aws-sdk-paymentcryptographydata 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +8 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-paymentcryptographydata/client.rb +1701 -0
- data/lib/aws-sdk-paymentcryptographydata/client_api.rb +751 -0
- data/lib/aws-sdk-paymentcryptographydata/customizations.rb +0 -0
- data/lib/aws-sdk-paymentcryptographydata/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-paymentcryptographydata/endpoint_provider.rb +54 -0
- data/lib/aws-sdk-paymentcryptographydata/endpoints.rb +169 -0
- data/lib/aws-sdk-paymentcryptographydata/errors.rb +144 -0
- data/lib/aws-sdk-paymentcryptographydata/plugins/endpoints.rb +90 -0
- data/lib/aws-sdk-paymentcryptographydata/resource.rb +26 -0
- data/lib/aws-sdk-paymentcryptographydata/types.rb +2233 -0
- data/lib/aws-sdk-paymentcryptographydata.rb +57 -0
- metadata +94 -0
@@ -0,0 +1,1701 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
require 'seahorse/client/plugins/content_length.rb'
|
11
|
+
require 'aws-sdk-core/plugins/credentials_configuration.rb'
|
12
|
+
require 'aws-sdk-core/plugins/logging.rb'
|
13
|
+
require 'aws-sdk-core/plugins/param_converter.rb'
|
14
|
+
require 'aws-sdk-core/plugins/param_validator.rb'
|
15
|
+
require 'aws-sdk-core/plugins/user_agent.rb'
|
16
|
+
require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
|
17
|
+
require 'aws-sdk-core/plugins/retry_errors.rb'
|
18
|
+
require 'aws-sdk-core/plugins/global_configuration.rb'
|
19
|
+
require 'aws-sdk-core/plugins/regional_endpoint.rb'
|
20
|
+
require 'aws-sdk-core/plugins/endpoint_discovery.rb'
|
21
|
+
require 'aws-sdk-core/plugins/endpoint_pattern.rb'
|
22
|
+
require 'aws-sdk-core/plugins/response_paging.rb'
|
23
|
+
require 'aws-sdk-core/plugins/stub_responses.rb'
|
24
|
+
require 'aws-sdk-core/plugins/idempotency_token.rb'
|
25
|
+
require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
|
26
|
+
require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
27
|
+
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
|
+
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
|
+
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
31
|
+
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
32
|
+
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
33
|
+
require 'aws-sdk-core/plugins/sign.rb'
|
34
|
+
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
35
|
+
|
36
|
+
Aws::Plugins::GlobalConfiguration.add_identifier(:paymentcryptographydata)
|
37
|
+
|
38
|
+
module Aws::PaymentCryptographyData
|
39
|
+
# An API client for PaymentCryptographyData. To construct a client, you need to configure a `:region` and `:credentials`.
|
40
|
+
#
|
41
|
+
# client = Aws::PaymentCryptographyData::Client.new(
|
42
|
+
# region: region_name,
|
43
|
+
# credentials: credentials,
|
44
|
+
# # ...
|
45
|
+
# )
|
46
|
+
#
|
47
|
+
# For details on configuring region and credentials see
|
48
|
+
# the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
|
49
|
+
#
|
50
|
+
# See {#initialize} for a full list of supported configuration options.
|
51
|
+
class Client < Seahorse::Client::Base
|
52
|
+
|
53
|
+
include Aws::ClientStubs
|
54
|
+
|
55
|
+
@identifier = :paymentcryptographydata
|
56
|
+
|
57
|
+
set_api(ClientApi::API)
|
58
|
+
|
59
|
+
add_plugin(Seahorse::Client::Plugins::ContentLength)
|
60
|
+
add_plugin(Aws::Plugins::CredentialsConfiguration)
|
61
|
+
add_plugin(Aws::Plugins::Logging)
|
62
|
+
add_plugin(Aws::Plugins::ParamConverter)
|
63
|
+
add_plugin(Aws::Plugins::ParamValidator)
|
64
|
+
add_plugin(Aws::Plugins::UserAgent)
|
65
|
+
add_plugin(Aws::Plugins::HelpfulSocketErrors)
|
66
|
+
add_plugin(Aws::Plugins::RetryErrors)
|
67
|
+
add_plugin(Aws::Plugins::GlobalConfiguration)
|
68
|
+
add_plugin(Aws::Plugins::RegionalEndpoint)
|
69
|
+
add_plugin(Aws::Plugins::EndpointDiscovery)
|
70
|
+
add_plugin(Aws::Plugins::EndpointPattern)
|
71
|
+
add_plugin(Aws::Plugins::ResponsePaging)
|
72
|
+
add_plugin(Aws::Plugins::StubResponses)
|
73
|
+
add_plugin(Aws::Plugins::IdempotencyToken)
|
74
|
+
add_plugin(Aws::Plugins::JsonvalueConverter)
|
75
|
+
add_plugin(Aws::Plugins::ClientMetricsPlugin)
|
76
|
+
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
77
|
+
add_plugin(Aws::Plugins::TransferEncoding)
|
78
|
+
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
80
|
+
add_plugin(Aws::Plugins::DefaultsMode)
|
81
|
+
add_plugin(Aws::Plugins::RecursionDetection)
|
82
|
+
add_plugin(Aws::Plugins::Sign)
|
83
|
+
add_plugin(Aws::Plugins::Protocols::RestJson)
|
84
|
+
add_plugin(Aws::PaymentCryptographyData::Plugins::Endpoints)
|
85
|
+
|
86
|
+
# @overload initialize(options)
|
87
|
+
# @param [Hash] options
|
88
|
+
# @option options [required, Aws::CredentialProvider] :credentials
|
89
|
+
# Your AWS credentials. This can be an instance of any one of the
|
90
|
+
# following classes:
|
91
|
+
#
|
92
|
+
# * `Aws::Credentials` - Used for configuring static, non-refreshing
|
93
|
+
# credentials.
|
94
|
+
#
|
95
|
+
# * `Aws::SharedCredentials` - Used for loading static credentials from a
|
96
|
+
# shared file, such as `~/.aws/config`.
|
97
|
+
#
|
98
|
+
# * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
|
99
|
+
#
|
100
|
+
# * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
|
101
|
+
# assume a role after providing credentials via the web.
|
102
|
+
#
|
103
|
+
# * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
|
104
|
+
# access token generated from `aws login`.
|
105
|
+
#
|
106
|
+
# * `Aws::ProcessCredentials` - Used for loading credentials from a
|
107
|
+
# process that outputs to stdout.
|
108
|
+
#
|
109
|
+
# * `Aws::InstanceProfileCredentials` - Used for loading credentials
|
110
|
+
# from an EC2 IMDS on an EC2 instance.
|
111
|
+
#
|
112
|
+
# * `Aws::ECSCredentials` - Used for loading credentials from
|
113
|
+
# instances running in ECS.
|
114
|
+
#
|
115
|
+
# * `Aws::CognitoIdentityCredentials` - Used for loading credentials
|
116
|
+
# from the Cognito Identity service.
|
117
|
+
#
|
118
|
+
# When `:credentials` are not configured directly, the following
|
119
|
+
# locations will be searched for credentials:
|
120
|
+
#
|
121
|
+
# * `Aws.config[:credentials]`
|
122
|
+
# * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
|
123
|
+
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
|
124
|
+
# * `~/.aws/credentials`
|
125
|
+
# * `~/.aws/config`
|
126
|
+
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
127
|
+
# are very aggressive. Construct and pass an instance of
|
128
|
+
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
129
|
+
# enable retries and extended timeouts. Instance profile credential
|
130
|
+
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
131
|
+
# to true.
|
132
|
+
#
|
133
|
+
# @option options [required, String] :region
|
134
|
+
# The AWS region to connect to. The configured `:region` is
|
135
|
+
# used to determine the service `:endpoint`. When not passed,
|
136
|
+
# a default `:region` is searched for in the following locations:
|
137
|
+
#
|
138
|
+
# * `Aws.config[:region]`
|
139
|
+
# * `ENV['AWS_REGION']`
|
140
|
+
# * `ENV['AMAZON_REGION']`
|
141
|
+
# * `ENV['AWS_DEFAULT_REGION']`
|
142
|
+
# * `~/.aws/credentials`
|
143
|
+
# * `~/.aws/config`
|
144
|
+
#
|
145
|
+
# @option options [String] :access_key_id
|
146
|
+
#
|
147
|
+
# @option options [Boolean] :active_endpoint_cache (false)
|
148
|
+
# When set to `true`, a thread polling for endpoints will be running in
|
149
|
+
# the background every 60 secs (default). Defaults to `false`.
|
150
|
+
#
|
151
|
+
# @option options [Boolean] :adaptive_retry_wait_to_fill (true)
|
152
|
+
# Used only in `adaptive` retry mode. When true, the request will sleep
|
153
|
+
# until there is sufficent client side capacity to retry the request.
|
154
|
+
# When false, the request will raise a `RetryCapacityNotAvailableError` and will
|
155
|
+
# not retry instead of sleeping.
|
156
|
+
#
|
157
|
+
# @option options [Boolean] :client_side_monitoring (false)
|
158
|
+
# When `true`, client-side metrics will be collected for all API requests from
|
159
|
+
# this client.
|
160
|
+
#
|
161
|
+
# @option options [String] :client_side_monitoring_client_id ("")
|
162
|
+
# Allows you to provide an identifier for this client which will be attached to
|
163
|
+
# all generated client side metrics. Defaults to an empty string.
|
164
|
+
#
|
165
|
+
# @option options [String] :client_side_monitoring_host ("127.0.0.1")
|
166
|
+
# Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
|
167
|
+
# side monitoring agent is running on, where client metrics will be published via UDP.
|
168
|
+
#
|
169
|
+
# @option options [Integer] :client_side_monitoring_port (31000)
|
170
|
+
# Required for publishing client metrics. The port that the client side monitoring
|
171
|
+
# agent is running on, where client metrics will be published via UDP.
|
172
|
+
#
|
173
|
+
# @option options [Aws::ClientSideMonitoring::Publisher] :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher)
|
174
|
+
# Allows you to provide a custom client-side monitoring publisher class. By default,
|
175
|
+
# will use the Client Side Monitoring Agent Publisher.
|
176
|
+
#
|
177
|
+
# @option options [Boolean] :convert_params (true)
|
178
|
+
# When `true`, an attempt is made to coerce request parameters into
|
179
|
+
# the required types.
|
180
|
+
#
|
181
|
+
# @option options [Boolean] :correct_clock_skew (true)
|
182
|
+
# Used only in `standard` and adaptive retry modes. Specifies whether to apply
|
183
|
+
# a clock skew correction and retry requests with skewed client clocks.
|
184
|
+
#
|
185
|
+
# @option options [String] :defaults_mode ("legacy")
|
186
|
+
# See {Aws::DefaultsModeConfiguration} for a list of the
|
187
|
+
# accepted modes and the configuration defaults that are included.
|
188
|
+
#
|
189
|
+
# @option options [Boolean] :disable_host_prefix_injection (false)
|
190
|
+
# Set to true to disable SDK automatically adding host prefix
|
191
|
+
# to default service endpoint when available.
|
192
|
+
#
|
193
|
+
# @option options [String] :endpoint
|
194
|
+
# The client endpoint is normally constructed from the `:region`
|
195
|
+
# option. You should only configure an `:endpoint` when connecting
|
196
|
+
# to test or custom endpoints. This should be a valid HTTP(S) URI.
|
197
|
+
#
|
198
|
+
# @option options [Integer] :endpoint_cache_max_entries (1000)
|
199
|
+
# Used for the maximum size limit of the LRU cache storing endpoints data
|
200
|
+
# for endpoint discovery enabled operations. Defaults to 1000.
|
201
|
+
#
|
202
|
+
# @option options [Integer] :endpoint_cache_max_threads (10)
|
203
|
+
# Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.
|
204
|
+
#
|
205
|
+
# @option options [Integer] :endpoint_cache_poll_interval (60)
|
206
|
+
# When :endpoint_discovery and :active_endpoint_cache is enabled,
|
207
|
+
# Use this option to config the time interval in seconds for making
|
208
|
+
# requests fetching endpoints information. Defaults to 60 sec.
|
209
|
+
#
|
210
|
+
# @option options [Boolean] :endpoint_discovery (false)
|
211
|
+
# When set to `true`, endpoint discovery will be enabled for operations when available.
|
212
|
+
#
|
213
|
+
# @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
|
214
|
+
# The log formatter.
|
215
|
+
#
|
216
|
+
# @option options [Symbol] :log_level (:info)
|
217
|
+
# The log level to send messages to the `:logger` at.
|
218
|
+
#
|
219
|
+
# @option options [Logger] :logger
|
220
|
+
# The Logger instance to send log messages to. If this option
|
221
|
+
# is not set, logging will be disabled.
|
222
|
+
#
|
223
|
+
# @option options [Integer] :max_attempts (3)
|
224
|
+
# An integer representing the maximum number attempts that will be made for
|
225
|
+
# a single request, including the initial attempt. For example,
|
226
|
+
# setting this value to 5 will result in a request being retried up to
|
227
|
+
# 4 times. Used in `standard` and `adaptive` retry modes.
|
228
|
+
#
|
229
|
+
# @option options [String] :profile ("default")
|
230
|
+
# Used when loading credentials from the shared credentials file
|
231
|
+
# at HOME/.aws/credentials. When not specified, 'default' is used.
|
232
|
+
#
|
233
|
+
# @option options [Proc] :retry_backoff
|
234
|
+
# A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
|
235
|
+
# This option is only used in the `legacy` retry mode.
|
236
|
+
#
|
237
|
+
# @option options [Float] :retry_base_delay (0.3)
|
238
|
+
# The base delay in seconds used by the default backoff function. This option
|
239
|
+
# is only used in the `legacy` retry mode.
|
240
|
+
#
|
241
|
+
# @option options [Symbol] :retry_jitter (:none)
|
242
|
+
# A delay randomiser function used by the default backoff function.
|
243
|
+
# Some predefined functions can be referenced by name - :none, :equal, :full,
|
244
|
+
# otherwise a Proc that takes and returns a number. This option is only used
|
245
|
+
# in the `legacy` retry mode.
|
246
|
+
#
|
247
|
+
# @see https://www.awsarchitectureblog.com/2015/03/backoff.html
|
248
|
+
#
|
249
|
+
# @option options [Integer] :retry_limit (3)
|
250
|
+
# The maximum number of times to retry failed requests. Only
|
251
|
+
# ~ 500 level server errors and certain ~ 400 level client errors
|
252
|
+
# are retried. Generally, these are throttling errors, data
|
253
|
+
# checksum errors, networking errors, timeout errors, auth errors,
|
254
|
+
# endpoint discovery, and errors from expired credentials.
|
255
|
+
# This option is only used in the `legacy` retry mode.
|
256
|
+
#
|
257
|
+
# @option options [Integer] :retry_max_delay (0)
|
258
|
+
# The maximum number of seconds to delay between retries (0 for no limit)
|
259
|
+
# used by the default backoff function. This option is only used in the
|
260
|
+
# `legacy` retry mode.
|
261
|
+
#
|
262
|
+
# @option options [String] :retry_mode ("legacy")
|
263
|
+
# Specifies which retry algorithm to use. Values are:
|
264
|
+
#
|
265
|
+
# * `legacy` - The pre-existing retry behavior. This is default value if
|
266
|
+
# no retry mode is provided.
|
267
|
+
#
|
268
|
+
# * `standard` - A standardized set of retry rules across the AWS SDKs.
|
269
|
+
# This includes support for retry quotas, which limit the number of
|
270
|
+
# unsuccessful retries a client can make.
|
271
|
+
#
|
272
|
+
# * `adaptive` - An experimental retry mode that includes all the
|
273
|
+
# functionality of `standard` mode along with automatic client side
|
274
|
+
# throttling. This is a provisional mode that may change behavior
|
275
|
+
# in the future.
|
276
|
+
#
|
277
|
+
#
|
278
|
+
# @option options [String] :sdk_ua_app_id
|
279
|
+
# A unique and opaque application ID that is appended to the
|
280
|
+
# User-Agent header as app/<sdk_ua_app_id>. It should have a
|
281
|
+
# maximum length of 50.
|
282
|
+
#
|
283
|
+
# @option options [String] :secret_access_key
|
284
|
+
#
|
285
|
+
# @option options [String] :session_token
|
286
|
+
#
|
287
|
+
# @option options [Boolean] :stub_responses (false)
|
288
|
+
# Causes the client to return stubbed responses. By default
|
289
|
+
# fake responses are generated and returned. You can specify
|
290
|
+
# the response data to return or errors to raise by calling
|
291
|
+
# {ClientStubs#stub_responses}. See {ClientStubs} for more information.
|
292
|
+
#
|
293
|
+
# ** Please note ** When response stubbing is enabled, no HTTP
|
294
|
+
# requests are made, and retries are disabled.
|
295
|
+
#
|
296
|
+
# @option options [Aws::TokenProvider] :token_provider
|
297
|
+
# A Bearer Token Provider. This can be an instance of any one of the
|
298
|
+
# following classes:
|
299
|
+
#
|
300
|
+
# * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
301
|
+
# tokens.
|
302
|
+
#
|
303
|
+
# * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
304
|
+
# access token generated from `aws login`.
|
305
|
+
#
|
306
|
+
# When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
307
|
+
# will be used to search for tokens configured for your profile in shared configuration files.
|
308
|
+
#
|
309
|
+
# @option options [Boolean] :use_dualstack_endpoint
|
310
|
+
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
311
|
+
# will be used if available.
|
312
|
+
#
|
313
|
+
# @option options [Boolean] :use_fips_endpoint
|
314
|
+
# When set to `true`, fips compatible endpoints will be used if available.
|
315
|
+
# When a `fips` region is used, the region is normalized and this config
|
316
|
+
# is set to `true`.
|
317
|
+
#
|
318
|
+
# @option options [Boolean] :validate_params (true)
|
319
|
+
# When `true`, request parameters are validated before
|
320
|
+
# sending the request.
|
321
|
+
#
|
322
|
+
# @option options [Aws::PaymentCryptographyData::EndpointProvider] :endpoint_provider
|
323
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::PaymentCryptographyData::EndpointParameters`
|
324
|
+
#
|
325
|
+
# @option options [URI::HTTP,String] :http_proxy A proxy to send
|
326
|
+
# requests through. Formatted like 'http://proxy.com:123'.
|
327
|
+
#
|
328
|
+
# @option options [Float] :http_open_timeout (15) The number of
|
329
|
+
# seconds to wait when opening a HTTP session before raising a
|
330
|
+
# `Timeout::Error`.
|
331
|
+
#
|
332
|
+
# @option options [Float] :http_read_timeout (60) The default
|
333
|
+
# number of seconds to wait for response data. This value can
|
334
|
+
# safely be set per-request on the session.
|
335
|
+
#
|
336
|
+
# @option options [Float] :http_idle_timeout (5) The number of
|
337
|
+
# seconds a connection is allowed to sit idle before it is
|
338
|
+
# considered stale. Stale connections are closed and removed
|
339
|
+
# from the pool before making a request.
|
340
|
+
#
|
341
|
+
# @option options [Float] :http_continue_timeout (1) The number of
|
342
|
+
# seconds to wait for a 100-continue response before sending the
|
343
|
+
# request body. This option has no effect unless the request has
|
344
|
+
# "Expect" header set to "100-continue". Defaults to `nil` which
|
345
|
+
# disables this behaviour. This value can safely be set per
|
346
|
+
# request on the session.
|
347
|
+
#
|
348
|
+
# @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
|
349
|
+
# in seconds.
|
350
|
+
#
|
351
|
+
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
352
|
+
# HTTP debug output will be sent to the `:logger`.
|
353
|
+
#
|
354
|
+
# @option options [Boolean] :ssl_verify_peer (true) When `true`,
|
355
|
+
# SSL peer certificates are verified when establishing a
|
356
|
+
# connection.
|
357
|
+
#
|
358
|
+
# @option options [String] :ssl_ca_bundle Full path to the SSL
|
359
|
+
# certificate authority bundle file that should be used when
|
360
|
+
# verifying peer certificates. If you do not pass
|
361
|
+
# `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
|
362
|
+
# will be used if available.
|
363
|
+
#
|
364
|
+
# @option options [String] :ssl_ca_directory Full path of the
|
365
|
+
# directory that contains the unbundled SSL certificate
|
366
|
+
# authority files for verifying peer certificates. If you do
|
367
|
+
# not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
|
368
|
+
# system default will be used if available.
|
369
|
+
#
|
370
|
+
def initialize(*args)
|
371
|
+
super
|
372
|
+
end
|
373
|
+
|
374
|
+
# @!group API Operations
|
375
|
+
|
376
|
+
# Decrypts ciphertext data to plaintext using symmetric, asymmetric, or
|
377
|
+
# DUKPT data encryption key. For more information, see [Decrypt data][1]
|
378
|
+
# in the *Amazon Web Services Payment Cryptography User Guide*.
|
379
|
+
#
|
380
|
+
# You can use an encryption key generated within Amazon Web Services
|
381
|
+
# Payment Cryptography, or you can import your own encryption key by
|
382
|
+
# calling [ImportKey][2]. For this operation, the key must have
|
383
|
+
# `KeyModesOfUse` set to `Decrypt`. In asymmetric decryption, Amazon Web
|
384
|
+
# Services Payment Cryptography decrypts the ciphertext using the
|
385
|
+
# private component of the asymmetric encryption key pair. For data
|
386
|
+
# encryption outside of Amazon Web Services Payment Cryptography, you
|
387
|
+
# can export the public component of the asymmetric key pair by calling
|
388
|
+
# [GetPublicCertificate][3].
|
389
|
+
#
|
390
|
+
# For symmetric and DUKPT decryption, Amazon Web Services Payment
|
391
|
+
# Cryptography supports `TDES` and `AES` algorithms. For asymmetric
|
392
|
+
# decryption, Amazon Web Services Payment Cryptography supports `RSA`.
|
393
|
+
# When you use DUKPT, for `TDES` algorithm, the ciphertext data length
|
394
|
+
# must be a multiple of 16 bytes. For `AES` algorithm, the ciphertext
|
395
|
+
# data length must be a multiple of 32 bytes.
|
396
|
+
#
|
397
|
+
# For information about valid keys for this operation, see
|
398
|
+
# [Understanding key attributes][4] and [Key types for specific data
|
399
|
+
# operations][5] in the *Amazon Web Services Payment Cryptography User
|
400
|
+
# Guide*.
|
401
|
+
#
|
402
|
+
# **Cross-account use**: This operation can't be used across different
|
403
|
+
# Amazon Web Services accounts.
|
404
|
+
#
|
405
|
+
# **Related operations:**
|
406
|
+
#
|
407
|
+
# * EncryptData
|
408
|
+
#
|
409
|
+
# * [GetPublicCertificate][3]
|
410
|
+
#
|
411
|
+
# * [ImportKey][2]
|
412
|
+
#
|
413
|
+
#
|
414
|
+
#
|
415
|
+
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/decrypt-data.html
|
416
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
|
417
|
+
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
|
418
|
+
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
419
|
+
# [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
420
|
+
#
|
421
|
+
# @option params [required, String] :cipher_text
|
422
|
+
# The ciphertext to decrypt.
|
423
|
+
#
|
424
|
+
# @option params [required, Types::EncryptionDecryptionAttributes] :decryption_attributes
|
425
|
+
# The encryption key type and attributes for ciphertext decryption.
|
426
|
+
#
|
427
|
+
# @option params [required, String] :key_identifier
|
428
|
+
# The `keyARN` of the encryption key that Amazon Web Services Payment
|
429
|
+
# Cryptography uses for ciphertext decryption.
|
430
|
+
#
|
431
|
+
# @return [Types::DecryptDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
432
|
+
#
|
433
|
+
# * {Types::DecryptDataOutput#key_arn #key_arn} => String
|
434
|
+
# * {Types::DecryptDataOutput#key_check_value #key_check_value} => String
|
435
|
+
# * {Types::DecryptDataOutput#plain_text #plain_text} => String
|
436
|
+
#
|
437
|
+
# @example Request syntax with placeholder values
|
438
|
+
#
|
439
|
+
# resp = client.decrypt_data({
|
440
|
+
# cipher_text: "HexEvenLengthBetween16And4096", # required
|
441
|
+
# decryption_attributes: { # required
|
442
|
+
# asymmetric: {
|
443
|
+
# padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
|
444
|
+
# },
|
445
|
+
# dukpt: {
|
446
|
+
# dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
447
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
448
|
+
# initialization_vector: "HexLength16Or32",
|
449
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
450
|
+
# mode: "ECB", # accepts ECB, CBC
|
451
|
+
# },
|
452
|
+
# symmetric: {
|
453
|
+
# initialization_vector: "HexLength16Or32",
|
454
|
+
# mode: "ECB", # required, accepts ECB, CBC, CFB, CFB1, CFB8, CFB64, CFB128, OFB
|
455
|
+
# padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
|
456
|
+
# },
|
457
|
+
# },
|
458
|
+
# key_identifier: "KeyArnOrKeyAliasType", # required
|
459
|
+
# })
|
460
|
+
#
|
461
|
+
# @example Response structure
|
462
|
+
#
|
463
|
+
# resp.key_arn #=> String
|
464
|
+
# resp.key_check_value #=> String
|
465
|
+
# resp.plain_text #=> String
|
466
|
+
#
|
467
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DecryptData AWS API Documentation
|
468
|
+
#
|
469
|
+
# @overload decrypt_data(params = {})
|
470
|
+
# @param [Hash] params ({})
|
471
|
+
def decrypt_data(params = {}, options = {})
|
472
|
+
req = build_request(:decrypt_data, params)
|
473
|
+
req.send_request(options)
|
474
|
+
end
|
475
|
+
|
476
|
+
# Encrypts plaintext data to ciphertext using symmetric, asymmetric, or
|
477
|
+
# DUKPT data encryption key. For more information, see [Encrypt data][1]
|
478
|
+
# in the *Amazon Web Services Payment Cryptography User Guide*.
|
479
|
+
#
|
480
|
+
# You can generate an encryption key within Amazon Web Services Payment
|
481
|
+
# Cryptography by calling [CreateKey][2]. You can import your own
|
482
|
+
# encryption key by calling [ImportKey][3]. For this operation, the key
|
483
|
+
# must have `KeyModesOfUse` set to `Encrypt`. In asymmetric encryption,
|
484
|
+
# plaintext is encrypted using public component. You can import the
|
485
|
+
# public component of an asymmetric key pair created outside Amazon Web
|
486
|
+
# Services Payment Cryptography by calling [ImportKey][3]).
|
487
|
+
#
|
488
|
+
# for symmetric and DUKPT encryption, Amazon Web Services Payment
|
489
|
+
# Cryptography supports `TDES` and `AES` algorithms. For asymmetric
|
490
|
+
# encryption, Amazon Web Services Payment Cryptography supports `RSA`.
|
491
|
+
# To encrypt using DUKPT, you must already have a DUKPT key in your
|
492
|
+
# account with `KeyModesOfUse` set to `DeriveKey`, or you can generate a
|
493
|
+
# new DUKPT key by calling [CreateKey][2].
|
494
|
+
#
|
495
|
+
# For information about valid keys for this operation, see
|
496
|
+
# [Understanding key attributes][4] and [Key types for specific data
|
497
|
+
# operations][5] in the *Amazon Web Services Payment Cryptography User
|
498
|
+
# Guide*.
|
499
|
+
#
|
500
|
+
# **Cross-account use**: This operation can't be used across different
|
501
|
+
# Amazon Web Services accounts.
|
502
|
+
#
|
503
|
+
# **Related operations:**
|
504
|
+
#
|
505
|
+
# * DecryptData
|
506
|
+
#
|
507
|
+
# * [GetPublicCertificate][6]
|
508
|
+
#
|
509
|
+
# * [ImportKey][3]
|
510
|
+
#
|
511
|
+
# * ReEncryptData
|
512
|
+
#
|
513
|
+
#
|
514
|
+
#
|
515
|
+
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/encrypt-data.html
|
516
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
|
517
|
+
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
|
518
|
+
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
519
|
+
# [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
520
|
+
# [6]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
|
521
|
+
#
|
522
|
+
# @option params [required, Types::EncryptionDecryptionAttributes] :encryption_attributes
|
523
|
+
# The encryption key type and attributes for plaintext encryption.
|
524
|
+
#
|
525
|
+
# @option params [required, String] :key_identifier
|
526
|
+
# The `keyARN` of the encryption key that Amazon Web Services Payment
|
527
|
+
# Cryptography uses for plaintext encryption.
|
528
|
+
#
|
529
|
+
# @option params [required, String] :plain_text
|
530
|
+
# The plaintext to be encrypted.
|
531
|
+
#
|
532
|
+
# @return [Types::EncryptDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
533
|
+
#
|
534
|
+
# * {Types::EncryptDataOutput#cipher_text #cipher_text} => String
|
535
|
+
# * {Types::EncryptDataOutput#key_arn #key_arn} => String
|
536
|
+
# * {Types::EncryptDataOutput#key_check_value #key_check_value} => String
|
537
|
+
#
|
538
|
+
# @example Request syntax with placeholder values
|
539
|
+
#
|
540
|
+
# resp = client.encrypt_data({
|
541
|
+
# encryption_attributes: { # required
|
542
|
+
# asymmetric: {
|
543
|
+
# padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
|
544
|
+
# },
|
545
|
+
# dukpt: {
|
546
|
+
# dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
547
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
548
|
+
# initialization_vector: "HexLength16Or32",
|
549
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
550
|
+
# mode: "ECB", # accepts ECB, CBC
|
551
|
+
# },
|
552
|
+
# symmetric: {
|
553
|
+
# initialization_vector: "HexLength16Or32",
|
554
|
+
# mode: "ECB", # required, accepts ECB, CBC, CFB, CFB1, CFB8, CFB64, CFB128, OFB
|
555
|
+
# padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
|
556
|
+
# },
|
557
|
+
# },
|
558
|
+
# key_identifier: "KeyArnOrKeyAliasType", # required
|
559
|
+
# plain_text: "HexEvenLengthBetween16And4064", # required
|
560
|
+
# })
|
561
|
+
#
|
562
|
+
# @example Response structure
|
563
|
+
#
|
564
|
+
# resp.cipher_text #=> String
|
565
|
+
# resp.key_arn #=> String
|
566
|
+
# resp.key_check_value #=> String
|
567
|
+
#
|
568
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/EncryptData AWS API Documentation
|
569
|
+
#
|
570
|
+
# @overload encrypt_data(params = {})
|
571
|
+
# @param [Hash] params ({})
|
572
|
+
def encrypt_data(params = {}, options = {})
|
573
|
+
req = build_request(:encrypt_data, params)
|
574
|
+
req.send_request(options)
|
575
|
+
end
|
576
|
+
|
577
|
+
# Generates card-related validation data using algorithms such as Card
|
578
|
+
# Verification Values (CVV/CVV2), Dynamic Card Verification Values
|
579
|
+
# (dCVV/dCVV2), or Card Security Codes (CSC). For more information, see
|
580
|
+
# [Generate card data][1] in the *Amazon Web Services Payment
|
581
|
+
# Cryptography User Guide*.
|
582
|
+
#
|
583
|
+
# This operation generates a CVV or CSC value that is printed on a
|
584
|
+
# payment credit or debit card during card production. The CVV or CSC,
|
585
|
+
# PAN (Primary Account Number) and expiration date of the card are
|
586
|
+
# required to check its validity during transaction processing. To begin
|
587
|
+
# this operation, a CVK (Card Verification Key) encryption key is
|
588
|
+
# required. You can use [CreateKey][2] or [ImportKey][3] to establish a
|
589
|
+
# CVK within Amazon Web Services Payment Cryptography. The
|
590
|
+
# `KeyModesOfUse` should be set to `Generate` and `Verify` for a CVK
|
591
|
+
# encryption key.
|
592
|
+
#
|
593
|
+
# For information about valid keys for this operation, see
|
594
|
+
# [Understanding key attributes][4] and [Key types for specific data
|
595
|
+
# operations][5] in the *Amazon Web Services Payment Cryptography User
|
596
|
+
# Guide*.
|
597
|
+
#
|
598
|
+
# **Cross-account use**: This operation can't be used across different
|
599
|
+
# Amazon Web Services accounts.
|
600
|
+
#
|
601
|
+
# **Related operations:**
|
602
|
+
#
|
603
|
+
# * [ImportKey][3]
|
604
|
+
#
|
605
|
+
# * VerifyCardValidationData
|
606
|
+
#
|
607
|
+
#
|
608
|
+
#
|
609
|
+
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/generate-card-data.html
|
610
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
|
611
|
+
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
|
612
|
+
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
613
|
+
# [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
614
|
+
#
|
615
|
+
# @option params [required, Types::CardGenerationAttributes] :generation_attributes
|
616
|
+
# The algorithm for generating CVV or CSC values for the card within
|
617
|
+
# Amazon Web Services Payment Cryptography.
|
618
|
+
#
|
619
|
+
# @option params [required, String] :key_identifier
|
620
|
+
# The `keyARN` of the CVK encryption key that Amazon Web Services
|
621
|
+
# Payment Cryptography uses to generate card data.
|
622
|
+
#
|
623
|
+
# @option params [required, String] :primary_account_number
|
624
|
+
# The Primary Account Number (PAN), a unique identifier for a payment
|
625
|
+
# credit or debit card that associates the card with a specific account
|
626
|
+
# holder.
|
627
|
+
#
|
628
|
+
# @option params [Integer] :validation_data_length
|
629
|
+
# The length of the CVV or CSC to be generated. The default value is 3.
|
630
|
+
#
|
631
|
+
# @return [Types::GenerateCardValidationDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
632
|
+
#
|
633
|
+
# * {Types::GenerateCardValidationDataOutput#key_arn #key_arn} => String
|
634
|
+
# * {Types::GenerateCardValidationDataOutput#key_check_value #key_check_value} => String
|
635
|
+
# * {Types::GenerateCardValidationDataOutput#validation_data #validation_data} => String
|
636
|
+
#
|
637
|
+
# @example Request syntax with placeholder values
|
638
|
+
#
|
639
|
+
# resp = client.generate_card_validation_data({
|
640
|
+
# generation_attributes: { # required
|
641
|
+
# amex_card_security_code_version_1: {
|
642
|
+
# card_expiry_date: "NumberLengthEquals4", # required
|
643
|
+
# },
|
644
|
+
# amex_card_security_code_version_2: {
|
645
|
+
# card_expiry_date: "NumberLengthEquals4", # required
|
646
|
+
# service_code: "NumberLengthEquals3", # required
|
647
|
+
# },
|
648
|
+
# card_holder_verification_value: {
|
649
|
+
# application_transaction_counter: "HexLengthBetween2And4", # required
|
650
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
651
|
+
# unpredictable_number: "HexLengthBetween2And8", # required
|
652
|
+
# },
|
653
|
+
# card_verification_value_1: {
|
654
|
+
# card_expiry_date: "NumberLengthEquals4", # required
|
655
|
+
# service_code: "NumberLengthEquals3", # required
|
656
|
+
# },
|
657
|
+
# card_verification_value_2: {
|
658
|
+
# card_expiry_date: "NumberLengthEquals4", # required
|
659
|
+
# },
|
660
|
+
# dynamic_card_verification_code: {
|
661
|
+
# application_transaction_counter: "HexLengthBetween2And4", # required
|
662
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
663
|
+
# track_data: "HexLengthBetween2And160", # required
|
664
|
+
# unpredictable_number: "HexLengthBetween2And8", # required
|
665
|
+
# },
|
666
|
+
# dynamic_card_verification_value: {
|
667
|
+
# application_transaction_counter: "HexLengthBetween2And4", # required
|
668
|
+
# card_expiry_date: "NumberLengthEquals4", # required
|
669
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
670
|
+
# service_code: "NumberLengthEquals3", # required
|
671
|
+
# },
|
672
|
+
# },
|
673
|
+
# key_identifier: "KeyArnOrKeyAliasType", # required
|
674
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
675
|
+
# validation_data_length: 1,
|
676
|
+
# })
|
677
|
+
#
|
678
|
+
# @example Response structure
|
679
|
+
#
|
680
|
+
# resp.key_arn #=> String
|
681
|
+
# resp.key_check_value #=> String
|
682
|
+
# resp.validation_data #=> String
|
683
|
+
#
|
684
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateCardValidationData AWS API Documentation
|
685
|
+
#
|
686
|
+
# @overload generate_card_validation_data(params = {})
|
687
|
+
# @param [Hash] params ({})
|
688
|
+
def generate_card_validation_data(params = {}, options = {})
|
689
|
+
req = build_request(:generate_card_validation_data, params)
|
690
|
+
req.send_request(options)
|
691
|
+
end
|
692
|
+
|
693
|
+
# Generates a Message Authentication Code (MAC) cryptogram within Amazon
|
694
|
+
# Web Services Payment Cryptography.
|
695
|
+
#
|
696
|
+
# You can use this operation when keys won't be shared but mutual data
|
697
|
+
# is present on both ends for validation. In this case, known data
|
698
|
+
# values are used to generate a MAC on both ends for comparision without
|
699
|
+
# sending or receiving data in ciphertext or plaintext. You can use this
|
700
|
+
# operation to generate a DUPKT, HMAC or EMV MAC by setting generation
|
701
|
+
# attributes and algorithm to the associated values. The MAC generation
|
702
|
+
# encryption key must have valid values for `KeyUsage` such as
|
703
|
+
# `TR31_M7_HMAC_KEY` for HMAC generation, and they key must have
|
704
|
+
# `KeyModesOfUse` set to `Generate` and `Verify`.
|
705
|
+
#
|
706
|
+
# For information about valid keys for this operation, see
|
707
|
+
# [Understanding key attributes][1] and [Key types for specific data
|
708
|
+
# operations][2] in the *Amazon Web Services Payment Cryptography User
|
709
|
+
# Guide*.
|
710
|
+
#
|
711
|
+
# **Cross-account use**: This operation can't be used across different
|
712
|
+
# Amazon Web Services accounts.
|
713
|
+
#
|
714
|
+
# **Related operations:**
|
715
|
+
#
|
716
|
+
# * VerifyMac
|
717
|
+
#
|
718
|
+
# ^
|
719
|
+
#
|
720
|
+
#
|
721
|
+
#
|
722
|
+
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
723
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
724
|
+
#
|
725
|
+
# @option params [required, Types::MacAttributes] :generation_attributes
|
726
|
+
# The attributes and data values to use for MAC generation within Amazon
|
727
|
+
# Web Services Payment Cryptography.
|
728
|
+
#
|
729
|
+
# @option params [required, String] :key_identifier
|
730
|
+
# The `keyARN` of the MAC generation encryption key.
|
731
|
+
#
|
732
|
+
# @option params [Integer] :mac_length
|
733
|
+
# The length of a MAC under generation.
|
734
|
+
#
|
735
|
+
# @option params [required, String] :message_data
|
736
|
+
# The data for which a MAC is under generation.
|
737
|
+
#
|
738
|
+
# @return [Types::GenerateMacOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
739
|
+
#
|
740
|
+
# * {Types::GenerateMacOutput#key_arn #key_arn} => String
|
741
|
+
# * {Types::GenerateMacOutput#key_check_value #key_check_value} => String
|
742
|
+
# * {Types::GenerateMacOutput#mac #mac} => String
|
743
|
+
#
|
744
|
+
# @example Request syntax with placeholder values
|
745
|
+
#
|
746
|
+
# resp = client.generate_mac({
|
747
|
+
# generation_attributes: { # required
|
748
|
+
# algorithm: "ISO9797_ALGORITHM1", # accepts ISO9797_ALGORITHM1, ISO9797_ALGORITHM3, CMAC, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512
|
749
|
+
# dukpt_cmac: {
|
750
|
+
# dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
751
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
752
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
753
|
+
# },
|
754
|
+
# dukpt_iso_9797_algorithm_1: {
|
755
|
+
# dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
756
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
757
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
758
|
+
# },
|
759
|
+
# dukpt_iso_9797_algorithm_3: {
|
760
|
+
# dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
761
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
762
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
763
|
+
# },
|
764
|
+
# emv_mac: {
|
765
|
+
# major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
|
766
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
767
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
768
|
+
# session_key_derivation_mode: "EMV_COMMON_SESSION_KEY", # required, accepts EMV_COMMON_SESSION_KEY, EMV2000, AMEX, MASTERCARD_SESSION_KEY, VISA
|
769
|
+
# session_key_derivation_value: { # required
|
770
|
+
# application_cryptogram: "HexLengthEquals16",
|
771
|
+
# application_transaction_counter: "HexLengthBetween2And4",
|
772
|
+
# },
|
773
|
+
# },
|
774
|
+
# },
|
775
|
+
# key_identifier: "KeyArnOrKeyAliasType", # required
|
776
|
+
# mac_length: 1,
|
777
|
+
# message_data: "HexLengthBetween2And4096", # required
|
778
|
+
# })
|
779
|
+
#
|
780
|
+
# @example Response structure
|
781
|
+
#
|
782
|
+
# resp.key_arn #=> String
|
783
|
+
# resp.key_check_value #=> String
|
784
|
+
# resp.mac #=> String
|
785
|
+
#
|
786
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateMac AWS API Documentation
|
787
|
+
#
|
788
|
+
# @overload generate_mac(params = {})
|
789
|
+
# @param [Hash] params ({})
|
790
|
+
def generate_mac(params = {}, options = {})
|
791
|
+
req = build_request(:generate_mac, params)
|
792
|
+
req.send_request(options)
|
793
|
+
end
|
794
|
+
|
795
|
+
# Generates pin-related data such as PIN, PIN Verification Value (PVV),
|
796
|
+
# PIN Block, and PIN Offset during new card issuance or reissuance. For
|
797
|
+
# more information, see [Generate PIN data][1] in the *Amazon Web
|
798
|
+
# Services Payment Cryptography User Guide*.
|
799
|
+
#
|
800
|
+
# PIN data is never transmitted in clear to or from Amazon Web Services
|
801
|
+
# Payment Cryptography. This operation generates PIN, PVV, or PIN Offset
|
802
|
+
# and then encrypts it using Pin Encryption Key (PEK) to create an
|
803
|
+
# `EncryptedPinBlock` for transmission from Amazon Web Services Payment
|
804
|
+
# Cryptography. This operation uses a separate Pin Verification Key
|
805
|
+
# (PVK) for VISA PVV generation.
|
806
|
+
#
|
807
|
+
# For information about valid keys for this operation, see
|
808
|
+
# [Understanding key attributes][2] and [Key types for specific data
|
809
|
+
# operations][3] in the *Amazon Web Services Payment Cryptography User
|
810
|
+
# Guide*.
|
811
|
+
#
|
812
|
+
# **Cross-account use**: This operation can't be used across different
|
813
|
+
# Amazon Web Services accounts.
|
814
|
+
#
|
815
|
+
# **Related operations:**
|
816
|
+
#
|
817
|
+
# * GenerateCardValidationData
|
818
|
+
#
|
819
|
+
# * TranslatePinData
|
820
|
+
#
|
821
|
+
# * VerifyPinData
|
822
|
+
#
|
823
|
+
#
|
824
|
+
#
|
825
|
+
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/generate-pin-data.html
|
826
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
827
|
+
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
828
|
+
#
|
829
|
+
# @option params [required, String] :encryption_key_identifier
|
830
|
+
# The `keyARN` of the PEK that Amazon Web Services Payment Cryptography
|
831
|
+
# uses to encrypt the PIN Block.
|
832
|
+
#
|
833
|
+
# @option params [required, Types::PinGenerationAttributes] :generation_attributes
|
834
|
+
# The attributes and values to use for PIN, PVV, or PIN Offset
|
835
|
+
# generation.
|
836
|
+
#
|
837
|
+
# @option params [required, String] :generation_key_identifier
|
838
|
+
# The `keyARN` of the PEK that Amazon Web Services Payment Cryptography
|
839
|
+
# uses for pin data generation.
|
840
|
+
#
|
841
|
+
# @option params [required, String] :pin_block_format
|
842
|
+
# The PIN encoding format for pin data generation as specified in ISO
|
843
|
+
# 9564. Amazon Web Services Payment Cryptography supports `ISO_Format_0`
|
844
|
+
# and `ISO_Format_3`.
|
845
|
+
#
|
846
|
+
# The `ISO_Format_0` PIN block format is equivalent to the ANSI X9.8,
|
847
|
+
# VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN
|
848
|
+
# block format. It supports a PIN from 4 to 12 digits in length.
|
849
|
+
#
|
850
|
+
# The `ISO_Format_3` PIN block format is the same as `ISO_Format_0`
|
851
|
+
# except that the fill digits are random values from 10 to 15.
|
852
|
+
#
|
853
|
+
# @option params [Integer] :pin_data_length
|
854
|
+
# The length of PIN under generation.
|
855
|
+
#
|
856
|
+
# @option params [required, String] :primary_account_number
|
857
|
+
# The Primary Account Number (PAN), a unique identifier for a payment
|
858
|
+
# credit or debit card that associates the card with a specific account
|
859
|
+
# holder.
|
860
|
+
#
|
861
|
+
# @return [Types::GeneratePinDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
862
|
+
#
|
863
|
+
# * {Types::GeneratePinDataOutput#encrypted_pin_block #encrypted_pin_block} => String
|
864
|
+
# * {Types::GeneratePinDataOutput#encryption_key_arn #encryption_key_arn} => String
|
865
|
+
# * {Types::GeneratePinDataOutput#encryption_key_check_value #encryption_key_check_value} => String
|
866
|
+
# * {Types::GeneratePinDataOutput#generation_key_arn #generation_key_arn} => String
|
867
|
+
# * {Types::GeneratePinDataOutput#generation_key_check_value #generation_key_check_value} => String
|
868
|
+
# * {Types::GeneratePinDataOutput#pin_data #pin_data} => Types::PinData
|
869
|
+
#
|
870
|
+
# @example Request syntax with placeholder values
|
871
|
+
#
|
872
|
+
# resp = client.generate_pin_data({
|
873
|
+
# encryption_key_identifier: "KeyArnOrKeyAliasType", # required
|
874
|
+
# generation_attributes: { # required
|
875
|
+
# ibm_3624_natural_pin: {
|
876
|
+
# decimalization_table: "NumberLengthEquals16", # required
|
877
|
+
# pin_validation_data: "NumberLengthBetween4And16", # required
|
878
|
+
# pin_validation_data_pad_character: "HexLengthEquals1", # required
|
879
|
+
# },
|
880
|
+
# ibm_3624_pin_from_offset: {
|
881
|
+
# decimalization_table: "NumberLengthEquals16", # required
|
882
|
+
# pin_offset: "NumberLengthBetween4And12", # required
|
883
|
+
# pin_validation_data: "NumberLengthBetween4And16", # required
|
884
|
+
# pin_validation_data_pad_character: "HexLengthEquals1", # required
|
885
|
+
# },
|
886
|
+
# ibm_3624_pin_offset: {
|
887
|
+
# decimalization_table: "NumberLengthEquals16", # required
|
888
|
+
# encrypted_pin_block: "HexLengthBetween16And32", # required
|
889
|
+
# pin_validation_data: "NumberLengthBetween4And16", # required
|
890
|
+
# pin_validation_data_pad_character: "HexLengthEquals1", # required
|
891
|
+
# },
|
892
|
+
# ibm_3624_random_pin: {
|
893
|
+
# decimalization_table: "NumberLengthEquals16", # required
|
894
|
+
# pin_validation_data: "NumberLengthBetween4And16", # required
|
895
|
+
# pin_validation_data_pad_character: "HexLengthEquals1", # required
|
896
|
+
# },
|
897
|
+
# visa_pin: {
|
898
|
+
# pin_verification_key_index: 1, # required
|
899
|
+
# },
|
900
|
+
# visa_pin_verification_value: {
|
901
|
+
# encrypted_pin_block: "HexLengthBetween16And32", # required
|
902
|
+
# pin_verification_key_index: 1, # required
|
903
|
+
# },
|
904
|
+
# },
|
905
|
+
# generation_key_identifier: "KeyArnOrKeyAliasType", # required
|
906
|
+
# pin_block_format: "ISO_FORMAT_0", # required, accepts ISO_FORMAT_0, ISO_FORMAT_3
|
907
|
+
# pin_data_length: 1,
|
908
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
909
|
+
# })
|
910
|
+
#
|
911
|
+
# @example Response structure
|
912
|
+
#
|
913
|
+
# resp.encrypted_pin_block #=> String
|
914
|
+
# resp.encryption_key_arn #=> String
|
915
|
+
# resp.encryption_key_check_value #=> String
|
916
|
+
# resp.generation_key_arn #=> String
|
917
|
+
# resp.generation_key_check_value #=> String
|
918
|
+
# resp.pin_data.pin_offset #=> String
|
919
|
+
# resp.pin_data.verification_value #=> String
|
920
|
+
#
|
921
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GeneratePinData AWS API Documentation
|
922
|
+
#
|
923
|
+
# @overload generate_pin_data(params = {})
|
924
|
+
# @param [Hash] params ({})
|
925
|
+
def generate_pin_data(params = {}, options = {})
|
926
|
+
req = build_request(:generate_pin_data, params)
|
927
|
+
req.send_request(options)
|
928
|
+
end
|
929
|
+
|
930
|
+
# Re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data
|
931
|
+
# Encryption Keys.
|
932
|
+
#
|
933
|
+
# You can either generate an encryption key within Amazon Web Services
|
934
|
+
# Payment Cryptography by calling [CreateKey][1] or import your own
|
935
|
+
# encryption key by calling [ImportKey][2]. The `KeyArn` for use with
|
936
|
+
# this operation must be in a compatible key state with `KeyModesOfUse`
|
937
|
+
# set to `Encrypt`. In asymmetric encryption, ciphertext is encrypted
|
938
|
+
# using public component (imported by calling [ImportKey][2]) of the
|
939
|
+
# asymmetric key pair created outside of Amazon Web Services Payment
|
940
|
+
# Cryptography.
|
941
|
+
#
|
942
|
+
# For symmetric and DUKPT encryption, Amazon Web Services Payment
|
943
|
+
# Cryptography supports `TDES` and `AES` algorithms. For asymmetric
|
944
|
+
# encryption, Amazon Web Services Payment Cryptography supports `RSA`.
|
945
|
+
# To encrypt using DUKPT, a DUKPT key must already exist within your
|
946
|
+
# account with `KeyModesOfUse` set to `DeriveKey` or a new DUKPT can be
|
947
|
+
# generated by calling [CreateKey][1].
|
948
|
+
#
|
949
|
+
# For information about valid keys for this operation, see
|
950
|
+
# [Understanding key attributes][3] and [Key types for specific data
|
951
|
+
# operations][4] in the *Amazon Web Services Payment Cryptography User
|
952
|
+
# Guide*.
|
953
|
+
#
|
954
|
+
# **Cross-account use**: This operation can't be used across different
|
955
|
+
# Amazon Web Services accounts.
|
956
|
+
#
|
957
|
+
# **Related operations:**
|
958
|
+
#
|
959
|
+
# * DecryptData
|
960
|
+
#
|
961
|
+
# * EncryptData
|
962
|
+
#
|
963
|
+
# * [GetPublicCertificate][5]
|
964
|
+
#
|
965
|
+
# * [ImportKey][2]
|
966
|
+
#
|
967
|
+
#
|
968
|
+
#
|
969
|
+
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
|
970
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
|
971
|
+
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
972
|
+
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
973
|
+
# [5]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
|
974
|
+
#
|
975
|
+
# @option params [required, String] :cipher_text
|
976
|
+
# Ciphertext to be encrypted. The minimum allowed length is 16 bytes and
|
977
|
+
# maximum allowed length is 4096 bytes.
|
978
|
+
#
|
979
|
+
# @option params [required, Types::ReEncryptionAttributes] :incoming_encryption_attributes
|
980
|
+
# The attributes and values for incoming ciphertext.
|
981
|
+
#
|
982
|
+
# @option params [required, String] :incoming_key_identifier
|
983
|
+
# The `keyARN` of the encryption key of incoming ciphertext data.
|
984
|
+
#
|
985
|
+
# @option params [required, Types::ReEncryptionAttributes] :outgoing_encryption_attributes
|
986
|
+
# The attributes and values for outgoing ciphertext data after
|
987
|
+
# encryption by Amazon Web Services Payment Cryptography.
|
988
|
+
#
|
989
|
+
# @option params [required, String] :outgoing_key_identifier
|
990
|
+
# The `keyARN` of the encryption key of outgoing ciphertext data after
|
991
|
+
# encryption by Amazon Web Services Payment Cryptography.
|
992
|
+
#
|
993
|
+
# @return [Types::ReEncryptDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
994
|
+
#
|
995
|
+
# * {Types::ReEncryptDataOutput#cipher_text #cipher_text} => String
|
996
|
+
# * {Types::ReEncryptDataOutput#key_arn #key_arn} => String
|
997
|
+
# * {Types::ReEncryptDataOutput#key_check_value #key_check_value} => String
|
998
|
+
#
|
999
|
+
# @example Request syntax with placeholder values
|
1000
|
+
#
|
1001
|
+
# resp = client.re_encrypt_data({
|
1002
|
+
# cipher_text: "HexEvenLengthBetween16And4096", # required
|
1003
|
+
# incoming_encryption_attributes: { # required
|
1004
|
+
# dukpt: {
|
1005
|
+
# dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
1006
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
1007
|
+
# initialization_vector: "HexLength16Or32",
|
1008
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
1009
|
+
# mode: "ECB", # accepts ECB, CBC
|
1010
|
+
# },
|
1011
|
+
# symmetric: {
|
1012
|
+
# initialization_vector: "HexLength16Or32",
|
1013
|
+
# mode: "ECB", # required, accepts ECB, CBC, CFB, CFB1, CFB8, CFB64, CFB128, OFB
|
1014
|
+
# padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
|
1015
|
+
# },
|
1016
|
+
# },
|
1017
|
+
# incoming_key_identifier: "KeyArnOrKeyAliasType", # required
|
1018
|
+
# outgoing_encryption_attributes: { # required
|
1019
|
+
# dukpt: {
|
1020
|
+
# dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
1021
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
1022
|
+
# initialization_vector: "HexLength16Or32",
|
1023
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
1024
|
+
# mode: "ECB", # accepts ECB, CBC
|
1025
|
+
# },
|
1026
|
+
# symmetric: {
|
1027
|
+
# initialization_vector: "HexLength16Or32",
|
1028
|
+
# mode: "ECB", # required, accepts ECB, CBC, CFB, CFB1, CFB8, CFB64, CFB128, OFB
|
1029
|
+
# padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
|
1030
|
+
# },
|
1031
|
+
# },
|
1032
|
+
# outgoing_key_identifier: "KeyArnOrKeyAliasType", # required
|
1033
|
+
# })
|
1034
|
+
#
|
1035
|
+
# @example Response structure
|
1036
|
+
#
|
1037
|
+
# resp.cipher_text #=> String
|
1038
|
+
# resp.key_arn #=> String
|
1039
|
+
# resp.key_check_value #=> String
|
1040
|
+
#
|
1041
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/ReEncryptData AWS API Documentation
|
1042
|
+
#
|
1043
|
+
# @overload re_encrypt_data(params = {})
|
1044
|
+
# @param [Hash] params ({})
|
1045
|
+
def re_encrypt_data(params = {}, options = {})
|
1046
|
+
req = build_request(:re_encrypt_data, params)
|
1047
|
+
req.send_request(options)
|
1048
|
+
end
|
1049
|
+
|
1050
|
+
# Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4.
|
1051
|
+
# For more information, see [Translate PIN data][1] in the *Amazon Web
|
1052
|
+
# Services Payment Cryptography User Guide*.
|
1053
|
+
#
|
1054
|
+
# PIN block translation involves changing the encrytion of PIN block
|
1055
|
+
# from one encryption key to another encryption key and changing PIN
|
1056
|
+
# block format from one to another without PIN block data leaving Amazon
|
1057
|
+
# Web Services Payment Cryptography. The encryption key transformation
|
1058
|
+
# can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for
|
1059
|
+
# DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment
|
1060
|
+
# Cryptography supports `TDES` and `AES` key derivation type for DUKPT
|
1061
|
+
# tranlations. You can use this operation for P2PE (Point to Point
|
1062
|
+
# Encryption) use cases where the encryption keys should change but the
|
1063
|
+
# processing system either does not need to, or is not permitted to,
|
1064
|
+
# decrypt the data.
|
1065
|
+
#
|
1066
|
+
# The allowed combinations of PIN block format translations are guided
|
1067
|
+
# by PCI. It is important to note that not all encrypted PIN block
|
1068
|
+
# formats (example, format 1) require PAN (Primary Account Number) as
|
1069
|
+
# input. And as such, PIN block format that requires PAN (example,
|
1070
|
+
# formats 0,3,4) cannot be translated to a format (format 1) that does
|
1071
|
+
# not require a PAN for generation.
|
1072
|
+
#
|
1073
|
+
# For information about valid keys for this operation, see
|
1074
|
+
# [Understanding key attributes][2] and [Key types for specific data
|
1075
|
+
# operations][3] in the *Amazon Web Services Payment Cryptography User
|
1076
|
+
# Guide*.
|
1077
|
+
#
|
1078
|
+
# <note markdown="1"> At this time, Amazon Web Services Payment Cryptography does not
|
1079
|
+
# support translations to PIN format 4.
|
1080
|
+
#
|
1081
|
+
# </note>
|
1082
|
+
#
|
1083
|
+
# **Cross-account use**: This operation can't be used across different
|
1084
|
+
# Amazon Web Services accounts.
|
1085
|
+
#
|
1086
|
+
# **Related operations:**
|
1087
|
+
#
|
1088
|
+
# * GeneratePinData
|
1089
|
+
#
|
1090
|
+
# * VerifyPinData
|
1091
|
+
#
|
1092
|
+
#
|
1093
|
+
#
|
1094
|
+
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/translate-pin-data.html
|
1095
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
1096
|
+
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
1097
|
+
#
|
1098
|
+
# @option params [required, String] :encrypted_pin_block
|
1099
|
+
# The encrypted PIN block data that Amazon Web Services Payment
|
1100
|
+
# Cryptography translates.
|
1101
|
+
#
|
1102
|
+
# @option params [Types::DukptDerivationAttributes] :incoming_dukpt_attributes
|
1103
|
+
# The attributes and values to use for incoming DUKPT encryption key for
|
1104
|
+
# PIN block tranlation.
|
1105
|
+
#
|
1106
|
+
# @option params [required, String] :incoming_key_identifier
|
1107
|
+
# The `keyARN` of the encryption key under which incoming PIN block data
|
1108
|
+
# is encrypted. This key type can be PEK or BDK.
|
1109
|
+
#
|
1110
|
+
# @option params [required, Types::TranslationIsoFormats] :incoming_translation_attributes
|
1111
|
+
# The format of the incoming PIN block data for tranlation within Amazon
|
1112
|
+
# Web Services Payment Cryptography.
|
1113
|
+
#
|
1114
|
+
# @option params [Types::DukptDerivationAttributes] :outgoing_dukpt_attributes
|
1115
|
+
# The attributes and values to use for outgoing DUKPT encryption key
|
1116
|
+
# after PIN block translation.
|
1117
|
+
#
|
1118
|
+
# @option params [required, String] :outgoing_key_identifier
|
1119
|
+
# The `keyARN` of the encryption key for encrypting outgoing PIN block
|
1120
|
+
# data. This key type can be PEK or BDK.
|
1121
|
+
#
|
1122
|
+
# @option params [required, Types::TranslationIsoFormats] :outgoing_translation_attributes
|
1123
|
+
# The format of the outgoing PIN block data after tranlation by Amazon
|
1124
|
+
# Web Services Payment Cryptography.
|
1125
|
+
#
|
1126
|
+
# @return [Types::TranslatePinDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1127
|
+
#
|
1128
|
+
# * {Types::TranslatePinDataOutput#key_arn #key_arn} => String
|
1129
|
+
# * {Types::TranslatePinDataOutput#key_check_value #key_check_value} => String
|
1130
|
+
# * {Types::TranslatePinDataOutput#pin_block #pin_block} => String
|
1131
|
+
#
|
1132
|
+
# @example Request syntax with placeholder values
|
1133
|
+
#
|
1134
|
+
# resp = client.translate_pin_data({
|
1135
|
+
# encrypted_pin_block: "HexLengthBetween16And32", # required
|
1136
|
+
# incoming_dukpt_attributes: {
|
1137
|
+
# dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
1138
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
1139
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
1140
|
+
# },
|
1141
|
+
# incoming_key_identifier: "KeyArnOrKeyAliasType", # required
|
1142
|
+
# incoming_translation_attributes: { # required
|
1143
|
+
# iso_format_0: {
|
1144
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1145
|
+
# },
|
1146
|
+
# iso_format_1: {
|
1147
|
+
# },
|
1148
|
+
# iso_format_3: {
|
1149
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1150
|
+
# },
|
1151
|
+
# iso_format_4: {
|
1152
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1153
|
+
# },
|
1154
|
+
# },
|
1155
|
+
# outgoing_dukpt_attributes: {
|
1156
|
+
# dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
1157
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
1158
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
1159
|
+
# },
|
1160
|
+
# outgoing_key_identifier: "KeyArnOrKeyAliasType", # required
|
1161
|
+
# outgoing_translation_attributes: { # required
|
1162
|
+
# iso_format_0: {
|
1163
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1164
|
+
# },
|
1165
|
+
# iso_format_1: {
|
1166
|
+
# },
|
1167
|
+
# iso_format_3: {
|
1168
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1169
|
+
# },
|
1170
|
+
# iso_format_4: {
|
1171
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1172
|
+
# },
|
1173
|
+
# },
|
1174
|
+
# })
|
1175
|
+
#
|
1176
|
+
# @example Response structure
|
1177
|
+
#
|
1178
|
+
# resp.key_arn #=> String
|
1179
|
+
# resp.key_check_value #=> String
|
1180
|
+
# resp.pin_block #=> String
|
1181
|
+
#
|
1182
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslatePinData AWS API Documentation
|
1183
|
+
#
|
1184
|
+
# @overload translate_pin_data(params = {})
|
1185
|
+
# @param [Hash] params ({})
|
1186
|
+
def translate_pin_data(params = {}, options = {})
|
1187
|
+
req = build_request(:translate_pin_data, params)
|
1188
|
+
req.send_request(options)
|
1189
|
+
end
|
1190
|
+
|
1191
|
+
# Verifies Authorization Request Cryptogram (ARQC) for a EMV chip
|
1192
|
+
# payment card authorization. For more information, see [Verify auth
|
1193
|
+
# request cryptogram][1] in the *Amazon Web Services Payment
|
1194
|
+
# Cryptography User Guide*.
|
1195
|
+
#
|
1196
|
+
# ARQC generation is done outside of Amazon Web Services Payment
|
1197
|
+
# Cryptography and is typically generated on a point of sale terminal
|
1198
|
+
# for an EMV chip card to obtain payment authorization during
|
1199
|
+
# transaction time. For ARQC verification, you must first import the
|
1200
|
+
# ARQC generated outside of Amazon Web Services Payment Cryptography by
|
1201
|
+
# calling [ImportKey][2]. This operation uses the imported ARQC and an
|
1202
|
+
# major encryption key (DUKPT) created by calling [CreateKey][3] to
|
1203
|
+
# either provide a boolean ARQC verification result or provide an APRC
|
1204
|
+
# (Authorization Response Cryptogram) response using Method 1 or Method
|
1205
|
+
# 2. The `ARPC_METHOD_1` uses `AuthResponseCode` to generate ARPC and
|
1206
|
+
# `ARPC_METHOD_2` uses `CardStatusUpdate` to generate ARPC.
|
1207
|
+
#
|
1208
|
+
# For information about valid keys for this operation, see
|
1209
|
+
# [Understanding key attributes][4] and [Key types for specific data
|
1210
|
+
# operations][5] in the *Amazon Web Services Payment Cryptography User
|
1211
|
+
# Guide*.
|
1212
|
+
#
|
1213
|
+
# **Cross-account use**: This operation can't be used across different
|
1214
|
+
# Amazon Web Services accounts.
|
1215
|
+
#
|
1216
|
+
# **Related operations:**
|
1217
|
+
#
|
1218
|
+
# * VerifyCardValidationData
|
1219
|
+
#
|
1220
|
+
# * VerifyPinData
|
1221
|
+
#
|
1222
|
+
#
|
1223
|
+
#
|
1224
|
+
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/data-operations.verifyauthrequestcryptogram.html
|
1225
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
|
1226
|
+
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
|
1227
|
+
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
1228
|
+
# [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
1229
|
+
#
|
1230
|
+
# @option params [required, String] :auth_request_cryptogram
|
1231
|
+
# The auth request cryptogram imported into Amazon Web Services Payment
|
1232
|
+
# Cryptography for ARQC verification using a major encryption key and
|
1233
|
+
# transaction data.
|
1234
|
+
#
|
1235
|
+
# @option params [Types::CryptogramAuthResponse] :auth_response_attributes
|
1236
|
+
# The attributes and values for auth request cryptogram verification.
|
1237
|
+
# These parameters are required in case using ARPC Method 1 or Method 2
|
1238
|
+
# for ARQC verification.
|
1239
|
+
#
|
1240
|
+
# @option params [required, String] :key_identifier
|
1241
|
+
# The `keyARN` of the major encryption key that Amazon Web Services
|
1242
|
+
# Payment Cryptography uses for ARQC verification.
|
1243
|
+
#
|
1244
|
+
# @option params [required, String] :major_key_derivation_mode
|
1245
|
+
# The method to use when deriving the major encryption key for ARQC
|
1246
|
+
# verification within Amazon Web Services Payment Cryptography. The same
|
1247
|
+
# key derivation mode was used for ARQC generation outside of Amazon Web
|
1248
|
+
# Services Payment Cryptography.
|
1249
|
+
#
|
1250
|
+
# @option params [required, Types::SessionKeyDerivation] :session_key_derivation_attributes
|
1251
|
+
# The attributes and values to use for deriving a session key for ARQC
|
1252
|
+
# verification within Amazon Web Services Payment Cryptography. The same
|
1253
|
+
# attributes were used for ARQC generation outside of Amazon Web
|
1254
|
+
# Services Payment Cryptography.
|
1255
|
+
#
|
1256
|
+
# @option params [required, String] :transaction_data
|
1257
|
+
# The transaction data that Amazon Web Services Payment Cryptography
|
1258
|
+
# uses for ARQC verification. The same transaction is used for ARQC
|
1259
|
+
# generation outside of Amazon Web Services Payment Cryptography.
|
1260
|
+
#
|
1261
|
+
# @return [Types::VerifyAuthRequestCryptogramOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1262
|
+
#
|
1263
|
+
# * {Types::VerifyAuthRequestCryptogramOutput#auth_response_value #auth_response_value} => String
|
1264
|
+
# * {Types::VerifyAuthRequestCryptogramOutput#key_arn #key_arn} => String
|
1265
|
+
# * {Types::VerifyAuthRequestCryptogramOutput#key_check_value #key_check_value} => String
|
1266
|
+
#
|
1267
|
+
# @example Request syntax with placeholder values
|
1268
|
+
#
|
1269
|
+
# resp = client.verify_auth_request_cryptogram({
|
1270
|
+
# auth_request_cryptogram: "HexLengthEquals16", # required
|
1271
|
+
# auth_response_attributes: {
|
1272
|
+
# arpc_method_1: {
|
1273
|
+
# auth_response_code: "HexLengthEquals4", # required
|
1274
|
+
# },
|
1275
|
+
# arpc_method_2: {
|
1276
|
+
# card_status_update: "HexLengthEquals8", # required
|
1277
|
+
# proprietary_authentication_data: "HexLengthBetween1And16",
|
1278
|
+
# },
|
1279
|
+
# },
|
1280
|
+
# key_identifier: "KeyArnOrKeyAliasType", # required
|
1281
|
+
# major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
|
1282
|
+
# session_key_derivation_attributes: { # required
|
1283
|
+
# amex: {
|
1284
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
1285
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1286
|
+
# },
|
1287
|
+
# emv_2000: {
|
1288
|
+
# application_transaction_counter: "HexLengthBetween2And4", # required
|
1289
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
1290
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1291
|
+
# },
|
1292
|
+
# emv_common: {
|
1293
|
+
# application_transaction_counter: "HexLengthBetween2And4", # required
|
1294
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
1295
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1296
|
+
# },
|
1297
|
+
# mastercard: {
|
1298
|
+
# application_transaction_counter: "HexLengthBetween2And4", # required
|
1299
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
1300
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1301
|
+
# unpredictable_number: "HexLengthBetween2And8", # required
|
1302
|
+
# },
|
1303
|
+
# visa: {
|
1304
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
1305
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1306
|
+
# },
|
1307
|
+
# },
|
1308
|
+
# transaction_data: "HexLengthBetween2And1024", # required
|
1309
|
+
# })
|
1310
|
+
#
|
1311
|
+
# @example Response structure
|
1312
|
+
#
|
1313
|
+
# resp.auth_response_value #=> String
|
1314
|
+
# resp.key_arn #=> String
|
1315
|
+
# resp.key_check_value #=> String
|
1316
|
+
#
|
1317
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyAuthRequestCryptogram AWS API Documentation
|
1318
|
+
#
|
1319
|
+
# @overload verify_auth_request_cryptogram(params = {})
|
1320
|
+
# @param [Hash] params ({})
|
1321
|
+
def verify_auth_request_cryptogram(params = {}, options = {})
|
1322
|
+
req = build_request(:verify_auth_request_cryptogram, params)
|
1323
|
+
req.send_request(options)
|
1324
|
+
end
|
1325
|
+
|
1326
|
+
# Verifies card-related validation data using algorithms such as Card
|
1327
|
+
# Verification Values (CVV/CVV2), Dynamic Card Verification Values
|
1328
|
+
# (dCVV/dCVV2) and Card Security Codes (CSC). For more information, see
|
1329
|
+
# [Verify card data][1] in the *Amazon Web Services Payment Cryptography
|
1330
|
+
# User Guide*.
|
1331
|
+
#
|
1332
|
+
# This operation validates the CVV or CSC codes that is printed on a
|
1333
|
+
# payment credit or debit card during card payment transaction. The
|
1334
|
+
# input values are typically provided as part of an inbound transaction
|
1335
|
+
# to an issuer or supporting platform partner. Amazon Web Services
|
1336
|
+
# Payment Cryptography uses CVV or CSC, PAN (Primary Account Number) and
|
1337
|
+
# expiration date of the card to check its validity during transaction
|
1338
|
+
# processing. In this operation, the CVK (Card Verification Key)
|
1339
|
+
# encryption key for use with card data verification is same as the one
|
1340
|
+
# in used for GenerateCardValidationData.
|
1341
|
+
#
|
1342
|
+
# For information about valid keys for this operation, see
|
1343
|
+
# [Understanding key attributes][2] and [Key types for specific data
|
1344
|
+
# operations][3] in the *Amazon Web Services Payment Cryptography User
|
1345
|
+
# Guide*.
|
1346
|
+
#
|
1347
|
+
# **Cross-account use**: This operation can't be used across different
|
1348
|
+
# Amazon Web Services accounts.
|
1349
|
+
#
|
1350
|
+
# **Related operations:**
|
1351
|
+
#
|
1352
|
+
# * GenerateCardValidationData
|
1353
|
+
#
|
1354
|
+
# * VerifyAuthRequestCryptogram
|
1355
|
+
#
|
1356
|
+
# * VerifyPinData
|
1357
|
+
#
|
1358
|
+
#
|
1359
|
+
#
|
1360
|
+
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/verify-card-data.html
|
1361
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
1362
|
+
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
1363
|
+
#
|
1364
|
+
# @option params [required, String] :key_identifier
|
1365
|
+
# The `keyARN` of the CVK encryption key that Amazon Web Services
|
1366
|
+
# Payment Cryptography uses to verify card data.
|
1367
|
+
#
|
1368
|
+
# @option params [required, String] :primary_account_number
|
1369
|
+
# The Primary Account Number (PAN), a unique identifier for a payment
|
1370
|
+
# credit or debit card that associates the card with a specific account
|
1371
|
+
# holder.
|
1372
|
+
#
|
1373
|
+
# @option params [required, String] :validation_data
|
1374
|
+
# The CVV or CSC value for use for card data verification within Amazon
|
1375
|
+
# Web Services Payment Cryptography.
|
1376
|
+
#
|
1377
|
+
# @option params [required, Types::CardVerificationAttributes] :verification_attributes
|
1378
|
+
# The algorithm to use for verification of card data within Amazon Web
|
1379
|
+
# Services Payment Cryptography.
|
1380
|
+
#
|
1381
|
+
# @return [Types::VerifyCardValidationDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1382
|
+
#
|
1383
|
+
# * {Types::VerifyCardValidationDataOutput#key_arn #key_arn} => String
|
1384
|
+
# * {Types::VerifyCardValidationDataOutput#key_check_value #key_check_value} => String
|
1385
|
+
#
|
1386
|
+
# @example Request syntax with placeholder values
|
1387
|
+
#
|
1388
|
+
# resp = client.verify_card_validation_data({
|
1389
|
+
# key_identifier: "KeyArnOrKeyAliasType", # required
|
1390
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1391
|
+
# validation_data: "NumberLengthBetween3And5", # required
|
1392
|
+
# verification_attributes: { # required
|
1393
|
+
# amex_card_security_code_version_1: {
|
1394
|
+
# card_expiry_date: "NumberLengthEquals4", # required
|
1395
|
+
# },
|
1396
|
+
# amex_card_security_code_version_2: {
|
1397
|
+
# card_expiry_date: "NumberLengthEquals4", # required
|
1398
|
+
# service_code: "NumberLengthEquals3", # required
|
1399
|
+
# },
|
1400
|
+
# card_holder_verification_value: {
|
1401
|
+
# application_transaction_counter: "HexLengthBetween2And4", # required
|
1402
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
1403
|
+
# unpredictable_number: "HexLengthBetween2And8", # required
|
1404
|
+
# },
|
1405
|
+
# card_verification_value_1: {
|
1406
|
+
# card_expiry_date: "NumberLengthEquals4", # required
|
1407
|
+
# service_code: "NumberLengthEquals3", # required
|
1408
|
+
# },
|
1409
|
+
# card_verification_value_2: {
|
1410
|
+
# card_expiry_date: "NumberLengthEquals4", # required
|
1411
|
+
# },
|
1412
|
+
# discover_dynamic_card_verification_code: {
|
1413
|
+
# application_transaction_counter: "HexLengthBetween2And4", # required
|
1414
|
+
# card_expiry_date: "NumberLengthEquals4", # required
|
1415
|
+
# unpredictable_number: "HexLengthBetween2And8", # required
|
1416
|
+
# },
|
1417
|
+
# dynamic_card_verification_code: {
|
1418
|
+
# application_transaction_counter: "HexLengthBetween2And4", # required
|
1419
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
1420
|
+
# track_data: "HexLengthBetween2And160", # required
|
1421
|
+
# unpredictable_number: "HexLengthBetween2And8", # required
|
1422
|
+
# },
|
1423
|
+
# dynamic_card_verification_value: {
|
1424
|
+
# application_transaction_counter: "HexLengthBetween2And4", # required
|
1425
|
+
# card_expiry_date: "NumberLengthEquals4", # required
|
1426
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
1427
|
+
# service_code: "NumberLengthEquals3", # required
|
1428
|
+
# },
|
1429
|
+
# },
|
1430
|
+
# })
|
1431
|
+
#
|
1432
|
+
# @example Response structure
|
1433
|
+
#
|
1434
|
+
# resp.key_arn #=> String
|
1435
|
+
# resp.key_check_value #=> String
|
1436
|
+
#
|
1437
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyCardValidationData AWS API Documentation
|
1438
|
+
#
|
1439
|
+
# @overload verify_card_validation_data(params = {})
|
1440
|
+
# @param [Hash] params ({})
|
1441
|
+
def verify_card_validation_data(params = {}, options = {})
|
1442
|
+
req = build_request(:verify_card_validation_data, params)
|
1443
|
+
req.send_request(options)
|
1444
|
+
end
|
1445
|
+
|
1446
|
+
# Verifies a Message Authentication Code (MAC).
|
1447
|
+
#
|
1448
|
+
# You can use this operation when keys won't be shared but mutual data
|
1449
|
+
# is present on both ends for validation. In this case, known data
|
1450
|
+
# values are used to generate a MAC on both ends for verification
|
1451
|
+
# without sending or receiving data in ciphertext or plaintext. You can
|
1452
|
+
# use this operation to verify a DUPKT, HMAC or EMV MAC by setting
|
1453
|
+
# generation attributes and algorithm to the associated values. Use the
|
1454
|
+
# same encryption key for MAC verification as you use for GenerateMac.
|
1455
|
+
#
|
1456
|
+
# For information about valid keys for this operation, see
|
1457
|
+
# [Understanding key attributes][1] and [Key types for specific data
|
1458
|
+
# operations][2] in the *Amazon Web Services Payment Cryptography User
|
1459
|
+
# Guide*.
|
1460
|
+
#
|
1461
|
+
# **Cross-account use**: This operation can't be used across different
|
1462
|
+
# Amazon Web Services accounts.
|
1463
|
+
#
|
1464
|
+
# **Related operations:**
|
1465
|
+
#
|
1466
|
+
# * GenerateMac
|
1467
|
+
#
|
1468
|
+
# ^
|
1469
|
+
#
|
1470
|
+
#
|
1471
|
+
#
|
1472
|
+
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
1473
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
1474
|
+
#
|
1475
|
+
# @option params [required, String] :key_identifier
|
1476
|
+
# The `keyARN` of the encryption key that Amazon Web Services Payment
|
1477
|
+
# Cryptography uses to verify MAC data.
|
1478
|
+
#
|
1479
|
+
# @option params [required, String] :mac
|
1480
|
+
# The MAC being verified.
|
1481
|
+
#
|
1482
|
+
# @option params [Integer] :mac_length
|
1483
|
+
# The length of the MAC.
|
1484
|
+
#
|
1485
|
+
# @option params [required, String] :message_data
|
1486
|
+
# The data on for which MAC is under verification.
|
1487
|
+
#
|
1488
|
+
# @option params [required, Types::MacAttributes] :verification_attributes
|
1489
|
+
# The attributes and data values to use for MAC verification within
|
1490
|
+
# Amazon Web Services Payment Cryptography.
|
1491
|
+
#
|
1492
|
+
# @return [Types::VerifyMacOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1493
|
+
#
|
1494
|
+
# * {Types::VerifyMacOutput#key_arn #key_arn} => String
|
1495
|
+
# * {Types::VerifyMacOutput#key_check_value #key_check_value} => String
|
1496
|
+
#
|
1497
|
+
# @example Request syntax with placeholder values
|
1498
|
+
#
|
1499
|
+
# resp = client.verify_mac({
|
1500
|
+
# key_identifier: "KeyArnOrKeyAliasType", # required
|
1501
|
+
# mac: "HexLengthBetween4And128", # required
|
1502
|
+
# mac_length: 1,
|
1503
|
+
# message_data: "HexLengthBetween2And4096", # required
|
1504
|
+
# verification_attributes: { # required
|
1505
|
+
# algorithm: "ISO9797_ALGORITHM1", # accepts ISO9797_ALGORITHM1, ISO9797_ALGORITHM3, CMAC, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512
|
1506
|
+
# dukpt_cmac: {
|
1507
|
+
# dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
1508
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
1509
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
1510
|
+
# },
|
1511
|
+
# dukpt_iso_9797_algorithm_1: {
|
1512
|
+
# dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
1513
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
1514
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
1515
|
+
# },
|
1516
|
+
# dukpt_iso_9797_algorithm_3: {
|
1517
|
+
# dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
1518
|
+
# dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
|
1519
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
1520
|
+
# },
|
1521
|
+
# emv_mac: {
|
1522
|
+
# major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
|
1523
|
+
# pan_sequence_number: "HexLengthEquals2", # required
|
1524
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1525
|
+
# session_key_derivation_mode: "EMV_COMMON_SESSION_KEY", # required, accepts EMV_COMMON_SESSION_KEY, EMV2000, AMEX, MASTERCARD_SESSION_KEY, VISA
|
1526
|
+
# session_key_derivation_value: { # required
|
1527
|
+
# application_cryptogram: "HexLengthEquals16",
|
1528
|
+
# application_transaction_counter: "HexLengthBetween2And4",
|
1529
|
+
# },
|
1530
|
+
# },
|
1531
|
+
# },
|
1532
|
+
# })
|
1533
|
+
#
|
1534
|
+
# @example Response structure
|
1535
|
+
#
|
1536
|
+
# resp.key_arn #=> String
|
1537
|
+
# resp.key_check_value #=> String
|
1538
|
+
#
|
1539
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyMac AWS API Documentation
|
1540
|
+
#
|
1541
|
+
# @overload verify_mac(params = {})
|
1542
|
+
# @param [Hash] params ({})
|
1543
|
+
def verify_mac(params = {}, options = {})
|
1544
|
+
req = build_request(:verify_mac, params)
|
1545
|
+
req.send_request(options)
|
1546
|
+
end
|
1547
|
+
|
1548
|
+
# Verifies pin-related data such as PIN and PIN Offset using algorithms
|
1549
|
+
# including VISA PVV and IBM3624. For more information, see [Verify PIN
|
1550
|
+
# data][1] in the *Amazon Web Services Payment Cryptography User Guide*.
|
1551
|
+
#
|
1552
|
+
# This operation verifies PIN data for user payment card. A card holder
|
1553
|
+
# PIN data is never transmitted in clear to or from Amazon Web Services
|
1554
|
+
# Payment Cryptography. This operation uses PIN Verification Key (PVK)
|
1555
|
+
# for PIN or PIN Offset generation and then encrypts it using PIN
|
1556
|
+
# Encryption Key (PEK) to create an `EncryptedPinBlock` for transmission
|
1557
|
+
# from Amazon Web Services Payment Cryptography.
|
1558
|
+
#
|
1559
|
+
# For information about valid keys for this operation, see
|
1560
|
+
# [Understanding key attributes][2] and [Key types for specific data
|
1561
|
+
# operations][3] in the *Amazon Web Services Payment Cryptography User
|
1562
|
+
# Guide*.
|
1563
|
+
#
|
1564
|
+
# **Cross-account use**: This operation can't be used across different
|
1565
|
+
# Amazon Web Services accounts.
|
1566
|
+
#
|
1567
|
+
# **Related operations:**
|
1568
|
+
#
|
1569
|
+
# * GeneratePinData
|
1570
|
+
#
|
1571
|
+
# * TranslatePinData
|
1572
|
+
#
|
1573
|
+
#
|
1574
|
+
#
|
1575
|
+
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/verify-pin-data.html
|
1576
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
1577
|
+
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
1578
|
+
#
|
1579
|
+
# @option params [Types::DukptAttributes] :dukpt_attributes
|
1580
|
+
# The attributes and values for the DUKPT encrypted PIN block data.
|
1581
|
+
#
|
1582
|
+
# @option params [required, String] :encrypted_pin_block
|
1583
|
+
# The encrypted PIN block data that Amazon Web Services Payment
|
1584
|
+
# Cryptography verifies.
|
1585
|
+
#
|
1586
|
+
# @option params [required, String] :encryption_key_identifier
|
1587
|
+
# The `keyARN` of the encryption key under which the PIN block data is
|
1588
|
+
# encrypted. This key type can be PEK or BDK.
|
1589
|
+
#
|
1590
|
+
# @option params [required, String] :pin_block_format
|
1591
|
+
# The PIN encoding format for pin data generation as specified in ISO
|
1592
|
+
# 9564. Amazon Web Services Payment Cryptography supports `ISO_Format_0`
|
1593
|
+
# and `ISO_Format_3`.
|
1594
|
+
#
|
1595
|
+
# The `ISO_Format_0` PIN block format is equivalent to the ANSI X9.8,
|
1596
|
+
# VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN
|
1597
|
+
# block format. It supports a PIN from 4 to 12 digits in length.
|
1598
|
+
#
|
1599
|
+
# The `ISO_Format_3` PIN block format is the same as `ISO_Format_0`
|
1600
|
+
# except that the fill digits are random values from 10 to 15.
|
1601
|
+
#
|
1602
|
+
# @option params [Integer] :pin_data_length
|
1603
|
+
# The length of PIN being verified.
|
1604
|
+
#
|
1605
|
+
# @option params [required, String] :primary_account_number
|
1606
|
+
# The Primary Account Number (PAN), a unique identifier for a payment
|
1607
|
+
# credit or debit card that associates the card with a specific account
|
1608
|
+
# holder.
|
1609
|
+
#
|
1610
|
+
# @option params [required, Types::PinVerificationAttributes] :verification_attributes
|
1611
|
+
# The attributes and values for PIN data verification.
|
1612
|
+
#
|
1613
|
+
# @option params [required, String] :verification_key_identifier
|
1614
|
+
# The `keyARN` of the PIN verification key.
|
1615
|
+
#
|
1616
|
+
# @return [Types::VerifyPinDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1617
|
+
#
|
1618
|
+
# * {Types::VerifyPinDataOutput#encryption_key_arn #encryption_key_arn} => String
|
1619
|
+
# * {Types::VerifyPinDataOutput#encryption_key_check_value #encryption_key_check_value} => String
|
1620
|
+
# * {Types::VerifyPinDataOutput#verification_key_arn #verification_key_arn} => String
|
1621
|
+
# * {Types::VerifyPinDataOutput#verification_key_check_value #verification_key_check_value} => String
|
1622
|
+
#
|
1623
|
+
# @example Request syntax with placeholder values
|
1624
|
+
#
|
1625
|
+
# resp = client.verify_pin_data({
|
1626
|
+
# dukpt_attributes: {
|
1627
|
+
# dukpt_derivation_type: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
|
1628
|
+
# key_serial_number: "HexLengthBetween10And24", # required
|
1629
|
+
# },
|
1630
|
+
# encrypted_pin_block: "HexLengthBetween16And32", # required
|
1631
|
+
# encryption_key_identifier: "KeyArnOrKeyAliasType", # required
|
1632
|
+
# pin_block_format: "ISO_FORMAT_0", # required, accepts ISO_FORMAT_0, ISO_FORMAT_3
|
1633
|
+
# pin_data_length: 1,
|
1634
|
+
# primary_account_number: "NumberLengthBetween12And19", # required
|
1635
|
+
# verification_attributes: { # required
|
1636
|
+
# ibm_3624_pin: {
|
1637
|
+
# decimalization_table: "NumberLengthEquals16", # required
|
1638
|
+
# pin_offset: "NumberLengthBetween4And12", # required
|
1639
|
+
# pin_validation_data: "NumberLengthBetween4And16", # required
|
1640
|
+
# pin_validation_data_pad_character: "HexLengthEquals1", # required
|
1641
|
+
# },
|
1642
|
+
# visa_pin: {
|
1643
|
+
# pin_verification_key_index: 1, # required
|
1644
|
+
# verification_value: "NumberLengthBetween4And12", # required
|
1645
|
+
# },
|
1646
|
+
# },
|
1647
|
+
# verification_key_identifier: "KeyArnOrKeyAliasType", # required
|
1648
|
+
# })
|
1649
|
+
#
|
1650
|
+
# @example Response structure
|
1651
|
+
#
|
1652
|
+
# resp.encryption_key_arn #=> String
|
1653
|
+
# resp.encryption_key_check_value #=> String
|
1654
|
+
# resp.verification_key_arn #=> String
|
1655
|
+
# resp.verification_key_check_value #=> String
|
1656
|
+
#
|
1657
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyPinData AWS API Documentation
|
1658
|
+
#
|
1659
|
+
# @overload verify_pin_data(params = {})
|
1660
|
+
# @param [Hash] params ({})
|
1661
|
+
def verify_pin_data(params = {}, options = {})
|
1662
|
+
req = build_request(:verify_pin_data, params)
|
1663
|
+
req.send_request(options)
|
1664
|
+
end
|
1665
|
+
|
1666
|
+
# @!endgroup
|
1667
|
+
|
1668
|
+
# @param params ({})
|
1669
|
+
# @api private
|
1670
|
+
def build_request(operation_name, params = {})
|
1671
|
+
handlers = @handlers.for(operation_name)
|
1672
|
+
context = Seahorse::Client::RequestContext.new(
|
1673
|
+
operation_name: operation_name,
|
1674
|
+
operation: config.api.operation(operation_name),
|
1675
|
+
client: self,
|
1676
|
+
params: params,
|
1677
|
+
config: config)
|
1678
|
+
context[:gem_name] = 'aws-sdk-paymentcryptographydata'
|
1679
|
+
context[:gem_version] = '1.0.0'
|
1680
|
+
Seahorse::Client::Request.new(handlers, context)
|
1681
|
+
end
|
1682
|
+
|
1683
|
+
# @api private
|
1684
|
+
# @deprecated
|
1685
|
+
def waiter_names
|
1686
|
+
[]
|
1687
|
+
end
|
1688
|
+
|
1689
|
+
class << self
|
1690
|
+
|
1691
|
+
# @api private
|
1692
|
+
attr_reader :identifier
|
1693
|
+
|
1694
|
+
# @api private
|
1695
|
+
def errors_module
|
1696
|
+
Errors
|
1697
|
+
end
|
1698
|
+
|
1699
|
+
end
|
1700
|
+
end
|
1701
|
+
end
|