{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.Decrypt
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Decrypts ciphertext that was encrypted by a KMS key using any of the
-- following operations:
--
-- -   Encrypt
--
-- -   GenerateDataKey
--
-- -   GenerateDataKeyPair
--
-- -   GenerateDataKeyWithoutPlaintext
--
-- -   GenerateDataKeyPairWithoutPlaintext
--
-- You can use this operation to decrypt ciphertext that was encrypted
-- under a symmetric or asymmetric KMS key. When the KMS key is asymmetric,
-- you must specify the KMS key and the encryption algorithm that was used
-- to encrypt the ciphertext. For information about symmetric and
-- asymmetric KMS keys, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using Symmetric and Asymmetric KMS keys>
-- in the /Key Management Service Developer Guide/.
--
-- The Decrypt operation also decrypts ciphertext that was encrypted
-- outside of KMS by the public key in an KMS asymmetric KMS key. However,
-- it cannot decrypt ciphertext produced by other libraries, such as the
-- <https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/ Amazon Web Services Encryption SDK>
-- or
-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html Amazon S3 client-side encryption>.
-- These libraries return a ciphertext format that is incompatible with
-- KMS.
--
-- If the ciphertext was encrypted under a symmetric KMS key, the @KeyId@
-- parameter is optional. KMS can get this information from metadata that
-- it adds to the symmetric ciphertext blob. This feature adds durability
-- to your implementation by ensuring that authorized users can decrypt
-- ciphertext decades after it was encrypted, even if they\'ve lost track
-- of the key ID. However, specifying the KMS key is always recommended as
-- a best practice. When you use the @KeyId@ parameter to specify a KMS
-- key, KMS only uses the KMS key you specify. If the ciphertext was
-- encrypted under a different KMS key, the @Decrypt@ operation fails. This
-- practice ensures that you use the KMS key that you intend.
--
-- Whenever possible, use key policies to give users permission to call the
-- @Decrypt@ operation on a particular KMS key, instead of using IAM
-- policies. Otherwise, you might create an IAM user policy that gives the
-- user @Decrypt@ permission on all KMS keys. This user could decrypt
-- ciphertext that was encrypted by KMS keys in other accounts if the key
-- policy for the cross-account KMS key permits it. If you must use an IAM
-- policy for @Decrypt@ permissions, limit the user to particular KMS keys
-- or particular trusted accounts. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices Best practices for IAM policies>
-- in the /Key Management Service Developer Guide/.
--
-- Applications in Amazon Web Services Nitro Enclaves can call this
-- operation by using the
-- <https://github.com/aws/aws-nitro-enclaves-sdk-c Amazon Web Services Nitro Enclaves Development Kit>.
-- For information about the supporting parameters, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html How Amazon Web Services Nitro Enclaves use KMS>
-- in the /Key Management Service Developer Guide/.
--
-- The KMS key that you use for this operation must be in a compatible key
-- state. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key state: Effect on your KMS key>
-- in the /Key Management Service Developer Guide/.
--
-- __Cross-account use__: Yes. To perform this operation with a KMS key in
-- a different Amazon Web Services account, specify the key ARN or alias
-- ARN in the value of the @KeyId@ parameter.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:Decrypt>
-- (key policy)
--
-- __Related operations:__
--
-- -   Encrypt
--
-- -   GenerateDataKey
--
-- -   GenerateDataKeyPair
--
-- -   ReEncrypt
module Amazonka.KMS.Decrypt
  ( -- * Creating a Request
    Decrypt (..),
    newDecrypt,

    -- * Request Lenses
    decrypt_keyId,
    decrypt_encryptionContext,
    decrypt_grantTokens,
    decrypt_encryptionAlgorithm,
    decrypt_ciphertextBlob,

    -- * Destructuring the Response
    DecryptResponse (..),
    newDecryptResponse,

    -- * Response Lenses
    decryptResponse_keyId,
    decryptResponse_plaintext,
    decryptResponse_encryptionAlgorithm,
    decryptResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.KMS.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newDecrypt' smart constructor.
data Decrypt = Decrypt'
  { -- | Specifies the KMS key that KMS uses to decrypt the ciphertext. Enter a
    -- key ID of the KMS key that was used to encrypt the ciphertext.
    --
    -- This parameter is required only when the ciphertext was encrypted under
    -- an asymmetric KMS key. If you used a symmetric KMS key, KMS can get the
    -- KMS key from metadata that it adds to the symmetric ciphertext blob.
    -- However, it is always recommended as a best practice. This practice
    -- ensures that you use the KMS key that you intend.
    --
    -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
    -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
    -- key in a different Amazon Web Services account, you must use the key ARN
    -- or alias ARN.
    --
    -- For example:
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Alias name: @alias\/ExampleAlias@
    --
    -- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
    --
    -- To get the key ID and key ARN for a KMS key, use ListKeys or
    -- DescribeKey. To get the alias name and alias ARN, use ListAliases.
    Decrypt -> Maybe Text
keyId :: Prelude.Maybe Prelude.Text,
    -- | Specifies the encryption context to use when decrypting the data. An
    -- encryption context is valid only for
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>
    -- with a symmetric KMS key. The standard asymmetric encryption algorithms
    -- that KMS uses do not support an encryption context.
    --
    -- An /encryption context/ is a collection of non-secret key-value pairs
    -- that represents additional authenticated data. When you use an
    -- encryption context to encrypt data, you must specify the same (an exact
    -- case-sensitive match) encryption context to decrypt the data. An
    -- encryption context is optional when encrypting with a symmetric KMS key,
    -- but it is highly recommended.
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
    -- in the /Key Management Service Developer Guide/.
    Decrypt -> Maybe (HashMap Text Text)
encryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | A list of grant tokens.
    --
    -- Use a grant token when your permission to call this operation comes from
    -- a new grant that has not yet achieved /eventual consistency/. For more
    -- information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
    -- and
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
    -- in the /Key Management Service Developer Guide/.
    Decrypt -> Maybe [Text]
grantTokens :: Prelude.Maybe [Prelude.Text],
    -- | Specifies the encryption algorithm that will be used to decrypt the
    -- ciphertext. Specify the same algorithm that was used to encrypt the
    -- data. If you specify a different algorithm, the @Decrypt@ operation
    -- fails.
    --
    -- This parameter is required only when the ciphertext was encrypted under
    -- an asymmetric KMS key. The default value, @SYMMETRIC_DEFAULT@,
    -- represents the only supported algorithm that is valid for symmetric KMS
    -- keys.
    Decrypt -> Maybe EncryptionAlgorithmSpec
encryptionAlgorithm :: Prelude.Maybe EncryptionAlgorithmSpec,
    -- | Ciphertext to be decrypted. The blob includes metadata.
    Decrypt -> Base64
ciphertextBlob :: Core.Base64
  }
  deriving (Decrypt -> Decrypt -> Bool
(Decrypt -> Decrypt -> Bool)
-> (Decrypt -> Decrypt -> Bool) -> Eq Decrypt
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: Decrypt -> Decrypt -> Bool
$c/= :: Decrypt -> Decrypt -> Bool
== :: Decrypt -> Decrypt -> Bool
$c== :: Decrypt -> Decrypt -> Bool
Prelude.Eq, ReadPrec [Decrypt]
ReadPrec Decrypt
Int -> ReadS Decrypt
ReadS [Decrypt]
(Int -> ReadS Decrypt)
-> ReadS [Decrypt]
-> ReadPrec Decrypt
-> ReadPrec [Decrypt]
-> Read Decrypt
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [Decrypt]
$creadListPrec :: ReadPrec [Decrypt]
readPrec :: ReadPrec Decrypt
$creadPrec :: ReadPrec Decrypt
readList :: ReadS [Decrypt]
$creadList :: ReadS [Decrypt]
readsPrec :: Int -> ReadS Decrypt
$creadsPrec :: Int -> ReadS Decrypt
Prelude.Read, Int -> Decrypt -> ShowS
[Decrypt] -> ShowS
Decrypt -> String
(Int -> Decrypt -> ShowS)
-> (Decrypt -> String) -> ([Decrypt] -> ShowS) -> Show Decrypt
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [Decrypt] -> ShowS
$cshowList :: [Decrypt] -> ShowS
show :: Decrypt -> String
$cshow :: Decrypt -> String
showsPrec :: Int -> Decrypt -> ShowS
$cshowsPrec :: Int -> Decrypt -> ShowS
Prelude.Show, (forall x. Decrypt -> Rep Decrypt x)
-> (forall x. Rep Decrypt x -> Decrypt) -> Generic Decrypt
forall x. Rep Decrypt x -> Decrypt
forall x. Decrypt -> Rep Decrypt x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep Decrypt x -> Decrypt
$cfrom :: forall x. Decrypt -> Rep Decrypt x
Prelude.Generic)

-- |
-- Create a value of 'Decrypt' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keyId', 'decrypt_keyId' - Specifies the KMS key that KMS uses to decrypt the ciphertext. Enter a
-- key ID of the KMS key that was used to encrypt the ciphertext.
--
-- This parameter is required only when the ciphertext was encrypted under
-- an asymmetric KMS key. If you used a symmetric KMS key, KMS can get the
-- KMS key from metadata that it adds to the symmetric ciphertext blob.
-- However, it is always recommended as a best practice. This practice
-- ensures that you use the KMS key that you intend.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
--
-- 'encryptionContext', 'decrypt_encryptionContext' - Specifies the encryption context to use when decrypting the data. An
-- encryption context is valid only for
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>
-- with a symmetric KMS key. The standard asymmetric encryption algorithms
-- that KMS uses do not support an encryption context.
--
-- An /encryption context/ is a collection of non-secret key-value pairs
-- that represents additional authenticated data. When you use an
-- encryption context to encrypt data, you must specify the same (an exact
-- case-sensitive match) encryption context to decrypt the data. An
-- encryption context is optional when encrypting with a symmetric KMS key,
-- but it is highly recommended.
--
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
-- in the /Key Management Service Developer Guide/.
--
-- 'grantTokens', 'decrypt_grantTokens' - A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
--
-- 'encryptionAlgorithm', 'decrypt_encryptionAlgorithm' - Specifies the encryption algorithm that will be used to decrypt the
-- ciphertext. Specify the same algorithm that was used to encrypt the
-- data. If you specify a different algorithm, the @Decrypt@ operation
-- fails.
--
-- This parameter is required only when the ciphertext was encrypted under
-- an asymmetric KMS key. The default value, @SYMMETRIC_DEFAULT@,
-- represents the only supported algorithm that is valid for symmetric KMS
-- keys.
--
-- 'ciphertextBlob', 'decrypt_ciphertextBlob' - Ciphertext to be decrypted. The blob includes metadata.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
newDecrypt ::
  -- | 'ciphertextBlob'
  Prelude.ByteString ->
  Decrypt
newDecrypt :: ByteString -> Decrypt
newDecrypt ByteString
pCiphertextBlob_ =
  Decrypt' :: Maybe Text
-> Maybe (HashMap Text Text)
-> Maybe [Text]
-> Maybe EncryptionAlgorithmSpec
-> Base64
-> Decrypt
Decrypt'
    { $sel:keyId:Decrypt' :: Maybe Text
keyId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:encryptionContext:Decrypt' :: Maybe (HashMap Text Text)
encryptionContext = Maybe (HashMap Text Text)
forall a. Maybe a
Prelude.Nothing,
      $sel:grantTokens:Decrypt' :: Maybe [Text]
grantTokens = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:encryptionAlgorithm:Decrypt' :: Maybe EncryptionAlgorithmSpec
encryptionAlgorithm = Maybe EncryptionAlgorithmSpec
forall a. Maybe a
Prelude.Nothing,
      $sel:ciphertextBlob:Decrypt' :: Base64
ciphertextBlob =
        Tagged ByteString (Identity ByteString)
-> Tagged Base64 (Identity Base64)
Iso' Base64 ByteString
Core._Base64 (Tagged ByteString (Identity ByteString)
 -> Tagged Base64 (Identity Base64))
-> ByteString -> Base64
forall t b. AReview t b -> b -> t
Lens.# ByteString
pCiphertextBlob_
    }

-- | Specifies the KMS key that KMS uses to decrypt the ciphertext. Enter a
-- key ID of the KMS key that was used to encrypt the ciphertext.
--
-- This parameter is required only when the ciphertext was encrypted under
-- an asymmetric KMS key. If you used a symmetric KMS key, KMS can get the
-- KMS key from metadata that it adds to the symmetric ciphertext blob.
-- However, it is always recommended as a best practice. This practice
-- ensures that you use the KMS key that you intend.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
decrypt_keyId :: Lens.Lens' Decrypt (Prelude.Maybe Prelude.Text)
decrypt_keyId :: (Maybe Text -> f (Maybe Text)) -> Decrypt -> f Decrypt
decrypt_keyId = (Decrypt -> Maybe Text)
-> (Decrypt -> Maybe Text -> Decrypt)
-> Lens Decrypt Decrypt (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Decrypt' {Maybe Text
keyId :: Maybe Text
$sel:keyId:Decrypt' :: Decrypt -> Maybe Text
keyId} -> Maybe Text
keyId) (\s :: Decrypt
s@Decrypt' {} Maybe Text
a -> Decrypt
s {$sel:keyId:Decrypt' :: Maybe Text
keyId = Maybe Text
a} :: Decrypt)

-- | Specifies the encryption context to use when decrypting the data. An
-- encryption context is valid only for
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>
-- with a symmetric KMS key. The standard asymmetric encryption algorithms
-- that KMS uses do not support an encryption context.
--
-- An /encryption context/ is a collection of non-secret key-value pairs
-- that represents additional authenticated data. When you use an
-- encryption context to encrypt data, you must specify the same (an exact
-- case-sensitive match) encryption context to decrypt the data. An
-- encryption context is optional when encrypting with a symmetric KMS key,
-- but it is highly recommended.
--
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
-- in the /Key Management Service Developer Guide/.
decrypt_encryptionContext :: Lens.Lens' Decrypt (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
decrypt_encryptionContext :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> Decrypt -> f Decrypt
decrypt_encryptionContext = (Decrypt -> Maybe (HashMap Text Text))
-> (Decrypt -> Maybe (HashMap Text Text) -> Decrypt)
-> Lens
     Decrypt
     Decrypt
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Decrypt' {Maybe (HashMap Text Text)
encryptionContext :: Maybe (HashMap Text Text)
$sel:encryptionContext:Decrypt' :: Decrypt -> Maybe (HashMap Text Text)
encryptionContext} -> Maybe (HashMap Text Text)
encryptionContext) (\s :: Decrypt
s@Decrypt' {} Maybe (HashMap Text Text)
a -> Decrypt
s {$sel:encryptionContext:Decrypt' :: Maybe (HashMap Text Text)
encryptionContext = Maybe (HashMap Text Text)
a} :: Decrypt) ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
 -> Decrypt -> f Decrypt)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> Decrypt
-> f Decrypt
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
decrypt_grantTokens :: Lens.Lens' Decrypt (Prelude.Maybe [Prelude.Text])
decrypt_grantTokens :: (Maybe [Text] -> f (Maybe [Text])) -> Decrypt -> f Decrypt
decrypt_grantTokens = (Decrypt -> Maybe [Text])
-> (Decrypt -> Maybe [Text] -> Decrypt)
-> Lens Decrypt Decrypt (Maybe [Text]) (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Decrypt' {Maybe [Text]
grantTokens :: Maybe [Text]
$sel:grantTokens:Decrypt' :: Decrypt -> Maybe [Text]
grantTokens} -> Maybe [Text]
grantTokens) (\s :: Decrypt
s@Decrypt' {} Maybe [Text]
a -> Decrypt
s {$sel:grantTokens:Decrypt' :: Maybe [Text]
grantTokens = Maybe [Text]
a} :: Decrypt) ((Maybe [Text] -> f (Maybe [Text])) -> Decrypt -> f Decrypt)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> Decrypt
-> f Decrypt
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Specifies the encryption algorithm that will be used to decrypt the
-- ciphertext. Specify the same algorithm that was used to encrypt the
-- data. If you specify a different algorithm, the @Decrypt@ operation
-- fails.
--
-- This parameter is required only when the ciphertext was encrypted under
-- an asymmetric KMS key. The default value, @SYMMETRIC_DEFAULT@,
-- represents the only supported algorithm that is valid for symmetric KMS
-- keys.
decrypt_encryptionAlgorithm :: Lens.Lens' Decrypt (Prelude.Maybe EncryptionAlgorithmSpec)
decrypt_encryptionAlgorithm :: (Maybe EncryptionAlgorithmSpec
 -> f (Maybe EncryptionAlgorithmSpec))
-> Decrypt -> f Decrypt
decrypt_encryptionAlgorithm = (Decrypt -> Maybe EncryptionAlgorithmSpec)
-> (Decrypt -> Maybe EncryptionAlgorithmSpec -> Decrypt)
-> Lens
     Decrypt
     Decrypt
     (Maybe EncryptionAlgorithmSpec)
     (Maybe EncryptionAlgorithmSpec)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Decrypt' {Maybe EncryptionAlgorithmSpec
encryptionAlgorithm :: Maybe EncryptionAlgorithmSpec
$sel:encryptionAlgorithm:Decrypt' :: Decrypt -> Maybe EncryptionAlgorithmSpec
encryptionAlgorithm} -> Maybe EncryptionAlgorithmSpec
encryptionAlgorithm) (\s :: Decrypt
s@Decrypt' {} Maybe EncryptionAlgorithmSpec
a -> Decrypt
s {$sel:encryptionAlgorithm:Decrypt' :: Maybe EncryptionAlgorithmSpec
encryptionAlgorithm = Maybe EncryptionAlgorithmSpec
a} :: Decrypt)

-- | Ciphertext to be decrypted. The blob includes metadata.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
decrypt_ciphertextBlob :: Lens.Lens' Decrypt Prelude.ByteString
decrypt_ciphertextBlob :: (ByteString -> f ByteString) -> Decrypt -> f Decrypt
decrypt_ciphertextBlob = (Decrypt -> Base64)
-> (Decrypt -> Base64 -> Decrypt)
-> Lens Decrypt Decrypt Base64 Base64
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Decrypt' {Base64
ciphertextBlob :: Base64
$sel:ciphertextBlob:Decrypt' :: Decrypt -> Base64
ciphertextBlob} -> Base64
ciphertextBlob) (\s :: Decrypt
s@Decrypt' {} Base64
a -> Decrypt
s {$sel:ciphertextBlob:Decrypt' :: Base64
ciphertextBlob = Base64
a} :: Decrypt) ((Base64 -> f Base64) -> Decrypt -> f Decrypt)
-> ((ByteString -> f ByteString) -> Base64 -> f Base64)
-> (ByteString -> f ByteString)
-> Decrypt
-> f Decrypt
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. (ByteString -> f ByteString) -> Base64 -> f Base64
Iso' Base64 ByteString
Core._Base64

instance Core.AWSRequest Decrypt where
  type AWSResponse Decrypt = DecryptResponse
  request :: Decrypt -> Request Decrypt
request = Service -> Decrypt -> Request Decrypt
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy Decrypt
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse Decrypt)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse Decrypt))
-> Logger
-> Service
-> Proxy Decrypt
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse Decrypt)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe Text
-> Maybe (Sensitive Base64)
-> Maybe EncryptionAlgorithmSpec
-> Int
-> DecryptResponse
DecryptResponse'
            (Maybe Text
 -> Maybe (Sensitive Base64)
 -> Maybe EncryptionAlgorithmSpec
 -> Int
 -> DecryptResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe (Sensitive Base64)
      -> Maybe EncryptionAlgorithmSpec -> Int -> DecryptResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"KeyId")
            Either
  String
  (Maybe (Sensitive Base64)
   -> Maybe EncryptionAlgorithmSpec -> Int -> DecryptResponse)
-> Either String (Maybe (Sensitive Base64))
-> Either
     String (Maybe EncryptionAlgorithmSpec -> Int -> DecryptResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe (Sensitive Base64))
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"Plaintext")
            Either
  String (Maybe EncryptionAlgorithmSpec -> Int -> DecryptResponse)
-> Either String (Maybe EncryptionAlgorithmSpec)
-> Either String (Int -> DecryptResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe EncryptionAlgorithmSpec)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"EncryptionAlgorithm")
            Either String (Int -> DecryptResponse)
-> Either String Int -> Either String DecryptResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable Decrypt

instance Prelude.NFData Decrypt

instance Core.ToHeaders Decrypt where
  toHeaders :: Decrypt -> ResponseHeaders
toHeaders =
    ResponseHeaders -> Decrypt -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# (ByteString
"TrentService.Decrypt" :: Prelude.ByteString),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON Decrypt where
  toJSON :: Decrypt -> Value
toJSON Decrypt' {Maybe [Text]
Maybe Text
Maybe (HashMap Text Text)
Maybe EncryptionAlgorithmSpec
Base64
ciphertextBlob :: Base64
encryptionAlgorithm :: Maybe EncryptionAlgorithmSpec
grantTokens :: Maybe [Text]
encryptionContext :: Maybe (HashMap Text Text)
keyId :: Maybe Text
$sel:ciphertextBlob:Decrypt' :: Decrypt -> Base64
$sel:encryptionAlgorithm:Decrypt' :: Decrypt -> Maybe EncryptionAlgorithmSpec
$sel:grantTokens:Decrypt' :: Decrypt -> Maybe [Text]
$sel:encryptionContext:Decrypt' :: Decrypt -> Maybe (HashMap Text Text)
$sel:keyId:Decrypt' :: Decrypt -> Maybe Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"KeyId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
keyId,
            (Text
"EncryptionContext" Text -> HashMap Text Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (HashMap Text Text -> Pair)
-> Maybe (HashMap Text Text) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (HashMap Text Text)
encryptionContext,
            (Text
"GrantTokens" Text -> [Text] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) ([Text] -> Pair) -> Maybe [Text] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
grantTokens,
            (Text
"EncryptionAlgorithm" Text -> EncryptionAlgorithmSpec -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (EncryptionAlgorithmSpec -> Pair)
-> Maybe EncryptionAlgorithmSpec -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe EncryptionAlgorithmSpec
encryptionAlgorithm,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Text
"CiphertextBlob" Text -> Base64 -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Base64
ciphertextBlob)
          ]
      )

instance Core.ToPath Decrypt where
  toPath :: Decrypt -> ByteString
toPath = ByteString -> Decrypt -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery Decrypt where
  toQuery :: Decrypt -> QueryString
toQuery = QueryString -> Decrypt -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newDecryptResponse' smart constructor.
data DecryptResponse = DecryptResponse'
  { -- | The Amazon Resource Name
    -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
    -- of the KMS key that was used to decrypt the ciphertext.
    DecryptResponse -> Maybe Text
keyId :: Prelude.Maybe Prelude.Text,
    -- | Decrypted plaintext data. When you use the HTTP API or the Amazon Web
    -- Services CLI, the value is Base64-encoded. Otherwise, it is not
    -- Base64-encoded.
    DecryptResponse -> Maybe (Sensitive Base64)
plaintext :: Prelude.Maybe (Core.Sensitive Core.Base64),
    -- | The encryption algorithm that was used to decrypt the ciphertext.
    DecryptResponse -> Maybe EncryptionAlgorithmSpec
encryptionAlgorithm :: Prelude.Maybe EncryptionAlgorithmSpec,
    -- | The response's http status code.
    DecryptResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (DecryptResponse -> DecryptResponse -> Bool
(DecryptResponse -> DecryptResponse -> Bool)
-> (DecryptResponse -> DecryptResponse -> Bool)
-> Eq DecryptResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: DecryptResponse -> DecryptResponse -> Bool
$c/= :: DecryptResponse -> DecryptResponse -> Bool
== :: DecryptResponse -> DecryptResponse -> Bool
$c== :: DecryptResponse -> DecryptResponse -> Bool
Prelude.Eq, Int -> DecryptResponse -> ShowS
[DecryptResponse] -> ShowS
DecryptResponse -> String
(Int -> DecryptResponse -> ShowS)
-> (DecryptResponse -> String)
-> ([DecryptResponse] -> ShowS)
-> Show DecryptResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [DecryptResponse] -> ShowS
$cshowList :: [DecryptResponse] -> ShowS
show :: DecryptResponse -> String
$cshow :: DecryptResponse -> String
showsPrec :: Int -> DecryptResponse -> ShowS
$cshowsPrec :: Int -> DecryptResponse -> ShowS
Prelude.Show, (forall x. DecryptResponse -> Rep DecryptResponse x)
-> (forall x. Rep DecryptResponse x -> DecryptResponse)
-> Generic DecryptResponse
forall x. Rep DecryptResponse x -> DecryptResponse
forall x. DecryptResponse -> Rep DecryptResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep DecryptResponse x -> DecryptResponse
$cfrom :: forall x. DecryptResponse -> Rep DecryptResponse x
Prelude.Generic)

-- |
-- Create a value of 'DecryptResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keyId', 'decryptResponse_keyId' - The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the KMS key that was used to decrypt the ciphertext.
--
-- 'plaintext', 'decryptResponse_plaintext' - Decrypted plaintext data. When you use the HTTP API or the Amazon Web
-- Services CLI, the value is Base64-encoded. Otherwise, it is not
-- Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
--
-- 'encryptionAlgorithm', 'decryptResponse_encryptionAlgorithm' - The encryption algorithm that was used to decrypt the ciphertext.
--
-- 'httpStatus', 'decryptResponse_httpStatus' - The response's http status code.
newDecryptResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  DecryptResponse
newDecryptResponse :: Int -> DecryptResponse
newDecryptResponse Int
pHttpStatus_ =
  DecryptResponse' :: Maybe Text
-> Maybe (Sensitive Base64)
-> Maybe EncryptionAlgorithmSpec
-> Int
-> DecryptResponse
DecryptResponse'
    { $sel:keyId:DecryptResponse' :: Maybe Text
keyId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:plaintext:DecryptResponse' :: Maybe (Sensitive Base64)
plaintext = Maybe (Sensitive Base64)
forall a. Maybe a
Prelude.Nothing,
      $sel:encryptionAlgorithm:DecryptResponse' :: Maybe EncryptionAlgorithmSpec
encryptionAlgorithm = Maybe EncryptionAlgorithmSpec
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:DecryptResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the KMS key that was used to decrypt the ciphertext.
decryptResponse_keyId :: Lens.Lens' DecryptResponse (Prelude.Maybe Prelude.Text)
decryptResponse_keyId :: (Maybe Text -> f (Maybe Text))
-> DecryptResponse -> f DecryptResponse
decryptResponse_keyId = (DecryptResponse -> Maybe Text)
-> (DecryptResponse -> Maybe Text -> DecryptResponse)
-> Lens DecryptResponse DecryptResponse (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecryptResponse' {Maybe Text
keyId :: Maybe Text
$sel:keyId:DecryptResponse' :: DecryptResponse -> Maybe Text
keyId} -> Maybe Text
keyId) (\s :: DecryptResponse
s@DecryptResponse' {} Maybe Text
a -> DecryptResponse
s {$sel:keyId:DecryptResponse' :: Maybe Text
keyId = Maybe Text
a} :: DecryptResponse)

-- | Decrypted plaintext data. When you use the HTTP API or the Amazon Web
-- Services CLI, the value is Base64-encoded. Otherwise, it is not
-- Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
decryptResponse_plaintext :: Lens.Lens' DecryptResponse (Prelude.Maybe Prelude.ByteString)
decryptResponse_plaintext :: (Maybe ByteString -> f (Maybe ByteString))
-> DecryptResponse -> f DecryptResponse
decryptResponse_plaintext = (DecryptResponse -> Maybe (Sensitive Base64))
-> (DecryptResponse -> Maybe (Sensitive Base64) -> DecryptResponse)
-> Lens
     DecryptResponse
     DecryptResponse
     (Maybe (Sensitive Base64))
     (Maybe (Sensitive Base64))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecryptResponse' {Maybe (Sensitive Base64)
plaintext :: Maybe (Sensitive Base64)
$sel:plaintext:DecryptResponse' :: DecryptResponse -> Maybe (Sensitive Base64)
plaintext} -> Maybe (Sensitive Base64)
plaintext) (\s :: DecryptResponse
s@DecryptResponse' {} Maybe (Sensitive Base64)
a -> DecryptResponse
s {$sel:plaintext:DecryptResponse' :: Maybe (Sensitive Base64)
plaintext = Maybe (Sensitive Base64)
a} :: DecryptResponse) ((Maybe (Sensitive Base64) -> f (Maybe (Sensitive Base64)))
 -> DecryptResponse -> f DecryptResponse)
-> ((Maybe ByteString -> f (Maybe ByteString))
    -> Maybe (Sensitive Base64) -> f (Maybe (Sensitive Base64)))
-> (Maybe ByteString -> f (Maybe ByteString))
-> DecryptResponse
-> f DecryptResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso (Sensitive Base64) (Sensitive Base64) ByteString ByteString
-> Iso
     (Maybe (Sensitive Base64))
     (Maybe (Sensitive Base64))
     (Maybe ByteString)
     (Maybe ByteString)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping (Exchange ByteString ByteString Base64 (Identity Base64)
-> Exchange
     ByteString
     ByteString
     (Sensitive Base64)
     (Identity (Sensitive Base64))
forall a. Iso' (Sensitive a) a
Core._Sensitive (Exchange ByteString ByteString Base64 (Identity Base64)
 -> Exchange
      ByteString
      ByteString
      (Sensitive Base64)
      (Identity (Sensitive Base64)))
-> (Exchange ByteString ByteString ByteString (Identity ByteString)
    -> Exchange ByteString ByteString Base64 (Identity Base64))
-> AnIso
     (Sensitive Base64) (Sensitive Base64) ByteString ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Exchange ByteString ByteString ByteString (Identity ByteString)
-> Exchange ByteString ByteString Base64 (Identity Base64)
Iso' Base64 ByteString
Core._Base64)

-- | The encryption algorithm that was used to decrypt the ciphertext.
decryptResponse_encryptionAlgorithm :: Lens.Lens' DecryptResponse (Prelude.Maybe EncryptionAlgorithmSpec)
decryptResponse_encryptionAlgorithm :: (Maybe EncryptionAlgorithmSpec
 -> f (Maybe EncryptionAlgorithmSpec))
-> DecryptResponse -> f DecryptResponse
decryptResponse_encryptionAlgorithm = (DecryptResponse -> Maybe EncryptionAlgorithmSpec)
-> (DecryptResponse
    -> Maybe EncryptionAlgorithmSpec -> DecryptResponse)
-> Lens
     DecryptResponse
     DecryptResponse
     (Maybe EncryptionAlgorithmSpec)
     (Maybe EncryptionAlgorithmSpec)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecryptResponse' {Maybe EncryptionAlgorithmSpec
encryptionAlgorithm :: Maybe EncryptionAlgorithmSpec
$sel:encryptionAlgorithm:DecryptResponse' :: DecryptResponse -> Maybe EncryptionAlgorithmSpec
encryptionAlgorithm} -> Maybe EncryptionAlgorithmSpec
encryptionAlgorithm) (\s :: DecryptResponse
s@DecryptResponse' {} Maybe EncryptionAlgorithmSpec
a -> DecryptResponse
s {$sel:encryptionAlgorithm:DecryptResponse' :: Maybe EncryptionAlgorithmSpec
encryptionAlgorithm = Maybe EncryptionAlgorithmSpec
a} :: DecryptResponse)

-- | The response's http status code.
decryptResponse_httpStatus :: Lens.Lens' DecryptResponse Prelude.Int
decryptResponse_httpStatus :: (Int -> f Int) -> DecryptResponse -> f DecryptResponse
decryptResponse_httpStatus = (DecryptResponse -> Int)
-> (DecryptResponse -> Int -> DecryptResponse)
-> Lens DecryptResponse DecryptResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecryptResponse' {Int
httpStatus :: Int
$sel:httpStatus:DecryptResponse' :: DecryptResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: DecryptResponse
s@DecryptResponse' {} Int
a -> DecryptResponse
s {$sel:httpStatus:DecryptResponse' :: Int
httpStatus = Int
a} :: DecryptResponse)

instance Prelude.NFData DecryptResponse