aws-sdk-kms 1.83.0 → 1.85.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-kms/client.rb +326 -51
- data/lib/aws-sdk-kms/client_api.rb +41 -0
- data/lib/aws-sdk-kms/endpoints.rb +14 -0
- data/lib/aws-sdk-kms/plugins/endpoints.rb +2 -0
- data/lib/aws-sdk-kms/types.rb +240 -41
- data/lib/aws-sdk-kms.rb +1 -1
- data/sig/client.rbs +26 -3
- data/sig/types.rbs +26 -5
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 96d4958ee91e5d021a8960c3f3eeb25a2ea60d08715883cf163d42da5118ac8b
|
4
|
+
data.tar.gz: 9e29d069be85e3b8bd2e695180cf590648d4ae58790fd142ea6d1d8ed0acb9e9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 91a9a84de2ed7356324e4332601fc520595a08ce312534612e94a1254de67b6c94bda4913e9e2b2dddb81643d4fb9d6d872995e4fbcf74a93d61bd56e0772d0e
|
7
|
+
data.tar.gz: 69e54922b8809307f8355921311cf963bed89615684dbc1285e81cfcb1c24a66aed426f0a0c567bab17244756f51cb2d79add83605acab7c58c20cc74aa1a421
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.85.0 (2024-06-17)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Updating SDK example for KMS DeriveSharedSecret API.
|
8
|
+
|
9
|
+
1.84.0 (2024-06-13)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - This feature allows customers to use their keys stored in KMS to derive a shared secret which can then be used to establish a secured channel for communication, provide proof of possession, or establish trust with other parties.
|
13
|
+
|
4
14
|
1.83.0 (2024-06-05)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.85.0
|
data/lib/aws-sdk-kms/client.rb
CHANGED
@@ -1421,7 +1421,7 @@ module Aws::KMS
|
|
1421
1421
|
# key_id: "KeyIdType", # required
|
1422
1422
|
# grantee_principal: "PrincipalIdType", # required
|
1423
1423
|
# retiring_principal: "PrincipalIdType",
|
1424
|
-
# operations: ["Decrypt"], # required, accepts Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, Sign, Verify, GetPublicKey, CreateGrant, RetireGrant, DescribeKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateMac, VerifyMac
|
1424
|
+
# operations: ["Decrypt"], # required, accepts Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, Sign, Verify, GetPublicKey, CreateGrant, RetireGrant, DescribeKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateMac, VerifyMac, DeriveSharedSecret
|
1425
1425
|
# constraints: {
|
1426
1426
|
# encryption_context_subset: {
|
1427
1427
|
# "EncryptionContextKey" => "EncryptionContextValue",
|
@@ -1508,12 +1508,17 @@ module Aws::KMS
|
|
1508
1508
|
# key pair, or an SM2 key pair (China Regions only). The private key
|
1509
1509
|
# in an asymmetric KMS key never leaves KMS unencrypted. However, you
|
1510
1510
|
# can use the GetPublicKey operation to download the public key so it
|
1511
|
-
# can be used outside of KMS. KMS
|
1512
|
-
#
|
1513
|
-
#
|
1514
|
-
#
|
1515
|
-
#
|
1516
|
-
#
|
1511
|
+
# can be used outside of KMS. Each KMS key can have only one key
|
1512
|
+
# usage. KMS keys with RSA key pairs can be used to encrypt and
|
1513
|
+
# decrypt data or sign and verify messages (but not both). KMS keys
|
1514
|
+
# with NIST-recommended ECC key pairs can be used to sign and verify
|
1515
|
+
# messages or derive shared secrets (but not both). KMS keys with
|
1516
|
+
# `ECC_SECG_P256K1` can be used only to sign and verify messages. KMS
|
1517
|
+
# keys with SM2 key pairs (China Regions only) can be used to either
|
1518
|
+
# encrypt and decrypt data, sign and verify messages, or derive shared
|
1519
|
+
# secrets (you must choose one key usage type). For information about
|
1520
|
+
# asymmetric KMS keys, see [Asymmetric KMS keys][3] in the *Key
|
1521
|
+
# Management Service Developer Guide*.
|
1517
1522
|
#
|
1518
1523
|
#
|
1519
1524
|
#
|
@@ -1735,14 +1740,17 @@ module Aws::KMS
|
|
1735
1740
|
#
|
1736
1741
|
# * For HMAC KMS keys (symmetric), specify `GENERATE_VERIFY_MAC`.
|
1737
1742
|
#
|
1738
|
-
# * For asymmetric KMS keys with RSA key
|
1743
|
+
# * For asymmetric KMS keys with RSA key pairs, specify
|
1739
1744
|
# `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
|
1740
1745
|
#
|
1741
|
-
# * For asymmetric KMS keys with
|
1746
|
+
# * For asymmetric KMS keys with NIST-recommended elliptic curve key
|
1747
|
+
# pairs, specify `SIGN_VERIFY` or `KEY_AGREEMENT`.
|
1748
|
+
#
|
1749
|
+
# * For asymmetric KMS keys with `ECC_SECG_P256K1` key pairs specify
|
1742
1750
|
# `SIGN_VERIFY`.
|
1743
1751
|
#
|
1744
|
-
# * For asymmetric KMS keys with SM2 key
|
1745
|
-
# specify `ENCRYPT_DECRYPT` or `
|
1752
|
+
# * For asymmetric KMS keys with SM2 key pairs (China Regions only),
|
1753
|
+
# specify `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or `KEY_AGREEMENT`.
|
1746
1754
|
#
|
1747
1755
|
#
|
1748
1756
|
#
|
@@ -1795,7 +1803,8 @@ module Aws::KMS
|
|
1795
1803
|
#
|
1796
1804
|
# * `HMAC_512`
|
1797
1805
|
#
|
1798
|
-
# * Asymmetric RSA key pairs
|
1806
|
+
# * Asymmetric RSA key pairs (encryption and decryption -or- signing and
|
1807
|
+
# verification)
|
1799
1808
|
#
|
1800
1809
|
# * `RSA_2048`
|
1801
1810
|
#
|
@@ -1803,7 +1812,8 @@ module Aws::KMS
|
|
1803
1812
|
#
|
1804
1813
|
# * `RSA_4096`
|
1805
1814
|
#
|
1806
|
-
# * Asymmetric NIST-recommended elliptic curve key pairs
|
1815
|
+
# * Asymmetric NIST-recommended elliptic curve key pairs (signing and
|
1816
|
+
# verification -or- deriving shared secrets)
|
1807
1817
|
#
|
1808
1818
|
# * `ECC_NIST_P256` (secp256r1)
|
1809
1819
|
#
|
@@ -1811,15 +1821,16 @@ module Aws::KMS
|
|
1811
1821
|
#
|
1812
1822
|
# * `ECC_NIST_P521` (secp521r1)
|
1813
1823
|
#
|
1814
|
-
# * Other asymmetric elliptic curve key pairs
|
1824
|
+
# * Other asymmetric elliptic curve key pairs (signing and verification)
|
1815
1825
|
#
|
1816
1826
|
# * `ECC_SECG_P256K1` (secp256k1), commonly used for cryptocurrencies.
|
1817
1827
|
#
|
1818
1828
|
# ^
|
1819
1829
|
#
|
1820
|
-
# * SM2 key pairs (
|
1830
|
+
# * SM2 key pairs (encryption and decryption -or- signing and
|
1831
|
+
# verification -or- deriving shared secrets)
|
1821
1832
|
#
|
1822
|
-
# * `SM2`
|
1833
|
+
# * `SM2` (China Regions only)
|
1823
1834
|
#
|
1824
1835
|
# ^
|
1825
1836
|
#
|
@@ -2283,7 +2294,7 @@ module Aws::KMS
|
|
2283
2294
|
# resp = client.create_key({
|
2284
2295
|
# policy: "PolicyType",
|
2285
2296
|
# description: "DescriptionType",
|
2286
|
-
# key_usage: "SIGN_VERIFY", # accepts SIGN_VERIFY, ENCRYPT_DECRYPT, GENERATE_VERIFY_MAC
|
2297
|
+
# key_usage: "SIGN_VERIFY", # accepts SIGN_VERIFY, ENCRYPT_DECRYPT, GENERATE_VERIFY_MAC, KEY_AGREEMENT
|
2287
2298
|
# customer_master_key_spec: "RSA_2048", # accepts RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, ECC_SECG_P256K1, SYMMETRIC_DEFAULT, HMAC_224, HMAC_256, HMAC_384, HMAC_512, SM2
|
2288
2299
|
# key_spec: "RSA_2048", # accepts RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, ECC_SECG_P256K1, SYMMETRIC_DEFAULT, HMAC_224, HMAC_256, HMAC_384, HMAC_512, SM2
|
2289
2300
|
# origin: "AWS_KMS", # accepts AWS_KMS, EXTERNAL, AWS_CLOUDHSM, EXTERNAL_KEY_STORE
|
@@ -2307,7 +2318,7 @@ module Aws::KMS
|
|
2307
2318
|
# resp.key_metadata.creation_date #=> Time
|
2308
2319
|
# resp.key_metadata.enabled #=> Boolean
|
2309
2320
|
# resp.key_metadata.description #=> String
|
2310
|
-
# resp.key_metadata.key_usage #=> String, one of "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC"
|
2321
|
+
# resp.key_metadata.key_usage #=> String, one of "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC", "KEY_AGREEMENT"
|
2311
2322
|
# resp.key_metadata.key_state #=> String, one of "Creating", "Enabled", "Disabled", "PendingDeletion", "PendingImport", "PendingReplicaDeletion", "Unavailable", "Updating"
|
2312
2323
|
# resp.key_metadata.deletion_date #=> Time
|
2313
2324
|
# resp.key_metadata.valid_to #=> Time
|
@@ -2322,6 +2333,8 @@ module Aws::KMS
|
|
2322
2333
|
# resp.key_metadata.encryption_algorithms[0] #=> String, one of "SYMMETRIC_DEFAULT", "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256", "SM2PKE"
|
2323
2334
|
# resp.key_metadata.signing_algorithms #=> Array
|
2324
2335
|
# resp.key_metadata.signing_algorithms[0] #=> String, one of "RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512", "RSASSA_PKCS1_V1_5_SHA_256", "RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_512", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "SM2DSA"
|
2336
|
+
# resp.key_metadata.key_agreement_algorithms #=> Array
|
2337
|
+
# resp.key_metadata.key_agreement_algorithms[0] #=> String, one of "ECDH"
|
2325
2338
|
# resp.key_metadata.multi_region #=> Boolean
|
2326
2339
|
# resp.key_metadata.multi_region_configuration.multi_region_key_type #=> String, one of "PRIMARY", "REPLICA"
|
2327
2340
|
# resp.key_metadata.multi_region_configuration.primary_key.arn #=> String
|
@@ -2918,6 +2931,270 @@ module Aws::KMS
|
|
2918
2931
|
req.send_request(options)
|
2919
2932
|
end
|
2920
2933
|
|
2934
|
+
# Derives a shared secret using a key agreement algorithm.
|
2935
|
+
#
|
2936
|
+
# <note markdown="1"> You must use an asymmetric NIST-recommended elliptic curve (ECC) or
|
2937
|
+
# SM2 (China Regions only) KMS key pair with a `KeyUsage` value of
|
2938
|
+
# `KEY_AGREEMENT` to call DeriveSharedSecret.
|
2939
|
+
#
|
2940
|
+
# </note>
|
2941
|
+
#
|
2942
|
+
# DeriveSharedSecret uses the [Elliptic Curve Cryptography Cofactor
|
2943
|
+
# Diffie-Hellman Primitive][1] (ECDH) to establish a key agreement
|
2944
|
+
# between two peers by deriving a shared secret from their elliptic
|
2945
|
+
# curve public-private key pairs. You can use the raw shared secret that
|
2946
|
+
# DeriveSharedSecret returns to derive a symmetric key that can encrypt
|
2947
|
+
# and decrypt data that is sent between the two peers, or that can
|
2948
|
+
# generate and verify HMACs. KMS recommends that you follow [NIST
|
2949
|
+
# recommendations for key derivation][2] when using the raw shared
|
2950
|
+
# secret to derive a symmetric key.
|
2951
|
+
#
|
2952
|
+
# The following workflow demonstrates how to establish key agreement
|
2953
|
+
# over an insecure communication channel using DeriveSharedSecret.
|
2954
|
+
#
|
2955
|
+
# 1. **Alice** calls CreateKey to create an asymmetric KMS key pair
|
2956
|
+
# with a `KeyUsage` value of `KEY_AGREEMENT`.
|
2957
|
+
#
|
2958
|
+
# The asymmetric KMS key must use a NIST-recommended elliptic curve
|
2959
|
+
# (ECC) or SM2 (China Regions only) key spec.
|
2960
|
+
#
|
2961
|
+
# 2. **Bob** creates an elliptic curve key pair.
|
2962
|
+
#
|
2963
|
+
# Bob can call CreateKey to create an asymmetric KMS key pair or
|
2964
|
+
# generate a key pair outside of KMS. Bob's key pair must use the
|
2965
|
+
# same NIST-recommended elliptic curve (ECC) or SM2 (China Regions
|
2966
|
+
# ony) curve as Alice.
|
2967
|
+
#
|
2968
|
+
# 3. Alice and Bob **exchange their public keys** through an insecure
|
2969
|
+
# communication channel (like the internet).
|
2970
|
+
#
|
2971
|
+
# Use GetPublicKey to download the public key of your asymmetric KMS
|
2972
|
+
# key pair.
|
2973
|
+
#
|
2974
|
+
# <note markdown="1"> KMS strongly recommends verifying that the public key you receive
|
2975
|
+
# came from the expected party before using it to derive a shared
|
2976
|
+
# secret.
|
2977
|
+
#
|
2978
|
+
# </note>
|
2979
|
+
#
|
2980
|
+
# 4. **Alice** calls DeriveSharedSecret.
|
2981
|
+
#
|
2982
|
+
# KMS uses the private key from the KMS key pair generated in **Step
|
2983
|
+
# 1**, Bob's public key, and the Elliptic Curve Cryptography
|
2984
|
+
# Cofactor Diffie-Hellman Primitive to derive the shared secret. The
|
2985
|
+
# private key in your KMS key pair never leaves KMS unencrypted.
|
2986
|
+
# DeriveSharedSecret returns the raw shared secret.
|
2987
|
+
#
|
2988
|
+
# 5. **Bob** uses the Elliptic Curve Cryptography Cofactor
|
2989
|
+
# Diffie-Hellman Primitive to calculate the same raw secret using
|
2990
|
+
# his private key and Alice's public key.
|
2991
|
+
#
|
2992
|
+
# To derive a shared secret you must provide a key agreement algorithm,
|
2993
|
+
# the private key of the caller's asymmetric NIST-recommended elliptic
|
2994
|
+
# curve or SM2 (China Regions only) KMS key pair, and the public key
|
2995
|
+
# from your peer's NIST-recommended elliptic curve or SM2 (China
|
2996
|
+
# Regions only) key pair. The public key can be from another asymmetric
|
2997
|
+
# KMS key pair or from a key pair generated outside of KMS, but both key
|
2998
|
+
# pairs must be on the same elliptic curve.
|
2999
|
+
#
|
3000
|
+
# The KMS key that you use for this operation must be in a compatible
|
3001
|
+
# key state. For details, see [Key states of KMS keys][3] in the *Key
|
3002
|
+
# Management Service Developer Guide*.
|
3003
|
+
#
|
3004
|
+
# **Cross-account use**: Yes. To perform this operation with a KMS key
|
3005
|
+
# in a different Amazon Web Services account, specify the key ARN or
|
3006
|
+
# alias ARN in the value of the `KeyId` parameter.
|
3007
|
+
#
|
3008
|
+
# **Required permissions**: [kms:DeriveSharedSecret][4] (key policy)
|
3009
|
+
#
|
3010
|
+
# **Related operations:**
|
3011
|
+
#
|
3012
|
+
# * CreateKey
|
3013
|
+
#
|
3014
|
+
# * GetPublicKey
|
3015
|
+
#
|
3016
|
+
# * DescribeKey
|
3017
|
+
#
|
3018
|
+
# **Eventual consistency**: The KMS API follows an eventual consistency
|
3019
|
+
# model. For more information, see [KMS eventual consistency][5].
|
3020
|
+
#
|
3021
|
+
#
|
3022
|
+
#
|
3023
|
+
# [1]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf#page=60
|
3024
|
+
# [2]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf
|
3025
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
3026
|
+
# [4]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html
|
3027
|
+
# [5]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html
|
3028
|
+
#
|
3029
|
+
# @option params [required, String] :key_id
|
3030
|
+
# Identifies an asymmetric NIST-recommended ECC or SM2 (China Regions
|
3031
|
+
# only) KMS key. KMS uses the private key in the specified key pair to
|
3032
|
+
# derive the shared secret. The key usage of the KMS key must be
|
3033
|
+
# `KEY_AGREEMENT`. To find the `KeyUsage` of a KMS key, use the
|
3034
|
+
# DescribeKey operation.
|
3035
|
+
#
|
3036
|
+
# To specify a KMS key, use its key ID, key ARN, alias name, or alias
|
3037
|
+
# ARN. When using an alias name, prefix it with `"alias/"`. To specify a
|
3038
|
+
# KMS key in a different Amazon Web Services account, you must use the
|
3039
|
+
# key ARN or alias ARN.
|
3040
|
+
#
|
3041
|
+
# For example:
|
3042
|
+
#
|
3043
|
+
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
3044
|
+
#
|
3045
|
+
# * Key ARN:
|
3046
|
+
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
3047
|
+
#
|
3048
|
+
# * Alias name: `alias/ExampleAlias`
|
3049
|
+
#
|
3050
|
+
# * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
|
3051
|
+
#
|
3052
|
+
# To get the key ID and key ARN for a KMS key, use ListKeys or
|
3053
|
+
# DescribeKey. To get the alias name and alias ARN, use ListAliases.
|
3054
|
+
#
|
3055
|
+
# @option params [required, String] :key_agreement_algorithm
|
3056
|
+
# Specifies the key agreement algorithm used to derive the shared
|
3057
|
+
# secret. The only valid value is `ECDH`.
|
3058
|
+
#
|
3059
|
+
# @option params [required, String, StringIO, File] :public_key
|
3060
|
+
# Specifies the public key in your peer's NIST-recommended elliptic
|
3061
|
+
# curve (ECC) or SM2 (China Regions only) key pair.
|
3062
|
+
#
|
3063
|
+
# The public key must be a DER-encoded X.509 public key, also known as
|
3064
|
+
# `SubjectPublicKeyInfo` (SPKI), as defined in [RFC 5280][1].
|
3065
|
+
#
|
3066
|
+
# GetPublicKey returns the public key of an asymmetric KMS key pair in
|
3067
|
+
# the required DER-encoded format.
|
3068
|
+
#
|
3069
|
+
# <note markdown="1"> If you use [Amazon Web Services CLI version 1][2], you must provide
|
3070
|
+
# the DER-encoded X.509 public key in a file. Otherwise, the Amazon Web
|
3071
|
+
# Services CLI Base64-encodes the public key a second time, resulting in
|
3072
|
+
# a `ValidationException`.
|
3073
|
+
#
|
3074
|
+
# </note>
|
3075
|
+
#
|
3076
|
+
# You can specify the public key as binary data in a file using fileb
|
3077
|
+
# (`fileb://<path-to-file>`) or in-line using a Base64 encoded string.
|
3078
|
+
#
|
3079
|
+
#
|
3080
|
+
#
|
3081
|
+
# [1]: https://tools.ietf.org/html/rfc5280
|
3082
|
+
# [2]: https://docs.aws.amazon.com/cli/v1/userguide/cli-chap-welcome.html
|
3083
|
+
#
|
3084
|
+
# @option params [Array<String>] :grant_tokens
|
3085
|
+
# A list of grant tokens.
|
3086
|
+
#
|
3087
|
+
# Use a grant token when your permission to call this operation comes
|
3088
|
+
# from a new grant that has not yet achieved *eventual consistency*. For
|
3089
|
+
# more information, see [Grant token][1] and [Using a grant token][2] in
|
3090
|
+
# the *Key Management Service Developer Guide*.
|
3091
|
+
#
|
3092
|
+
#
|
3093
|
+
#
|
3094
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
|
3095
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
|
3096
|
+
#
|
3097
|
+
# @option params [Boolean] :dry_run
|
3098
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
3099
|
+
# parameter.
|
3100
|
+
#
|
3101
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
3102
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
3103
|
+
#
|
3104
|
+
#
|
3105
|
+
#
|
3106
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
3107
|
+
#
|
3108
|
+
# @option params [Types::RecipientInfo] :recipient
|
3109
|
+
# A signed [attestation document][1] from an Amazon Web Services Nitro
|
3110
|
+
# enclave and the encryption algorithm to use with the enclave's public
|
3111
|
+
# key. The only valid encryption algorithm is `RSAES_OAEP_SHA_256`.
|
3112
|
+
#
|
3113
|
+
# This parameter only supports attestation documents for Amazon Web
|
3114
|
+
# Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon Web
|
3115
|
+
# Services Nitro Enclaves, use the [Amazon Web Services Nitro Enclaves
|
3116
|
+
# SDK][2] to generate the attestation document and then use the
|
3117
|
+
# Recipient parameter from any Amazon Web Services SDK to provide the
|
3118
|
+
# attestation document for the enclave.
|
3119
|
+
#
|
3120
|
+
# When you use this parameter, instead of returning a plaintext copy of
|
3121
|
+
# the shared secret, KMS encrypts the plaintext shared secret under the
|
3122
|
+
# public key in the attestation document, and returns the resulting
|
3123
|
+
# ciphertext in the `CiphertextForRecipient` field in the response. This
|
3124
|
+
# ciphertext can be decrypted only with the private key in the enclave.
|
3125
|
+
# The `CiphertextBlob` field in the response contains the encrypted
|
3126
|
+
# shared secret derived from the KMS key specified by the `KeyId`
|
3127
|
+
# parameter and public key specified by the `PublicKey` parameter. The
|
3128
|
+
# `SharedSecret` field in the response is null or empty.
|
3129
|
+
#
|
3130
|
+
# For information about the interaction between KMS and Amazon Web
|
3131
|
+
# Services Nitro Enclaves, see [How Amazon Web Services Nitro Enclaves
|
3132
|
+
# uses KMS][3] in the *Key Management Service Developer Guide*.
|
3133
|
+
#
|
3134
|
+
#
|
3135
|
+
#
|
3136
|
+
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc
|
3137
|
+
# [2]: https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk
|
3138
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
3139
|
+
#
|
3140
|
+
# @return [Types::DeriveSharedSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3141
|
+
#
|
3142
|
+
# * {Types::DeriveSharedSecretResponse#key_id #key_id} => String
|
3143
|
+
# * {Types::DeriveSharedSecretResponse#shared_secret #shared_secret} => String
|
3144
|
+
# * {Types::DeriveSharedSecretResponse#ciphertext_for_recipient #ciphertext_for_recipient} => String
|
3145
|
+
# * {Types::DeriveSharedSecretResponse#key_agreement_algorithm #key_agreement_algorithm} => String
|
3146
|
+
# * {Types::DeriveSharedSecretResponse#key_origin #key_origin} => String
|
3147
|
+
#
|
3148
|
+
#
|
3149
|
+
# @example Example: To derive a shared secret
|
3150
|
+
#
|
3151
|
+
# # The following example derives a shared secret using a key agreement algorithm.
|
3152
|
+
#
|
3153
|
+
# resp = client.derive_shared_secret({
|
3154
|
+
# key_agreement_algorithm: "ECDH", # The key agreement algorithm used to derive the shared secret. The only valid value is ECDH.
|
3155
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab", # The key identifier for an asymmetric KMS key pair. The private key in the specified key pair is used to derive the shared secret.
|
3156
|
+
# public_key: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH3Yj0wbkLEpUl95Cv1cJVjsVNSjwGq3tCLnzXfhVwVvmzGN8pYj3U8nKwgouaHbBWNJYjP5VutbbkKS4Kv4GojwZBJyHN17kmxo8yTjRmjR15SKIQ8cqRA2uaERMLnpztIXdZp232PQPbWGxDyXYJ0aJ5EFSag", # The public key in your peer's asymmetric key pair.
|
3157
|
+
# })
|
3158
|
+
#
|
3159
|
+
# resp.to_h outputs the following:
|
3160
|
+
# {
|
3161
|
+
# key_agreement_algorithm: "ECDH", # The key agreement algorithm used to derive the shared secret.
|
3162
|
+
# key_id: "1234abcd-12ab-34cd-56ef-1234567890ab", # The asymmetric KMS key pair used to derive the shared secret.
|
3163
|
+
# key_origin: "AWS_KMS", # The source of the key material for the specified KMS key.
|
3164
|
+
# shared_secret: "MEYCIQCKZLWyTk5runarx6XiAkU9gv3lbwPO/pHa+DXFehzdDwIhANwpsIV2g/9SPWLLsF6p/hiSskuIXMTRwqrMdVKWTMHG", # The raw secret derived from the specified key agreement algorithm, private key in the asymmetric KMS key, and your peer's public key.
|
3165
|
+
# }
|
3166
|
+
#
|
3167
|
+
# @example Request syntax with placeholder values
|
3168
|
+
#
|
3169
|
+
# resp = client.derive_shared_secret({
|
3170
|
+
# key_id: "KeyIdType", # required
|
3171
|
+
# key_agreement_algorithm: "ECDH", # required, accepts ECDH
|
3172
|
+
# public_key: "data", # required
|
3173
|
+
# grant_tokens: ["GrantTokenType"],
|
3174
|
+
# dry_run: false,
|
3175
|
+
# recipient: {
|
3176
|
+
# key_encryption_algorithm: "RSAES_OAEP_SHA_256", # accepts RSAES_OAEP_SHA_256
|
3177
|
+
# attestation_document: "data",
|
3178
|
+
# },
|
3179
|
+
# })
|
3180
|
+
#
|
3181
|
+
# @example Response structure
|
3182
|
+
#
|
3183
|
+
# resp.key_id #=> String
|
3184
|
+
# resp.shared_secret #=> String
|
3185
|
+
# resp.ciphertext_for_recipient #=> String
|
3186
|
+
# resp.key_agreement_algorithm #=> String, one of "ECDH"
|
3187
|
+
# resp.key_origin #=> String, one of "AWS_KMS", "EXTERNAL", "AWS_CLOUDHSM", "EXTERNAL_KEY_STORE"
|
3188
|
+
#
|
3189
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecret AWS API Documentation
|
3190
|
+
#
|
3191
|
+
# @overload derive_shared_secret(params = {})
|
3192
|
+
# @param [Hash] params ({})
|
3193
|
+
def derive_shared_secret(params = {}, options = {})
|
3194
|
+
req = build_request(:derive_shared_secret, params)
|
3195
|
+
req.send_request(options)
|
3196
|
+
end
|
3197
|
+
|
2921
3198
|
# Gets information about [custom key stores][1] in the account and
|
2922
3199
|
# Region.
|
2923
3200
|
#
|
@@ -3502,7 +3779,7 @@ module Aws::KMS
|
|
3502
3779
|
# resp.key_metadata.creation_date #=> Time
|
3503
3780
|
# resp.key_metadata.enabled #=> Boolean
|
3504
3781
|
# resp.key_metadata.description #=> String
|
3505
|
-
# resp.key_metadata.key_usage #=> String, one of "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC"
|
3782
|
+
# resp.key_metadata.key_usage #=> String, one of "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC", "KEY_AGREEMENT"
|
3506
3783
|
# resp.key_metadata.key_state #=> String, one of "Creating", "Enabled", "Disabled", "PendingDeletion", "PendingImport", "PendingReplicaDeletion", "Unavailable", "Updating"
|
3507
3784
|
# resp.key_metadata.deletion_date #=> Time
|
3508
3785
|
# resp.key_metadata.valid_to #=> Time
|
@@ -3517,6 +3794,8 @@ module Aws::KMS
|
|
3517
3794
|
# resp.key_metadata.encryption_algorithms[0] #=> String, one of "SYMMETRIC_DEFAULT", "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256", "SM2PKE"
|
3518
3795
|
# resp.key_metadata.signing_algorithms #=> Array
|
3519
3796
|
# resp.key_metadata.signing_algorithms[0] #=> String, one of "RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512", "RSASSA_PKCS1_V1_5_SHA_256", "RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_512", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "SM2DSA"
|
3797
|
+
# resp.key_metadata.key_agreement_algorithms #=> Array
|
3798
|
+
# resp.key_metadata.key_agreement_algorithms[0] #=> String, one of "ECDH"
|
3520
3799
|
# resp.key_metadata.multi_region #=> Boolean
|
3521
3800
|
# resp.key_metadata.multi_region_configuration.multi_region_key_type #=> String, one of "PRIMARY", "REPLICA"
|
3522
3801
|
# resp.key_metadata.multi_region_configuration.primary_key.arn #=> String
|
@@ -4783,8 +5062,11 @@ module Aws::KMS
|
|
4783
5062
|
# key. The only valid encryption algorithm is `RSAES_OAEP_SHA_256`.
|
4784
5063
|
#
|
4785
5064
|
# This parameter only supports attestation documents for Amazon Web
|
4786
|
-
# Services Nitro Enclaves. To
|
4787
|
-
#
|
5065
|
+
# Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon Web
|
5066
|
+
# Services Nitro Enclaves, use the [Amazon Web Services Nitro Enclaves
|
5067
|
+
# SDK][2] to generate the attestation document and then use the
|
5068
|
+
# Recipient parameter from any Amazon Web Services SDK to provide the
|
5069
|
+
# attestation document for the enclave.
|
4788
5070
|
#
|
4789
5071
|
# When you use this parameter, instead of returning a plaintext copy of
|
4790
5072
|
# the private data key, KMS encrypts the plaintext private data key
|
@@ -5872,8 +6154,8 @@ module Aws::KMS
|
|
5872
6154
|
# `GetParametersForImport` returns the items that you need to import
|
5873
6155
|
# your key material.
|
5874
6156
|
#
|
5875
|
-
# * The public key (or "wrapping key") of an
|
5876
|
-
#
|
6157
|
+
# * The public key (or "wrapping key") of an RSA key pair that KMS
|
6158
|
+
# generates.
|
5877
6159
|
#
|
5878
6160
|
# You will use this public key to encrypt ("wrap") your key material
|
5879
6161
|
# while it's in transit to KMS.
|
@@ -5951,28 +6233,20 @@ module Aws::KMS
|
|
5951
6233
|
# DescribeKey.
|
5952
6234
|
#
|
5953
6235
|
# @option params [required, String] :wrapping_algorithm
|
5954
|
-
# The algorithm you will use with the
|
5955
|
-
#
|
5956
|
-
#
|
6236
|
+
# The algorithm you will use with the RSA public key (`PublicKey`) in
|
6237
|
+
# the response to protect your key material during import. For more
|
6238
|
+
# information, see [Select a wrapping
|
5957
6239
|
# algorithm](kms/latest/developerguide/importing-keys-get-public-key-and-token.html#select-wrapping-algorithm)
|
5958
6240
|
# in the *Key Management Service Developer Guide*.
|
5959
6241
|
#
|
5960
6242
|
# For RSA\_AES wrapping algorithms, you encrypt your key material with
|
5961
6243
|
# an AES key that you generate, then encrypt your AES key with the RSA
|
5962
6244
|
# public key from KMS. For RSAES wrapping algorithms, you encrypt your
|
5963
|
-
# key material directly with the RSA public key from KMS.
|
5964
|
-
# wrapping algorithms, you encrypt your key material directly with the
|
5965
|
-
# SM2 public key from KMS.
|
6245
|
+
# key material directly with the RSA public key from KMS.
|
5966
6246
|
#
|
5967
6247
|
# The wrapping algorithms that you can use depend on the type of key
|
5968
6248
|
# material that you are importing. To import an RSA private key, you
|
5969
|
-
# must use an RSA\_AES wrapping algorithm
|
5970
|
-
# where you must use the SM2PKE wrapping algorithm to import an RSA
|
5971
|
-
# private key.
|
5972
|
-
#
|
5973
|
-
# The SM2PKE wrapping algorithm is available only in China Regions. The
|
5974
|
-
# `RSA_AES_KEY_WRAP_SHA_256` and `RSA_AES_KEY_WRAP_SHA_1` wrapping
|
5975
|
-
# algorithms are not supported in China Regions.
|
6249
|
+
# must use an RSA\_AES wrapping algorithm.
|
5976
6250
|
#
|
5977
6251
|
# * **RSA\_AES\_KEY\_WRAP\_SHA\_256** — Supported for wrapping RSA and
|
5978
6252
|
# ECC key material.
|
@@ -5995,22 +6269,17 @@ module Aws::KMS
|
|
5995
6269
|
# * **RSAES\_PKCS1\_V1\_5** (Deprecated) — As of October 10, 2023, KMS
|
5996
6270
|
# does not support the RSAES\_PKCS1\_V1\_5 wrapping algorithm.
|
5997
6271
|
#
|
5998
|
-
# * **SM2PKE** (China Regions only) — supported for wrapping RSA, ECC,
|
5999
|
-
# and SM2 key material.
|
6000
|
-
#
|
6001
6272
|
# @option params [required, String] :wrapping_key_spec
|
6002
|
-
# The type of public key to return in the response. You will use
|
6003
|
-
# wrapping key with the specified wrapping algorithm to protect
|
6004
|
-
# material during import.
|
6273
|
+
# The type of RSA public key to return in the response. You will use
|
6274
|
+
# this wrapping key with the specified wrapping algorithm to protect
|
6275
|
+
# your key material during import.
|
6005
6276
|
#
|
6006
|
-
# Use the longest wrapping key that is practical.
|
6277
|
+
# Use the longest RSA wrapping key that is practical.
|
6007
6278
|
#
|
6008
6279
|
# You cannot use an RSA\_2048 public key to directly wrap an
|
6009
6280
|
# ECC\_NIST\_P521 private key. Instead, use an RSA\_AES wrapping
|
6010
6281
|
# algorithm or choose a longer RSA public key.
|
6011
6282
|
#
|
6012
|
-
# The SM2 wrapping key spec is available only in China Regions.
|
6013
|
-
#
|
6014
6283
|
# @return [Types::GetParametersForImportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6015
6284
|
#
|
6016
6285
|
# * {Types::GetParametersForImportResponse#key_id #key_id} => String
|
@@ -6144,7 +6413,8 @@ module Aws::KMS
|
|
6144
6413
|
# * [KeySpec][2]: The type of key material in the public key, such as
|
6145
6414
|
# `RSA_4096` or `ECC_NIST_P521`.
|
6146
6415
|
#
|
6147
|
-
# * [KeyUsage][3]: Whether the key is used for encryption or
|
6416
|
+
# * [KeyUsage][3]: Whether the key is used for encryption, signing, or
|
6417
|
+
# deriving a shared secret.
|
6148
6418
|
#
|
6149
6419
|
# * [EncryptionAlgorithms][4] or [SigningAlgorithms][5]: A list of the
|
6150
6420
|
# encryption algorithms or the signing algorithms for the key.
|
@@ -6233,6 +6503,7 @@ module Aws::KMS
|
|
6233
6503
|
# * {Types::GetPublicKeyResponse#key_usage #key_usage} => String
|
6234
6504
|
# * {Types::GetPublicKeyResponse#encryption_algorithms #encryption_algorithms} => Array<String>
|
6235
6505
|
# * {Types::GetPublicKeyResponse#signing_algorithms #signing_algorithms} => Array<String>
|
6506
|
+
# * {Types::GetPublicKeyResponse#key_agreement_algorithms #key_agreement_algorithms} => Array<String>
|
6236
6507
|
#
|
6237
6508
|
#
|
6238
6509
|
# @example Example: To download the public key of an asymmetric KMS key
|
@@ -6270,11 +6541,13 @@ module Aws::KMS
|
|
6270
6541
|
# resp.public_key #=> String
|
6271
6542
|
# resp.customer_master_key_spec #=> String, one of "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SYMMETRIC_DEFAULT", "HMAC_224", "HMAC_256", "HMAC_384", "HMAC_512", "SM2"
|
6272
6543
|
# resp.key_spec #=> String, one of "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SYMMETRIC_DEFAULT", "HMAC_224", "HMAC_256", "HMAC_384", "HMAC_512", "SM2"
|
6273
|
-
# resp.key_usage #=> String, one of "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC"
|
6544
|
+
# resp.key_usage #=> String, one of "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC", "KEY_AGREEMENT"
|
6274
6545
|
# resp.encryption_algorithms #=> Array
|
6275
6546
|
# resp.encryption_algorithms[0] #=> String, one of "SYMMETRIC_DEFAULT", "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256", "SM2PKE"
|
6276
6547
|
# resp.signing_algorithms #=> Array
|
6277
6548
|
# resp.signing_algorithms[0] #=> String, one of "RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512", "RSASSA_PKCS1_V1_5_SHA_256", "RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_512", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "SM2DSA"
|
6549
|
+
# resp.key_agreement_algorithms #=> Array
|
6550
|
+
# resp.key_agreement_algorithms[0] #=> String, one of "ECDH"
|
6278
6551
|
#
|
6279
6552
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKey AWS API Documentation
|
6280
6553
|
#
|
@@ -6877,7 +7150,7 @@ module Aws::KMS
|
|
6877
7150
|
# resp.grants[0].retiring_principal #=> String
|
6878
7151
|
# resp.grants[0].issuing_account #=> String
|
6879
7152
|
# resp.grants[0].operations #=> Array
|
6880
|
-
# resp.grants[0].operations[0] #=> String, one of "Decrypt", "Encrypt", "GenerateDataKey", "GenerateDataKeyWithoutPlaintext", "ReEncryptFrom", "ReEncryptTo", "Sign", "Verify", "GetPublicKey", "CreateGrant", "RetireGrant", "DescribeKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateMac", "VerifyMac"
|
7153
|
+
# resp.grants[0].operations[0] #=> String, one of "Decrypt", "Encrypt", "GenerateDataKey", "GenerateDataKeyWithoutPlaintext", "ReEncryptFrom", "ReEncryptTo", "Sign", "Verify", "GetPublicKey", "CreateGrant", "RetireGrant", "DescribeKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateMac", "VerifyMac", "DeriveSharedSecret"
|
6881
7154
|
# resp.grants[0].constraints.encryption_context_subset #=> Hash
|
6882
7155
|
# resp.grants[0].constraints.encryption_context_subset["EncryptionContextKey"] #=> String
|
6883
7156
|
# resp.grants[0].constraints.encryption_context_equals #=> Hash
|
@@ -7499,7 +7772,7 @@ module Aws::KMS
|
|
7499
7772
|
# resp.grants[0].retiring_principal #=> String
|
7500
7773
|
# resp.grants[0].issuing_account #=> String
|
7501
7774
|
# resp.grants[0].operations #=> Array
|
7502
|
-
# resp.grants[0].operations[0] #=> String, one of "Decrypt", "Encrypt", "GenerateDataKey", "GenerateDataKeyWithoutPlaintext", "ReEncryptFrom", "ReEncryptTo", "Sign", "Verify", "GetPublicKey", "CreateGrant", "RetireGrant", "DescribeKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateMac", "VerifyMac"
|
7775
|
+
# resp.grants[0].operations[0] #=> String, one of "Decrypt", "Encrypt", "GenerateDataKey", "GenerateDataKeyWithoutPlaintext", "ReEncryptFrom", "ReEncryptTo", "Sign", "Verify", "GetPublicKey", "CreateGrant", "RetireGrant", "DescribeKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateMac", "VerifyMac", "DeriveSharedSecret"
|
7503
7776
|
# resp.grants[0].constraints.encryption_context_subset #=> Hash
|
7504
7777
|
# resp.grants[0].constraints.encryption_context_subset["EncryptionContextKey"] #=> String
|
7505
7778
|
# resp.grants[0].constraints.encryption_context_equals #=> Hash
|
@@ -8337,7 +8610,7 @@ module Aws::KMS
|
|
8337
8610
|
# resp.replica_key_metadata.creation_date #=> Time
|
8338
8611
|
# resp.replica_key_metadata.enabled #=> Boolean
|
8339
8612
|
# resp.replica_key_metadata.description #=> String
|
8340
|
-
# resp.replica_key_metadata.key_usage #=> String, one of "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC"
|
8613
|
+
# resp.replica_key_metadata.key_usage #=> String, one of "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC", "KEY_AGREEMENT"
|
8341
8614
|
# resp.replica_key_metadata.key_state #=> String, one of "Creating", "Enabled", "Disabled", "PendingDeletion", "PendingImport", "PendingReplicaDeletion", "Unavailable", "Updating"
|
8342
8615
|
# resp.replica_key_metadata.deletion_date #=> Time
|
8343
8616
|
# resp.replica_key_metadata.valid_to #=> Time
|
@@ -8352,6 +8625,8 @@ module Aws::KMS
|
|
8352
8625
|
# resp.replica_key_metadata.encryption_algorithms[0] #=> String, one of "SYMMETRIC_DEFAULT", "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256", "SM2PKE"
|
8353
8626
|
# resp.replica_key_metadata.signing_algorithms #=> Array
|
8354
8627
|
# resp.replica_key_metadata.signing_algorithms[0] #=> String, one of "RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512", "RSASSA_PKCS1_V1_5_SHA_256", "RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_512", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "SM2DSA"
|
8628
|
+
# resp.replica_key_metadata.key_agreement_algorithms #=> Array
|
8629
|
+
# resp.replica_key_metadata.key_agreement_algorithms[0] #=> String, one of "ECDH"
|
8355
8630
|
# resp.replica_key_metadata.multi_region #=> Boolean
|
8356
8631
|
# resp.replica_key_metadata.multi_region_configuration.multi_region_key_type #=> String, one of "PRIMARY", "REPLICA"
|
8357
8632
|
# resp.replica_key_metadata.multi_region_configuration.primary_key.arn #=> String
|
@@ -10471,7 +10746,7 @@ module Aws::KMS
|
|
10471
10746
|
params: params,
|
10472
10747
|
config: config)
|
10473
10748
|
context[:gem_name] = 'aws-sdk-kms'
|
10474
|
-
context[:gem_version] = '1.
|
10749
|
+
context[:gem_version] = '1.85.0'
|
10475
10750
|
Seahorse::Client::Request.new(handlers, context)
|
10476
10751
|
end
|
10477
10752
|
|