{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.GetPublicKey
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Returns the public key of an asymmetric KMS key. Unlike the private key
-- of a asymmetric KMS key, which never leaves KMS unencrypted, callers
-- with @kms:GetPublicKey@ permission can download the public key of an
-- asymmetric KMS key. You can share the public key to allow others to
-- encrypt messages and verify signatures outside of KMS. For information
-- about asymmetric KMS keys, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Asymmetric KMS keys>
-- in the /Key Management Service Developer Guide/.
--
-- You do not need to download the public key. Instead, you can use the
-- public key within KMS by calling the Encrypt, ReEncrypt, or Verify
-- operations with the identifier of an asymmetric KMS key. When you use
-- the public key within KMS, you benefit from the authentication,
-- authorization, and logging that are part of every KMS operation. You
-- also reduce of risk of encrypting data that cannot be decrypted. These
-- features are not effective outside of KMS.
--
-- To help you use the public key safely outside of KMS, @GetPublicKey@
-- returns important information about the public key in the response,
-- including:
--
-- -   <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeySpec KeySpec>:
--     The type of key material in the public key, such as @RSA_4096@ or
--     @ECC_NIST_P521@.
--
-- -   <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeyUsage KeyUsage>:
--     Whether the key is used for encryption or signing.
--
-- -   <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-EncryptionAlgorithms EncryptionAlgorithms>
--     or
--     <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-SigningAlgorithms SigningAlgorithms>:
--     A list of the encryption algorithms or the signing algorithms for
--     the key.
--
-- Although KMS cannot enforce these restrictions on external operations,
-- it is crucial that you use this information to prevent the public key
-- from being used improperly. For example, you can prevent a public
-- signing key from being used encrypt data, or prevent a public key from
-- being used with an encryption algorithm that is not supported by KMS.
-- You can also avoid errors, such as using the wrong signing algorithm in
-- a verification operation.
--
-- To verify a signature outside of KMS with an SM2 public key (China
-- Regions only), you must specify the distinguishing ID. By default, KMS
-- uses @1234567812345678@ as the distinguishing ID. For more information,
-- see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification Offline verification with SM2 key pairs>.
--
-- The KMS key that you use for this operation must be in a compatible key
-- state. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>
-- in the /Key Management Service Developer Guide/.
--
-- __Cross-account use__: Yes. To perform this operation with a KMS key in
-- a different Amazon Web Services account, specify the key ARN or alias
-- ARN in the value of the @KeyId@ parameter.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GetPublicKey>
-- (key policy)
--
-- __Related operations__: CreateKey
module Amazonka.KMS.GetPublicKey
  ( -- * Creating a Request
    GetPublicKey (..),
    newGetPublicKey,

    -- * Request Lenses
    getPublicKey_grantTokens,
    getPublicKey_keyId,

    -- * Destructuring the Response
    GetPublicKeyResponse (..),
    newGetPublicKeyResponse,

    -- * Response Lenses
    getPublicKeyResponse_customerMasterKeySpec,
    getPublicKeyResponse_encryptionAlgorithms,
    getPublicKeyResponse_keyId,
    getPublicKeyResponse_keySpec,
    getPublicKeyResponse_keyUsage,
    getPublicKeyResponse_publicKey,
    getPublicKeyResponse_signingAlgorithms,
    getPublicKeyResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.KMS.Types
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newGetPublicKey' smart constructor.
data GetPublicKey = GetPublicKey'
  { -- | A list of grant tokens.
    --
    -- Use a grant token when your permission to call this operation comes from
    -- a new grant that has not yet achieved /eventual consistency/. For more
    -- information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
    -- and
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
    -- in the /Key Management Service Developer Guide/.
    GetPublicKey -> Maybe [Text]
grantTokens :: Prelude.Maybe [Prelude.Text],
    -- | Identifies the asymmetric KMS key that includes the public key.
    --
    -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
    -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
    -- key in a different Amazon Web Services account, you must use the key ARN
    -- or alias ARN.
    --
    -- For example:
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Alias name: @alias\/ExampleAlias@
    --
    -- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
    --
    -- To get the key ID and key ARN for a KMS key, use ListKeys or
    -- DescribeKey. To get the alias name and alias ARN, use ListAliases.
    GetPublicKey -> Text
keyId :: Prelude.Text
  }
  deriving (GetPublicKey -> GetPublicKey -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetPublicKey -> GetPublicKey -> Bool
$c/= :: GetPublicKey -> GetPublicKey -> Bool
== :: GetPublicKey -> GetPublicKey -> Bool
$c== :: GetPublicKey -> GetPublicKey -> Bool
Prelude.Eq, ReadPrec [GetPublicKey]
ReadPrec GetPublicKey
Int -> ReadS GetPublicKey
ReadS [GetPublicKey]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GetPublicKey]
$creadListPrec :: ReadPrec [GetPublicKey]
readPrec :: ReadPrec GetPublicKey
$creadPrec :: ReadPrec GetPublicKey
readList :: ReadS [GetPublicKey]
$creadList :: ReadS [GetPublicKey]
readsPrec :: Int -> ReadS GetPublicKey
$creadsPrec :: Int -> ReadS GetPublicKey
Prelude.Read, Int -> GetPublicKey -> ShowS
[GetPublicKey] -> ShowS
GetPublicKey -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetPublicKey] -> ShowS
$cshowList :: [GetPublicKey] -> ShowS
show :: GetPublicKey -> String
$cshow :: GetPublicKey -> String
showsPrec :: Int -> GetPublicKey -> ShowS
$cshowsPrec :: Int -> GetPublicKey -> ShowS
Prelude.Show, forall x. Rep GetPublicKey x -> GetPublicKey
forall x. GetPublicKey -> Rep GetPublicKey x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetPublicKey x -> GetPublicKey
$cfrom :: forall x. GetPublicKey -> Rep GetPublicKey x
Prelude.Generic)

-- |
-- Create a value of 'GetPublicKey' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'grantTokens', 'getPublicKey_grantTokens' - A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
--
-- 'keyId', 'getPublicKey_keyId' - Identifies the asymmetric KMS key that includes the public key.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
newGetPublicKey ::
  -- | 'keyId'
  Prelude.Text ->
  GetPublicKey
newGetPublicKey :: Text -> GetPublicKey
newGetPublicKey Text
pKeyId_ =
  GetPublicKey'
    { $sel:grantTokens:GetPublicKey' :: Maybe [Text]
grantTokens = forall a. Maybe a
Prelude.Nothing,
      $sel:keyId:GetPublicKey' :: Text
keyId = Text
pKeyId_
    }

-- | A list of grant tokens.
--
-- Use a grant token when your permission to call this operation comes from
-- a new grant that has not yet achieved /eventual consistency/. For more
-- information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>
-- in the /Key Management Service Developer Guide/.
getPublicKey_grantTokens :: Lens.Lens' GetPublicKey (Prelude.Maybe [Prelude.Text])
getPublicKey_grantTokens :: Lens' GetPublicKey (Maybe [Text])
getPublicKey_grantTokens = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKey' {Maybe [Text]
grantTokens :: Maybe [Text]
$sel:grantTokens:GetPublicKey' :: GetPublicKey -> Maybe [Text]
grantTokens} -> Maybe [Text]
grantTokens) (\s :: GetPublicKey
s@GetPublicKey' {} Maybe [Text]
a -> GetPublicKey
s {$sel:grantTokens:GetPublicKey' :: Maybe [Text]
grantTokens = Maybe [Text]
a} :: GetPublicKey) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Identifies the asymmetric KMS key that includes the public key.
--
-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.
-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS
-- key in a different Amazon Web Services account, you must use the key ARN
-- or alias ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Alias name: @alias\/ExampleAlias@
--
-- -   Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey. To get the alias name and alias ARN, use ListAliases.
getPublicKey_keyId :: Lens.Lens' GetPublicKey Prelude.Text
getPublicKey_keyId :: Lens' GetPublicKey Text
getPublicKey_keyId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKey' {Text
keyId :: Text
$sel:keyId:GetPublicKey' :: GetPublicKey -> Text
keyId} -> Text
keyId) (\s :: GetPublicKey
s@GetPublicKey' {} Text
a -> GetPublicKey
s {$sel:keyId:GetPublicKey' :: Text
keyId = Text
a} :: GetPublicKey)

instance Core.AWSRequest GetPublicKey where
  type AWSResponse GetPublicKey = GetPublicKeyResponse
  request :: (Service -> Service) -> GetPublicKey -> Request GetPublicKey
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy GetPublicKey
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse GetPublicKey)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe CustomerMasterKeySpec
-> Maybe [EncryptionAlgorithmSpec]
-> Maybe Text
-> Maybe KeySpec
-> Maybe KeyUsageType
-> Maybe Base64
-> Maybe [SigningAlgorithmSpec]
-> Int
-> GetPublicKeyResponse
GetPublicKeyResponse'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"CustomerMasterKeySpec")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x
                            forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"EncryptionAlgorithms"
                            forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ forall a. Monoid a => a
Prelude.mempty
                        )
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"KeyId")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"KeySpec")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"KeyUsage")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"PublicKey")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x
                            forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"SigningAlgorithms"
                            forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ forall a. Monoid a => a
Prelude.mempty
                        )
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable GetPublicKey where
  hashWithSalt :: Int -> GetPublicKey -> Int
hashWithSalt Int
_salt GetPublicKey' {Maybe [Text]
Text
keyId :: Text
grantTokens :: Maybe [Text]
$sel:keyId:GetPublicKey' :: GetPublicKey -> Text
$sel:grantTokens:GetPublicKey' :: GetPublicKey -> Maybe [Text]
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [Text]
grantTokens
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
keyId

instance Prelude.NFData GetPublicKey where
  rnf :: GetPublicKey -> ()
rnf GetPublicKey' {Maybe [Text]
Text
keyId :: Text
grantTokens :: Maybe [Text]
$sel:keyId:GetPublicKey' :: GetPublicKey -> Text
$sel:grantTokens:GetPublicKey' :: GetPublicKey -> Maybe [Text]
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe [Text]
grantTokens
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
keyId

instance Data.ToHeaders GetPublicKey where
  toHeaders :: GetPublicKey -> ResponseHeaders
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# (ByteString
"TrentService.GetPublicKey" :: Prelude.ByteString),
            HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON GetPublicKey where
  toJSON :: GetPublicKey -> Value
toJSON GetPublicKey' {Maybe [Text]
Text
keyId :: Text
grantTokens :: Maybe [Text]
$sel:keyId:GetPublicKey' :: GetPublicKey -> Text
$sel:grantTokens:GetPublicKey' :: GetPublicKey -> Maybe [Text]
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"GrantTokens" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
grantTokens,
            forall a. a -> Maybe a
Prelude.Just (Key
"KeyId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
keyId)
          ]
      )

instance Data.ToPath GetPublicKey where
  toPath :: GetPublicKey -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery GetPublicKey where
  toQuery :: GetPublicKey -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newGetPublicKeyResponse' smart constructor.
data GetPublicKeyResponse = GetPublicKeyResponse'
  { -- | Instead, use the @KeySpec@ field in the @GetPublicKey@ response.
    --
    -- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We
    -- recommend that you use the @KeySpec@ field in your code. However, to
    -- avoid breaking changes, KMS supports both fields.
    GetPublicKeyResponse -> Maybe CustomerMasterKeySpec
customerMasterKeySpec :: Prelude.Maybe CustomerMasterKeySpec,
    -- | The encryption algorithms that KMS supports for this key.
    --
    -- This information is critical. If a public key encrypts data outside of
    -- KMS by using an unsupported encryption algorithm, the ciphertext cannot
    -- be decrypted.
    --
    -- This field appears in the response only when the @KeyUsage@ of the
    -- public key is @ENCRYPT_DECRYPT@.
    GetPublicKeyResponse -> Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms :: Prelude.Maybe [EncryptionAlgorithmSpec],
    -- | The Amazon Resource Name
    -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
    -- of the asymmetric KMS key from which the public key was downloaded.
    GetPublicKeyResponse -> Maybe Text
keyId :: Prelude.Maybe Prelude.Text,
    -- | The type of the of the public key that was downloaded.
    GetPublicKeyResponse -> Maybe KeySpec
keySpec :: Prelude.Maybe KeySpec,
    -- | The permitted use of the public key. Valid values are @ENCRYPT_DECRYPT@
    -- or @SIGN_VERIFY@.
    --
    -- This information is critical. If a public key with @SIGN_VERIFY@ key
    -- usage encrypts data outside of KMS, the ciphertext cannot be decrypted.
    GetPublicKeyResponse -> Maybe KeyUsageType
keyUsage :: Prelude.Maybe KeyUsageType,
    -- | The exported public key.
    --
    -- The value is a DER-encoded X.509 public key, also known as
    -- @SubjectPublicKeyInfo@ (SPKI), as defined in
    -- <https://tools.ietf.org/html/rfc5280 RFC 5280>. When you use the HTTP
    -- API or the Amazon Web Services CLI, the value is Base64-encoded.
    -- Otherwise, it is not Base64-encoded.
    GetPublicKeyResponse -> Maybe Base64
publicKey :: Prelude.Maybe Data.Base64,
    -- | The signing algorithms that KMS supports for this key.
    --
    -- This field appears in the response only when the @KeyUsage@ of the
    -- public key is @SIGN_VERIFY@.
    GetPublicKeyResponse -> Maybe [SigningAlgorithmSpec]
signingAlgorithms :: Prelude.Maybe [SigningAlgorithmSpec],
    -- | The response's http status code.
    GetPublicKeyResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (GetPublicKeyResponse -> GetPublicKeyResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetPublicKeyResponse -> GetPublicKeyResponse -> Bool
$c/= :: GetPublicKeyResponse -> GetPublicKeyResponse -> Bool
== :: GetPublicKeyResponse -> GetPublicKeyResponse -> Bool
$c== :: GetPublicKeyResponse -> GetPublicKeyResponse -> Bool
Prelude.Eq, ReadPrec [GetPublicKeyResponse]
ReadPrec GetPublicKeyResponse
Int -> ReadS GetPublicKeyResponse
ReadS [GetPublicKeyResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GetPublicKeyResponse]
$creadListPrec :: ReadPrec [GetPublicKeyResponse]
readPrec :: ReadPrec GetPublicKeyResponse
$creadPrec :: ReadPrec GetPublicKeyResponse
readList :: ReadS [GetPublicKeyResponse]
$creadList :: ReadS [GetPublicKeyResponse]
readsPrec :: Int -> ReadS GetPublicKeyResponse
$creadsPrec :: Int -> ReadS GetPublicKeyResponse
Prelude.Read, Int -> GetPublicKeyResponse -> ShowS
[GetPublicKeyResponse] -> ShowS
GetPublicKeyResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetPublicKeyResponse] -> ShowS
$cshowList :: [GetPublicKeyResponse] -> ShowS
show :: GetPublicKeyResponse -> String
$cshow :: GetPublicKeyResponse -> String
showsPrec :: Int -> GetPublicKeyResponse -> ShowS
$cshowsPrec :: Int -> GetPublicKeyResponse -> ShowS
Prelude.Show, forall x. Rep GetPublicKeyResponse x -> GetPublicKeyResponse
forall x. GetPublicKeyResponse -> Rep GetPublicKeyResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetPublicKeyResponse x -> GetPublicKeyResponse
$cfrom :: forall x. GetPublicKeyResponse -> Rep GetPublicKeyResponse x
Prelude.Generic)

-- |
-- Create a value of 'GetPublicKeyResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'customerMasterKeySpec', 'getPublicKeyResponse_customerMasterKeySpec' - Instead, use the @KeySpec@ field in the @GetPublicKey@ response.
--
-- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We
-- recommend that you use the @KeySpec@ field in your code. However, to
-- avoid breaking changes, KMS supports both fields.
--
-- 'encryptionAlgorithms', 'getPublicKeyResponse_encryptionAlgorithms' - The encryption algorithms that KMS supports for this key.
--
-- This information is critical. If a public key encrypts data outside of
-- KMS by using an unsupported encryption algorithm, the ciphertext cannot
-- be decrypted.
--
-- This field appears in the response only when the @KeyUsage@ of the
-- public key is @ENCRYPT_DECRYPT@.
--
-- 'keyId', 'getPublicKeyResponse_keyId' - The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the asymmetric KMS key from which the public key was downloaded.
--
-- 'keySpec', 'getPublicKeyResponse_keySpec' - The type of the of the public key that was downloaded.
--
-- 'keyUsage', 'getPublicKeyResponse_keyUsage' - The permitted use of the public key. Valid values are @ENCRYPT_DECRYPT@
-- or @SIGN_VERIFY@.
--
-- This information is critical. If a public key with @SIGN_VERIFY@ key
-- usage encrypts data outside of KMS, the ciphertext cannot be decrypted.
--
-- 'publicKey', 'getPublicKeyResponse_publicKey' - The exported public key.
--
-- The value is a DER-encoded X.509 public key, also known as
-- @SubjectPublicKeyInfo@ (SPKI), as defined in
-- <https://tools.ietf.org/html/rfc5280 RFC 5280>. When you use the HTTP
-- API or the Amazon Web Services CLI, the value is Base64-encoded.
-- Otherwise, it is not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
--
-- 'signingAlgorithms', 'getPublicKeyResponse_signingAlgorithms' - The signing algorithms that KMS supports for this key.
--
-- This field appears in the response only when the @KeyUsage@ of the
-- public key is @SIGN_VERIFY@.
--
-- 'httpStatus', 'getPublicKeyResponse_httpStatus' - The response's http status code.
newGetPublicKeyResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  GetPublicKeyResponse
newGetPublicKeyResponse :: Int -> GetPublicKeyResponse
newGetPublicKeyResponse Int
pHttpStatus_ =
  GetPublicKeyResponse'
    { $sel:customerMasterKeySpec:GetPublicKeyResponse' :: Maybe CustomerMasterKeySpec
customerMasterKeySpec =
        forall a. Maybe a
Prelude.Nothing,
      $sel:encryptionAlgorithms:GetPublicKeyResponse' :: Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms = forall a. Maybe a
Prelude.Nothing,
      $sel:keyId:GetPublicKeyResponse' :: Maybe Text
keyId = forall a. Maybe a
Prelude.Nothing,
      $sel:keySpec:GetPublicKeyResponse' :: Maybe KeySpec
keySpec = forall a. Maybe a
Prelude.Nothing,
      $sel:keyUsage:GetPublicKeyResponse' :: Maybe KeyUsageType
keyUsage = forall a. Maybe a
Prelude.Nothing,
      $sel:publicKey:GetPublicKeyResponse' :: Maybe Base64
publicKey = forall a. Maybe a
Prelude.Nothing,
      $sel:signingAlgorithms:GetPublicKeyResponse' :: Maybe [SigningAlgorithmSpec]
signingAlgorithms = forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:GetPublicKeyResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | Instead, use the @KeySpec@ field in the @GetPublicKey@ response.
--
-- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We
-- recommend that you use the @KeySpec@ field in your code. However, to
-- avoid breaking changes, KMS supports both fields.
getPublicKeyResponse_customerMasterKeySpec :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe CustomerMasterKeySpec)
getPublicKeyResponse_customerMasterKeySpec :: Lens' GetPublicKeyResponse (Maybe CustomerMasterKeySpec)
getPublicKeyResponse_customerMasterKeySpec = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe CustomerMasterKeySpec
customerMasterKeySpec :: Maybe CustomerMasterKeySpec
$sel:customerMasterKeySpec:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe CustomerMasterKeySpec
customerMasterKeySpec} -> Maybe CustomerMasterKeySpec
customerMasterKeySpec) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe CustomerMasterKeySpec
a -> GetPublicKeyResponse
s {$sel:customerMasterKeySpec:GetPublicKeyResponse' :: Maybe CustomerMasterKeySpec
customerMasterKeySpec = Maybe CustomerMasterKeySpec
a} :: GetPublicKeyResponse)

-- | The encryption algorithms that KMS supports for this key.
--
-- This information is critical. If a public key encrypts data outside of
-- KMS by using an unsupported encryption algorithm, the ciphertext cannot
-- be decrypted.
--
-- This field appears in the response only when the @KeyUsage@ of the
-- public key is @ENCRYPT_DECRYPT@.
getPublicKeyResponse_encryptionAlgorithms :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe [EncryptionAlgorithmSpec])
getPublicKeyResponse_encryptionAlgorithms :: Lens' GetPublicKeyResponse (Maybe [EncryptionAlgorithmSpec])
getPublicKeyResponse_encryptionAlgorithms = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms :: Maybe [EncryptionAlgorithmSpec]
$sel:encryptionAlgorithms:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms} -> Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe [EncryptionAlgorithmSpec]
a -> GetPublicKeyResponse
s {$sel:encryptionAlgorithms:GetPublicKeyResponse' :: Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms = Maybe [EncryptionAlgorithmSpec]
a} :: GetPublicKeyResponse) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The Amazon Resource Name
-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)
-- of the asymmetric KMS key from which the public key was downloaded.
getPublicKeyResponse_keyId :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe Prelude.Text)
getPublicKeyResponse_keyId :: Lens' GetPublicKeyResponse (Maybe Text)
getPublicKeyResponse_keyId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe Text
keyId :: Maybe Text
$sel:keyId:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe Text
keyId} -> Maybe Text
keyId) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe Text
a -> GetPublicKeyResponse
s {$sel:keyId:GetPublicKeyResponse' :: Maybe Text
keyId = Maybe Text
a} :: GetPublicKeyResponse)

-- | The type of the of the public key that was downloaded.
getPublicKeyResponse_keySpec :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe KeySpec)
getPublicKeyResponse_keySpec :: Lens' GetPublicKeyResponse (Maybe KeySpec)
getPublicKeyResponse_keySpec = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe KeySpec
keySpec :: Maybe KeySpec
$sel:keySpec:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe KeySpec
keySpec} -> Maybe KeySpec
keySpec) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe KeySpec
a -> GetPublicKeyResponse
s {$sel:keySpec:GetPublicKeyResponse' :: Maybe KeySpec
keySpec = Maybe KeySpec
a} :: GetPublicKeyResponse)

-- | The permitted use of the public key. Valid values are @ENCRYPT_DECRYPT@
-- or @SIGN_VERIFY@.
--
-- This information is critical. If a public key with @SIGN_VERIFY@ key
-- usage encrypts data outside of KMS, the ciphertext cannot be decrypted.
getPublicKeyResponse_keyUsage :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe KeyUsageType)
getPublicKeyResponse_keyUsage :: Lens' GetPublicKeyResponse (Maybe KeyUsageType)
getPublicKeyResponse_keyUsage = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe KeyUsageType
keyUsage :: Maybe KeyUsageType
$sel:keyUsage:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe KeyUsageType
keyUsage} -> Maybe KeyUsageType
keyUsage) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe KeyUsageType
a -> GetPublicKeyResponse
s {$sel:keyUsage:GetPublicKeyResponse' :: Maybe KeyUsageType
keyUsage = Maybe KeyUsageType
a} :: GetPublicKeyResponse)

-- | The exported public key.
--
-- The value is a DER-encoded X.509 public key, also known as
-- @SubjectPublicKeyInfo@ (SPKI), as defined in
-- <https://tools.ietf.org/html/rfc5280 RFC 5280>. When you use the HTTP
-- API or the Amazon Web Services CLI, the value is Base64-encoded.
-- Otherwise, it is not Base64-encoded.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
getPublicKeyResponse_publicKey :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe Prelude.ByteString)
getPublicKeyResponse_publicKey :: Lens' GetPublicKeyResponse (Maybe ByteString)
getPublicKeyResponse_publicKey = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe Base64
publicKey :: Maybe Base64
$sel:publicKey:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe Base64
publicKey} -> Maybe Base64
publicKey) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe Base64
a -> GetPublicKeyResponse
s {$sel:publicKey:GetPublicKeyResponse' :: Maybe Base64
publicKey = Maybe Base64
a} :: GetPublicKeyResponse) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping Iso' Base64 ByteString
Data._Base64

-- | The signing algorithms that KMS supports for this key.
--
-- This field appears in the response only when the @KeyUsage@ of the
-- public key is @SIGN_VERIFY@.
getPublicKeyResponse_signingAlgorithms :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe [SigningAlgorithmSpec])
getPublicKeyResponse_signingAlgorithms :: Lens' GetPublicKeyResponse (Maybe [SigningAlgorithmSpec])
getPublicKeyResponse_signingAlgorithms = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Maybe [SigningAlgorithmSpec]
signingAlgorithms :: Maybe [SigningAlgorithmSpec]
$sel:signingAlgorithms:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe [SigningAlgorithmSpec]
signingAlgorithms} -> Maybe [SigningAlgorithmSpec]
signingAlgorithms) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Maybe [SigningAlgorithmSpec]
a -> GetPublicKeyResponse
s {$sel:signingAlgorithms:GetPublicKeyResponse' :: Maybe [SigningAlgorithmSpec]
signingAlgorithms = Maybe [SigningAlgorithmSpec]
a} :: GetPublicKeyResponse) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The response's http status code.
getPublicKeyResponse_httpStatus :: Lens.Lens' GetPublicKeyResponse Prelude.Int
getPublicKeyResponse_httpStatus :: Lens' GetPublicKeyResponse Int
getPublicKeyResponse_httpStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPublicKeyResponse' {Int
httpStatus :: Int
$sel:httpStatus:GetPublicKeyResponse' :: GetPublicKeyResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: GetPublicKeyResponse
s@GetPublicKeyResponse' {} Int
a -> GetPublicKeyResponse
s {$sel:httpStatus:GetPublicKeyResponse' :: Int
httpStatus = Int
a} :: GetPublicKeyResponse)

instance Prelude.NFData GetPublicKeyResponse where
  rnf :: GetPublicKeyResponse -> ()
rnf GetPublicKeyResponse' {Int
Maybe [EncryptionAlgorithmSpec]
Maybe [SigningAlgorithmSpec]
Maybe Text
Maybe Base64
Maybe CustomerMasterKeySpec
Maybe KeySpec
Maybe KeyUsageType
httpStatus :: Int
signingAlgorithms :: Maybe [SigningAlgorithmSpec]
publicKey :: Maybe Base64
keyUsage :: Maybe KeyUsageType
keySpec :: Maybe KeySpec
keyId :: Maybe Text
encryptionAlgorithms :: Maybe [EncryptionAlgorithmSpec]
customerMasterKeySpec :: Maybe CustomerMasterKeySpec
$sel:httpStatus:GetPublicKeyResponse' :: GetPublicKeyResponse -> Int
$sel:signingAlgorithms:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe [SigningAlgorithmSpec]
$sel:publicKey:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe Base64
$sel:keyUsage:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe KeyUsageType
$sel:keySpec:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe KeySpec
$sel:keyId:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe Text
$sel:encryptionAlgorithms:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe [EncryptionAlgorithmSpec]
$sel:customerMasterKeySpec:GetPublicKeyResponse' :: GetPublicKeyResponse -> Maybe CustomerMasterKeySpec
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe CustomerMasterKeySpec
customerMasterKeySpec
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [EncryptionAlgorithmSpec]
encryptionAlgorithms
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
keyId
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe KeySpec
keySpec
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe KeyUsageType
keyUsage
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Base64
publicKey
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [SigningAlgorithmSpec]
signingAlgorithms
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus