Skip to content

Commit

Permalink
Update generated code (#1728)
Browse files Browse the repository at this point in the history
* update generated code

* Fix CS

---------

Co-authored-by: Jérémy Derussé <[email protected]>
  • Loading branch information
async-aws-bot and jderusse authored Jun 14, 2024
1 parent e2fbe13 commit 02cb935
Show file tree
Hide file tree
Showing 9 changed files with 78 additions and 15 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

## NOT RELEASED

### Added

- AWS api-change: This feature allows customers to use their keys stored in KMS to derive a shared secret which can then be used to establish a secured channel for communication, provide proof of possession, or establish trust with other parties.

### Changed

- Add `Accept: application/json` header in request to fix incompatibility with 3rd party providers
Expand Down
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
},
"extra": {
"branch-alias": {
"dev-master": "1.4-dev"
"dev-master": "1.5-dev"
}
}
}
15 changes: 15 additions & 0 deletions src/Enum/KeyAgreementAlgorithmSpec.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<?php

namespace AsyncAws\Kms\Enum;

final class KeyAgreementAlgorithmSpec
{
public const ECDH = 'ECDH';

public static function exists(string $value): bool
{
return isset([
self::ECDH => true,
][$value]);
}
}
2 changes: 2 additions & 0 deletions src/Enum/KeyUsageType.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,15 @@ final class KeyUsageType
{
public const ENCRYPT_DECRYPT = 'ENCRYPT_DECRYPT';
public const GENERATE_VERIFY_MAC = 'GENERATE_VERIFY_MAC';
public const KEY_AGREEMENT = 'KEY_AGREEMENT';
public const SIGN_VERIFY = 'SIGN_VERIFY';

public static function exists(string $value): bool
{
return isset([
self::ENCRYPT_DECRYPT => true,
self::GENERATE_VERIFY_MAC => true,
self::KEY_AGREEMENT => true,
self::SIGN_VERIFY => true,
][$value]);
}
Expand Down
4 changes: 2 additions & 2 deletions src/Exception/InvalidKeyUsageException.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@
*
* For encrypting, decrypting, re-encrypting, and generating data keys, the `KeyUsage` must be `ENCRYPT_DECRYPT`. For
* signing and verifying messages, the `KeyUsage` must be `SIGN_VERIFY`. For generating and verifying message
* authentication codes (MACs), the `KeyUsage` must be `GENERATE_VERIFY_MAC`. To find the `KeyUsage` of a KMS key, use
* the DescribeKey operation.
* authentication codes (MACs), the `KeyUsage` must be `GENERATE_VERIFY_MAC`. For deriving key agreement secrets, the
* `KeyUsage` must be `KEY_AGREEMENT`. To find the `KeyUsage` of a KMS key, use the DescribeKey operation.
*
* To find the encryption or signing algorithms supported for a particular KMS key, use the DescribeKey operation.
*/
Expand Down
18 changes: 10 additions & 8 deletions src/Input/CreateKeyRequest.php
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,11 @@ final class CreateKeyRequest extends Input
*
* - For symmetric encryption KMS keys, omit the parameter or specify `ENCRYPT_DECRYPT`.
* - For HMAC KMS keys (symmetric), specify `GENERATE_VERIFY_MAC`.
* - For asymmetric KMS keys with RSA key material, specify `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
* - For asymmetric KMS keys with ECC key material, specify `SIGN_VERIFY`.
* - For asymmetric KMS keys with SM2 key material (China Regions only), specify `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
* - For asymmetric KMS keys with RSA key pairs, specify `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
* - For asymmetric KMS keys with NIST-recommended elliptic curve key pairs, specify `SIGN_VERIFY` or `KEY_AGREEMENT`.
* - For asymmetric KMS keys with `ECC_SECG_P256K1` key pairs specify `SIGN_VERIFY`.
* - For asymmetric KMS keys with SM2 key pairs (China Regions only), specify `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or
* `KEY_AGREEMENT`.
*
* [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
*
Expand Down Expand Up @@ -115,25 +117,25 @@ final class CreateKeyRequest extends Input
* - `HMAC_384`
* - `HMAC_512`
*
* - Asymmetric RSA key pairs
* - Asymmetric RSA key pairs (encryption and decryption -or- signing and verification)
*
* - `RSA_2048`
* - `RSA_3072`
* - `RSA_4096`
*
* - Asymmetric NIST-recommended elliptic curve key pairs
* - Asymmetric NIST-recommended elliptic curve key pairs (signing and verification -or- deriving shared secrets)
*
* - `ECC_NIST_P256` (secp256r1)
* - `ECC_NIST_P384` (secp384r1)
* - `ECC_NIST_P521` (secp521r1)
*
* - Other asymmetric elliptic curve key pairs
* - Other asymmetric elliptic curve key pairs (signing and verification)
*
* - `ECC_SECG_P256K1` (secp256k1), commonly used for cryptocurrencies.
*
* - SM2 key pairs (China Regions only)
* - SM2 key pairs (encryption and decryption -or- signing and verification -or- deriving shared secrets)
*
* - `SM2`
* - `SM2` (China Regions only)
*
* [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html#symm-asymm-choose
* [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm
Expand Down
11 changes: 7 additions & 4 deletions src/KmsClient.php
Original file line number Diff line number Diff line change
Expand Up @@ -183,10 +183,13 @@ public function createAlias($input): Result
*
* Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an SM2 key pair (China Regions
* only). The private key in an asymmetric KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey
* operation to download the public key so it can be used outside of KMS. KMS keys with RSA or SM2 key pairs can be
* used to encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC key pairs can be used
* only to sign and verify messages. For information about asymmetric KMS keys, see Asymmetric KMS keys [^3] in the
* *Key Management Service Developer Guide*.
* operation to download the public key so it can be used outside of KMS. Each KMS key can have only one key usage.
* KMS keys with RSA key pairs can be used to encrypt and decrypt data or sign and verify messages (but not both). KMS
* keys with NIST-recommended ECC key pairs can be used to sign and verify messages or derive shared secrets (but not
* both). KMS keys with `ECC_SECG_P256K1` can be used only to sign and verify messages. KMS keys with SM2 key pairs
* (China Regions only) can be used to either encrypt and decrypt data, sign and verify messages, or derive shared
* secrets (you must choose one key usage type). For information about asymmetric KMS keys, see Asymmetric KMS keys
* [^3] in the *Key Management Service Developer Guide*.
*
* - `HMAC KMS key`:
*
Expand Down
18 changes: 18 additions & 0 deletions src/Result/CreateKeyResponse.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
use AsyncAws\Core\Response;
use AsyncAws\Core\Result;
use AsyncAws\Kms\Enum\EncryptionAlgorithmSpec;
use AsyncAws\Kms\Enum\KeyAgreementAlgorithmSpec;
use AsyncAws\Kms\Enum\MacAlgorithmSpec;
use AsyncAws\Kms\Enum\SigningAlgorithmSpec;
use AsyncAws\Kms\ValueObject\KeyMetadata;
Expand Down Expand Up @@ -51,6 +52,22 @@ private function populateResultEncryptionAlgorithmSpecList(array $json): array
return $items;
}

/**
* @return list<KeyAgreementAlgorithmSpec::*>
*/
private function populateResultKeyAgreementAlgorithmSpecList(array $json): array
{
$items = [];
foreach ($json as $item) {
$a = isset($item) ? (string) $item : null;
if (null !== $a) {
$items[] = $a;
}
}

return $items;
}

private function populateResultKeyMetadata(array $json): KeyMetadata
{
return new KeyMetadata([
Expand All @@ -73,6 +90,7 @@ private function populateResultKeyMetadata(array $json): KeyMetadata
'KeySpec' => isset($json['KeySpec']) ? (string) $json['KeySpec'] : null,
'EncryptionAlgorithms' => !isset($json['EncryptionAlgorithms']) ? null : $this->populateResultEncryptionAlgorithmSpecList($json['EncryptionAlgorithms']),
'SigningAlgorithms' => !isset($json['SigningAlgorithms']) ? null : $this->populateResultSigningAlgorithmSpecList($json['SigningAlgorithms']),
'KeyAgreementAlgorithms' => !isset($json['KeyAgreementAlgorithms']) ? null : $this->populateResultKeyAgreementAlgorithmSpecList($json['KeyAgreementAlgorithms']),
'MultiRegion' => isset($json['MultiRegion']) ? filter_var($json['MultiRegion'], \FILTER_VALIDATE_BOOLEAN) : null,
'MultiRegionConfiguration' => empty($json['MultiRegionConfiguration']) ? null : $this->populateResultMultiRegionConfiguration($json['MultiRegionConfiguration']),
'PendingDeletionWindowInDays' => isset($json['PendingDeletionWindowInDays']) ? (int) $json['PendingDeletionWindowInDays'] : null,
Expand Down
19 changes: 19 additions & 0 deletions src/ValueObject/KeyMetadata.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
use AsyncAws\Kms\Enum\CustomerMasterKeySpec;
use AsyncAws\Kms\Enum\EncryptionAlgorithmSpec;
use AsyncAws\Kms\Enum\ExpirationModelType;
use AsyncAws\Kms\Enum\KeyAgreementAlgorithmSpec;
use AsyncAws\Kms\Enum\KeyManagerType;
use AsyncAws\Kms\Enum\KeySpec;
use AsyncAws\Kms\Enum\KeyState;
Expand Down Expand Up @@ -194,6 +195,13 @@ final class KeyMetadata
*/
private $signingAlgorithms;

/**
* The key agreement algorithm used to derive a shared secret.
*
* @var list<KeyAgreementAlgorithmSpec::*>|null
*/
private $keyAgreementAlgorithms;

/**
* Indicates whether the KMS key is a multi-Region (`True`) or regional (`False`) key. This value is `True` for
* multi-Region primary and replica keys and `False` for regional KMS keys.
Expand Down Expand Up @@ -280,6 +288,7 @@ final class KeyMetadata
* KeySpec?: null|KeySpec::*,
* EncryptionAlgorithms?: null|array<EncryptionAlgorithmSpec::*>,
* SigningAlgorithms?: null|array<SigningAlgorithmSpec::*>,
* KeyAgreementAlgorithms?: null|array<KeyAgreementAlgorithmSpec::*>,
* MultiRegion?: null|bool,
* MultiRegionConfiguration?: null|MultiRegionConfiguration|array,
* PendingDeletionWindowInDays?: null|int,
Expand Down Expand Up @@ -308,6 +317,7 @@ public function __construct(array $input)
$this->keySpec = $input['KeySpec'] ?? null;
$this->encryptionAlgorithms = $input['EncryptionAlgorithms'] ?? null;
$this->signingAlgorithms = $input['SigningAlgorithms'] ?? null;
$this->keyAgreementAlgorithms = $input['KeyAgreementAlgorithms'] ?? null;
$this->multiRegion = $input['MultiRegion'] ?? null;
$this->multiRegionConfiguration = isset($input['MultiRegionConfiguration']) ? MultiRegionConfiguration::create($input['MultiRegionConfiguration']) : null;
$this->pendingDeletionWindowInDays = $input['PendingDeletionWindowInDays'] ?? null;
Expand Down Expand Up @@ -336,6 +346,7 @@ public function __construct(array $input)
* KeySpec?: null|KeySpec::*,
* EncryptionAlgorithms?: null|array<EncryptionAlgorithmSpec::*>,
* SigningAlgorithms?: null|array<SigningAlgorithmSpec::*>,
* KeyAgreementAlgorithms?: null|array<KeyAgreementAlgorithmSpec::*>,
* MultiRegion?: null|bool,
* MultiRegionConfiguration?: null|MultiRegionConfiguration|array,
* PendingDeletionWindowInDays?: null|int,
Expand Down Expand Up @@ -416,6 +427,14 @@ public function getExpirationModel(): ?string
return $this->expirationModel;
}

/**
* @return list<KeyAgreementAlgorithmSpec::*>
*/
public function getKeyAgreementAlgorithms(): array
{
return $this->keyAgreementAlgorithms ?? [];
}

public function getKeyId(): string
{
return $this->keyId;
Expand Down

0 comments on commit 02cb935

Please sign in to comment.