{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.GetPublicKey
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Returns the public key of an asymmetric KMS key. Unlike the private key
-- of a asymmetric KMS key, which never leaves KMS unencrypted, callers
-- with @kms:GetPublicKey@ permission can download the public key of an
-- asymmetric KMS key. You can share the public key to allow others to
-- encrypt messages and verify signatures outside of KMS. For information
-- about symmetric and asymmetric KMS keys, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using Symmetric and Asymmetric KMS keys>
-- in the /Key Management Service Developer Guide/.
--
-- You do not need to download the public key. Instead, you can use the
-- public key within KMS by calling the Encrypt, ReEncrypt, or Verify
-- operations with the identifier of an asymmetric KMS key. When you use
-- the public key within KMS, you benefit from the authentication,
-- authorization, and logging that are part of every KMS operation. You
-- also reduce of risk of encrypting data that cannot be decrypted. These
-- features are not effective outside of KMS. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/download-public-key.html#download-public-key-considerations Special Considerations for Downloading Public Keys>.
--
-- To help you use the public key safely outside of KMS, @GetPublicKey@
-- returns important information about the public key in the response,
-- including:
--
-- -   <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeySpec KeySpec>:
--     The type of key material in the public key, such as @RSA_4096@ or
--     @ECC_NIST_P521@.
--
-- -   <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeyUsage KeyUsage>:
--     Whether the key is used for encryption or signing.
--
-- -   <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-EncryptionAlgorithms EncryptionAlgorithms>
--     or
--     <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-SigningAlgorithms SigningAlgorithms>:
--     A list of the encryption algorithms or the signing algorithms for
--     the key.
--
-- Although KMS cannot enforce these restrictions on external operations,
-- it is crucial that you use this information to prevent the public key
-- from being used improperly. For example, you can prevent a public
-- signing key from being used encrypt data, or prevent a public key from
-- being used with an encryption algorithm that is not supported by KMS.
-- You can also avoid errors, such as using the wrong signing algorithm in
-- a verification operation.
--
-- The KMS key that you use for this operation must be in a compatible key
-- state. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key state: Effect on your KMS key>
-- in the /Key Management Service Developer Guide/.
--
-- __Cross-account use__: Yes. To perform this operation with a KMS key in
-- a different Amazon Web Services account, specify the key ARN or alias
-- ARN in the value of the @KeyId@ parameter.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GetPublicKey>
-- (key policy)
--
-- __Related operations__: CreateKey
module Amazonka.KMS.GetPublicKey
  ( -- * Creating a Request
    GetPublicKey (..),
    newGetPublicKey,

    -- * Request Lenses
    getPublicKey_grantTokens,
    getPublicKey_keyId,

    -- * Destructuring the Response
    GetPublicKeyResponse (..),
    newGetPublicKeyResponse,

    -- * Response Lenses
    getPublicKeyResponse_keySpec,
    getPublicKeyResponse_keyId,
    getPublicKeyResponse_customerMasterKeySpec,
    getPublicKeyResponse_encryptionAlgorithms,
    getPublicKeyResponse_publicKey,
    getPublicKeyResponse_signingAlgorithms,
    getPublicKeyResponse_keyUsage,
    getPublicKeyResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.KMS.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newGetPublicKey' smart constructor.
data GetPublicKey = GetPublicKey'
  { -- | A list of grant tokens.
    --
    -- Use a grant token when your permission to call this operation comes from
    -- a new grant that has not yet achieved /eventual consistency/. For more
    -- information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
    -- and
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
    -- in the /Key Management Service Developer Guide/.
    GetPublicKey -> Maybe [Text]
grantTokens :: Prelude.Maybe [Prelude.Text],
    -- | Identifies the asymmetric KMS key that includes the public key.
    --
    -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
    -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
    -- key in a different Amazon Web Services account, you must use the key ARN
    -- or alias ARN.
    --
    -- For example:
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Alias name: @alias\/ExampleAlias@
    --
    -- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
    --
    -- To get the key ID and key ARN for a KMS key, use ListKeys or
    -- DescribeKey. To get the alias name and alias ARN, use ListAliases.
    GetPublicKey -> Text
keyId :: Prelude.Text
  }
  deriving (GetPublicKey -> GetPublicKey -> Bool
(GetPublicKey -> GetPublicKey -> Bool)
-> (GetPublicKey -> GetPublicKey -> Bool) -> Eq GetPublicKey
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetPublicKey -> GetPublicKey -> Bool
$c/= :: GetPublicKey -> GetPublicKey -> Bool
== :: GetPublicKey -> GetPublicKey -> Bool
$c== :: GetPublicKey -> GetPublicKey -> Bool
Prelude.Eq, ReadPrec [GetPublicKey]
ReadPrec GetPublicKey
Int -> ReadS GetPublicKey
ReadS [GetPublicKey]
(Int -> ReadS GetPublicKey)
-> ReadS [GetPublicKey]
-> ReadPrec GetPublicKey
-> ReadPrec [GetPublicKey]
-> Read GetPublicKey
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GetPublicKey]
$creadListPrec :: ReadPrec [GetPublicKey]
readPrec :: ReadPrec GetPublicKey
$creadPrec :: ReadPrec GetPublicKey
readList :: ReadS [GetPublicKey]
$creadList :: ReadS [GetPublicKey]
readsPrec :: Int -> ReadS GetPublicKey
$creadsPrec :: Int -> ReadS GetPublicKey
Prelude.Read, Int -> GetPublicKey -> ShowS
[GetPublicKey] -> ShowS
GetPublicKey -> String
(Int -> GetPublicKey -> ShowS)
-> (GetPublicKey -> String)
-> ([GetPublicKey] -> ShowS)
-> Show GetPublicKey
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetPublicKey] -> ShowS
$cshowList :: [GetPublicKey] -> ShowS
show :: GetPublicKey -> String
$cshow :: GetPublicKey -> String
showsPrec :: Int -> GetPublicKey -> ShowS
$cshowsPrec :: Int -> GetPublicKey -> ShowS
Prelude.Show, (forall x. GetPublicKey -> Rep GetPublicKey x)
-> (forall x. Rep GetPublicKey x -> GetPublicKey)
-> Generic GetPublicKey
forall x. Rep GetPublicKey x -> GetPublicKey
forall x. GetPublicKey -> Rep GetPublicKey x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetPublicKey x -> GetPublicKey
$cfrom :: forall x. GetPublicKey -> Rep GetPublicKey x
Prelude.Generic)

-- |
-- Create a value of 'GetPublicKey' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'grantTokens', 'getPublicKey_grantTokens' - A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
--
-- 'keyId', 'getPublicKey_keyId' - Identifies the asymmetric KMS key that includes the public key.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
newGetPublicKey ::
  -- | 'keyId'
  Prelude.Text ->
  GetPublicKey
newGetPublicKey :: Text -> GetPublicKey
newGetPublicKey Text
pKeyId_ =
  GetPublicKey' :: Maybe [Text] -> Text -> GetPublicKey
GetPublicKey'
    { $sel:grantTokens:GetPublicKey' :: Maybe [Text]
grantTokens = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:keyId:GetPublicKey' :: Text
keyId = Text
pKeyId_
    }

-- | A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
getPublicKey_grantTokens :: Lens.Lens' GetPublicKey (Prelude.Maybe [Prelude.Text])
getPublicKey_grantTokens :: (Maybe [Text] -> f (Maybe [Text]))
-> GetPublicKey -> f GetPublicKey
getPublicKey_grantTokens = (GetPublicKey -> Maybe [Text])
-> (GetPublicKey -> Maybe [Text] -> GetPublicKey)
-> Lens GetPublicKey GetPublicKey (Maybe [Text]) (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKey' {Maybe [Text]
grantTokens :: Maybe [Text]
$sel:grantTokens:GetPublicKey' :: GetPublicKey -> Maybe [Text]
grantTokens} -> Maybe [Text]
grantTokens) (\s :: GetPublicKey
s@GetPublicKey' {} Maybe [Text]
a -> GetPublicKey
s {$sel:grantTokens:GetPublicKey' :: Maybe [Text]
grantTokens = Maybe [Text]
a} :: GetPublicKey) ((Maybe [Text] -> f (Maybe [Text]))
 -> GetPublicKey -> f GetPublicKey)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> GetPublicKey
-> f GetPublicKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Identifies the asymmetric KMS key that includes the public key.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
getPublicKey_keyId :: Lens.Lens' GetPublicKey Prelude.Text
getPublicKey_keyId :: (Text -> f Text) -> GetPublicKey -> f GetPublicKey
getPublicKey_keyId = (GetPublicKey -> Text)
-> (GetPublicKey -> Text -> GetPublicKey)
-> Lens GetPublicKey GetPublicKey Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKey' {Text
keyId :: Text
$sel:keyId:GetPublicKey' :: GetPublicKey -> Text
keyId} -> Text
keyId) (\s :: GetPublicKey
s@GetPublicKey' {} Text
a -> GetPublicKey
s {$sel:keyId:GetPublicKey' :: Text
keyId = Text
a} :: GetPublicKey)

instance Core.AWSRequest GetPublicKey where
  type AWSResponse GetPublicKey = GetPublicKeyResponse
  request :: GetPublicKey -> Request GetPublicKey
request = Service -> GetPublicKey -> Request GetPublicKey
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy GetPublicKey
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse GetPublicKey)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse GetPublicKey))
-> Logger
-> Service
-> Proxy GetPublicKey
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse GetPublicKey)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe KeySpec
-> Maybe Text
-> Maybe CustomerMasterKeySpec
-> Maybe [EncryptionAlgorithmSpec]
-> Maybe Base64
-> Maybe [SigningAlgorithmSpec]
-> Maybe KeyUsageType
-> Int
-> GetPublicKeyResponse
GetPublicKeyResponse'
            (Maybe KeySpec
 -> Maybe Text
 -> Maybe CustomerMasterKeySpec
 -> Maybe [EncryptionAlgorithmSpec]
 -> Maybe Base64
 -> Maybe [SigningAlgorithmSpec]
 -> Maybe KeyUsageType
 -> Int
 -> GetPublicKeyResponse)
-> Either String (Maybe KeySpec)
-> Either
     String
     (Maybe Text
      -> Maybe CustomerMasterKeySpec
      -> Maybe [EncryptionAlgorithmSpec]
      -> Maybe Base64
      -> Maybe [SigningAlgorithmSpec]
      -> Maybe KeyUsageType
      -> Int
      -> GetPublicKeyResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe KeySpec)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"KeySpec")
            Either
  String
  (Maybe Text
   -> Maybe CustomerMasterKeySpec
   -> Maybe [EncryptionAlgorithmSpec]
   -> Maybe Base64
   -> Maybe [SigningAlgorithmSpec]
   -> Maybe KeyUsageType
   -> Int
   -> GetPublicKeyResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe CustomerMasterKeySpec
      -> Maybe [EncryptionAlgorithmSpec]
      -> Maybe Base64
      -> Maybe [SigningAlgorithmSpec]
      -> Maybe KeyUsageType
      -> Int
      -> GetPublicKeyResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"KeyId")
            Either
  String
  (Maybe CustomerMasterKeySpec
   -> Maybe [EncryptionAlgorithmSpec]
   -> Maybe Base64
   -> Maybe [SigningAlgorithmSpec]
   -> Maybe KeyUsageType
   -> Int
   -> GetPublicKeyResponse)
-> Either String (Maybe CustomerMasterKeySpec)
-> Either
     String
     (Maybe [EncryptionAlgorithmSpec]
      -> Maybe Base64
      -> Maybe [SigningAlgorithmSpec]
      -> Maybe KeyUsageType
      -> Int
      -> GetPublicKeyResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe CustomerMasterKeySpec)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"CustomerMasterKeySpec")
            Either
  String
  (Maybe [EncryptionAlgorithmSpec]
   -> Maybe Base64
   -> Maybe [SigningAlgorithmSpec]
   -> Maybe KeyUsageType
   -> Int
   -> GetPublicKeyResponse)
-> Either String (Maybe [EncryptionAlgorithmSpec])
-> Either
     String
     (Maybe Base64
      -> Maybe [SigningAlgorithmSpec]
      -> Maybe KeyUsageType
      -> Int
      -> GetPublicKeyResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x Object
-> Text -> Either String (Maybe (Maybe [EncryptionAlgorithmSpec]))
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"EncryptionAlgorithms"
                            Either String (Maybe (Maybe [EncryptionAlgorithmSpec]))
-> Maybe [EncryptionAlgorithmSpec]
-> Either String (Maybe [EncryptionAlgorithmSpec])
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ Maybe [EncryptionAlgorithmSpec]
forall a. Monoid a => a
Prelude.mempty
                        )
            Either
  String
  (Maybe Base64
   -> Maybe [SigningAlgorithmSpec]
   -> Maybe KeyUsageType
   -> Int
   -> GetPublicKeyResponse)
-> Either String (Maybe Base64)
-> Either
     String
     (Maybe [SigningAlgorithmSpec]
      -> Maybe KeyUsageType -> Int -> GetPublicKeyResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Base64)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"PublicKey")
            Either
  String
  (Maybe [SigningAlgorithmSpec]
   -> Maybe KeyUsageType -> Int -> GetPublicKeyResponse)
-> Either String (Maybe [SigningAlgorithmSpec])
-> Either
     String (Maybe KeyUsageType -> Int -> GetPublicKeyResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x Object
-> Text -> Either String (Maybe (Maybe [SigningAlgorithmSpec]))
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"SigningAlgorithms"
                            Either String (Maybe (Maybe [SigningAlgorithmSpec]))
-> Maybe [SigningAlgorithmSpec]
-> Either String (Maybe [SigningAlgorithmSpec])
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ Maybe [SigningAlgorithmSpec]
forall a. Monoid a => a
Prelude.mempty
                        )
            Either String (Maybe KeyUsageType -> Int -> GetPublicKeyResponse)
-> Either String (Maybe KeyUsageType)
-> Either String (Int -> GetPublicKeyResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe KeyUsageType)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"KeyUsage")
            Either String (Int -> GetPublicKeyResponse)
-> Either String Int -> Either String GetPublicKeyResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable GetPublicKey

instance Prelude.NFData GetPublicKey

instance Core.ToHeaders GetPublicKey where
  toHeaders :: GetPublicKey -> ResponseHeaders
toHeaders =
    ResponseHeaders -> GetPublicKey -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# (ByteString
"TrentService.GetPublicKey" :: Prelude.ByteString),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON GetPublicKey where
  toJSON :: GetPublicKey -> Value
toJSON GetPublicKey' {Maybe [Text]
Text
keyId :: Text
grantTokens :: Maybe [Text]
$sel:keyId:GetPublicKey' :: GetPublicKey -> Text
$sel:grantTokens:GetPublicKey' :: GetPublicKey -> Maybe [Text]
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"GrantTokens" Text -> [Text] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) ([Text] -> Pair) -> Maybe [Text] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
grantTokens,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"KeyId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
keyId)
          ]
      )

instance Core.ToPath GetPublicKey where
  toPath :: GetPublicKey -> ByteString
toPath = ByteString -> GetPublicKey -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery GetPublicKey where
  toQuery :: GetPublicKey -> QueryString
toQuery = QueryString -> GetPublicKey -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newGetPublicKeyResponse' smart constructor.
data GetPublicKeyResponse = GetPublicKeyResponse'
  { -- | The type of the of the public key that was downloaded.
    GetPublicKeyResponse -> Maybe KeySpec
keySpec :: Prelude.Maybe KeySpec,
    -- | The Amazon Resource Name
    -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
    -- of the asymmetric KMS key from which the public key was downloaded.
    GetPublicKeyResponse -> Maybe Text
keyId :: Prelude.Maybe Prelude.Text,
    -- | Instead, use the @KeySpec@ field in the @GetPublicKey@ response.
    --
    -- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We
    -- recommend that you use the @KeySpec@ field in your code. However, to
    -- avoid breaking changes, KMS will support both fields.
    GetPublicKeyResponse -> Maybe CustomerMasterKeySpec
customerMasterKeySpec :: Prelude.Maybe CustomerMasterKeySpec,
    -- | The encryption algorithms that KMS supports for this key.
    --
    -- This information is critical. If a public key encrypts data outside of
    -- KMS by using an unsupported encryption algorithm, the ciphertext cannot
    -- be decrypted.
    --
    -- This field appears in the response only when the @KeyUsage@ of the
    -- public key is @ENCRYPT_DECRYPT@.
    GetPublicKeyResponse -> Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms :: Prelude.Maybe [EncryptionAlgorithmSpec],
    -- | The exported public key.
    --
    -- The value is a DER-encoded X.509 public key, also known as
    -- @SubjectPublicKeyInfo@ (SPKI), as defined in
    -- <https://tools.ietf.org/html/rfc5280 RFC 5280>. When you use the HTTP
    -- API or the Amazon Web Services CLI, the value is Base64-encoded.
    -- Otherwise, it is not Base64-encoded.
    GetPublicKeyResponse -> Maybe Base64
publicKey :: Prelude.Maybe Core.Base64,
    -- | The signing algorithms that KMS supports for this key.
    --
    -- This field appears in the response only when the @KeyUsage@ of the
    -- public key is @SIGN_VERIFY@.
    GetPublicKeyResponse -> Maybe [SigningAlgorithmSpec]
signingAlgorithms :: Prelude.Maybe [SigningAlgorithmSpec],
    -- | The permitted use of the public key. Valid values are @ENCRYPT_DECRYPT@
    -- or @SIGN_VERIFY@.
    --
    -- This information is critical. If a public key with @SIGN_VERIFY@ key
    -- usage encrypts data outside of KMS, the ciphertext cannot be decrypted.
    GetPublicKeyResponse -> Maybe KeyUsageType
keyUsage :: Prelude.Maybe KeyUsageType,
    -- | The response's http status code.
    GetPublicKeyResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (GetPublicKeyResponse -> GetPublicKeyResponse -> Bool
(GetPublicKeyResponse -> GetPublicKeyResponse -> Bool)
-> (GetPublicKeyResponse -> GetPublicKeyResponse -> Bool)
-> Eq GetPublicKeyResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetPublicKeyResponse -> GetPublicKeyResponse -> Bool
$c/= :: GetPublicKeyResponse -> GetPublicKeyResponse -> Bool
== :: GetPublicKeyResponse -> GetPublicKeyResponse -> Bool
$c== :: GetPublicKeyResponse -> GetPublicKeyResponse -> Bool
Prelude.Eq, ReadPrec [GetPublicKeyResponse]
ReadPrec GetPublicKeyResponse
Int -> ReadS GetPublicKeyResponse
ReadS [GetPublicKeyResponse]
(Int -> ReadS GetPublicKeyResponse)
-> ReadS [GetPublicKeyResponse]
-> ReadPrec GetPublicKeyResponse
-> ReadPrec [GetPublicKeyResponse]
-> Read GetPublicKeyResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GetPublicKeyResponse]
$creadListPrec :: ReadPrec [GetPublicKeyResponse]
readPrec :: ReadPrec GetPublicKeyResponse
$creadPrec :: ReadPrec GetPublicKeyResponse
readList :: ReadS [GetPublicKeyResponse]
$creadList :: ReadS [GetPublicKeyResponse]
readsPrec :: Int -> ReadS GetPublicKeyResponse
$creadsPrec :: Int -> ReadS GetPublicKeyResponse
Prelude.Read, Int -> GetPublicKeyResponse -> ShowS
[GetPublicKeyResponse] -> ShowS
GetPublicKeyResponse -> String
(Int -> GetPublicKeyResponse -> ShowS)
-> (GetPublicKeyResponse -> String)
-> ([GetPublicKeyResponse] -> ShowS)
-> Show GetPublicKeyResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetPublicKeyResponse] -> ShowS
$cshowList :: [GetPublicKeyResponse] -> ShowS
show :: GetPublicKeyResponse -> String
$cshow :: GetPublicKeyResponse -> String
showsPrec :: Int -> GetPublicKeyResponse -> ShowS
$cshowsPrec :: Int -> GetPublicKeyResponse -> ShowS
Prelude.Show, (forall x. GetPublicKeyResponse -> Rep GetPublicKeyResponse x)
-> (forall x. Rep GetPublicKeyResponse x -> GetPublicKeyResponse)
-> Generic GetPublicKeyResponse
forall x. Rep GetPublicKeyResponse x -> GetPublicKeyResponse
forall x. GetPublicKeyResponse -> Rep GetPublicKeyResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetPublicKeyResponse x -> GetPublicKeyResponse
$cfrom :: forall x. GetPublicKeyResponse -> Rep GetPublicKeyResponse x
Prelude.Generic)

-- |
-- Create a value of 'GetPublicKeyResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keySpec', 'getPublicKeyResponse_keySpec' - The type of the of the public key that was downloaded.
--
-- 'keyId', 'getPublicKeyResponse_keyId' - The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the asymmetric KMS key from which the public key was downloaded.
--
-- 'customerMasterKeySpec', 'getPublicKeyResponse_customerMasterKeySpec' - Instead, use the @KeySpec@ field in the @GetPublicKey@ response.
--
-- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We
-- recommend that you use the @KeySpec@ field in your code. However, to
-- avoid breaking changes, KMS will support both fields.
--
-- 'encryptionAlgorithms', 'getPublicKeyResponse_encryptionAlgorithms' - The encryption algorithms that KMS supports for this key.
--
-- This information is critical. If a public key encrypts data outside of
-- KMS by using an unsupported encryption algorithm, the ciphertext cannot
-- be decrypted.
--
-- This field appears in the response only when the @KeyUsage@ of the
-- public key is @ENCRYPT_DECRYPT@.
--
-- 'publicKey', 'getPublicKeyResponse_publicKey' - The exported public key.
--
-- The value is a DER-encoded X.509 public key, also known as
-- @SubjectPublicKeyInfo@ (SPKI), as defined in
-- <https://tools.ietf.org/html/rfc5280 RFC 5280>. When you use the HTTP
-- API or the Amazon Web Services CLI, the value is Base64-encoded.
-- Otherwise, it is not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
--
-- 'signingAlgorithms', 'getPublicKeyResponse_signingAlgorithms' - The signing algorithms that KMS supports for this key.
--
-- This field appears in the response only when the @KeyUsage@ of the
-- public key is @SIGN_VERIFY@.
--
-- 'keyUsage', 'getPublicKeyResponse_keyUsage' - The permitted use of the public key. Valid values are @ENCRYPT_DECRYPT@
-- or @SIGN_VERIFY@.
--
-- This information is critical. If a public key with @SIGN_VERIFY@ key
-- usage encrypts data outside of KMS, the ciphertext cannot be decrypted.
--
-- 'httpStatus', 'getPublicKeyResponse_httpStatus' - The response's http status code.
newGetPublicKeyResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  GetPublicKeyResponse
newGetPublicKeyResponse :: Int -> GetPublicKeyResponse
newGetPublicKeyResponse Int
pHttpStatus_ =
  GetPublicKeyResponse' :: Maybe KeySpec
-> Maybe Text
-> Maybe CustomerMasterKeySpec
-> Maybe [EncryptionAlgorithmSpec]
-> Maybe Base64
-> Maybe [SigningAlgorithmSpec]
-> Maybe KeyUsageType
-> Int
-> GetPublicKeyResponse
GetPublicKeyResponse'
    { $sel:keySpec:GetPublicKeyResponse' :: Maybe KeySpec
keySpec = Maybe KeySpec
forall a. Maybe a
Prelude.Nothing,
      $sel:keyId:GetPublicKeyResponse' :: Maybe Text
keyId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:customerMasterKeySpec:GetPublicKeyResponse' :: Maybe CustomerMasterKeySpec
customerMasterKeySpec = Maybe CustomerMasterKeySpec
forall a. Maybe a
Prelude.Nothing,
      $sel:encryptionAlgorithms:GetPublicKeyResponse' :: Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms = Maybe [EncryptionAlgorithmSpec]
forall a. Maybe a
Prelude.Nothing,
      $sel:publicKey:GetPublicKeyResponse' :: Maybe Base64
publicKey = Maybe Base64
forall a. Maybe a
Prelude.Nothing,
      $sel:signingAlgorithms:GetPublicKeyResponse' :: Maybe [SigningAlgorithmSpec]
signingAlgorithms = Maybe [SigningAlgorithmSpec]
forall a. Maybe a
Prelude.Nothing,
      $sel:keyUsage:GetPublicKeyResponse' :: Maybe KeyUsageType
keyUsage = Maybe KeyUsageType
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:GetPublicKeyResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The type of the of the public key that was downloaded.
getPublicKeyResponse_keySpec :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe KeySpec)
getPublicKeyResponse_keySpec :: (Maybe KeySpec -> f (Maybe KeySpec))
-> GetPublicKeyResponse -> f GetPublicKeyResponse
getPublicKeyResponse_keySpec = (GetPublicKeyResponse -> Maybe KeySpec)
-> (GetPublicKeyResponse -> Maybe KeySpec -> GetPublicKeyResponse)
-> Lens
     GetPublicKeyResponse
     GetPublicKeyResponse
     (Maybe KeySpec)
     (Maybe KeySpec)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe KeySpec
keySpec :: Maybe KeySpec
$sel:keySpec:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe KeySpec
keySpec} -> Maybe KeySpec
keySpec) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe KeySpec
a -> GetPublicKeyResponse
s {$sel:keySpec:GetPublicKeyResponse' :: Maybe KeySpec
keySpec = Maybe KeySpec
a} :: GetPublicKeyResponse)

-- | The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the asymmetric KMS key from which the public key was downloaded.
getPublicKeyResponse_keyId :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe Prelude.Text)
getPublicKeyResponse_keyId :: (Maybe Text -> f (Maybe Text))
-> GetPublicKeyResponse -> f GetPublicKeyResponse
getPublicKeyResponse_keyId = (GetPublicKeyResponse -> Maybe Text)
-> (GetPublicKeyResponse -> Maybe Text -> GetPublicKeyResponse)
-> Lens
     GetPublicKeyResponse GetPublicKeyResponse (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe Text
keyId :: Maybe Text
$sel:keyId:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe Text
keyId} -> Maybe Text
keyId) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe Text
a -> GetPublicKeyResponse
s {$sel:keyId:GetPublicKeyResponse' :: Maybe Text
keyId = Maybe Text
a} :: GetPublicKeyResponse)

-- | Instead, use the @KeySpec@ field in the @GetPublicKey@ response.
--
-- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We
-- recommend that you use the @KeySpec@ field in your code. However, to
-- avoid breaking changes, KMS will support both fields.
getPublicKeyResponse_customerMasterKeySpec :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe CustomerMasterKeySpec)
getPublicKeyResponse_customerMasterKeySpec :: (Maybe CustomerMasterKeySpec -> f (Maybe CustomerMasterKeySpec))
-> GetPublicKeyResponse -> f GetPublicKeyResponse
getPublicKeyResponse_customerMasterKeySpec = (GetPublicKeyResponse -> Maybe CustomerMasterKeySpec)
-> (GetPublicKeyResponse
    -> Maybe CustomerMasterKeySpec -> GetPublicKeyResponse)
-> Lens
     GetPublicKeyResponse
     GetPublicKeyResponse
     (Maybe CustomerMasterKeySpec)
     (Maybe CustomerMasterKeySpec)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe CustomerMasterKeySpec
customerMasterKeySpec :: Maybe CustomerMasterKeySpec
$sel:customerMasterKeySpec:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe CustomerMasterKeySpec
customerMasterKeySpec} -> Maybe CustomerMasterKeySpec
customerMasterKeySpec) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe CustomerMasterKeySpec
a -> GetPublicKeyResponse
s {$sel:customerMasterKeySpec:GetPublicKeyResponse' :: Maybe CustomerMasterKeySpec
customerMasterKeySpec = Maybe CustomerMasterKeySpec
a} :: GetPublicKeyResponse)

-- | The encryption algorithms that KMS supports for this key.
--
-- This information is critical. If a public key encrypts data outside of
-- KMS by using an unsupported encryption algorithm, the ciphertext cannot
-- be decrypted.
--
-- This field appears in the response only when the @KeyUsage@ of the
-- public key is @ENCRYPT_DECRYPT@.
getPublicKeyResponse_encryptionAlgorithms :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe [EncryptionAlgorithmSpec])
getPublicKeyResponse_encryptionAlgorithms :: (Maybe [EncryptionAlgorithmSpec]
 -> f (Maybe [EncryptionAlgorithmSpec]))
-> GetPublicKeyResponse -> f GetPublicKeyResponse
getPublicKeyResponse_encryptionAlgorithms = (GetPublicKeyResponse -> Maybe [EncryptionAlgorithmSpec])
-> (GetPublicKeyResponse
    -> Maybe [EncryptionAlgorithmSpec] -> GetPublicKeyResponse)
-> Lens
     GetPublicKeyResponse
     GetPublicKeyResponse
     (Maybe [EncryptionAlgorithmSpec])
     (Maybe [EncryptionAlgorithmSpec])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms :: Maybe [EncryptionAlgorithmSpec]
$sel:encryptionAlgorithms:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms} -> Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe [EncryptionAlgorithmSpec]
a -> GetPublicKeyResponse
s {$sel:encryptionAlgorithms:GetPublicKeyResponse' :: Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms = Maybe [EncryptionAlgorithmSpec]
a} :: GetPublicKeyResponse) ((Maybe [EncryptionAlgorithmSpec]
  -> f (Maybe [EncryptionAlgorithmSpec]))
 -> GetPublicKeyResponse -> f GetPublicKeyResponse)
-> ((Maybe [EncryptionAlgorithmSpec]
     -> f (Maybe [EncryptionAlgorithmSpec]))
    -> Maybe [EncryptionAlgorithmSpec]
    -> f (Maybe [EncryptionAlgorithmSpec]))
-> (Maybe [EncryptionAlgorithmSpec]
    -> f (Maybe [EncryptionAlgorithmSpec]))
-> GetPublicKeyResponse
-> f GetPublicKeyResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  [EncryptionAlgorithmSpec]
  [EncryptionAlgorithmSpec]
  [EncryptionAlgorithmSpec]
  [EncryptionAlgorithmSpec]
-> Iso
     (Maybe [EncryptionAlgorithmSpec])
     (Maybe [EncryptionAlgorithmSpec])
     (Maybe [EncryptionAlgorithmSpec])
     (Maybe [EncryptionAlgorithmSpec])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  [EncryptionAlgorithmSpec]
  [EncryptionAlgorithmSpec]
  [EncryptionAlgorithmSpec]
  [EncryptionAlgorithmSpec]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The exported public key.
--
-- The value is a DER-encoded X.509 public key, also known as
-- @SubjectPublicKeyInfo@ (SPKI), as defined in
-- <https://tools.ietf.org/html/rfc5280 RFC 5280>. When you use the HTTP
-- API or the Amazon Web Services CLI, the value is Base64-encoded.
-- Otherwise, it is not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
getPublicKeyResponse_publicKey :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe Prelude.ByteString)
getPublicKeyResponse_publicKey :: (Maybe ByteString -> f (Maybe ByteString))
-> GetPublicKeyResponse -> f GetPublicKeyResponse
getPublicKeyResponse_publicKey = (GetPublicKeyResponse -> Maybe Base64)
-> (GetPublicKeyResponse -> Maybe Base64 -> GetPublicKeyResponse)
-> Lens
     GetPublicKeyResponse
     GetPublicKeyResponse
     (Maybe Base64)
     (Maybe Base64)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe Base64
publicKey :: Maybe Base64
$sel:publicKey:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe Base64
publicKey} -> Maybe Base64
publicKey) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe Base64
a -> GetPublicKeyResponse
s {$sel:publicKey:GetPublicKeyResponse' :: Maybe Base64
publicKey = Maybe Base64
a} :: GetPublicKeyResponse) ((Maybe Base64 -> f (Maybe Base64))
 -> GetPublicKeyResponse -> f GetPublicKeyResponse)
-> ((Maybe ByteString -> f (Maybe ByteString))
    -> Maybe Base64 -> f (Maybe Base64))
-> (Maybe ByteString -> f (Maybe ByteString))
-> GetPublicKeyResponse
-> f GetPublicKeyResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso Base64 Base64 ByteString ByteString
-> Iso
     (Maybe Base64) (Maybe Base64) (Maybe ByteString) (Maybe ByteString)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso Base64 Base64 ByteString ByteString
Iso' Base64 ByteString
Core._Base64

-- | The signing algorithms that KMS supports for this key.
--
-- This field appears in the response only when the @KeyUsage@ of the
-- public key is @SIGN_VERIFY@.
getPublicKeyResponse_signingAlgorithms :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe [SigningAlgorithmSpec])
getPublicKeyResponse_signingAlgorithms :: (Maybe [SigningAlgorithmSpec] -> f (Maybe [SigningAlgorithmSpec]))
-> GetPublicKeyResponse -> f GetPublicKeyResponse
getPublicKeyResponse_signingAlgorithms = (GetPublicKeyResponse -> Maybe [SigningAlgorithmSpec])
-> (GetPublicKeyResponse
    -> Maybe [SigningAlgorithmSpec] -> GetPublicKeyResponse)
-> Lens
     GetPublicKeyResponse
     GetPublicKeyResponse
     (Maybe [SigningAlgorithmSpec])
     (Maybe [SigningAlgorithmSpec])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe [SigningAlgorithmSpec]
signingAlgorithms :: Maybe [SigningAlgorithmSpec]
$sel:signingAlgorithms:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe [SigningAlgorithmSpec]
signingAlgorithms} -> Maybe [SigningAlgorithmSpec]
signingAlgorithms) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe [SigningAlgorithmSpec]
a -> GetPublicKeyResponse
s {$sel:signingAlgorithms:GetPublicKeyResponse' :: Maybe [SigningAlgorithmSpec]
signingAlgorithms = Maybe [SigningAlgorithmSpec]
a} :: GetPublicKeyResponse) ((Maybe [SigningAlgorithmSpec] -> f (Maybe [SigningAlgorithmSpec]))
 -> GetPublicKeyResponse -> f GetPublicKeyResponse)
-> ((Maybe [SigningAlgorithmSpec]
     -> f (Maybe [SigningAlgorithmSpec]))
    -> Maybe [SigningAlgorithmSpec]
    -> f (Maybe [SigningAlgorithmSpec]))
-> (Maybe [SigningAlgorithmSpec]
    -> f (Maybe [SigningAlgorithmSpec]))
-> GetPublicKeyResponse
-> f GetPublicKeyResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  [SigningAlgorithmSpec]
  [SigningAlgorithmSpec]
  [SigningAlgorithmSpec]
  [SigningAlgorithmSpec]
-> Iso
     (Maybe [SigningAlgorithmSpec])
     (Maybe [SigningAlgorithmSpec])
     (Maybe [SigningAlgorithmSpec])
     (Maybe [SigningAlgorithmSpec])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  [SigningAlgorithmSpec]
  [SigningAlgorithmSpec]
  [SigningAlgorithmSpec]
  [SigningAlgorithmSpec]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The permitted use of the public key. Valid values are @ENCRYPT_DECRYPT@
-- or @SIGN_VERIFY@.
--
-- This information is critical. If a public key with @SIGN_VERIFY@ key
-- usage encrypts data outside of KMS, the ciphertext cannot be decrypted.
getPublicKeyResponse_keyUsage :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe KeyUsageType)
getPublicKeyResponse_keyUsage :: (Maybe KeyUsageType -> f (Maybe KeyUsageType))
-> GetPublicKeyResponse -> f GetPublicKeyResponse
getPublicKeyResponse_keyUsage = (GetPublicKeyResponse -> Maybe KeyUsageType)
-> (GetPublicKeyResponse
    -> Maybe KeyUsageType -> GetPublicKeyResponse)
-> Lens
     GetPublicKeyResponse
     GetPublicKeyResponse
     (Maybe KeyUsageType)
     (Maybe KeyUsageType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe KeyUsageType
keyUsage :: Maybe KeyUsageType
$sel:keyUsage:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe KeyUsageType
keyUsage} -> Maybe KeyUsageType
keyUsage) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe KeyUsageType
a -> GetPublicKeyResponse
s {$sel:keyUsage:GetPublicKeyResponse' :: Maybe KeyUsageType
keyUsage = Maybe KeyUsageType
a} :: GetPublicKeyResponse)

-- | The response's http status code.
getPublicKeyResponse_httpStatus :: Lens.Lens' GetPublicKeyResponse Prelude.Int
getPublicKeyResponse_httpStatus :: (Int -> f Int) -> GetPublicKeyResponse -> f GetPublicKeyResponse
getPublicKeyResponse_httpStatus = (GetPublicKeyResponse -> Int)
-> (GetPublicKeyResponse -> Int -> GetPublicKeyResponse)
-> Lens GetPublicKeyResponse GetPublicKeyResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Int
httpStatus :: Int
$sel:httpStatus:GetPublicKeyResponse' :: GetPublicKeyResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Int
a -> GetPublicKeyResponse
s {$sel:httpStatus:GetPublicKeyResponse' :: Int
httpStatus = Int
a} :: GetPublicKeyResponse)

instance Prelude.NFData GetPublicKeyResponse