInvalidParams)) } } + if s.Schema != nil { + if err := s.Schema.Validate(); err != nil { + invalidParams.AddNested("Schema", err.(request.ErrInvalidParams)) + } + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -3454,6 +3462,12 @@ func (s *CreateTableInput) SetRetentionProperties(v *RetentionProperties) *Creat return s } +// SetSchema sets the Schema field's value. +func (s *CreateTableInput) SetSchema(v *Schema) *CreateTableInput { + s.Schema = v + return s +} + // SetTableName sets the TableName field's value. func (s *CreateTableInput) SetTableName(v string) *CreateTableInput { s.TableName = &v @@ -5340,7 +5354,7 @@ type MeasureValue struct { // Type is a required field Type *string `type:"string" required:"true" enum:"MeasureValueType"` - // The value for the MeasureValue. + // The value for the MeasureValue. For information, see Data types (https://docs.aws.amazon.com/timestream/latest/developerguide/writes.html#writes.data-types). // // Value is a required field Value *string `min:"1" type:"string" required:"true"` @@ -5639,6 +5653,80 @@ func (s *MultiMeasureMappings) SetTargetMultiMeasureName(v string) *MultiMeasure return s } +// An attribute used in partitioning data in a table. A dimension key partitions +// data using the values of the dimension specified by the dimension-name as +// partition key, while a measure key partitions data using measure names (values +// of the 'measure_name' column). +type PartitionKey struct { + _ struct{} `type:"structure"` + + // The level of enforcement for the specification of a dimension key in ingested + // records. Options are REQUIRED (dimension key must be specified) and OPTIONAL + // (dimension key does not have to be specified). + EnforcementInRecord *string `type:"string" enum:"PartitionKeyEnforcementLevel"` + + // The name of the attribute used for a dimension key. + Name *string `min:"1" type:"string"` + + // The type of the partition key. Options are DIMENSION (dimension key) and + // MEASURE (measure key). + // + // Type is a required field + Type *string `type:"string" required:"true" enum:"PartitionKeyType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PartitionKey) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PartitionKey) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PartitionKey) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PartitionKey"} + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.Type == nil { + invalidParams.Add(request.NewErrParamRequired("Type")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEnforcementInRecord sets the EnforcementInRecord field's value. +func (s *PartitionKey) SetEnforcementInRecord(v string) *PartitionKey { + s.EnforcementInRecord = &v + return s +} + +// SetName sets the Name field's value. +func (s *PartitionKey) SetName(v string) *PartitionKey { + s.Name = &v + return s +} + +// SetType sets the Type field's value. +func (s *PartitionKey) SetType(v string) *PartitionKey { + s.Type = &v + return s +} + // Represents a time-series data point being written into Timestream. Each record // contains an array of dimensions. Dimensions represent the metadata attributes // of a time-series data point, such as the instance name or Availability Zone @@ -5669,7 +5757,7 @@ type Record struct { MeasureValue *string `min:"1" type:"string"` // Contains the data type of the measure value for the time-series data point. - // Default type is DOUBLE. + // Default type is DOUBLE. For more information, see Data types (https://docs.aws.amazon.com/timestream/latest/developerguide/writes.html#writes.data-types). MeasureValueType *string `type:"string" enum:"MeasureValueType"` // Contains the list of MeasureValue for time-series data points. @@ -6426,6 +6514,65 @@ func (s *S3Configuration) SetObjectKeyPrefix(v string) *S3Configuration { return s } +// A Schema specifies the expected data model of the table. +type Schema struct { + _ struct{} `type:"structure"` + + // A non-empty list of partition keys defining the attributes used to partition + // the table data. The order of the list determines the partition hierarchy. + // The name and type of each partition key as well as the partition key order + // cannot be changed after the table is created. However, the enforcement level + // of each partition key can be changed. + CompositePartitionKey []*PartitionKey `min:"1" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Schema) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Schema) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Schema) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Schema"} + if s.CompositePartitionKey != nil && len(s.CompositePartitionKey) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CompositePartitionKey", 1)) + } + if s.CompositePartitionKey != nil { + for i, v := range s.CompositePartitionKey { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "CompositePartitionKey", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCompositePartitionKey sets the CompositePartitionKey field's value. +func (s *Schema) SetCompositePartitionKey(v []*PartitionKey) *Schema { + s.CompositePartitionKey = v + return s +} + // The instance quota of resource exceeded for this account. type ServiceQuotaExceededException struct { _ struct{} `type:"structure"` @@ -6514,6 +6661,9 @@ type Table struct { // The retention duration for the memory store and magnetic store. RetentionProperties *RetentionProperties `type:"structure"` + // The schema of the table. + Schema *Schema `type:"structure"` + // The name of the Timestream table. TableName *string `type:"string"` @@ -6579,6 +6729,12 @@ func (s *Table) SetRetentionProperties(v *RetentionProperties) *Table { return s } +// SetSchema sets the Schema field's value. +func (s *Table) SetSchema(v *Schema) *Table { + s.Schema = v + return s +} + // SetTableName sets the TableName field's value. func (s *Table) SetTableName(v string) *Table { s.TableName = &v @@ -7028,6 +7184,9 @@ type UpdateTableInput struct { // The retention duration of the memory store and the magnetic store. RetentionProperties *RetentionProperties `type:"structure"` + // The schema of the table. + Schema *Schema `type:"structure"` + // The name of the Timestream table. // // TableName is a required field @@ -7071,6 +7230,11 @@ func (s *UpdateTableInput) Validate() error { invalidParams.AddNested("RetentionProperties", err.(request.ErrInvalidParams)) } } + if s.Schema != nil { + if err := s.Schema.Validate(); err != nil { + invalidParams.AddNested("Schema", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -7096,6 +7260,12 @@ func (s *UpdateTableInput) SetRetentionProperties(v *RetentionProperties) *Updat return s } +// SetSchema sets the Schema field's value. +func (s *UpdateTableInput) SetSchema(v *Schema) *UpdateTableInput { + s.Schema = v + return s +} + // SetTableName sets the TableName field's value. func (s *UpdateTableInput) SetTableName(v string) *UpdateTableInput { s.TableName = &v @@ -7423,6 +7593,38 @@ func MeasureValueType_Values() []string { } } +const ( + // PartitionKeyEnforcementLevelRequired is a PartitionKeyEnforcementLevel enum value + PartitionKeyEnforcementLevelRequired = "REQUIRED" + + // PartitionKeyEnforcementLevelOptional is a PartitionKeyEnforcementLevel enum value + PartitionKeyEnforcementLevelOptional = "OPTIONAL" +) + +// PartitionKeyEnforcementLevel_Values returns all elements of the PartitionKeyEnforcementLevel enum +func PartitionKeyEnforcementLevel_Values() []string { + return []string{ + PartitionKeyEnforcementLevelRequired, + PartitionKeyEnforcementLevelOptional, + } +} + +const ( + // PartitionKeyTypeDimension is a PartitionKeyType enum value + PartitionKeyTypeDimension = "DIMENSION" + + // PartitionKeyTypeMeasure is a PartitionKeyType enum value + PartitionKeyTypeMeasure = "MEASURE" +) + +// PartitionKeyType_Values returns all elements of the PartitionKeyType enum +func PartitionKeyType_Values() []string { + return []string{ + PartitionKeyTypeDimension, + PartitionKeyTypeMeasure, + } +} + const ( // S3EncryptionOptionSseS3 is a S3EncryptionOption enum value S3EncryptionOptionSseS3 = "SSE_S3"