{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.ElasticTranscoder.Types.Encryption
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.ElasticTranscoder.Types.Encryption where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | The encryption settings, if any, that are used for decrypting your input
-- files or encrypting your output files. If your input file is encrypted,
-- you must specify the mode that Elastic Transcoder uses to decrypt your
-- file, otherwise you must specify the mode you want Elastic Transcoder to
-- use to encrypt your output files.
--
-- /See:/ 'newEncryption' smart constructor.
data Encryption = Encryption'
  { -- | The specific server-side encryption mode that you want Elastic
    -- Transcoder to use when decrypting your input files or encrypting your
    -- output files. Elastic Transcoder supports the following options:
    --
    -- -   __s3:__ Amazon S3 creates and manages the keys used for encrypting
    --     your files.
    --
    -- -   __s3-aws-kms:__ Amazon S3 calls the Amazon Key Management Service,
    --     which creates and manages the keys that are used for encrypting your
    --     files. If you specify @s3-aws-kms@ and you don\'t want to use the
    --     default key, you must add the AWS-KMS key that you want to use to
    --     your pipeline.
    --
    -- -   __aes-cbc-pkcs7:__ A padded cipher-block mode of operation
    --     originally used for HLS files.
    --
    -- -   __aes-ctr:__ AES Counter Mode.
    --
    -- -   __aes-gcm:__ AES Galois Counter Mode, a mode of operation that is an
    --     authenticated encryption format, meaning that a file, key, or
    --     initialization vector that has been tampered with fails the
    --     decryption process.
    --
    -- For all three AES options, you must provide the following settings,
    -- which must be base64-encoded:
    --
    -- -   __Key__
    --
    -- -   __Key MD5__
    --
    -- -   __Initialization Vector__
    --
    -- For the AES modes, your private encryption keys and your unencrypted
    -- data are never stored by AWS; therefore, it is important that you safely
    -- manage your encryption keys. If you lose them, you won\'t be able to
    -- unencrypt your data.
    Encryption -> Maybe Text
mode :: Prelude.Maybe Prelude.Text,
    -- | The MD5 digest of the key that you used to encrypt your input file, or
    -- that you want Elastic Transcoder to use to encrypt your output file.
    -- Elastic Transcoder uses the key digest as a checksum to make sure your
    -- key was not corrupted in transit. The key MD5 must be base64-encoded,
    -- and it must be exactly 16 bytes long before being base64-encoded.
    Encryption -> Maybe Text
keyMd5 :: Prelude.Maybe Prelude.Text,
    -- | The data encryption key that you want Elastic Transcoder to use to
    -- encrypt your output file, or that was used to encrypt your input file.
    -- The key must be base64-encoded and it must be one of the following bit
    -- lengths before being base64-encoded:
    --
    -- @128@, @192@, or @256@.
    --
    -- The key must also be encrypted by using the Amazon Key Management
    -- Service.
    Encryption -> Maybe Text
key :: Prelude.Maybe Prelude.Text,
    -- | The series of random bits created by a random bit generator, unique for
    -- every encryption operation, that you used to encrypt your input files or
    -- that you want Elastic Transcoder to use to encrypt your output files.
    -- The initialization vector must be base64-encoded, and it must be exactly
    -- 16 bytes long before being base64-encoded.
    Encryption -> Maybe Text
initializationVector :: Prelude.Maybe Prelude.Text
  }
  deriving (Encryption -> Encryption -> Bool
(Encryption -> Encryption -> Bool)
-> (Encryption -> Encryption -> Bool) -> Eq Encryption
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: Encryption -> Encryption -> Bool
$c/= :: Encryption -> Encryption -> Bool
== :: Encryption -> Encryption -> Bool
$c== :: Encryption -> Encryption -> Bool
Prelude.Eq, ReadPrec [Encryption]
ReadPrec Encryption
Int -> ReadS Encryption
ReadS [Encryption]
(Int -> ReadS Encryption)
-> ReadS [Encryption]
-> ReadPrec Encryption
-> ReadPrec [Encryption]
-> Read Encryption
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [Encryption]
$creadListPrec :: ReadPrec [Encryption]
readPrec :: ReadPrec Encryption
$creadPrec :: ReadPrec Encryption
readList :: ReadS [Encryption]
$creadList :: ReadS [Encryption]
readsPrec :: Int -> ReadS Encryption
$creadsPrec :: Int -> ReadS Encryption
Prelude.Read, Int -> Encryption -> ShowS
[Encryption] -> ShowS
Encryption -> String
(Int -> Encryption -> ShowS)
-> (Encryption -> String)
-> ([Encryption] -> ShowS)
-> Show Encryption
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [Encryption] -> ShowS
$cshowList :: [Encryption] -> ShowS
show :: Encryption -> String
$cshow :: Encryption -> String
showsPrec :: Int -> Encryption -> ShowS
$cshowsPrec :: Int -> Encryption -> ShowS
Prelude.Show, (forall x. Encryption -> Rep Encryption x)
-> (forall x. Rep Encryption x -> Encryption) -> Generic Encryption
forall x. Rep Encryption x -> Encryption
forall x. Encryption -> Rep Encryption x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep Encryption x -> Encryption
$cfrom :: forall x. Encryption -> Rep Encryption x
Prelude.Generic)

-- |
-- Create a value of 'Encryption' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'mode', 'encryption_mode' - The specific server-side encryption mode that you want Elastic
-- Transcoder to use when decrypting your input files or encrypting your
-- output files. Elastic Transcoder supports the following options:
--
-- -   __s3:__ Amazon S3 creates and manages the keys used for encrypting
--     your files.
--
-- -   __s3-aws-kms:__ Amazon S3 calls the Amazon Key Management Service,
--     which creates and manages the keys that are used for encrypting your
--     files. If you specify @s3-aws-kms@ and you don\'t want to use the
--     default key, you must add the AWS-KMS key that you want to use to
--     your pipeline.
--
-- -   __aes-cbc-pkcs7:__ A padded cipher-block mode of operation
--     originally used for HLS files.
--
-- -   __aes-ctr:__ AES Counter Mode.
--
-- -   __aes-gcm:__ AES Galois Counter Mode, a mode of operation that is an
--     authenticated encryption format, meaning that a file, key, or
--     initialization vector that has been tampered with fails the
--     decryption process.
--
-- For all three AES options, you must provide the following settings,
-- which must be base64-encoded:
--
-- -   __Key__
--
-- -   __Key MD5__
--
-- -   __Initialization Vector__
--
-- For the AES modes, your private encryption keys and your unencrypted
-- data are never stored by AWS; therefore, it is important that you safely
-- manage your encryption keys. If you lose them, you won\'t be able to
-- unencrypt your data.
--
-- 'keyMd5', 'encryption_keyMd5' - The MD5 digest of the key that you used to encrypt your input file, or
-- that you want Elastic Transcoder to use to encrypt your output file.
-- Elastic Transcoder uses the key digest as a checksum to make sure your
-- key was not corrupted in transit. The key MD5 must be base64-encoded,
-- and it must be exactly 16 bytes long before being base64-encoded.
--
-- 'key', 'encryption_key' - The data encryption key that you want Elastic Transcoder to use to
-- encrypt your output file, or that was used to encrypt your input file.
-- The key must be base64-encoded and it must be one of the following bit
-- lengths before being base64-encoded:
--
-- @128@, @192@, or @256@.
--
-- The key must also be encrypted by using the Amazon Key Management
-- Service.
--
-- 'initializationVector', 'encryption_initializationVector' - The series of random bits created by a random bit generator, unique for
-- every encryption operation, that you used to encrypt your input files or
-- that you want Elastic Transcoder to use to encrypt your output files.
-- The initialization vector must be base64-encoded, and it must be exactly
-- 16 bytes long before being base64-encoded.
newEncryption ::
  Encryption
newEncryption :: Encryption
newEncryption =
  Encryption' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Encryption
Encryption'
    { $sel:mode:Encryption' :: Maybe Text
mode = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:keyMd5:Encryption' :: Maybe Text
keyMd5 = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:key:Encryption' :: Maybe Text
key = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:initializationVector:Encryption' :: Maybe Text
initializationVector = Maybe Text
forall a. Maybe a
Prelude.Nothing
    }

-- | The specific server-side encryption mode that you want Elastic
-- Transcoder to use when decrypting your input files or encrypting your
-- output files. Elastic Transcoder supports the following options:
--
-- -   __s3:__ Amazon S3 creates and manages the keys used for encrypting
--     your files.
--
-- -   __s3-aws-kms:__ Amazon S3 calls the Amazon Key Management Service,
--     which creates and manages the keys that are used for encrypting your
--     files. If you specify @s3-aws-kms@ and you don\'t want to use the
--     default key, you must add the AWS-KMS key that you want to use to
--     your pipeline.
--
-- -   __aes-cbc-pkcs7:__ A padded cipher-block mode of operation
--     originally used for HLS files.
--
-- -   __aes-ctr:__ AES Counter Mode.
--
-- -   __aes-gcm:__ AES Galois Counter Mode, a mode of operation that is an
--     authenticated encryption format, meaning that a file, key, or
--     initialization vector that has been tampered with fails the
--     decryption process.
--
-- For all three AES options, you must provide the following settings,
-- which must be base64-encoded:
--
-- -   __Key__
--
-- -   __Key MD5__
--
-- -   __Initialization Vector__
--
-- For the AES modes, your private encryption keys and your unencrypted
-- data are never stored by AWS; therefore, it is important that you safely
-- manage your encryption keys. If you lose them, you won\'t be able to
-- unencrypt your data.
encryption_mode :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_mode :: (Maybe Text -> f (Maybe Text)) -> Encryption -> f Encryption
encryption_mode = (Encryption -> Maybe Text)
-> (Encryption -> Maybe Text -> Encryption)
-> Lens Encryption Encryption (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Encryption' {Maybe Text
mode :: Maybe Text
$sel:mode:Encryption' :: Encryption -> Maybe Text
mode} -> Maybe Text
mode) (\s :: Encryption
s@Encryption' {} Maybe Text
a -> Encryption
s {$sel:mode:Encryption' :: Maybe Text
mode = Maybe Text
a} :: Encryption)

-- | The MD5 digest of the key that you used to encrypt your input file, or
-- that you want Elastic Transcoder to use to encrypt your output file.
-- Elastic Transcoder uses the key digest as a checksum to make sure your
-- key was not corrupted in transit. The key MD5 must be base64-encoded,
-- and it must be exactly 16 bytes long before being base64-encoded.
encryption_keyMd5 :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_keyMd5 :: (Maybe Text -> f (Maybe Text)) -> Encryption -> f Encryption
encryption_keyMd5 = (Encryption -> Maybe Text)
-> (Encryption -> Maybe Text -> Encryption)
-> Lens Encryption Encryption (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Encryption' {Maybe Text
keyMd5 :: Maybe Text
$sel:keyMd5:Encryption' :: Encryption -> Maybe Text
keyMd5} -> Maybe Text
keyMd5) (\s :: Encryption
s@Encryption' {} Maybe Text
a -> Encryption
s {$sel:keyMd5:Encryption' :: Maybe Text
keyMd5 = Maybe Text
a} :: Encryption)

-- | The data encryption key that you want Elastic Transcoder to use to
-- encrypt your output file, or that was used to encrypt your input file.
-- The key must be base64-encoded and it must be one of the following bit
-- lengths before being base64-encoded:
--
-- @128@, @192@, or @256@.
--
-- The key must also be encrypted by using the Amazon Key Management
-- Service.
encryption_key :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_key :: (Maybe Text -> f (Maybe Text)) -> Encryption -> f Encryption
encryption_key = (Encryption -> Maybe Text)
-> (Encryption -> Maybe Text -> Encryption)
-> Lens Encryption Encryption (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Encryption' {Maybe Text
key :: Maybe Text
$sel:key:Encryption' :: Encryption -> Maybe Text
key} -> Maybe Text
key) (\s :: Encryption
s@Encryption' {} Maybe Text
a -> Encryption
s {$sel:key:Encryption' :: Maybe Text
key = Maybe Text
a} :: Encryption)

-- | The series of random bits created by a random bit generator, unique for
-- every encryption operation, that you used to encrypt your input files or
-- that you want Elastic Transcoder to use to encrypt your output files.
-- The initialization vector must be base64-encoded, and it must be exactly
-- 16 bytes long before being base64-encoded.
encryption_initializationVector :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_initializationVector :: (Maybe Text -> f (Maybe Text)) -> Encryption -> f Encryption
encryption_initializationVector = (Encryption -> Maybe Text)
-> (Encryption -> Maybe Text -> Encryption)
-> Lens Encryption Encryption (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Encryption' {Maybe Text
initializationVector :: Maybe Text
$sel:initializationVector:Encryption' :: Encryption -> Maybe Text
initializationVector} -> Maybe Text
initializationVector) (\s :: Encryption
s@Encryption' {} Maybe Text
a -> Encryption
s {$sel:initializationVector:Encryption' :: Maybe Text
initializationVector = Maybe Text
a} :: Encryption)

instance Core.FromJSON Encryption where
  parseJSON :: Value -> Parser Encryption
parseJSON =
    String
-> (Object -> Parser Encryption) -> Value -> Parser Encryption
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"Encryption"
      ( \Object
x ->
          Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Encryption
Encryption'
            (Maybe Text
 -> Maybe Text -> Maybe Text -> Maybe Text -> Encryption)
-> Parser (Maybe Text)
-> Parser (Maybe Text -> Maybe Text -> Maybe Text -> Encryption)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"Mode")
            Parser (Maybe Text -> Maybe Text -> Maybe Text -> Encryption)
-> Parser (Maybe Text)
-> Parser (Maybe Text -> Maybe Text -> Encryption)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"KeyMd5")
            Parser (Maybe Text -> Maybe Text -> Encryption)
-> Parser (Maybe Text) -> Parser (Maybe Text -> Encryption)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"Key")
            Parser (Maybe Text -> Encryption)
-> Parser (Maybe Text) -> Parser Encryption
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"InitializationVector")
      )

instance Prelude.Hashable Encryption

instance Prelude.NFData Encryption

instance Core.ToJSON Encryption where
  toJSON :: Encryption -> Value
toJSON Encryption' {Maybe Text
initializationVector :: Maybe Text
key :: Maybe Text
keyMd5 :: Maybe Text
mode :: Maybe Text
$sel:initializationVector:Encryption' :: Encryption -> Maybe Text
$sel:key:Encryption' :: Encryption -> Maybe Text
$sel:keyMd5:Encryption' :: Encryption -> Maybe Text
$sel:mode:Encryption' :: Encryption -> Maybe Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"Mode" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
mode,
            (Text
"KeyMd5" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
keyMd5,
            (Text
"Key" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
key,
            (Text
"InitializationVector" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
initializationVector
          ]
      )