{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.GenerateDataKeyPair
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Generates a unique asymmetric data key pair. The @GenerateDataKeyPair@
-- operation returns a plaintext public key, a plaintext private key, and a
-- copy of the private key that is encrypted under the symmetric KMS key
-- you specify. You can use the data key pair to perform asymmetric
-- cryptography and implement digital signatures outside of KMS.
--
-- You can use the public key that @GenerateDataKeyPair@ returns to encrypt
-- data or verify a signature outside of KMS. Then, store the encrypted
-- private key with the data. When you are ready to decrypt data or sign a
-- message, you can use the Decrypt operation to decrypt the encrypted
-- private key.
--
-- To generate a data key pair, you must specify a symmetric KMS key to
-- encrypt the private key in a data key pair. You cannot use an asymmetric
-- KMS key or a KMS key in a custom key store. To get the type and origin
-- of your KMS key, use the DescribeKey operation.
--
-- Use the @KeyPairSpec@ parameter to choose an RSA or Elliptic Curve (ECC)
-- data key pair. KMS recommends that your use ECC key pairs for signing,
-- and use RSA key pairs for either encryption or signing, but not both.
-- However, KMS cannot enforce any restrictions on the use of data key
-- pairs outside of KMS.
--
-- If you are using the data key pair to encrypt data, or for any operation
-- where you don\'t immediately need a private key, consider using the
-- GenerateDataKeyPairWithoutPlaintext operation.
-- @GenerateDataKeyPairWithoutPlaintext@ returns a plaintext public key and
-- an encrypted private key, but omits the plaintext private key that you
-- need only to decrypt ciphertext or sign a message. Later, when you need
-- to decrypt the data or sign a message, use the Decrypt operation to
-- decrypt the encrypted private key in the data key pair.
--
-- @GenerateDataKeyPair@ returns a unique data key pair for each request.
-- The bytes in the keys are not related to the caller or the KMS key that
-- is used to encrypt the private key. The public key is a DER-encoded
-- X.509 SubjectPublicKeyInfo, as specified in
-- <https://tools.ietf.org/html/rfc5280 RFC 5280>. The private key is a
-- DER-encoded PKCS8 PrivateKeyInfo, as specified in
-- <https://tools.ietf.org/html/rfc5958 RFC 5958>.
--
-- You can use the optional encryption context to add additional security
-- to the encryption operation. If you specify an @EncryptionContext@, you
-- must specify the same encryption context (a case-sensitive exact match)
-- when decrypting the encrypted data key. Otherwise, the request to
-- decrypt fails with an @InvalidCiphertextException@. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
-- in the /Key Management Service Developer Guide/.
--
-- The KMS key that you use for this operation must be in a compatible key
-- state. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key state: Effect on your KMS key>
-- in the /Key Management Service Developer Guide/.
--
-- __Cross-account use__: Yes. To perform this operation with a KMS key in
-- a different Amazon Web Services account, specify the key ARN or alias
-- ARN in the value of the @KeyId@ parameter.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GenerateDataKeyPair>
-- (key policy)
--
-- __Related operations:__
--
-- -   Decrypt
--
-- -   Encrypt
--
-- -   GenerateDataKey
--
-- -   GenerateDataKeyPairWithoutPlaintext
--
-- -   GenerateDataKeyWithoutPlaintext
module Amazonka.KMS.GenerateDataKeyPair
  ( -- * Creating a Request
    GenerateDataKeyPair (..),
    newGenerateDataKeyPair,

    -- * Request Lenses
    generateDataKeyPair_encryptionContext,
    generateDataKeyPair_grantTokens,
    generateDataKeyPair_keyId,
    generateDataKeyPair_keyPairSpec,

    -- * Destructuring the Response
    GenerateDataKeyPairResponse (..),
    newGenerateDataKeyPairResponse,

    -- * Response Lenses
    generateDataKeyPairResponse_keyId,
    generateDataKeyPairResponse_publicKey,
    generateDataKeyPairResponse_privateKeyPlaintext,
    generateDataKeyPairResponse_keyPairSpec,
    generateDataKeyPairResponse_privateKeyCiphertextBlob,
    generateDataKeyPairResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.KMS.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newGenerateDataKeyPair' smart constructor.
data GenerateDataKeyPair = GenerateDataKeyPair'
  { -- | Specifies the encryption context that will be used when encrypting the
    -- private key in the data key pair.
    --
    -- An /encryption context/ is a collection of non-secret key-value pairs
    -- that represents additional authenticated data. When you use an
    -- encryption context to encrypt data, you must specify the same (an exact
    -- case-sensitive match) encryption context to decrypt the data. An
    -- encryption context is optional when encrypting with a symmetric KMS key,
    -- but it is highly recommended.
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
    -- in the /Key Management Service Developer Guide/.
    GenerateDataKeyPair -> Maybe (HashMap Text Text)
encryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | A list of grant tokens.
    --
    -- Use a grant token when your permission to call this operation comes from
    -- a new grant that has not yet achieved /eventual consistency/. For more
    -- information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
    -- and
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
    -- in the /Key Management Service Developer Guide/.
    GenerateDataKeyPair -> Maybe [Text]
grantTokens :: Prelude.Maybe [Prelude.Text],
    -- | Specifies the symmetric KMS key that encrypts the private key in the
    -- data key pair. You cannot specify an asymmetric KMS key or a KMS key in
    -- a custom key store. To get the type and origin of your KMS key, use the
    -- DescribeKey operation.
    --
    -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
    -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
    -- key in a different Amazon Web Services account, you must use the key ARN
    -- or alias ARN.
    --
    -- For example:
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Alias name: @alias\/ExampleAlias@
    --
    -- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
    --
    -- To get the key ID and key ARN for a KMS key, use ListKeys or
    -- DescribeKey. To get the alias name and alias ARN, use ListAliases.
    GenerateDataKeyPair -> Text
keyId :: Prelude.Text,
    -- | Determines the type of data key pair that is generated.
    --
    -- The KMS rule that restricts the use of asymmetric RSA KMS keys to
    -- encrypt and decrypt or to sign and verify (but not both), and the rule
    -- that permits you to use ECC KMS keys only to sign and verify, are not
    -- effective on data key pairs, which are used outside of KMS.
    GenerateDataKeyPair -> DataKeyPairSpec
keyPairSpec :: DataKeyPairSpec
  }
  deriving (GenerateDataKeyPair -> GenerateDataKeyPair -> Bool
(GenerateDataKeyPair -> GenerateDataKeyPair -> Bool)
-> (GenerateDataKeyPair -> GenerateDataKeyPair -> Bool)
-> Eq GenerateDataKeyPair
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GenerateDataKeyPair -> GenerateDataKeyPair -> Bool
$c/= :: GenerateDataKeyPair -> GenerateDataKeyPair -> Bool
== :: GenerateDataKeyPair -> GenerateDataKeyPair -> Bool
$c== :: GenerateDataKeyPair -> GenerateDataKeyPair -> Bool
Prelude.Eq, ReadPrec [GenerateDataKeyPair]
ReadPrec GenerateDataKeyPair
Int -> ReadS GenerateDataKeyPair
ReadS [GenerateDataKeyPair]
(Int -> ReadS GenerateDataKeyPair)
-> ReadS [GenerateDataKeyPair]
-> ReadPrec GenerateDataKeyPair
-> ReadPrec [GenerateDataKeyPair]
-> Read GenerateDataKeyPair
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GenerateDataKeyPair]
$creadListPrec :: ReadPrec [GenerateDataKeyPair]
readPrec :: ReadPrec GenerateDataKeyPair
$creadPrec :: ReadPrec GenerateDataKeyPair
readList :: ReadS [GenerateDataKeyPair]
$creadList :: ReadS [GenerateDataKeyPair]
readsPrec :: Int -> ReadS GenerateDataKeyPair
$creadsPrec :: Int -> ReadS GenerateDataKeyPair
Prelude.Read, Int -> GenerateDataKeyPair -> ShowS
[GenerateDataKeyPair] -> ShowS
GenerateDataKeyPair -> String
(Int -> GenerateDataKeyPair -> ShowS)
-> (GenerateDataKeyPair -> String)
-> ([GenerateDataKeyPair] -> ShowS)
-> Show GenerateDataKeyPair
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GenerateDataKeyPair] -> ShowS
$cshowList :: [GenerateDataKeyPair] -> ShowS
show :: GenerateDataKeyPair -> String
$cshow :: GenerateDataKeyPair -> String
showsPrec :: Int -> GenerateDataKeyPair -> ShowS
$cshowsPrec :: Int -> GenerateDataKeyPair -> ShowS
Prelude.Show, (forall x. GenerateDataKeyPair -> Rep GenerateDataKeyPair x)
-> (forall x. Rep GenerateDataKeyPair x -> GenerateDataKeyPair)
-> Generic GenerateDataKeyPair
forall x. Rep GenerateDataKeyPair x -> GenerateDataKeyPair
forall x. GenerateDataKeyPair -> Rep GenerateDataKeyPair x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GenerateDataKeyPair x -> GenerateDataKeyPair
$cfrom :: forall x. GenerateDataKeyPair -> Rep GenerateDataKeyPair x
Prelude.Generic)

-- |
-- Create a value of 'GenerateDataKeyPair' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'encryptionContext', 'generateDataKeyPair_encryptionContext' - Specifies the encryption context that will be used when encrypting the
-- private key in the data key pair.
--
-- An /encryption context/ is a collection of non-secret key-value pairs
-- that represents additional authenticated data. When you use an
-- encryption context to encrypt data, you must specify the same (an exact
-- case-sensitive match) encryption context to decrypt the data. An
-- encryption context is optional when encrypting with a symmetric KMS key,
-- but it is highly recommended.
--
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
-- in the /Key Management Service Developer Guide/.
--
-- 'grantTokens', 'generateDataKeyPair_grantTokens' - A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
--
-- 'keyId', 'generateDataKeyPair_keyId' - Specifies the symmetric KMS key that encrypts the private key in the
-- data key pair. You cannot specify an asymmetric KMS key or a KMS key in
-- a custom key store. To get the type and origin of your KMS key, use the
-- DescribeKey operation.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
--
-- 'keyPairSpec', 'generateDataKeyPair_keyPairSpec' - Determines the type of data key pair that is generated.
--
-- The KMS rule that restricts the use of asymmetric RSA KMS keys to
-- encrypt and decrypt or to sign and verify (but not both), and the rule
-- that permits you to use ECC KMS keys only to sign and verify, are not
-- effective on data key pairs, which are used outside of KMS.
newGenerateDataKeyPair ::
  -- | 'keyId'
  Prelude.Text ->
  -- | 'keyPairSpec'
  DataKeyPairSpec ->
  GenerateDataKeyPair
newGenerateDataKeyPair :: Text -> DataKeyPairSpec -> GenerateDataKeyPair
newGenerateDataKeyPair Text
pKeyId_ DataKeyPairSpec
pKeyPairSpec_ =
  GenerateDataKeyPair' :: Maybe (HashMap Text Text)
-> Maybe [Text] -> Text -> DataKeyPairSpec -> GenerateDataKeyPair
GenerateDataKeyPair'
    { $sel:encryptionContext:GenerateDataKeyPair' :: Maybe (HashMap Text Text)
encryptionContext =
        Maybe (HashMap Text Text)
forall a. Maybe a
Prelude.Nothing,
      $sel:grantTokens:GenerateDataKeyPair' :: Maybe [Text]
grantTokens = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:keyId:GenerateDataKeyPair' :: Text
keyId = Text
pKeyId_,
      $sel:keyPairSpec:GenerateDataKeyPair' :: DataKeyPairSpec
keyPairSpec = DataKeyPairSpec
pKeyPairSpec_
    }

-- | Specifies the encryption context that will be used when encrypting the
-- private key in the data key pair.
--
-- An /encryption context/ is a collection of non-secret key-value pairs
-- that represents additional authenticated data. When you use an
-- encryption context to encrypt data, you must specify the same (an exact
-- case-sensitive match) encryption context to decrypt the data. An
-- encryption context is optional when encrypting with a symmetric KMS key,
-- but it is highly recommended.
--
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
-- in the /Key Management Service Developer Guide/.
generateDataKeyPair_encryptionContext :: Lens.Lens' GenerateDataKeyPair (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
generateDataKeyPair_encryptionContext :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> GenerateDataKeyPair -> f GenerateDataKeyPair
generateDataKeyPair_encryptionContext = (GenerateDataKeyPair -> Maybe (HashMap Text Text))
-> (GenerateDataKeyPair
    -> Maybe (HashMap Text Text) -> GenerateDataKeyPair)
-> Lens
     GenerateDataKeyPair
     GenerateDataKeyPair
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPair' {Maybe (HashMap Text Text)
encryptionContext :: Maybe (HashMap Text Text)
$sel:encryptionContext:GenerateDataKeyPair' :: GenerateDataKeyPair -> Maybe (HashMap Text Text)
encryptionContext} -> Maybe (HashMap Text Text)
encryptionContext) (\s :: GenerateDataKeyPair
s@GenerateDataKeyPair' {} Maybe (HashMap Text Text)
a -> GenerateDataKeyPair
s {$sel:encryptionContext:GenerateDataKeyPair' :: Maybe (HashMap Text Text)
encryptionContext = Maybe (HashMap Text Text)
a} :: GenerateDataKeyPair) ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
 -> GenerateDataKeyPair -> f GenerateDataKeyPair)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> GenerateDataKeyPair
-> f GenerateDataKeyPair
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
generateDataKeyPair_grantTokens :: Lens.Lens' GenerateDataKeyPair (Prelude.Maybe [Prelude.Text])
generateDataKeyPair_grantTokens :: (Maybe [Text] -> f (Maybe [Text]))
-> GenerateDataKeyPair -> f GenerateDataKeyPair
generateDataKeyPair_grantTokens = (GenerateDataKeyPair -> Maybe [Text])
-> (GenerateDataKeyPair -> Maybe [Text] -> GenerateDataKeyPair)
-> Lens
     GenerateDataKeyPair
     GenerateDataKeyPair
     (Maybe [Text])
     (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPair' {Maybe [Text]
grantTokens :: Maybe [Text]
$sel:grantTokens:GenerateDataKeyPair' :: GenerateDataKeyPair -> Maybe [Text]
grantTokens} -> Maybe [Text]
grantTokens) (\s :: GenerateDataKeyPair
s@GenerateDataKeyPair' {} Maybe [Text]
a -> GenerateDataKeyPair
s {$sel:grantTokens:GenerateDataKeyPair' :: Maybe [Text]
grantTokens = Maybe [Text]
a} :: GenerateDataKeyPair) ((Maybe [Text] -> f (Maybe [Text]))
 -> GenerateDataKeyPair -> f GenerateDataKeyPair)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> GenerateDataKeyPair
-> f GenerateDataKeyPair
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Specifies the symmetric KMS key that encrypts the private key in the
-- data key pair. You cannot specify an asymmetric KMS key or a KMS key in
-- a custom key store. To get the type and origin of your KMS key, use the
-- DescribeKey operation.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
generateDataKeyPair_keyId :: Lens.Lens' GenerateDataKeyPair Prelude.Text
generateDataKeyPair_keyId :: (Text -> f Text) -> GenerateDataKeyPair -> f GenerateDataKeyPair
generateDataKeyPair_keyId = (GenerateDataKeyPair -> Text)
-> (GenerateDataKeyPair -> Text -> GenerateDataKeyPair)
-> Lens GenerateDataKeyPair GenerateDataKeyPair Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPair' {Text
keyId :: Text
$sel:keyId:GenerateDataKeyPair' :: GenerateDataKeyPair -> Text
keyId} -> Text
keyId) (\s :: GenerateDataKeyPair
s@GenerateDataKeyPair' {} Text
a -> GenerateDataKeyPair
s {$sel:keyId:GenerateDataKeyPair' :: Text
keyId = Text
a} :: GenerateDataKeyPair)

-- | Determines the type of data key pair that is generated.
--
-- The KMS rule that restricts the use of asymmetric RSA KMS keys to
-- encrypt and decrypt or to sign and verify (but not both), and the rule
-- that permits you to use ECC KMS keys only to sign and verify, are not
-- effective on data key pairs, which are used outside of KMS.
generateDataKeyPair_keyPairSpec :: Lens.Lens' GenerateDataKeyPair DataKeyPairSpec
generateDataKeyPair_keyPairSpec :: (DataKeyPairSpec -> f DataKeyPairSpec)
-> GenerateDataKeyPair -> f GenerateDataKeyPair
generateDataKeyPair_keyPairSpec = (GenerateDataKeyPair -> DataKeyPairSpec)
-> (GenerateDataKeyPair -> DataKeyPairSpec -> GenerateDataKeyPair)
-> Lens
     GenerateDataKeyPair
     GenerateDataKeyPair
     DataKeyPairSpec
     DataKeyPairSpec
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPair' {DataKeyPairSpec
keyPairSpec :: DataKeyPairSpec
$sel:keyPairSpec:GenerateDataKeyPair' :: GenerateDataKeyPair -> DataKeyPairSpec
keyPairSpec} -> DataKeyPairSpec
keyPairSpec) (\s :: GenerateDataKeyPair
s@GenerateDataKeyPair' {} DataKeyPairSpec
a -> GenerateDataKeyPair
s {$sel:keyPairSpec:GenerateDataKeyPair' :: DataKeyPairSpec
keyPairSpec = DataKeyPairSpec
a} :: GenerateDataKeyPair)

instance Core.AWSRequest GenerateDataKeyPair where
  type
    AWSResponse GenerateDataKeyPair =
      GenerateDataKeyPairResponse
  request :: GenerateDataKeyPair -> Request GenerateDataKeyPair
request = Service -> GenerateDataKeyPair -> Request GenerateDataKeyPair
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy GenerateDataKeyPair
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse GenerateDataKeyPair)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse GenerateDataKeyPair))
-> Logger
-> Service
-> Proxy GenerateDataKeyPair
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse GenerateDataKeyPair)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe Text
-> Maybe Base64
-> Maybe (Sensitive Base64)
-> Maybe DataKeyPairSpec
-> Maybe Base64
-> Int
-> GenerateDataKeyPairResponse
GenerateDataKeyPairResponse'
            (Maybe Text
 -> Maybe Base64
 -> Maybe (Sensitive Base64)
 -> Maybe DataKeyPairSpec
 -> Maybe Base64
 -> Int
 -> GenerateDataKeyPairResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Base64
      -> Maybe (Sensitive Base64)
      -> Maybe DataKeyPairSpec
      -> Maybe Base64
      -> Int
      -> GenerateDataKeyPairResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"KeyId")
            Either
  String
  (Maybe Base64
   -> Maybe (Sensitive Base64)
   -> Maybe DataKeyPairSpec
   -> Maybe Base64
   -> Int
   -> GenerateDataKeyPairResponse)
-> Either String (Maybe Base64)
-> Either
     String
     (Maybe (Sensitive Base64)
      -> Maybe DataKeyPairSpec
      -> Maybe Base64
      -> Int
      -> GenerateDataKeyPairResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Base64)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"PublicKey")
            Either
  String
  (Maybe (Sensitive Base64)
   -> Maybe DataKeyPairSpec
   -> Maybe Base64
   -> Int
   -> GenerateDataKeyPairResponse)
-> Either String (Maybe (Sensitive Base64))
-> Either
     String
     (Maybe DataKeyPairSpec
      -> Maybe Base64 -> Int -> GenerateDataKeyPairResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe (Sensitive Base64))
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"PrivateKeyPlaintext")
            Either
  String
  (Maybe DataKeyPairSpec
   -> Maybe Base64 -> Int -> GenerateDataKeyPairResponse)
-> Either String (Maybe DataKeyPairSpec)
-> Either
     String (Maybe Base64 -> Int -> GenerateDataKeyPairResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe DataKeyPairSpec)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"KeyPairSpec")
            Either String (Maybe Base64 -> Int -> GenerateDataKeyPairResponse)
-> Either String (Maybe Base64)
-> Either String (Int -> GenerateDataKeyPairResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Base64)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"PrivateKeyCiphertextBlob")
            Either String (Int -> GenerateDataKeyPairResponse)
-> Either String Int -> Either String GenerateDataKeyPairResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable GenerateDataKeyPair

instance Prelude.NFData GenerateDataKeyPair

instance Core.ToHeaders GenerateDataKeyPair where
  toHeaders :: GenerateDataKeyPair -> ResponseHeaders
toHeaders =
    ResponseHeaders -> GenerateDataKeyPair -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"TrentService.GenerateDataKeyPair" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON GenerateDataKeyPair where
  toJSON :: GenerateDataKeyPair -> Value
toJSON GenerateDataKeyPair' {Maybe [Text]
Maybe (HashMap Text Text)
Text
DataKeyPairSpec
keyPairSpec :: DataKeyPairSpec
keyId :: Text
grantTokens :: Maybe [Text]
encryptionContext :: Maybe (HashMap Text Text)
$sel:keyPairSpec:GenerateDataKeyPair' :: GenerateDataKeyPair -> DataKeyPairSpec
$sel:keyId:GenerateDataKeyPair' :: GenerateDataKeyPair -> Text
$sel:grantTokens:GenerateDataKeyPair' :: GenerateDataKeyPair -> Maybe [Text]
$sel:encryptionContext:GenerateDataKeyPair' :: GenerateDataKeyPair -> Maybe (HashMap Text Text)
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"EncryptionContext" Text -> HashMap Text Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (HashMap Text Text -> Pair)
-> Maybe (HashMap Text Text) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (HashMap Text Text)
encryptionContext,
            (Text
"GrantTokens" Text -> [Text] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) ([Text] -> Pair) -> Maybe [Text] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
grantTokens,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"KeyId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
keyId),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"KeyPairSpec" Text -> DataKeyPairSpec -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= DataKeyPairSpec
keyPairSpec)
          ]
      )

instance Core.ToPath GenerateDataKeyPair where
  toPath :: GenerateDataKeyPair -> ByteString
toPath = ByteString -> GenerateDataKeyPair -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery GenerateDataKeyPair where
  toQuery :: GenerateDataKeyPair -> QueryString
toQuery = QueryString -> GenerateDataKeyPair -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newGenerateDataKeyPairResponse' smart constructor.
data GenerateDataKeyPairResponse = GenerateDataKeyPairResponse'
  { -- | The Amazon Resource Name
    -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
    -- of the KMS key that encrypted the private key.
    GenerateDataKeyPairResponse -> Maybe Text
keyId :: Prelude.Maybe Prelude.Text,
    -- | The public key (in plaintext).
    GenerateDataKeyPairResponse -> Maybe Base64
publicKey :: Prelude.Maybe Core.Base64,
    -- | The plaintext copy of the private key. When you use the HTTP API or the
    -- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
    -- not Base64-encoded.
    GenerateDataKeyPairResponse -> Maybe (Sensitive Base64)
privateKeyPlaintext :: Prelude.Maybe (Core.Sensitive Core.Base64),
    -- | The type of data key pair that was generated.
    GenerateDataKeyPairResponse -> Maybe DataKeyPairSpec
keyPairSpec :: Prelude.Maybe DataKeyPairSpec,
    -- | The encrypted copy of the private key. When you use the HTTP API or the
    -- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
    -- not Base64-encoded.
    GenerateDataKeyPairResponse -> Maybe Base64
privateKeyCiphertextBlob :: Prelude.Maybe Core.Base64,
    -- | The response's http status code.
    GenerateDataKeyPairResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (GenerateDataKeyPairResponse -> GenerateDataKeyPairResponse -> Bool
(GenerateDataKeyPairResponse
 -> GenerateDataKeyPairResponse -> Bool)
-> (GenerateDataKeyPairResponse
    -> GenerateDataKeyPairResponse -> Bool)
-> Eq GenerateDataKeyPairResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GenerateDataKeyPairResponse -> GenerateDataKeyPairResponse -> Bool
$c/= :: GenerateDataKeyPairResponse -> GenerateDataKeyPairResponse -> Bool
== :: GenerateDataKeyPairResponse -> GenerateDataKeyPairResponse -> Bool
$c== :: GenerateDataKeyPairResponse -> GenerateDataKeyPairResponse -> Bool
Prelude.Eq, Int -> GenerateDataKeyPairResponse -> ShowS
[GenerateDataKeyPairResponse] -> ShowS
GenerateDataKeyPairResponse -> String
(Int -> GenerateDataKeyPairResponse -> ShowS)
-> (GenerateDataKeyPairResponse -> String)
-> ([GenerateDataKeyPairResponse] -> ShowS)
-> Show GenerateDataKeyPairResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GenerateDataKeyPairResponse] -> ShowS
$cshowList :: [GenerateDataKeyPairResponse] -> ShowS
show :: GenerateDataKeyPairResponse -> String
$cshow :: GenerateDataKeyPairResponse -> String
showsPrec :: Int -> GenerateDataKeyPairResponse -> ShowS
$cshowsPrec :: Int -> GenerateDataKeyPairResponse -> ShowS
Prelude.Show, (forall x.
 GenerateDataKeyPairResponse -> Rep GenerateDataKeyPairResponse x)
-> (forall x.
    Rep GenerateDataKeyPairResponse x -> GenerateDataKeyPairResponse)
-> Generic GenerateDataKeyPairResponse
forall x.
Rep GenerateDataKeyPairResponse x -> GenerateDataKeyPairResponse
forall x.
GenerateDataKeyPairResponse -> Rep GenerateDataKeyPairResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep GenerateDataKeyPairResponse x -> GenerateDataKeyPairResponse
$cfrom :: forall x.
GenerateDataKeyPairResponse -> Rep GenerateDataKeyPairResponse x
Prelude.Generic)

-- |
-- Create a value of 'GenerateDataKeyPairResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keyId', 'generateDataKeyPairResponse_keyId' - The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the KMS key that encrypted the private key.
--
-- 'publicKey', 'generateDataKeyPairResponse_publicKey' - The public key (in plaintext).--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
--
-- 'privateKeyPlaintext', 'generateDataKeyPairResponse_privateKeyPlaintext' - The plaintext copy of the private key. When you use the HTTP API or the
-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
-- not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
--
-- 'keyPairSpec', 'generateDataKeyPairResponse_keyPairSpec' - The type of data key pair that was generated.
--
-- 'privateKeyCiphertextBlob', 'generateDataKeyPairResponse_privateKeyCiphertextBlob' - The encrypted copy of the private key. When you use the HTTP API or the
-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
-- not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
--
-- 'httpStatus', 'generateDataKeyPairResponse_httpStatus' - The response's http status code.
newGenerateDataKeyPairResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  GenerateDataKeyPairResponse
newGenerateDataKeyPairResponse :: Int -> GenerateDataKeyPairResponse
newGenerateDataKeyPairResponse Int
pHttpStatus_ =
  GenerateDataKeyPairResponse' :: Maybe Text
-> Maybe Base64
-> Maybe (Sensitive Base64)
-> Maybe DataKeyPairSpec
-> Maybe Base64
-> Int
-> GenerateDataKeyPairResponse
GenerateDataKeyPairResponse'
    { $sel:keyId:GenerateDataKeyPairResponse' :: Maybe Text
keyId =
        Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:publicKey:GenerateDataKeyPairResponse' :: Maybe Base64
publicKey = Maybe Base64
forall a. Maybe a
Prelude.Nothing,
      $sel:privateKeyPlaintext:GenerateDataKeyPairResponse' :: Maybe (Sensitive Base64)
privateKeyPlaintext = Maybe (Sensitive Base64)
forall a. Maybe a
Prelude.Nothing,
      $sel:keyPairSpec:GenerateDataKeyPairResponse' :: Maybe DataKeyPairSpec
keyPairSpec = Maybe DataKeyPairSpec
forall a. Maybe a
Prelude.Nothing,
      $sel:privateKeyCiphertextBlob:GenerateDataKeyPairResponse' :: Maybe Base64
privateKeyCiphertextBlob = Maybe Base64
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:GenerateDataKeyPairResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the KMS key that encrypted the private key.
generateDataKeyPairResponse_keyId :: Lens.Lens' GenerateDataKeyPairResponse (Prelude.Maybe Prelude.Text)
generateDataKeyPairResponse_keyId :: (Maybe Text -> f (Maybe Text))
-> GenerateDataKeyPairResponse -> f GenerateDataKeyPairResponse
generateDataKeyPairResponse_keyId = (GenerateDataKeyPairResponse -> Maybe Text)
-> (GenerateDataKeyPairResponse
    -> Maybe Text -> GenerateDataKeyPairResponse)
-> Lens
     GenerateDataKeyPairResponse
     GenerateDataKeyPairResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairResponse' {Maybe Text
keyId :: Maybe Text
$sel:keyId:GenerateDataKeyPairResponse' :: GenerateDataKeyPairResponse -> Maybe Text
keyId} -> Maybe Text
keyId) (\s :: GenerateDataKeyPairResponse
s@GenerateDataKeyPairResponse' {} Maybe Text
a -> GenerateDataKeyPairResponse
s {$sel:keyId:GenerateDataKeyPairResponse' :: Maybe Text
keyId = Maybe Text
a} :: GenerateDataKeyPairResponse)

-- | The public key (in plaintext).--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
generateDataKeyPairResponse_publicKey :: Lens.Lens' GenerateDataKeyPairResponse (Prelude.Maybe Prelude.ByteString)
generateDataKeyPairResponse_publicKey :: (Maybe ByteString -> f (Maybe ByteString))
-> GenerateDataKeyPairResponse -> f GenerateDataKeyPairResponse
generateDataKeyPairResponse_publicKey = (GenerateDataKeyPairResponse -> Maybe Base64)
-> (GenerateDataKeyPairResponse
    -> Maybe Base64 -> GenerateDataKeyPairResponse)
-> Lens
     GenerateDataKeyPairResponse
     GenerateDataKeyPairResponse
     (Maybe Base64)
     (Maybe Base64)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairResponse' {Maybe Base64
publicKey :: Maybe Base64
$sel:publicKey:GenerateDataKeyPairResponse' :: GenerateDataKeyPairResponse -> Maybe Base64
publicKey} -> Maybe Base64
publicKey) (\s :: GenerateDataKeyPairResponse
s@GenerateDataKeyPairResponse' {} Maybe Base64
a -> GenerateDataKeyPairResponse
s {$sel:publicKey:GenerateDataKeyPairResponse' :: Maybe Base64
publicKey = Maybe Base64
a} :: GenerateDataKeyPairResponse) ((Maybe Base64 -> f (Maybe Base64))
 -> GenerateDataKeyPairResponse -> f GenerateDataKeyPairResponse)
-> ((Maybe ByteString -> f (Maybe ByteString))
    -> Maybe Base64 -> f (Maybe Base64))
-> (Maybe ByteString -> f (Maybe ByteString))
-> GenerateDataKeyPairResponse
-> f GenerateDataKeyPairResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso Base64 Base64 ByteString ByteString
-> Iso
     (Maybe Base64) (Maybe Base64) (Maybe ByteString) (Maybe ByteString)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso Base64 Base64 ByteString ByteString
Iso' Base64 ByteString
Core._Base64

-- | The plaintext copy of the private key. When you use the HTTP API or the
-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
-- not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
generateDataKeyPairResponse_privateKeyPlaintext :: Lens.Lens' GenerateDataKeyPairResponse (Prelude.Maybe Prelude.ByteString)
generateDataKeyPairResponse_privateKeyPlaintext :: (Maybe ByteString -> f (Maybe ByteString))
-> GenerateDataKeyPairResponse -> f GenerateDataKeyPairResponse
generateDataKeyPairResponse_privateKeyPlaintext = (GenerateDataKeyPairResponse -> Maybe (Sensitive Base64))
-> (GenerateDataKeyPairResponse
    -> Maybe (Sensitive Base64) -> GenerateDataKeyPairResponse)
-> Lens
     GenerateDataKeyPairResponse
     GenerateDataKeyPairResponse
     (Maybe (Sensitive Base64))
     (Maybe (Sensitive Base64))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairResponse' {Maybe (Sensitive Base64)
privateKeyPlaintext :: Maybe (Sensitive Base64)
$sel:privateKeyPlaintext:GenerateDataKeyPairResponse' :: GenerateDataKeyPairResponse -> Maybe (Sensitive Base64)
privateKeyPlaintext} -> Maybe (Sensitive Base64)
privateKeyPlaintext) (\s :: GenerateDataKeyPairResponse
s@GenerateDataKeyPairResponse' {} Maybe (Sensitive Base64)
a -> GenerateDataKeyPairResponse
s {$sel:privateKeyPlaintext:GenerateDataKeyPairResponse' :: Maybe (Sensitive Base64)
privateKeyPlaintext = Maybe (Sensitive Base64)
a} :: GenerateDataKeyPairResponse) ((Maybe (Sensitive Base64) -> f (Maybe (Sensitive Base64)))
 -> GenerateDataKeyPairResponse -> f GenerateDataKeyPairResponse)
-> ((Maybe ByteString -> f (Maybe ByteString))
    -> Maybe (Sensitive Base64) -> f (Maybe (Sensitive Base64)))
-> (Maybe ByteString -> f (Maybe ByteString))
-> GenerateDataKeyPairResponse
-> f GenerateDataKeyPairResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso (Sensitive Base64) (Sensitive Base64) ByteString ByteString
-> Iso
     (Maybe (Sensitive Base64))
     (Maybe (Sensitive Base64))
     (Maybe ByteString)
     (Maybe ByteString)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping (Exchange ByteString ByteString Base64 (Identity Base64)
-> Exchange
     ByteString
     ByteString
     (Sensitive Base64)
     (Identity (Sensitive Base64))
forall a. Iso' (Sensitive a) a
Core._Sensitive (Exchange ByteString ByteString Base64 (Identity Base64)
 -> Exchange
      ByteString
      ByteString
      (Sensitive Base64)
      (Identity (Sensitive Base64)))
-> AnIso Base64 Base64 ByteString ByteString
-> AnIso
     (Sensitive Base64) (Sensitive Base64) ByteString ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso Base64 Base64 ByteString ByteString
Iso' Base64 ByteString
Core._Base64)

-- | The type of data key pair that was generated.
generateDataKeyPairResponse_keyPairSpec :: Lens.Lens' GenerateDataKeyPairResponse (Prelude.Maybe DataKeyPairSpec)
generateDataKeyPairResponse_keyPairSpec :: (Maybe DataKeyPairSpec -> f (Maybe DataKeyPairSpec))
-> GenerateDataKeyPairResponse -> f GenerateDataKeyPairResponse
generateDataKeyPairResponse_keyPairSpec = (GenerateDataKeyPairResponse -> Maybe DataKeyPairSpec)
-> (GenerateDataKeyPairResponse
    -> Maybe DataKeyPairSpec -> GenerateDataKeyPairResponse)
-> Lens
     GenerateDataKeyPairResponse
     GenerateDataKeyPairResponse
     (Maybe DataKeyPairSpec)
     (Maybe DataKeyPairSpec)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairResponse' {Maybe DataKeyPairSpec
keyPairSpec :: Maybe DataKeyPairSpec
$sel:keyPairSpec:GenerateDataKeyPairResponse' :: GenerateDataKeyPairResponse -> Maybe DataKeyPairSpec
keyPairSpec} -> Maybe DataKeyPairSpec
keyPairSpec) (\s :: GenerateDataKeyPairResponse
s@GenerateDataKeyPairResponse' {} Maybe DataKeyPairSpec
a -> GenerateDataKeyPairResponse
s {$sel:keyPairSpec:GenerateDataKeyPairResponse' :: Maybe DataKeyPairSpec
keyPairSpec = Maybe DataKeyPairSpec
a} :: GenerateDataKeyPairResponse)

-- | The encrypted copy of the private key. When you use the HTTP API or the
-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
-- not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
generateDataKeyPairResponse_privateKeyCiphertextBlob :: Lens.Lens' GenerateDataKeyPairResponse (Prelude.Maybe Prelude.ByteString)
generateDataKeyPairResponse_privateKeyCiphertextBlob :: (Maybe ByteString -> f (Maybe ByteString))
-> GenerateDataKeyPairResponse -> f GenerateDataKeyPairResponse
generateDataKeyPairResponse_privateKeyCiphertextBlob = (GenerateDataKeyPairResponse -> Maybe Base64)
-> (GenerateDataKeyPairResponse
    -> Maybe Base64 -> GenerateDataKeyPairResponse)
-> Lens
     GenerateDataKeyPairResponse
     GenerateDataKeyPairResponse
     (Maybe Base64)
     (Maybe Base64)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairResponse' {Maybe Base64
privateKeyCiphertextBlob :: Maybe Base64
$sel:privateKeyCiphertextBlob:GenerateDataKeyPairResponse' :: GenerateDataKeyPairResponse -> Maybe Base64
privateKeyCiphertextBlob} -> Maybe Base64
privateKeyCiphertextBlob) (\s :: GenerateDataKeyPairResponse
s@GenerateDataKeyPairResponse' {} Maybe Base64
a -> GenerateDataKeyPairResponse
s {$sel:privateKeyCiphertextBlob:GenerateDataKeyPairResponse' :: Maybe Base64
privateKeyCiphertextBlob = Maybe Base64
a} :: GenerateDataKeyPairResponse) ((Maybe Base64 -> f (Maybe Base64))
 -> GenerateDataKeyPairResponse -> f GenerateDataKeyPairResponse)
-> ((Maybe ByteString -> f (Maybe ByteString))
    -> Maybe Base64 -> f (Maybe Base64))
-> (Maybe ByteString -> f (Maybe ByteString))
-> GenerateDataKeyPairResponse
-> f GenerateDataKeyPairResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso Base64 Base64 ByteString ByteString
-> Iso
     (Maybe Base64) (Maybe Base64) (Maybe ByteString) (Maybe ByteString)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso Base64 Base64 ByteString ByteString
Iso' Base64 ByteString
Core._Base64

-- | The response's http status code.
generateDataKeyPairResponse_httpStatus :: Lens.Lens' GenerateDataKeyPairResponse Prelude.Int
generateDataKeyPairResponse_httpStatus :: (Int -> f Int)
-> GenerateDataKeyPairResponse -> f GenerateDataKeyPairResponse
generateDataKeyPairResponse_httpStatus = (GenerateDataKeyPairResponse -> Int)
-> (GenerateDataKeyPairResponse
    -> Int -> GenerateDataKeyPairResponse)
-> Lens
     GenerateDataKeyPairResponse GenerateDataKeyPairResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairResponse' {Int
httpStatus :: Int
$sel:httpStatus:GenerateDataKeyPairResponse' :: GenerateDataKeyPairResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: GenerateDataKeyPairResponse
s@GenerateDataKeyPairResponse' {} Int
a -> GenerateDataKeyPairResponse
s {$sel:httpStatus:GenerateDataKeyPairResponse' :: Int
httpStatus = Int
a} :: GenerateDataKeyPairResponse)

instance Prelude.NFData GenerateDataKeyPairResponse