{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Generates a unique asymmetric data key pair. The
-- @GenerateDataKeyPairWithoutPlaintext@ operation returns a plaintext
-- public key and a copy of the private key that is encrypted under the
-- symmetric KMS key you specify. Unlike GenerateDataKeyPair, this
-- operation does not return a plaintext private key.
--
-- You can use the public key that @GenerateDataKeyPairWithoutPlaintext@
-- returns to encrypt data or verify a signature outside of KMS. Then,
-- store the encrypted private key with the data. When you are ready to
-- decrypt data or sign a message, you can use the Decrypt operation to
-- decrypt the encrypted private key.
--
-- To generate a data key pair, you must specify a symmetric KMS key to
-- encrypt the private key in a data key pair. You cannot use an asymmetric
-- KMS key or a KMS key in a custom key store. To get the type and origin
-- of your KMS key, use the DescribeKey operation.
--
-- Use the @KeyPairSpec@ parameter to choose an RSA or Elliptic Curve (ECC)
-- data key pair. KMS recommends that your use ECC key pairs for signing,
-- and use RSA key pairs for either encryption or signing, but not both.
-- However, KMS cannot enforce any restrictions on the use of data key
-- pairs outside of KMS.
--
-- @GenerateDataKeyPairWithoutPlaintext@ returns a unique data key pair for
-- each request. The bytes in the key are not related to the caller or KMS
-- key that is used to encrypt the private key. The public key is a
-- DER-encoded X.509 SubjectPublicKeyInfo, as specified in
-- <https://tools.ietf.org/html/rfc5280 RFC 5280>.
--
-- You can use the optional encryption context to add additional security
-- to the encryption operation. If you specify an @EncryptionContext@, you
-- must specify the same encryption context (a case-sensitive exact match)
-- when decrypting the encrypted data key. Otherwise, the request to
-- decrypt fails with an @InvalidCiphertextException@. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
-- in the /Key Management Service Developer Guide/.
--
-- The KMS key that you use for this operation must be in a compatible key
-- state. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key state: Effect on your KMS key>
-- in the /Key Management Service Developer Guide/.
--
-- __Cross-account use__: Yes. To perform this operation with a KMS key in
-- a different Amazon Web Services account, specify the key ARN or alias
-- ARN in the value of the @KeyId@ parameter.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GenerateDataKeyPairWithoutPlaintext>
-- (key policy)
--
-- __Related operations:__
--
-- -   Decrypt
--
-- -   Encrypt
--
-- -   GenerateDataKey
--
-- -   GenerateDataKeyPair
--
-- -   GenerateDataKeyWithoutPlaintext
module Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext
  ( -- * Creating a Request
    GenerateDataKeyPairWithoutPlaintext (..),
    newGenerateDataKeyPairWithoutPlaintext,

    -- * Request Lenses
    generateDataKeyPairWithoutPlaintext_encryptionContext,
    generateDataKeyPairWithoutPlaintext_grantTokens,
    generateDataKeyPairWithoutPlaintext_keyId,
    generateDataKeyPairWithoutPlaintext_keyPairSpec,

    -- * Destructuring the Response
    GenerateDataKeyPairWithoutPlaintextResponse (..),
    newGenerateDataKeyPairWithoutPlaintextResponse,

    -- * Response Lenses
    generateDataKeyPairWithoutPlaintextResponse_keyId,
    generateDataKeyPairWithoutPlaintextResponse_publicKey,
    generateDataKeyPairWithoutPlaintextResponse_keyPairSpec,
    generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob,
    generateDataKeyPairWithoutPlaintextResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.KMS.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newGenerateDataKeyPairWithoutPlaintext' smart constructor.
data GenerateDataKeyPairWithoutPlaintext = GenerateDataKeyPairWithoutPlaintext'
  { -- | Specifies the encryption context that will be used when encrypting the
    -- private key in the data key pair.
    --
    -- An /encryption context/ is a collection of non-secret key-value pairs
    -- that represents additional authenticated data. When you use an
    -- encryption context to encrypt data, you must specify the same (an exact
    -- case-sensitive match) encryption context to decrypt the data. An
    -- encryption context is optional when encrypting with a symmetric KMS key,
    -- but it is highly recommended.
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
    -- in the /Key Management Service Developer Guide/.
    GenerateDataKeyPairWithoutPlaintext -> Maybe (HashMap Text Text)
encryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | A list of grant tokens.
    --
    -- Use a grant token when your permission to call this operation comes from
    -- a new grant that has not yet achieved /eventual consistency/. For more
    -- information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
    -- and
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
    -- in the /Key Management Service Developer Guide/.
    GenerateDataKeyPairWithoutPlaintext -> Maybe [Text]
grantTokens :: Prelude.Maybe [Prelude.Text],
    -- | Specifies the KMS key that encrypts the private key in the data key
    -- pair. You must specify a symmetric KMS key. You cannot use an asymmetric
    -- KMS key or a KMS key in a custom key store. To get the type and origin
    -- of your KMS key, use the DescribeKey operation.
    --
    -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
    -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
    -- key in a different Amazon Web Services account, you must use the key ARN
    -- or alias ARN.
    --
    -- For example:
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Alias name: @alias\/ExampleAlias@
    --
    -- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
    --
    -- To get the key ID and key ARN for a KMS key, use ListKeys or
    -- DescribeKey. To get the alias name and alias ARN, use ListAliases.
    GenerateDataKeyPairWithoutPlaintext -> Text
keyId :: Prelude.Text,
    -- | Determines the type of data key pair that is generated.
    --
    -- The KMS rule that restricts the use of asymmetric RSA KMS keys to
    -- encrypt and decrypt or to sign and verify (but not both), and the rule
    -- that permits you to use ECC KMS keys only to sign and verify, are not
    -- effective on data key pairs, which are used outside of KMS.
    GenerateDataKeyPairWithoutPlaintext -> DataKeyPairSpec
keyPairSpec :: DataKeyPairSpec
  }
  deriving (GenerateDataKeyPairWithoutPlaintext
-> GenerateDataKeyPairWithoutPlaintext -> Bool
(GenerateDataKeyPairWithoutPlaintext
 -> GenerateDataKeyPairWithoutPlaintext -> Bool)
-> (GenerateDataKeyPairWithoutPlaintext
    -> GenerateDataKeyPairWithoutPlaintext -> Bool)
-> Eq GenerateDataKeyPairWithoutPlaintext
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GenerateDataKeyPairWithoutPlaintext
-> GenerateDataKeyPairWithoutPlaintext -> Bool
$c/= :: GenerateDataKeyPairWithoutPlaintext
-> GenerateDataKeyPairWithoutPlaintext -> Bool
== :: GenerateDataKeyPairWithoutPlaintext
-> GenerateDataKeyPairWithoutPlaintext -> Bool
$c== :: GenerateDataKeyPairWithoutPlaintext
-> GenerateDataKeyPairWithoutPlaintext -> Bool
Prelude.Eq, ReadPrec [GenerateDataKeyPairWithoutPlaintext]
ReadPrec GenerateDataKeyPairWithoutPlaintext
Int -> ReadS GenerateDataKeyPairWithoutPlaintext
ReadS [GenerateDataKeyPairWithoutPlaintext]
(Int -> ReadS GenerateDataKeyPairWithoutPlaintext)
-> ReadS [GenerateDataKeyPairWithoutPlaintext]
-> ReadPrec GenerateDataKeyPairWithoutPlaintext
-> ReadPrec [GenerateDataKeyPairWithoutPlaintext]
-> Read GenerateDataKeyPairWithoutPlaintext
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GenerateDataKeyPairWithoutPlaintext]
$creadListPrec :: ReadPrec [GenerateDataKeyPairWithoutPlaintext]
readPrec :: ReadPrec GenerateDataKeyPairWithoutPlaintext
$creadPrec :: ReadPrec GenerateDataKeyPairWithoutPlaintext
readList :: ReadS [GenerateDataKeyPairWithoutPlaintext]
$creadList :: ReadS [GenerateDataKeyPairWithoutPlaintext]
readsPrec :: Int -> ReadS GenerateDataKeyPairWithoutPlaintext
$creadsPrec :: Int -> ReadS GenerateDataKeyPairWithoutPlaintext
Prelude.Read, Int -> GenerateDataKeyPairWithoutPlaintext -> ShowS
[GenerateDataKeyPairWithoutPlaintext] -> ShowS
GenerateDataKeyPairWithoutPlaintext -> String
(Int -> GenerateDataKeyPairWithoutPlaintext -> ShowS)
-> (GenerateDataKeyPairWithoutPlaintext -> String)
-> ([GenerateDataKeyPairWithoutPlaintext] -> ShowS)
-> Show GenerateDataKeyPairWithoutPlaintext
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GenerateDataKeyPairWithoutPlaintext] -> ShowS
$cshowList :: [GenerateDataKeyPairWithoutPlaintext] -> ShowS
show :: GenerateDataKeyPairWithoutPlaintext -> String
$cshow :: GenerateDataKeyPairWithoutPlaintext -> String
showsPrec :: Int -> GenerateDataKeyPairWithoutPlaintext -> ShowS
$cshowsPrec :: Int -> GenerateDataKeyPairWithoutPlaintext -> ShowS
Prelude.Show, (forall x.
 GenerateDataKeyPairWithoutPlaintext
 -> Rep GenerateDataKeyPairWithoutPlaintext x)
-> (forall x.
    Rep GenerateDataKeyPairWithoutPlaintext x
    -> GenerateDataKeyPairWithoutPlaintext)
-> Generic GenerateDataKeyPairWithoutPlaintext
forall x.
Rep GenerateDataKeyPairWithoutPlaintext x
-> GenerateDataKeyPairWithoutPlaintext
forall x.
GenerateDataKeyPairWithoutPlaintext
-> Rep GenerateDataKeyPairWithoutPlaintext x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep GenerateDataKeyPairWithoutPlaintext x
-> GenerateDataKeyPairWithoutPlaintext
$cfrom :: forall x.
GenerateDataKeyPairWithoutPlaintext
-> Rep GenerateDataKeyPairWithoutPlaintext x
Prelude.Generic)

-- |
-- Create a value of 'GenerateDataKeyPairWithoutPlaintext' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'encryptionContext', 'generateDataKeyPairWithoutPlaintext_encryptionContext' - Specifies the encryption context that will be used when encrypting the
-- private key in the data key pair.
--
-- An /encryption context/ is a collection of non-secret key-value pairs
-- that represents additional authenticated data. When you use an
-- encryption context to encrypt data, you must specify the same (an exact
-- case-sensitive match) encryption context to decrypt the data. An
-- encryption context is optional when encrypting with a symmetric KMS key,
-- but it is highly recommended.
--
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
-- in the /Key Management Service Developer Guide/.
--
-- 'grantTokens', 'generateDataKeyPairWithoutPlaintext_grantTokens' - A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
--
-- 'keyId', 'generateDataKeyPairWithoutPlaintext_keyId' - Specifies the KMS key that encrypts the private key in the data key
-- pair. You must specify a symmetric KMS key. You cannot use an asymmetric
-- KMS key or a KMS key in a custom key store. To get the type and origin
-- of your KMS key, use the DescribeKey operation.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
--
-- 'keyPairSpec', 'generateDataKeyPairWithoutPlaintext_keyPairSpec' - Determines the type of data key pair that is generated.
--
-- The KMS rule that restricts the use of asymmetric RSA KMS keys to
-- encrypt and decrypt or to sign and verify (but not both), and the rule
-- that permits you to use ECC KMS keys only to sign and verify, are not
-- effective on data key pairs, which are used outside of KMS.
newGenerateDataKeyPairWithoutPlaintext ::
  -- | 'keyId'
  Prelude.Text ->
  -- | 'keyPairSpec'
  DataKeyPairSpec ->
  GenerateDataKeyPairWithoutPlaintext
newGenerateDataKeyPairWithoutPlaintext :: Text -> DataKeyPairSpec -> GenerateDataKeyPairWithoutPlaintext
newGenerateDataKeyPairWithoutPlaintext
  Text
pKeyId_
  DataKeyPairSpec
pKeyPairSpec_ =
    GenerateDataKeyPairWithoutPlaintext' :: Maybe (HashMap Text Text)
-> Maybe [Text]
-> Text
-> DataKeyPairSpec
-> GenerateDataKeyPairWithoutPlaintext
GenerateDataKeyPairWithoutPlaintext'
      { $sel:encryptionContext:GenerateDataKeyPairWithoutPlaintext' :: Maybe (HashMap Text Text)
encryptionContext =
          Maybe (HashMap Text Text)
forall a. Maybe a
Prelude.Nothing,
        $sel:grantTokens:GenerateDataKeyPairWithoutPlaintext' :: Maybe [Text]
grantTokens = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
        $sel:keyId:GenerateDataKeyPairWithoutPlaintext' :: Text
keyId = Text
pKeyId_,
        $sel:keyPairSpec:GenerateDataKeyPairWithoutPlaintext' :: DataKeyPairSpec
keyPairSpec = DataKeyPairSpec
pKeyPairSpec_
      }

-- | Specifies the encryption context that will be used when encrypting the
-- private key in the data key pair.
--
-- An /encryption context/ is a collection of non-secret key-value pairs
-- that represents additional authenticated data. When you use an
-- encryption context to encrypt data, you must specify the same (an exact
-- case-sensitive match) encryption context to decrypt the data. An
-- encryption context is optional when encrypting with a symmetric KMS key,
-- but it is highly recommended.
--
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>
-- in the /Key Management Service Developer Guide/.
generateDataKeyPairWithoutPlaintext_encryptionContext :: Lens.Lens' GenerateDataKeyPairWithoutPlaintext (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
generateDataKeyPairWithoutPlaintext_encryptionContext :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> GenerateDataKeyPairWithoutPlaintext
-> f GenerateDataKeyPairWithoutPlaintext
generateDataKeyPairWithoutPlaintext_encryptionContext = (GenerateDataKeyPairWithoutPlaintext -> Maybe (HashMap Text Text))
-> (GenerateDataKeyPairWithoutPlaintext
    -> Maybe (HashMap Text Text)
    -> GenerateDataKeyPairWithoutPlaintext)
-> Lens
     GenerateDataKeyPairWithoutPlaintext
     GenerateDataKeyPairWithoutPlaintext
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairWithoutPlaintext' {Maybe (HashMap Text Text)
encryptionContext :: Maybe (HashMap Text Text)
$sel:encryptionContext:GenerateDataKeyPairWithoutPlaintext' :: GenerateDataKeyPairWithoutPlaintext -> Maybe (HashMap Text Text)
encryptionContext} -> Maybe (HashMap Text Text)
encryptionContext) (\s :: GenerateDataKeyPairWithoutPlaintext
s@GenerateDataKeyPairWithoutPlaintext' {} Maybe (HashMap Text Text)
a -> GenerateDataKeyPairWithoutPlaintext
s {$sel:encryptionContext:GenerateDataKeyPairWithoutPlaintext' :: Maybe (HashMap Text Text)
encryptionContext = Maybe (HashMap Text Text)
a} :: GenerateDataKeyPairWithoutPlaintext) ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
 -> GenerateDataKeyPairWithoutPlaintext
 -> f GenerateDataKeyPairWithoutPlaintext)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> GenerateDataKeyPairWithoutPlaintext
-> f GenerateDataKeyPairWithoutPlaintext
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
generateDataKeyPairWithoutPlaintext_grantTokens :: Lens.Lens' GenerateDataKeyPairWithoutPlaintext (Prelude.Maybe [Prelude.Text])
generateDataKeyPairWithoutPlaintext_grantTokens :: (Maybe [Text] -> f (Maybe [Text]))
-> GenerateDataKeyPairWithoutPlaintext
-> f GenerateDataKeyPairWithoutPlaintext
generateDataKeyPairWithoutPlaintext_grantTokens = (GenerateDataKeyPairWithoutPlaintext -> Maybe [Text])
-> (GenerateDataKeyPairWithoutPlaintext
    -> Maybe [Text] -> GenerateDataKeyPairWithoutPlaintext)
-> Lens
     GenerateDataKeyPairWithoutPlaintext
     GenerateDataKeyPairWithoutPlaintext
     (Maybe [Text])
     (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairWithoutPlaintext' {Maybe [Text]
grantTokens :: Maybe [Text]
$sel:grantTokens:GenerateDataKeyPairWithoutPlaintext' :: GenerateDataKeyPairWithoutPlaintext -> Maybe [Text]
grantTokens} -> Maybe [Text]
grantTokens) (\s :: GenerateDataKeyPairWithoutPlaintext
s@GenerateDataKeyPairWithoutPlaintext' {} Maybe [Text]
a -> GenerateDataKeyPairWithoutPlaintext
s {$sel:grantTokens:GenerateDataKeyPairWithoutPlaintext' :: Maybe [Text]
grantTokens = Maybe [Text]
a} :: GenerateDataKeyPairWithoutPlaintext) ((Maybe [Text] -> f (Maybe [Text]))
 -> GenerateDataKeyPairWithoutPlaintext
 -> f GenerateDataKeyPairWithoutPlaintext)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> GenerateDataKeyPairWithoutPlaintext
-> f GenerateDataKeyPairWithoutPlaintext
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Specifies the KMS key that encrypts the private key in the data key
-- pair. You must specify a symmetric KMS key. You cannot use an asymmetric
-- KMS key or a KMS key in a custom key store. To get the type and origin
-- of your KMS key, use the DescribeKey operation.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
generateDataKeyPairWithoutPlaintext_keyId :: Lens.Lens' GenerateDataKeyPairWithoutPlaintext Prelude.Text
generateDataKeyPairWithoutPlaintext_keyId :: (Text -> f Text)
-> GenerateDataKeyPairWithoutPlaintext
-> f GenerateDataKeyPairWithoutPlaintext
generateDataKeyPairWithoutPlaintext_keyId = (GenerateDataKeyPairWithoutPlaintext -> Text)
-> (GenerateDataKeyPairWithoutPlaintext
    -> Text -> GenerateDataKeyPairWithoutPlaintext)
-> Lens
     GenerateDataKeyPairWithoutPlaintext
     GenerateDataKeyPairWithoutPlaintext
     Text
     Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairWithoutPlaintext' {Text
keyId :: Text
$sel:keyId:GenerateDataKeyPairWithoutPlaintext' :: GenerateDataKeyPairWithoutPlaintext -> Text
keyId} -> Text
keyId) (\s :: GenerateDataKeyPairWithoutPlaintext
s@GenerateDataKeyPairWithoutPlaintext' {} Text
a -> GenerateDataKeyPairWithoutPlaintext
s {$sel:keyId:GenerateDataKeyPairWithoutPlaintext' :: Text
keyId = Text
a} :: GenerateDataKeyPairWithoutPlaintext)

-- | Determines the type of data key pair that is generated.
--
-- The KMS rule that restricts the use of asymmetric RSA KMS keys to
-- encrypt and decrypt or to sign and verify (but not both), and the rule
-- that permits you to use ECC KMS keys only to sign and verify, are not
-- effective on data key pairs, which are used outside of KMS.
generateDataKeyPairWithoutPlaintext_keyPairSpec :: Lens.Lens' GenerateDataKeyPairWithoutPlaintext DataKeyPairSpec
generateDataKeyPairWithoutPlaintext_keyPairSpec :: (DataKeyPairSpec -> f DataKeyPairSpec)
-> GenerateDataKeyPairWithoutPlaintext
-> f GenerateDataKeyPairWithoutPlaintext
generateDataKeyPairWithoutPlaintext_keyPairSpec = (GenerateDataKeyPairWithoutPlaintext -> DataKeyPairSpec)
-> (GenerateDataKeyPairWithoutPlaintext
    -> DataKeyPairSpec -> GenerateDataKeyPairWithoutPlaintext)
-> Lens
     GenerateDataKeyPairWithoutPlaintext
     GenerateDataKeyPairWithoutPlaintext
     DataKeyPairSpec
     DataKeyPairSpec
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairWithoutPlaintext' {DataKeyPairSpec
keyPairSpec :: DataKeyPairSpec
$sel:keyPairSpec:GenerateDataKeyPairWithoutPlaintext' :: GenerateDataKeyPairWithoutPlaintext -> DataKeyPairSpec
keyPairSpec} -> DataKeyPairSpec
keyPairSpec) (\s :: GenerateDataKeyPairWithoutPlaintext
s@GenerateDataKeyPairWithoutPlaintext' {} DataKeyPairSpec
a -> GenerateDataKeyPairWithoutPlaintext
s {$sel:keyPairSpec:GenerateDataKeyPairWithoutPlaintext' :: DataKeyPairSpec
keyPairSpec = DataKeyPairSpec
a} :: GenerateDataKeyPairWithoutPlaintext)

instance
  Core.AWSRequest
    GenerateDataKeyPairWithoutPlaintext
  where
  type
    AWSResponse GenerateDataKeyPairWithoutPlaintext =
      GenerateDataKeyPairWithoutPlaintextResponse
  request :: GenerateDataKeyPairWithoutPlaintext
-> Request GenerateDataKeyPairWithoutPlaintext
request = Service
-> GenerateDataKeyPairWithoutPlaintext
-> Request GenerateDataKeyPairWithoutPlaintext
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy GenerateDataKeyPairWithoutPlaintext
-> ClientResponse ClientBody
-> m (Either
        Error
        (ClientResponse (AWSResponse GenerateDataKeyPairWithoutPlaintext)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse GenerateDataKeyPairWithoutPlaintext))
-> Logger
-> Service
-> Proxy GenerateDataKeyPairWithoutPlaintext
-> ClientResponse ClientBody
-> m (Either
        Error
        (ClientResponse (AWSResponse GenerateDataKeyPairWithoutPlaintext)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe Text
-> Maybe Base64
-> Maybe DataKeyPairSpec
-> Maybe Base64
-> Int
-> GenerateDataKeyPairWithoutPlaintextResponse
GenerateDataKeyPairWithoutPlaintextResponse'
            (Maybe Text
 -> Maybe Base64
 -> Maybe DataKeyPairSpec
 -> Maybe Base64
 -> Int
 -> GenerateDataKeyPairWithoutPlaintextResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Base64
      -> Maybe DataKeyPairSpec
      -> Maybe Base64
      -> Int
      -> GenerateDataKeyPairWithoutPlaintextResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"KeyId")
              Either
  String
  (Maybe Base64
   -> Maybe DataKeyPairSpec
   -> Maybe Base64
   -> Int
   -> GenerateDataKeyPairWithoutPlaintextResponse)
-> Either String (Maybe Base64)
-> Either
     String
     (Maybe DataKeyPairSpec
      -> Maybe Base64
      -> Int
      -> GenerateDataKeyPairWithoutPlaintextResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Base64)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"PublicKey")
              Either
  String
  (Maybe DataKeyPairSpec
   -> Maybe Base64
   -> Int
   -> GenerateDataKeyPairWithoutPlaintextResponse)
-> Either String (Maybe DataKeyPairSpec)
-> Either
     String
     (Maybe Base64
      -> Int -> GenerateDataKeyPairWithoutPlaintextResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe DataKeyPairSpec)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"KeyPairSpec")
              Either
  String
  (Maybe Base64
   -> Int -> GenerateDataKeyPairWithoutPlaintextResponse)
-> Either String (Maybe Base64)
-> Either
     String (Int -> GenerateDataKeyPairWithoutPlaintextResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Base64)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"PrivateKeyCiphertextBlob")
              Either String (Int -> GenerateDataKeyPairWithoutPlaintextResponse)
-> Either String Int
-> Either String GenerateDataKeyPairWithoutPlaintextResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance
  Prelude.Hashable
    GenerateDataKeyPairWithoutPlaintext

instance
  Prelude.NFData
    GenerateDataKeyPairWithoutPlaintext

instance
  Core.ToHeaders
    GenerateDataKeyPairWithoutPlaintext
  where
  toHeaders :: GenerateDataKeyPairWithoutPlaintext -> ResponseHeaders
toHeaders =
    ResponseHeaders
-> GenerateDataKeyPairWithoutPlaintext -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"TrentService.GenerateDataKeyPairWithoutPlaintext" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance
  Core.ToJSON
    GenerateDataKeyPairWithoutPlaintext
  where
  toJSON :: GenerateDataKeyPairWithoutPlaintext -> Value
toJSON GenerateDataKeyPairWithoutPlaintext' {Maybe [Text]
Maybe (HashMap Text Text)
Text
DataKeyPairSpec
keyPairSpec :: DataKeyPairSpec
keyId :: Text
grantTokens :: Maybe [Text]
encryptionContext :: Maybe (HashMap Text Text)
$sel:keyPairSpec:GenerateDataKeyPairWithoutPlaintext' :: GenerateDataKeyPairWithoutPlaintext -> DataKeyPairSpec
$sel:keyId:GenerateDataKeyPairWithoutPlaintext' :: GenerateDataKeyPairWithoutPlaintext -> Text
$sel:grantTokens:GenerateDataKeyPairWithoutPlaintext' :: GenerateDataKeyPairWithoutPlaintext -> Maybe [Text]
$sel:encryptionContext:GenerateDataKeyPairWithoutPlaintext' :: GenerateDataKeyPairWithoutPlaintext -> Maybe (HashMap Text Text)
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"EncryptionContext" Text -> HashMap Text Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (HashMap Text Text -> Pair)
-> Maybe (HashMap Text Text) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (HashMap Text Text)
encryptionContext,
            (Text
"GrantTokens" Text -> [Text] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) ([Text] -> Pair) -> Maybe [Text] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
grantTokens,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"KeyId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
keyId),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"KeyPairSpec" Text -> DataKeyPairSpec -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= DataKeyPairSpec
keyPairSpec)
          ]
      )

instance
  Core.ToPath
    GenerateDataKeyPairWithoutPlaintext
  where
  toPath :: GenerateDataKeyPairWithoutPlaintext -> ByteString
toPath = ByteString -> GenerateDataKeyPairWithoutPlaintext -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance
  Core.ToQuery
    GenerateDataKeyPairWithoutPlaintext
  where
  toQuery :: GenerateDataKeyPairWithoutPlaintext -> QueryString
toQuery = QueryString -> GenerateDataKeyPairWithoutPlaintext -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newGenerateDataKeyPairWithoutPlaintextResponse' smart constructor.
data GenerateDataKeyPairWithoutPlaintextResponse = GenerateDataKeyPairWithoutPlaintextResponse'
  { -- | The Amazon Resource Name
    -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
    -- of the KMS key that encrypted the private key.
    GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Text
keyId :: Prelude.Maybe Prelude.Text,
    -- | The public key (in plaintext).
    GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Base64
publicKey :: Prelude.Maybe Core.Base64,
    -- | The type of data key pair that was generated.
    GenerateDataKeyPairWithoutPlaintextResponse
-> Maybe DataKeyPairSpec
keyPairSpec :: Prelude.Maybe DataKeyPairSpec,
    -- | The encrypted copy of the private key. When you use the HTTP API or the
    -- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
    -- not Base64-encoded.
    GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Base64
privateKeyCiphertextBlob :: Prelude.Maybe Core.Base64,
    -- | The response's http status code.
    GenerateDataKeyPairWithoutPlaintextResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (GenerateDataKeyPairWithoutPlaintextResponse
-> GenerateDataKeyPairWithoutPlaintextResponse -> Bool
(GenerateDataKeyPairWithoutPlaintextResponse
 -> GenerateDataKeyPairWithoutPlaintextResponse -> Bool)
-> (GenerateDataKeyPairWithoutPlaintextResponse
    -> GenerateDataKeyPairWithoutPlaintextResponse -> Bool)
-> Eq GenerateDataKeyPairWithoutPlaintextResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GenerateDataKeyPairWithoutPlaintextResponse
-> GenerateDataKeyPairWithoutPlaintextResponse -> Bool
$c/= :: GenerateDataKeyPairWithoutPlaintextResponse
-> GenerateDataKeyPairWithoutPlaintextResponse -> Bool
== :: GenerateDataKeyPairWithoutPlaintextResponse
-> GenerateDataKeyPairWithoutPlaintextResponse -> Bool
$c== :: GenerateDataKeyPairWithoutPlaintextResponse
-> GenerateDataKeyPairWithoutPlaintextResponse -> Bool
Prelude.Eq, ReadPrec [GenerateDataKeyPairWithoutPlaintextResponse]
ReadPrec GenerateDataKeyPairWithoutPlaintextResponse
Int -> ReadS GenerateDataKeyPairWithoutPlaintextResponse
ReadS [GenerateDataKeyPairWithoutPlaintextResponse]
(Int -> ReadS GenerateDataKeyPairWithoutPlaintextResponse)
-> ReadS [GenerateDataKeyPairWithoutPlaintextResponse]
-> ReadPrec GenerateDataKeyPairWithoutPlaintextResponse
-> ReadPrec [GenerateDataKeyPairWithoutPlaintextResponse]
-> Read GenerateDataKeyPairWithoutPlaintextResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GenerateDataKeyPairWithoutPlaintextResponse]
$creadListPrec :: ReadPrec [GenerateDataKeyPairWithoutPlaintextResponse]
readPrec :: ReadPrec GenerateDataKeyPairWithoutPlaintextResponse
$creadPrec :: ReadPrec GenerateDataKeyPairWithoutPlaintextResponse
readList :: ReadS [GenerateDataKeyPairWithoutPlaintextResponse]
$creadList :: ReadS [GenerateDataKeyPairWithoutPlaintextResponse]
readsPrec :: Int -> ReadS GenerateDataKeyPairWithoutPlaintextResponse
$creadsPrec :: Int -> ReadS GenerateDataKeyPairWithoutPlaintextResponse
Prelude.Read, Int -> GenerateDataKeyPairWithoutPlaintextResponse -> ShowS
[GenerateDataKeyPairWithoutPlaintextResponse] -> ShowS
GenerateDataKeyPairWithoutPlaintextResponse -> String
(Int -> GenerateDataKeyPairWithoutPlaintextResponse -> ShowS)
-> (GenerateDataKeyPairWithoutPlaintextResponse -> String)
-> ([GenerateDataKeyPairWithoutPlaintextResponse] -> ShowS)
-> Show GenerateDataKeyPairWithoutPlaintextResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GenerateDataKeyPairWithoutPlaintextResponse] -> ShowS
$cshowList :: [GenerateDataKeyPairWithoutPlaintextResponse] -> ShowS
show :: GenerateDataKeyPairWithoutPlaintextResponse -> String
$cshow :: GenerateDataKeyPairWithoutPlaintextResponse -> String
showsPrec :: Int -> GenerateDataKeyPairWithoutPlaintextResponse -> ShowS
$cshowsPrec :: Int -> GenerateDataKeyPairWithoutPlaintextResponse -> ShowS
Prelude.Show, (forall x.
 GenerateDataKeyPairWithoutPlaintextResponse
 -> Rep GenerateDataKeyPairWithoutPlaintextResponse x)
-> (forall x.
    Rep GenerateDataKeyPairWithoutPlaintextResponse x
    -> GenerateDataKeyPairWithoutPlaintextResponse)
-> Generic GenerateDataKeyPairWithoutPlaintextResponse
forall x.
Rep GenerateDataKeyPairWithoutPlaintextResponse x
-> GenerateDataKeyPairWithoutPlaintextResponse
forall x.
GenerateDataKeyPairWithoutPlaintextResponse
-> Rep GenerateDataKeyPairWithoutPlaintextResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep GenerateDataKeyPairWithoutPlaintextResponse x
-> GenerateDataKeyPairWithoutPlaintextResponse
$cfrom :: forall x.
GenerateDataKeyPairWithoutPlaintextResponse
-> Rep GenerateDataKeyPairWithoutPlaintextResponse x
Prelude.Generic)

-- |
-- Create a value of 'GenerateDataKeyPairWithoutPlaintextResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keyId', 'generateDataKeyPairWithoutPlaintextResponse_keyId' - The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the KMS key that encrypted the private key.
--
-- 'publicKey', 'generateDataKeyPairWithoutPlaintextResponse_publicKey' - The public key (in plaintext).--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
--
-- 'keyPairSpec', 'generateDataKeyPairWithoutPlaintextResponse_keyPairSpec' - The type of data key pair that was generated.
--
-- 'privateKeyCiphertextBlob', 'generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob' - The encrypted copy of the private key. When you use the HTTP API or the
-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
-- not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
--
-- 'httpStatus', 'generateDataKeyPairWithoutPlaintextResponse_httpStatus' - The response's http status code.
newGenerateDataKeyPairWithoutPlaintextResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  GenerateDataKeyPairWithoutPlaintextResponse
newGenerateDataKeyPairWithoutPlaintextResponse :: Int -> GenerateDataKeyPairWithoutPlaintextResponse
newGenerateDataKeyPairWithoutPlaintextResponse
  Int
pHttpStatus_ =
    GenerateDataKeyPairWithoutPlaintextResponse' :: Maybe Text
-> Maybe Base64
-> Maybe DataKeyPairSpec
-> Maybe Base64
-> Int
-> GenerateDataKeyPairWithoutPlaintextResponse
GenerateDataKeyPairWithoutPlaintextResponse'
      { $sel:keyId:GenerateDataKeyPairWithoutPlaintextResponse' :: Maybe Text
keyId =
          Maybe Text
forall a. Maybe a
Prelude.Nothing,
        $sel:publicKey:GenerateDataKeyPairWithoutPlaintextResponse' :: Maybe Base64
publicKey = Maybe Base64
forall a. Maybe a
Prelude.Nothing,
        $sel:keyPairSpec:GenerateDataKeyPairWithoutPlaintextResponse' :: Maybe DataKeyPairSpec
keyPairSpec = Maybe DataKeyPairSpec
forall a. Maybe a
Prelude.Nothing,
        $sel:privateKeyCiphertextBlob:GenerateDataKeyPairWithoutPlaintextResponse' :: Maybe Base64
privateKeyCiphertextBlob =
          Maybe Base64
forall a. Maybe a
Prelude.Nothing,
        $sel:httpStatus:GenerateDataKeyPairWithoutPlaintextResponse' :: Int
httpStatus = Int
pHttpStatus_
      }

-- | The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the KMS key that encrypted the private key.
generateDataKeyPairWithoutPlaintextResponse_keyId :: Lens.Lens' GenerateDataKeyPairWithoutPlaintextResponse (Prelude.Maybe Prelude.Text)
generateDataKeyPairWithoutPlaintextResponse_keyId :: (Maybe Text -> f (Maybe Text))
-> GenerateDataKeyPairWithoutPlaintextResponse
-> f GenerateDataKeyPairWithoutPlaintextResponse
generateDataKeyPairWithoutPlaintextResponse_keyId = (GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Text)
-> (GenerateDataKeyPairWithoutPlaintextResponse
    -> Maybe Text -> GenerateDataKeyPairWithoutPlaintextResponse)
-> Lens
     GenerateDataKeyPairWithoutPlaintextResponse
     GenerateDataKeyPairWithoutPlaintextResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairWithoutPlaintextResponse' {Maybe Text
keyId :: Maybe Text
$sel:keyId:GenerateDataKeyPairWithoutPlaintextResponse' :: GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Text
keyId} -> Maybe Text
keyId) (\s :: GenerateDataKeyPairWithoutPlaintextResponse
s@GenerateDataKeyPairWithoutPlaintextResponse' {} Maybe Text
a -> GenerateDataKeyPairWithoutPlaintextResponse
s {$sel:keyId:GenerateDataKeyPairWithoutPlaintextResponse' :: Maybe Text
keyId = Maybe Text
a} :: GenerateDataKeyPairWithoutPlaintextResponse)

-- | The public key (in plaintext).--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
generateDataKeyPairWithoutPlaintextResponse_publicKey :: Lens.Lens' GenerateDataKeyPairWithoutPlaintextResponse (Prelude.Maybe Prelude.ByteString)
generateDataKeyPairWithoutPlaintextResponse_publicKey :: (Maybe ByteString -> f (Maybe ByteString))
-> GenerateDataKeyPairWithoutPlaintextResponse
-> f GenerateDataKeyPairWithoutPlaintextResponse
generateDataKeyPairWithoutPlaintextResponse_publicKey = (GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Base64)
-> (GenerateDataKeyPairWithoutPlaintextResponse
    -> Maybe Base64 -> GenerateDataKeyPairWithoutPlaintextResponse)
-> Lens
     GenerateDataKeyPairWithoutPlaintextResponse
     GenerateDataKeyPairWithoutPlaintextResponse
     (Maybe Base64)
     (Maybe Base64)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairWithoutPlaintextResponse' {Maybe Base64
publicKey :: Maybe Base64
$sel:publicKey:GenerateDataKeyPairWithoutPlaintextResponse' :: GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Base64
publicKey} -> Maybe Base64
publicKey) (\s :: GenerateDataKeyPairWithoutPlaintextResponse
s@GenerateDataKeyPairWithoutPlaintextResponse' {} Maybe Base64
a -> GenerateDataKeyPairWithoutPlaintextResponse
s {$sel:publicKey:GenerateDataKeyPairWithoutPlaintextResponse' :: Maybe Base64
publicKey = Maybe Base64
a} :: GenerateDataKeyPairWithoutPlaintextResponse) ((Maybe Base64 -> f (Maybe Base64))
 -> GenerateDataKeyPairWithoutPlaintextResponse
 -> f GenerateDataKeyPairWithoutPlaintextResponse)
-> ((Maybe ByteString -> f (Maybe ByteString))
    -> Maybe Base64 -> f (Maybe Base64))
-> (Maybe ByteString -> f (Maybe ByteString))
-> GenerateDataKeyPairWithoutPlaintextResponse
-> f GenerateDataKeyPairWithoutPlaintextResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso Base64 Base64 ByteString ByteString
-> Iso
     (Maybe Base64) (Maybe Base64) (Maybe ByteString) (Maybe ByteString)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso Base64 Base64 ByteString ByteString
Iso' Base64 ByteString
Core._Base64

-- | The type of data key pair that was generated.
generateDataKeyPairWithoutPlaintextResponse_keyPairSpec :: Lens.Lens' GenerateDataKeyPairWithoutPlaintextResponse (Prelude.Maybe DataKeyPairSpec)
generateDataKeyPairWithoutPlaintextResponse_keyPairSpec :: (Maybe DataKeyPairSpec -> f (Maybe DataKeyPairSpec))
-> GenerateDataKeyPairWithoutPlaintextResponse
-> f GenerateDataKeyPairWithoutPlaintextResponse
generateDataKeyPairWithoutPlaintextResponse_keyPairSpec = (GenerateDataKeyPairWithoutPlaintextResponse
 -> Maybe DataKeyPairSpec)
-> (GenerateDataKeyPairWithoutPlaintextResponse
    -> Maybe DataKeyPairSpec
    -> GenerateDataKeyPairWithoutPlaintextResponse)
-> Lens
     GenerateDataKeyPairWithoutPlaintextResponse
     GenerateDataKeyPairWithoutPlaintextResponse
     (Maybe DataKeyPairSpec)
     (Maybe DataKeyPairSpec)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairWithoutPlaintextResponse' {Maybe DataKeyPairSpec
keyPairSpec :: Maybe DataKeyPairSpec
$sel:keyPairSpec:GenerateDataKeyPairWithoutPlaintextResponse' :: GenerateDataKeyPairWithoutPlaintextResponse
-> Maybe DataKeyPairSpec
keyPairSpec} -> Maybe DataKeyPairSpec
keyPairSpec) (\s :: GenerateDataKeyPairWithoutPlaintextResponse
s@GenerateDataKeyPairWithoutPlaintextResponse' {} Maybe DataKeyPairSpec
a -> GenerateDataKeyPairWithoutPlaintextResponse
s {$sel:keyPairSpec:GenerateDataKeyPairWithoutPlaintextResponse' :: Maybe DataKeyPairSpec
keyPairSpec = Maybe DataKeyPairSpec
a} :: GenerateDataKeyPairWithoutPlaintextResponse)

-- | The encrypted copy of the private key. When you use the HTTP API or the
-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is
-- not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob :: Lens.Lens' GenerateDataKeyPairWithoutPlaintextResponse (Prelude.Maybe Prelude.ByteString)
generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob :: (Maybe ByteString -> f (Maybe ByteString))
-> GenerateDataKeyPairWithoutPlaintextResponse
-> f GenerateDataKeyPairWithoutPlaintextResponse
generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob = (GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Base64)
-> (GenerateDataKeyPairWithoutPlaintextResponse
    -> Maybe Base64 -> GenerateDataKeyPairWithoutPlaintextResponse)
-> Lens
     GenerateDataKeyPairWithoutPlaintextResponse
     GenerateDataKeyPairWithoutPlaintextResponse
     (Maybe Base64)
     (Maybe Base64)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairWithoutPlaintextResponse' {Maybe Base64
privateKeyCiphertextBlob :: Maybe Base64
$sel:privateKeyCiphertextBlob:GenerateDataKeyPairWithoutPlaintextResponse' :: GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Base64
privateKeyCiphertextBlob} -> Maybe Base64
privateKeyCiphertextBlob) (\s :: GenerateDataKeyPairWithoutPlaintextResponse
s@GenerateDataKeyPairWithoutPlaintextResponse' {} Maybe Base64
a -> GenerateDataKeyPairWithoutPlaintextResponse
s {$sel:privateKeyCiphertextBlob:GenerateDataKeyPairWithoutPlaintextResponse' :: Maybe Base64
privateKeyCiphertextBlob = Maybe Base64
a} :: GenerateDataKeyPairWithoutPlaintextResponse) ((Maybe Base64 -> f (Maybe Base64))
 -> GenerateDataKeyPairWithoutPlaintextResponse
 -> f GenerateDataKeyPairWithoutPlaintextResponse)
-> ((Maybe ByteString -> f (Maybe ByteString))
    -> Maybe Base64 -> f (Maybe Base64))
-> (Maybe ByteString -> f (Maybe ByteString))
-> GenerateDataKeyPairWithoutPlaintextResponse
-> f GenerateDataKeyPairWithoutPlaintextResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso Base64 Base64 ByteString ByteString
-> Iso
     (Maybe Base64) (Maybe Base64) (Maybe ByteString) (Maybe ByteString)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso Base64 Base64 ByteString ByteString
Iso' Base64 ByteString
Core._Base64

-- | The response's http status code.
generateDataKeyPairWithoutPlaintextResponse_httpStatus :: Lens.Lens' GenerateDataKeyPairWithoutPlaintextResponse Prelude.Int
generateDataKeyPairWithoutPlaintextResponse_httpStatus :: (Int -> f Int)
-> GenerateDataKeyPairWithoutPlaintextResponse
-> f GenerateDataKeyPairWithoutPlaintextResponse
generateDataKeyPairWithoutPlaintextResponse_httpStatus = (GenerateDataKeyPairWithoutPlaintextResponse -> Int)
-> (GenerateDataKeyPairWithoutPlaintextResponse
    -> Int -> GenerateDataKeyPairWithoutPlaintextResponse)
-> Lens
     GenerateDataKeyPairWithoutPlaintextResponse
     GenerateDataKeyPairWithoutPlaintextResponse
     Int
     Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GenerateDataKeyPairWithoutPlaintextResponse' {Int
httpStatus :: Int
$sel:httpStatus:GenerateDataKeyPairWithoutPlaintextResponse' :: GenerateDataKeyPairWithoutPlaintextResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: GenerateDataKeyPairWithoutPlaintextResponse
s@GenerateDataKeyPairWithoutPlaintextResponse' {} Int
a -> GenerateDataKeyPairWithoutPlaintextResponse
s {$sel:httpStatus:GenerateDataKeyPairWithoutPlaintextResponse' :: Int
httpStatus = Int
a} :: GenerateDataKeyPairWithoutPlaintextResponse)

instance
  Prelude.NFData
    GenerateDataKeyPairWithoutPlaintextResponse