aws-sdk-paymentcryptographydata 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,1701 @@
1
+ # frozen_string_literal: true
2
+
3
+ # WARNING ABOUT GENERATED CODE
4
+ #
5
+ # This file is generated. See the contributing guide for more information:
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
+ #
8
+ # WARNING ABOUT GENERATED CODE
9
+
10
+ require 'seahorse/client/plugins/content_length.rb'
11
+ require 'aws-sdk-core/plugins/credentials_configuration.rb'
12
+ require 'aws-sdk-core/plugins/logging.rb'
13
+ require 'aws-sdk-core/plugins/param_converter.rb'
14
+ require 'aws-sdk-core/plugins/param_validator.rb'
15
+ require 'aws-sdk-core/plugins/user_agent.rb'
16
+ require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
17
+ require 'aws-sdk-core/plugins/retry_errors.rb'
18
+ require 'aws-sdk-core/plugins/global_configuration.rb'
19
+ require 'aws-sdk-core/plugins/regional_endpoint.rb'
20
+ require 'aws-sdk-core/plugins/endpoint_discovery.rb'
21
+ require 'aws-sdk-core/plugins/endpoint_pattern.rb'
22
+ require 'aws-sdk-core/plugins/response_paging.rb'
23
+ require 'aws-sdk-core/plugins/stub_responses.rb'
24
+ require 'aws-sdk-core/plugins/idempotency_token.rb'
25
+ require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
26
+ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
+ require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
28
+ require 'aws-sdk-core/plugins/transfer_encoding.rb'
29
+ require 'aws-sdk-core/plugins/http_checksum.rb'
30
+ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
31
+ require 'aws-sdk-core/plugins/defaults_mode.rb'
32
+ require 'aws-sdk-core/plugins/recursion_detection.rb'
33
+ require 'aws-sdk-core/plugins/sign.rb'
34
+ require 'aws-sdk-core/plugins/protocols/rest_json.rb'
35
+
36
+ Aws::Plugins::GlobalConfiguration.add_identifier(:paymentcryptographydata)
37
+
38
+ module Aws::PaymentCryptographyData
39
+ # An API client for PaymentCryptographyData. To construct a client, you need to configure a `:region` and `:credentials`.
40
+ #
41
+ # client = Aws::PaymentCryptographyData::Client.new(
42
+ # region: region_name,
43
+ # credentials: credentials,
44
+ # # ...
45
+ # )
46
+ #
47
+ # For details on configuring region and credentials see
48
+ # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
49
+ #
50
+ # See {#initialize} for a full list of supported configuration options.
51
+ class Client < Seahorse::Client::Base
52
+
53
+ include Aws::ClientStubs
54
+
55
+ @identifier = :paymentcryptographydata
56
+
57
+ set_api(ClientApi::API)
58
+
59
+ add_plugin(Seahorse::Client::Plugins::ContentLength)
60
+ add_plugin(Aws::Plugins::CredentialsConfiguration)
61
+ add_plugin(Aws::Plugins::Logging)
62
+ add_plugin(Aws::Plugins::ParamConverter)
63
+ add_plugin(Aws::Plugins::ParamValidator)
64
+ add_plugin(Aws::Plugins::UserAgent)
65
+ add_plugin(Aws::Plugins::HelpfulSocketErrors)
66
+ add_plugin(Aws::Plugins::RetryErrors)
67
+ add_plugin(Aws::Plugins::GlobalConfiguration)
68
+ add_plugin(Aws::Plugins::RegionalEndpoint)
69
+ add_plugin(Aws::Plugins::EndpointDiscovery)
70
+ add_plugin(Aws::Plugins::EndpointPattern)
71
+ add_plugin(Aws::Plugins::ResponsePaging)
72
+ add_plugin(Aws::Plugins::StubResponses)
73
+ add_plugin(Aws::Plugins::IdempotencyToken)
74
+ add_plugin(Aws::Plugins::JsonvalueConverter)
75
+ add_plugin(Aws::Plugins::ClientMetricsPlugin)
76
+ add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
77
+ add_plugin(Aws::Plugins::TransferEncoding)
78
+ add_plugin(Aws::Plugins::HttpChecksum)
79
+ add_plugin(Aws::Plugins::ChecksumAlgorithm)
80
+ add_plugin(Aws::Plugins::DefaultsMode)
81
+ add_plugin(Aws::Plugins::RecursionDetection)
82
+ add_plugin(Aws::Plugins::Sign)
83
+ add_plugin(Aws::Plugins::Protocols::RestJson)
84
+ add_plugin(Aws::PaymentCryptographyData::Plugins::Endpoints)
85
+
86
+ # @overload initialize(options)
87
+ # @param [Hash] options
88
+ # @option options [required, Aws::CredentialProvider] :credentials
89
+ # Your AWS credentials. This can be an instance of any one of the
90
+ # following classes:
91
+ #
92
+ # * `Aws::Credentials` - Used for configuring static, non-refreshing
93
+ # credentials.
94
+ #
95
+ # * `Aws::SharedCredentials` - Used for loading static credentials from a
96
+ # shared file, such as `~/.aws/config`.
97
+ #
98
+ # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
99
+ #
100
+ # * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
101
+ # assume a role after providing credentials via the web.
102
+ #
103
+ # * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
104
+ # access token generated from `aws login`.
105
+ #
106
+ # * `Aws::ProcessCredentials` - Used for loading credentials from a
107
+ # process that outputs to stdout.
108
+ #
109
+ # * `Aws::InstanceProfileCredentials` - Used for loading credentials
110
+ # from an EC2 IMDS on an EC2 instance.
111
+ #
112
+ # * `Aws::ECSCredentials` - Used for loading credentials from
113
+ # instances running in ECS.
114
+ #
115
+ # * `Aws::CognitoIdentityCredentials` - Used for loading credentials
116
+ # from the Cognito Identity service.
117
+ #
118
+ # When `:credentials` are not configured directly, the following
119
+ # locations will be searched for credentials:
120
+ #
121
+ # * `Aws.config[:credentials]`
122
+ # * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
123
+ # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
124
+ # * `~/.aws/credentials`
125
+ # * `~/.aws/config`
126
+ # * EC2/ECS IMDS instance profile - When used by default, the timeouts
127
+ # are very aggressive. Construct and pass an instance of
128
+ # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
129
+ # enable retries and extended timeouts. Instance profile credential
130
+ # fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
131
+ # to true.
132
+ #
133
+ # @option options [required, String] :region
134
+ # The AWS region to connect to. The configured `:region` is
135
+ # used to determine the service `:endpoint`. When not passed,
136
+ # a default `:region` is searched for in the following locations:
137
+ #
138
+ # * `Aws.config[:region]`
139
+ # * `ENV['AWS_REGION']`
140
+ # * `ENV['AMAZON_REGION']`
141
+ # * `ENV['AWS_DEFAULT_REGION']`
142
+ # * `~/.aws/credentials`
143
+ # * `~/.aws/config`
144
+ #
145
+ # @option options [String] :access_key_id
146
+ #
147
+ # @option options [Boolean] :active_endpoint_cache (false)
148
+ # When set to `true`, a thread polling for endpoints will be running in
149
+ # the background every 60 secs (default). Defaults to `false`.
150
+ #
151
+ # @option options [Boolean] :adaptive_retry_wait_to_fill (true)
152
+ # Used only in `adaptive` retry mode. When true, the request will sleep
153
+ # until there is sufficent client side capacity to retry the request.
154
+ # When false, the request will raise a `RetryCapacityNotAvailableError` and will
155
+ # not retry instead of sleeping.
156
+ #
157
+ # @option options [Boolean] :client_side_monitoring (false)
158
+ # When `true`, client-side metrics will be collected for all API requests from
159
+ # this client.
160
+ #
161
+ # @option options [String] :client_side_monitoring_client_id ("")
162
+ # Allows you to provide an identifier for this client which will be attached to
163
+ # all generated client side metrics. Defaults to an empty string.
164
+ #
165
+ # @option options [String] :client_side_monitoring_host ("127.0.0.1")
166
+ # Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
167
+ # side monitoring agent is running on, where client metrics will be published via UDP.
168
+ #
169
+ # @option options [Integer] :client_side_monitoring_port (31000)
170
+ # Required for publishing client metrics. The port that the client side monitoring
171
+ # agent is running on, where client metrics will be published via UDP.
172
+ #
173
+ # @option options [Aws::ClientSideMonitoring::Publisher] :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher)
174
+ # Allows you to provide a custom client-side monitoring publisher class. By default,
175
+ # will use the Client Side Monitoring Agent Publisher.
176
+ #
177
+ # @option options [Boolean] :convert_params (true)
178
+ # When `true`, an attempt is made to coerce request parameters into
179
+ # the required types.
180
+ #
181
+ # @option options [Boolean] :correct_clock_skew (true)
182
+ # Used only in `standard` and adaptive retry modes. Specifies whether to apply
183
+ # a clock skew correction and retry requests with skewed client clocks.
184
+ #
185
+ # @option options [String] :defaults_mode ("legacy")
186
+ # See {Aws::DefaultsModeConfiguration} for a list of the
187
+ # accepted modes and the configuration defaults that are included.
188
+ #
189
+ # @option options [Boolean] :disable_host_prefix_injection (false)
190
+ # Set to true to disable SDK automatically adding host prefix
191
+ # to default service endpoint when available.
192
+ #
193
+ # @option options [String] :endpoint
194
+ # The client endpoint is normally constructed from the `:region`
195
+ # option. You should only configure an `:endpoint` when connecting
196
+ # to test or custom endpoints. This should be a valid HTTP(S) URI.
197
+ #
198
+ # @option options [Integer] :endpoint_cache_max_entries (1000)
199
+ # Used for the maximum size limit of the LRU cache storing endpoints data
200
+ # for endpoint discovery enabled operations. Defaults to 1000.
201
+ #
202
+ # @option options [Integer] :endpoint_cache_max_threads (10)
203
+ # Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.
204
+ #
205
+ # @option options [Integer] :endpoint_cache_poll_interval (60)
206
+ # When :endpoint_discovery and :active_endpoint_cache is enabled,
207
+ # Use this option to config the time interval in seconds for making
208
+ # requests fetching endpoints information. Defaults to 60 sec.
209
+ #
210
+ # @option options [Boolean] :endpoint_discovery (false)
211
+ # When set to `true`, endpoint discovery will be enabled for operations when available.
212
+ #
213
+ # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
214
+ # The log formatter.
215
+ #
216
+ # @option options [Symbol] :log_level (:info)
217
+ # The log level to send messages to the `:logger` at.
218
+ #
219
+ # @option options [Logger] :logger
220
+ # The Logger instance to send log messages to. If this option
221
+ # is not set, logging will be disabled.
222
+ #
223
+ # @option options [Integer] :max_attempts (3)
224
+ # An integer representing the maximum number attempts that will be made for
225
+ # a single request, including the initial attempt. For example,
226
+ # setting this value to 5 will result in a request being retried up to
227
+ # 4 times. Used in `standard` and `adaptive` retry modes.
228
+ #
229
+ # @option options [String] :profile ("default")
230
+ # Used when loading credentials from the shared credentials file
231
+ # at HOME/.aws/credentials. When not specified, 'default' is used.
232
+ #
233
+ # @option options [Proc] :retry_backoff
234
+ # A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
235
+ # This option is only used in the `legacy` retry mode.
236
+ #
237
+ # @option options [Float] :retry_base_delay (0.3)
238
+ # The base delay in seconds used by the default backoff function. This option
239
+ # is only used in the `legacy` retry mode.
240
+ #
241
+ # @option options [Symbol] :retry_jitter (:none)
242
+ # A delay randomiser function used by the default backoff function.
243
+ # Some predefined functions can be referenced by name - :none, :equal, :full,
244
+ # otherwise a Proc that takes and returns a number. This option is only used
245
+ # in the `legacy` retry mode.
246
+ #
247
+ # @see https://www.awsarchitectureblog.com/2015/03/backoff.html
248
+ #
249
+ # @option options [Integer] :retry_limit (3)
250
+ # The maximum number of times to retry failed requests. Only
251
+ # ~ 500 level server errors and certain ~ 400 level client errors
252
+ # are retried. Generally, these are throttling errors, data
253
+ # checksum errors, networking errors, timeout errors, auth errors,
254
+ # endpoint discovery, and errors from expired credentials.
255
+ # This option is only used in the `legacy` retry mode.
256
+ #
257
+ # @option options [Integer] :retry_max_delay (0)
258
+ # The maximum number of seconds to delay between retries (0 for no limit)
259
+ # used by the default backoff function. This option is only used in the
260
+ # `legacy` retry mode.
261
+ #
262
+ # @option options [String] :retry_mode ("legacy")
263
+ # Specifies which retry algorithm to use. Values are:
264
+ #
265
+ # * `legacy` - The pre-existing retry behavior. This is default value if
266
+ # no retry mode is provided.
267
+ #
268
+ # * `standard` - A standardized set of retry rules across the AWS SDKs.
269
+ # This includes support for retry quotas, which limit the number of
270
+ # unsuccessful retries a client can make.
271
+ #
272
+ # * `adaptive` - An experimental retry mode that includes all the
273
+ # functionality of `standard` mode along with automatic client side
274
+ # throttling. This is a provisional mode that may change behavior
275
+ # in the future.
276
+ #
277
+ #
278
+ # @option options [String] :sdk_ua_app_id
279
+ # A unique and opaque application ID that is appended to the
280
+ # User-Agent header as app/<sdk_ua_app_id>. It should have a
281
+ # maximum length of 50.
282
+ #
283
+ # @option options [String] :secret_access_key
284
+ #
285
+ # @option options [String] :session_token
286
+ #
287
+ # @option options [Boolean] :stub_responses (false)
288
+ # Causes the client to return stubbed responses. By default
289
+ # fake responses are generated and returned. You can specify
290
+ # the response data to return or errors to raise by calling
291
+ # {ClientStubs#stub_responses}. See {ClientStubs} for more information.
292
+ #
293
+ # ** Please note ** When response stubbing is enabled, no HTTP
294
+ # requests are made, and retries are disabled.
295
+ #
296
+ # @option options [Aws::TokenProvider] :token_provider
297
+ # A Bearer Token Provider. This can be an instance of any one of the
298
+ # following classes:
299
+ #
300
+ # * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
301
+ # tokens.
302
+ #
303
+ # * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
304
+ # access token generated from `aws login`.
305
+ #
306
+ # When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
307
+ # will be used to search for tokens configured for your profile in shared configuration files.
308
+ #
309
+ # @option options [Boolean] :use_dualstack_endpoint
310
+ # When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
311
+ # will be used if available.
312
+ #
313
+ # @option options [Boolean] :use_fips_endpoint
314
+ # When set to `true`, fips compatible endpoints will be used if available.
315
+ # When a `fips` region is used, the region is normalized and this config
316
+ # is set to `true`.
317
+ #
318
+ # @option options [Boolean] :validate_params (true)
319
+ # When `true`, request parameters are validated before
320
+ # sending the request.
321
+ #
322
+ # @option options [Aws::PaymentCryptographyData::EndpointProvider] :endpoint_provider
323
+ # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::PaymentCryptographyData::EndpointParameters`
324
+ #
325
+ # @option options [URI::HTTP,String] :http_proxy A proxy to send
326
+ # requests through. Formatted like 'http://proxy.com:123'.
327
+ #
328
+ # @option options [Float] :http_open_timeout (15) The number of
329
+ # seconds to wait when opening a HTTP session before raising a
330
+ # `Timeout::Error`.
331
+ #
332
+ # @option options [Float] :http_read_timeout (60) The default
333
+ # number of seconds to wait for response data. This value can
334
+ # safely be set per-request on the session.
335
+ #
336
+ # @option options [Float] :http_idle_timeout (5) The number of
337
+ # seconds a connection is allowed to sit idle before it is
338
+ # considered stale. Stale connections are closed and removed
339
+ # from the pool before making a request.
340
+ #
341
+ # @option options [Float] :http_continue_timeout (1) The number of
342
+ # seconds to wait for a 100-continue response before sending the
343
+ # request body. This option has no effect unless the request has
344
+ # "Expect" header set to "100-continue". Defaults to `nil` which
345
+ # disables this behaviour. This value can safely be set per
346
+ # request on the session.
347
+ #
348
+ # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
349
+ # in seconds.
350
+ #
351
+ # @option options [Boolean] :http_wire_trace (false) When `true`,
352
+ # HTTP debug output will be sent to the `:logger`.
353
+ #
354
+ # @option options [Boolean] :ssl_verify_peer (true) When `true`,
355
+ # SSL peer certificates are verified when establishing a
356
+ # connection.
357
+ #
358
+ # @option options [String] :ssl_ca_bundle Full path to the SSL
359
+ # certificate authority bundle file that should be used when
360
+ # verifying peer certificates. If you do not pass
361
+ # `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
362
+ # will be used if available.
363
+ #
364
+ # @option options [String] :ssl_ca_directory Full path of the
365
+ # directory that contains the unbundled SSL certificate
366
+ # authority files for verifying peer certificates. If you do
367
+ # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
368
+ # system default will be used if available.
369
+ #
370
+ def initialize(*args)
371
+ super
372
+ end
373
+
374
+ # @!group API Operations
375
+
376
+ # Decrypts ciphertext data to plaintext using symmetric, asymmetric, or
377
+ # DUKPT data encryption key. For more information, see [Decrypt data][1]
378
+ # in the *Amazon Web Services Payment Cryptography User Guide*.
379
+ #
380
+ # You can use an encryption key generated within Amazon Web Services
381
+ # Payment Cryptography, or you can import your own encryption key by
382
+ # calling [ImportKey][2]. For this operation, the key must have
383
+ # `KeyModesOfUse` set to `Decrypt`. In asymmetric decryption, Amazon Web
384
+ # Services Payment Cryptography decrypts the ciphertext using the
385
+ # private component of the asymmetric encryption key pair. For data
386
+ # encryption outside of Amazon Web Services Payment Cryptography, you
387
+ # can export the public component of the asymmetric key pair by calling
388
+ # [GetPublicCertificate][3].
389
+ #
390
+ # For symmetric and DUKPT decryption, Amazon Web Services Payment
391
+ # Cryptography supports `TDES` and `AES` algorithms. For asymmetric
392
+ # decryption, Amazon Web Services Payment Cryptography supports `RSA`.
393
+ # When you use DUKPT, for `TDES` algorithm, the ciphertext data length
394
+ # must be a multiple of 16 bytes. For `AES` algorithm, the ciphertext
395
+ # data length must be a multiple of 32 bytes.
396
+ #
397
+ # For information about valid keys for this operation, see
398
+ # [Understanding key attributes][4] and [Key types for specific data
399
+ # operations][5] in the *Amazon Web Services Payment Cryptography User
400
+ # Guide*.
401
+ #
402
+ # **Cross-account use**: This operation can't be used across different
403
+ # Amazon Web Services accounts.
404
+ #
405
+ # **Related operations:**
406
+ #
407
+ # * EncryptData
408
+ #
409
+ # * [GetPublicCertificate][3]
410
+ #
411
+ # * [ImportKey][2]
412
+ #
413
+ #
414
+ #
415
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/decrypt-data.html
416
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
417
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
418
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
419
+ # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
420
+ #
421
+ # @option params [required, String] :cipher_text
422
+ # The ciphertext to decrypt.
423
+ #
424
+ # @option params [required, Types::EncryptionDecryptionAttributes] :decryption_attributes
425
+ # The encryption key type and attributes for ciphertext decryption.
426
+ #
427
+ # @option params [required, String] :key_identifier
428
+ # The `keyARN` of the encryption key that Amazon Web Services Payment
429
+ # Cryptography uses for ciphertext decryption.
430
+ #
431
+ # @return [Types::DecryptDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
432
+ #
433
+ # * {Types::DecryptDataOutput#key_arn #key_arn} => String
434
+ # * {Types::DecryptDataOutput#key_check_value #key_check_value} => String
435
+ # * {Types::DecryptDataOutput#plain_text #plain_text} => String
436
+ #
437
+ # @example Request syntax with placeholder values
438
+ #
439
+ # resp = client.decrypt_data({
440
+ # cipher_text: "HexEvenLengthBetween16And4096", # required
441
+ # decryption_attributes: { # required
442
+ # asymmetric: {
443
+ # padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
444
+ # },
445
+ # dukpt: {
446
+ # dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
447
+ # dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
448
+ # initialization_vector: "HexLength16Or32",
449
+ # key_serial_number: "HexLengthBetween10And24", # required
450
+ # mode: "ECB", # accepts ECB, CBC
451
+ # },
452
+ # symmetric: {
453
+ # initialization_vector: "HexLength16Or32",
454
+ # mode: "ECB", # required, accepts ECB, CBC, CFB, CFB1, CFB8, CFB64, CFB128, OFB
455
+ # padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
456
+ # },
457
+ # },
458
+ # key_identifier: "KeyArnOrKeyAliasType", # required
459
+ # })
460
+ #
461
+ # @example Response structure
462
+ #
463
+ # resp.key_arn #=> String
464
+ # resp.key_check_value #=> String
465
+ # resp.plain_text #=> String
466
+ #
467
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DecryptData AWS API Documentation
468
+ #
469
+ # @overload decrypt_data(params = {})
470
+ # @param [Hash] params ({})
471
+ def decrypt_data(params = {}, options = {})
472
+ req = build_request(:decrypt_data, params)
473
+ req.send_request(options)
474
+ end
475
+
476
+ # Encrypts plaintext data to ciphertext using symmetric, asymmetric, or
477
+ # DUKPT data encryption key. For more information, see [Encrypt data][1]
478
+ # in the *Amazon Web Services Payment Cryptography User Guide*.
479
+ #
480
+ # You can generate an encryption key within Amazon Web Services Payment
481
+ # Cryptography by calling [CreateKey][2]. You can import your own
482
+ # encryption key by calling [ImportKey][3]. For this operation, the key
483
+ # must have `KeyModesOfUse` set to `Encrypt`. In asymmetric encryption,
484
+ # plaintext is encrypted using public component. You can import the
485
+ # public component of an asymmetric key pair created outside Amazon Web
486
+ # Services Payment Cryptography by calling [ImportKey][3]).
487
+ #
488
+ # for symmetric and DUKPT encryption, Amazon Web Services Payment
489
+ # Cryptography supports `TDES` and `AES` algorithms. For asymmetric
490
+ # encryption, Amazon Web Services Payment Cryptography supports `RSA`.
491
+ # To encrypt using DUKPT, you must already have a DUKPT key in your
492
+ # account with `KeyModesOfUse` set to `DeriveKey`, or you can generate a
493
+ # new DUKPT key by calling [CreateKey][2].
494
+ #
495
+ # For information about valid keys for this operation, see
496
+ # [Understanding key attributes][4] and [Key types for specific data
497
+ # operations][5] in the *Amazon Web Services Payment Cryptography User
498
+ # Guide*.
499
+ #
500
+ # **Cross-account use**: This operation can't be used across different
501
+ # Amazon Web Services accounts.
502
+ #
503
+ # **Related operations:**
504
+ #
505
+ # * DecryptData
506
+ #
507
+ # * [GetPublicCertificate][6]
508
+ #
509
+ # * [ImportKey][3]
510
+ #
511
+ # * ReEncryptData
512
+ #
513
+ #
514
+ #
515
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/encrypt-data.html
516
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
517
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
518
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
519
+ # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
520
+ # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
521
+ #
522
+ # @option params [required, Types::EncryptionDecryptionAttributes] :encryption_attributes
523
+ # The encryption key type and attributes for plaintext encryption.
524
+ #
525
+ # @option params [required, String] :key_identifier
526
+ # The `keyARN` of the encryption key that Amazon Web Services Payment
527
+ # Cryptography uses for plaintext encryption.
528
+ #
529
+ # @option params [required, String] :plain_text
530
+ # The plaintext to be encrypted.
531
+ #
532
+ # @return [Types::EncryptDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
533
+ #
534
+ # * {Types::EncryptDataOutput#cipher_text #cipher_text} => String
535
+ # * {Types::EncryptDataOutput#key_arn #key_arn} => String
536
+ # * {Types::EncryptDataOutput#key_check_value #key_check_value} => String
537
+ #
538
+ # @example Request syntax with placeholder values
539
+ #
540
+ # resp = client.encrypt_data({
541
+ # encryption_attributes: { # required
542
+ # asymmetric: {
543
+ # padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
544
+ # },
545
+ # dukpt: {
546
+ # dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
547
+ # dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
548
+ # initialization_vector: "HexLength16Or32",
549
+ # key_serial_number: "HexLengthBetween10And24", # required
550
+ # mode: "ECB", # accepts ECB, CBC
551
+ # },
552
+ # symmetric: {
553
+ # initialization_vector: "HexLength16Or32",
554
+ # mode: "ECB", # required, accepts ECB, CBC, CFB, CFB1, CFB8, CFB64, CFB128, OFB
555
+ # padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
556
+ # },
557
+ # },
558
+ # key_identifier: "KeyArnOrKeyAliasType", # required
559
+ # plain_text: "HexEvenLengthBetween16And4064", # required
560
+ # })
561
+ #
562
+ # @example Response structure
563
+ #
564
+ # resp.cipher_text #=> String
565
+ # resp.key_arn #=> String
566
+ # resp.key_check_value #=> String
567
+ #
568
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/EncryptData AWS API Documentation
569
+ #
570
+ # @overload encrypt_data(params = {})
571
+ # @param [Hash] params ({})
572
+ def encrypt_data(params = {}, options = {})
573
+ req = build_request(:encrypt_data, params)
574
+ req.send_request(options)
575
+ end
576
+
577
+ # Generates card-related validation data using algorithms such as Card
578
+ # Verification Values (CVV/CVV2), Dynamic Card Verification Values
579
+ # (dCVV/dCVV2), or Card Security Codes (CSC). For more information, see
580
+ # [Generate card data][1] in the *Amazon Web Services Payment
581
+ # Cryptography User Guide*.
582
+ #
583
+ # This operation generates a CVV or CSC value that is printed on a
584
+ # payment credit or debit card during card production. The CVV or CSC,
585
+ # PAN (Primary Account Number) and expiration date of the card are
586
+ # required to check its validity during transaction processing. To begin
587
+ # this operation, a CVK (Card Verification Key) encryption key is
588
+ # required. You can use [CreateKey][2] or [ImportKey][3] to establish a
589
+ # CVK within Amazon Web Services Payment Cryptography. The
590
+ # `KeyModesOfUse` should be set to `Generate` and `Verify` for a CVK
591
+ # encryption key.
592
+ #
593
+ # For information about valid keys for this operation, see
594
+ # [Understanding key attributes][4] and [Key types for specific data
595
+ # operations][5] in the *Amazon Web Services Payment Cryptography User
596
+ # Guide*.
597
+ #
598
+ # **Cross-account use**: This operation can't be used across different
599
+ # Amazon Web Services accounts.
600
+ #
601
+ # **Related operations:**
602
+ #
603
+ # * [ImportKey][3]
604
+ #
605
+ # * VerifyCardValidationData
606
+ #
607
+ #
608
+ #
609
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/generate-card-data.html
610
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
611
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
612
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
613
+ # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
614
+ #
615
+ # @option params [required, Types::CardGenerationAttributes] :generation_attributes
616
+ # The algorithm for generating CVV or CSC values for the card within
617
+ # Amazon Web Services Payment Cryptography.
618
+ #
619
+ # @option params [required, String] :key_identifier
620
+ # The `keyARN` of the CVK encryption key that Amazon Web Services
621
+ # Payment Cryptography uses to generate card data.
622
+ #
623
+ # @option params [required, String] :primary_account_number
624
+ # The Primary Account Number (PAN), a unique identifier for a payment
625
+ # credit or debit card that associates the card with a specific account
626
+ # holder.
627
+ #
628
+ # @option params [Integer] :validation_data_length
629
+ # The length of the CVV or CSC to be generated. The default value is 3.
630
+ #
631
+ # @return [Types::GenerateCardValidationDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
632
+ #
633
+ # * {Types::GenerateCardValidationDataOutput#key_arn #key_arn} => String
634
+ # * {Types::GenerateCardValidationDataOutput#key_check_value #key_check_value} => String
635
+ # * {Types::GenerateCardValidationDataOutput#validation_data #validation_data} => String
636
+ #
637
+ # @example Request syntax with placeholder values
638
+ #
639
+ # resp = client.generate_card_validation_data({
640
+ # generation_attributes: { # required
641
+ # amex_card_security_code_version_1: {
642
+ # card_expiry_date: "NumberLengthEquals4", # required
643
+ # },
644
+ # amex_card_security_code_version_2: {
645
+ # card_expiry_date: "NumberLengthEquals4", # required
646
+ # service_code: "NumberLengthEquals3", # required
647
+ # },
648
+ # card_holder_verification_value: {
649
+ # application_transaction_counter: "HexLengthBetween2And4", # required
650
+ # pan_sequence_number: "HexLengthEquals2", # required
651
+ # unpredictable_number: "HexLengthBetween2And8", # required
652
+ # },
653
+ # card_verification_value_1: {
654
+ # card_expiry_date: "NumberLengthEquals4", # required
655
+ # service_code: "NumberLengthEquals3", # required
656
+ # },
657
+ # card_verification_value_2: {
658
+ # card_expiry_date: "NumberLengthEquals4", # required
659
+ # },
660
+ # dynamic_card_verification_code: {
661
+ # application_transaction_counter: "HexLengthBetween2And4", # required
662
+ # pan_sequence_number: "HexLengthEquals2", # required
663
+ # track_data: "HexLengthBetween2And160", # required
664
+ # unpredictable_number: "HexLengthBetween2And8", # required
665
+ # },
666
+ # dynamic_card_verification_value: {
667
+ # application_transaction_counter: "HexLengthBetween2And4", # required
668
+ # card_expiry_date: "NumberLengthEquals4", # required
669
+ # pan_sequence_number: "HexLengthEquals2", # required
670
+ # service_code: "NumberLengthEquals3", # required
671
+ # },
672
+ # },
673
+ # key_identifier: "KeyArnOrKeyAliasType", # required
674
+ # primary_account_number: "NumberLengthBetween12And19", # required
675
+ # validation_data_length: 1,
676
+ # })
677
+ #
678
+ # @example Response structure
679
+ #
680
+ # resp.key_arn #=> String
681
+ # resp.key_check_value #=> String
682
+ # resp.validation_data #=> String
683
+ #
684
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateCardValidationData AWS API Documentation
685
+ #
686
+ # @overload generate_card_validation_data(params = {})
687
+ # @param [Hash] params ({})
688
+ def generate_card_validation_data(params = {}, options = {})
689
+ req = build_request(:generate_card_validation_data, params)
690
+ req.send_request(options)
691
+ end
692
+
693
+ # Generates a Message Authentication Code (MAC) cryptogram within Amazon
694
+ # Web Services Payment Cryptography.
695
+ #
696
+ # You can use this operation when keys won't be shared but mutual data
697
+ # is present on both ends for validation. In this case, known data
698
+ # values are used to generate a MAC on both ends for comparision without
699
+ # sending or receiving data in ciphertext or plaintext. You can use this
700
+ # operation to generate a DUPKT, HMAC or EMV MAC by setting generation
701
+ # attributes and algorithm to the associated values. The MAC generation
702
+ # encryption key must have valid values for `KeyUsage` such as
703
+ # `TR31_M7_HMAC_KEY` for HMAC generation, and they key must have
704
+ # `KeyModesOfUse` set to `Generate` and `Verify`.
705
+ #
706
+ # For information about valid keys for this operation, see
707
+ # [Understanding key attributes][1] and [Key types for specific data
708
+ # operations][2] in the *Amazon Web Services Payment Cryptography User
709
+ # Guide*.
710
+ #
711
+ # **Cross-account use**: This operation can't be used across different
712
+ # Amazon Web Services accounts.
713
+ #
714
+ # **Related operations:**
715
+ #
716
+ # * VerifyMac
717
+ #
718
+ # ^
719
+ #
720
+ #
721
+ #
722
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
723
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
724
+ #
725
+ # @option params [required, Types::MacAttributes] :generation_attributes
726
+ # The attributes and data values to use for MAC generation within Amazon
727
+ # Web Services Payment Cryptography.
728
+ #
729
+ # @option params [required, String] :key_identifier
730
+ # The `keyARN` of the MAC generation encryption key.
731
+ #
732
+ # @option params [Integer] :mac_length
733
+ # The length of a MAC under generation.
734
+ #
735
+ # @option params [required, String] :message_data
736
+ # The data for which a MAC is under generation.
737
+ #
738
+ # @return [Types::GenerateMacOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
739
+ #
740
+ # * {Types::GenerateMacOutput#key_arn #key_arn} => String
741
+ # * {Types::GenerateMacOutput#key_check_value #key_check_value} => String
742
+ # * {Types::GenerateMacOutput#mac #mac} => String
743
+ #
744
+ # @example Request syntax with placeholder values
745
+ #
746
+ # resp = client.generate_mac({
747
+ # generation_attributes: { # required
748
+ # algorithm: "ISO9797_ALGORITHM1", # accepts ISO9797_ALGORITHM1, ISO9797_ALGORITHM3, CMAC, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512
749
+ # dukpt_cmac: {
750
+ # dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
751
+ # dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
752
+ # key_serial_number: "HexLengthBetween10And24", # required
753
+ # },
754
+ # dukpt_iso_9797_algorithm_1: {
755
+ # dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
756
+ # dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
757
+ # key_serial_number: "HexLengthBetween10And24", # required
758
+ # },
759
+ # dukpt_iso_9797_algorithm_3: {
760
+ # dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
761
+ # dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
762
+ # key_serial_number: "HexLengthBetween10And24", # required
763
+ # },
764
+ # emv_mac: {
765
+ # major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
766
+ # pan_sequence_number: "HexLengthEquals2", # required
767
+ # primary_account_number: "NumberLengthBetween12And19", # required
768
+ # session_key_derivation_mode: "EMV_COMMON_SESSION_KEY", # required, accepts EMV_COMMON_SESSION_KEY, EMV2000, AMEX, MASTERCARD_SESSION_KEY, VISA
769
+ # session_key_derivation_value: { # required
770
+ # application_cryptogram: "HexLengthEquals16",
771
+ # application_transaction_counter: "HexLengthBetween2And4",
772
+ # },
773
+ # },
774
+ # },
775
+ # key_identifier: "KeyArnOrKeyAliasType", # required
776
+ # mac_length: 1,
777
+ # message_data: "HexLengthBetween2And4096", # required
778
+ # })
779
+ #
780
+ # @example Response structure
781
+ #
782
+ # resp.key_arn #=> String
783
+ # resp.key_check_value #=> String
784
+ # resp.mac #=> String
785
+ #
786
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateMac AWS API Documentation
787
+ #
788
+ # @overload generate_mac(params = {})
789
+ # @param [Hash] params ({})
790
+ def generate_mac(params = {}, options = {})
791
+ req = build_request(:generate_mac, params)
792
+ req.send_request(options)
793
+ end
794
+
795
+ # Generates pin-related data such as PIN, PIN Verification Value (PVV),
796
+ # PIN Block, and PIN Offset during new card issuance or reissuance. For
797
+ # more information, see [Generate PIN data][1] in the *Amazon Web
798
+ # Services Payment Cryptography User Guide*.
799
+ #
800
+ # PIN data is never transmitted in clear to or from Amazon Web Services
801
+ # Payment Cryptography. This operation generates PIN, PVV, or PIN Offset
802
+ # and then encrypts it using Pin Encryption Key (PEK) to create an
803
+ # `EncryptedPinBlock` for transmission from Amazon Web Services Payment
804
+ # Cryptography. This operation uses a separate Pin Verification Key
805
+ # (PVK) for VISA PVV generation.
806
+ #
807
+ # For information about valid keys for this operation, see
808
+ # [Understanding key attributes][2] and [Key types for specific data
809
+ # operations][3] in the *Amazon Web Services Payment Cryptography User
810
+ # Guide*.
811
+ #
812
+ # **Cross-account use**: This operation can't be used across different
813
+ # Amazon Web Services accounts.
814
+ #
815
+ # **Related operations:**
816
+ #
817
+ # * GenerateCardValidationData
818
+ #
819
+ # * TranslatePinData
820
+ #
821
+ # * VerifyPinData
822
+ #
823
+ #
824
+ #
825
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/generate-pin-data.html
826
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
827
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
828
+ #
829
+ # @option params [required, String] :encryption_key_identifier
830
+ # The `keyARN` of the PEK that Amazon Web Services Payment Cryptography
831
+ # uses to encrypt the PIN Block.
832
+ #
833
+ # @option params [required, Types::PinGenerationAttributes] :generation_attributes
834
+ # The attributes and values to use for PIN, PVV, or PIN Offset
835
+ # generation.
836
+ #
837
+ # @option params [required, String] :generation_key_identifier
838
+ # The `keyARN` of the PEK that Amazon Web Services Payment Cryptography
839
+ # uses for pin data generation.
840
+ #
841
+ # @option params [required, String] :pin_block_format
842
+ # The PIN encoding format for pin data generation as specified in ISO
843
+ # 9564. Amazon Web Services Payment Cryptography supports `ISO_Format_0`
844
+ # and `ISO_Format_3`.
845
+ #
846
+ # The `ISO_Format_0` PIN block format is equivalent to the ANSI X9.8,
847
+ # VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN
848
+ # block format. It supports a PIN from 4 to 12 digits in length.
849
+ #
850
+ # The `ISO_Format_3` PIN block format is the same as `ISO_Format_0`
851
+ # except that the fill digits are random values from 10 to 15.
852
+ #
853
+ # @option params [Integer] :pin_data_length
854
+ # The length of PIN under generation.
855
+ #
856
+ # @option params [required, String] :primary_account_number
857
+ # The Primary Account Number (PAN), a unique identifier for a payment
858
+ # credit or debit card that associates the card with a specific account
859
+ # holder.
860
+ #
861
+ # @return [Types::GeneratePinDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
862
+ #
863
+ # * {Types::GeneratePinDataOutput#encrypted_pin_block #encrypted_pin_block} => String
864
+ # * {Types::GeneratePinDataOutput#encryption_key_arn #encryption_key_arn} => String
865
+ # * {Types::GeneratePinDataOutput#encryption_key_check_value #encryption_key_check_value} => String
866
+ # * {Types::GeneratePinDataOutput#generation_key_arn #generation_key_arn} => String
867
+ # * {Types::GeneratePinDataOutput#generation_key_check_value #generation_key_check_value} => String
868
+ # * {Types::GeneratePinDataOutput#pin_data #pin_data} => Types::PinData
869
+ #
870
+ # @example Request syntax with placeholder values
871
+ #
872
+ # resp = client.generate_pin_data({
873
+ # encryption_key_identifier: "KeyArnOrKeyAliasType", # required
874
+ # generation_attributes: { # required
875
+ # ibm_3624_natural_pin: {
876
+ # decimalization_table: "NumberLengthEquals16", # required
877
+ # pin_validation_data: "NumberLengthBetween4And16", # required
878
+ # pin_validation_data_pad_character: "HexLengthEquals1", # required
879
+ # },
880
+ # ibm_3624_pin_from_offset: {
881
+ # decimalization_table: "NumberLengthEquals16", # required
882
+ # pin_offset: "NumberLengthBetween4And12", # required
883
+ # pin_validation_data: "NumberLengthBetween4And16", # required
884
+ # pin_validation_data_pad_character: "HexLengthEquals1", # required
885
+ # },
886
+ # ibm_3624_pin_offset: {
887
+ # decimalization_table: "NumberLengthEquals16", # required
888
+ # encrypted_pin_block: "HexLengthBetween16And32", # required
889
+ # pin_validation_data: "NumberLengthBetween4And16", # required
890
+ # pin_validation_data_pad_character: "HexLengthEquals1", # required
891
+ # },
892
+ # ibm_3624_random_pin: {
893
+ # decimalization_table: "NumberLengthEquals16", # required
894
+ # pin_validation_data: "NumberLengthBetween4And16", # required
895
+ # pin_validation_data_pad_character: "HexLengthEquals1", # required
896
+ # },
897
+ # visa_pin: {
898
+ # pin_verification_key_index: 1, # required
899
+ # },
900
+ # visa_pin_verification_value: {
901
+ # encrypted_pin_block: "HexLengthBetween16And32", # required
902
+ # pin_verification_key_index: 1, # required
903
+ # },
904
+ # },
905
+ # generation_key_identifier: "KeyArnOrKeyAliasType", # required
906
+ # pin_block_format: "ISO_FORMAT_0", # required, accepts ISO_FORMAT_0, ISO_FORMAT_3
907
+ # pin_data_length: 1,
908
+ # primary_account_number: "NumberLengthBetween12And19", # required
909
+ # })
910
+ #
911
+ # @example Response structure
912
+ #
913
+ # resp.encrypted_pin_block #=> String
914
+ # resp.encryption_key_arn #=> String
915
+ # resp.encryption_key_check_value #=> String
916
+ # resp.generation_key_arn #=> String
917
+ # resp.generation_key_check_value #=> String
918
+ # resp.pin_data.pin_offset #=> String
919
+ # resp.pin_data.verification_value #=> String
920
+ #
921
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GeneratePinData AWS API Documentation
922
+ #
923
+ # @overload generate_pin_data(params = {})
924
+ # @param [Hash] params ({})
925
+ def generate_pin_data(params = {}, options = {})
926
+ req = build_request(:generate_pin_data, params)
927
+ req.send_request(options)
928
+ end
929
+
930
+ # Re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data
931
+ # Encryption Keys.
932
+ #
933
+ # You can either generate an encryption key within Amazon Web Services
934
+ # Payment Cryptography by calling [CreateKey][1] or import your own
935
+ # encryption key by calling [ImportKey][2]. The `KeyArn` for use with
936
+ # this operation must be in a compatible key state with `KeyModesOfUse`
937
+ # set to `Encrypt`. In asymmetric encryption, ciphertext is encrypted
938
+ # using public component (imported by calling [ImportKey][2]) of the
939
+ # asymmetric key pair created outside of Amazon Web Services Payment
940
+ # Cryptography.
941
+ #
942
+ # For symmetric and DUKPT encryption, Amazon Web Services Payment
943
+ # Cryptography supports `TDES` and `AES` algorithms. For asymmetric
944
+ # encryption, Amazon Web Services Payment Cryptography supports `RSA`.
945
+ # To encrypt using DUKPT, a DUKPT key must already exist within your
946
+ # account with `KeyModesOfUse` set to `DeriveKey` or a new DUKPT can be
947
+ # generated by calling [CreateKey][1].
948
+ #
949
+ # For information about valid keys for this operation, see
950
+ # [Understanding key attributes][3] and [Key types for specific data
951
+ # operations][4] in the *Amazon Web Services Payment Cryptography User
952
+ # Guide*.
953
+ #
954
+ # **Cross-account use**: This operation can't be used across different
955
+ # Amazon Web Services accounts.
956
+ #
957
+ # **Related operations:**
958
+ #
959
+ # * DecryptData
960
+ #
961
+ # * EncryptData
962
+ #
963
+ # * [GetPublicCertificate][5]
964
+ #
965
+ # * [ImportKey][2]
966
+ #
967
+ #
968
+ #
969
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
970
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
971
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
972
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
973
+ # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
974
+ #
975
+ # @option params [required, String] :cipher_text
976
+ # Ciphertext to be encrypted. The minimum allowed length is 16 bytes and
977
+ # maximum allowed length is 4096 bytes.
978
+ #
979
+ # @option params [required, Types::ReEncryptionAttributes] :incoming_encryption_attributes
980
+ # The attributes and values for incoming ciphertext.
981
+ #
982
+ # @option params [required, String] :incoming_key_identifier
983
+ # The `keyARN` of the encryption key of incoming ciphertext data.
984
+ #
985
+ # @option params [required, Types::ReEncryptionAttributes] :outgoing_encryption_attributes
986
+ # The attributes and values for outgoing ciphertext data after
987
+ # encryption by Amazon Web Services Payment Cryptography.
988
+ #
989
+ # @option params [required, String] :outgoing_key_identifier
990
+ # The `keyARN` of the encryption key of outgoing ciphertext data after
991
+ # encryption by Amazon Web Services Payment Cryptography.
992
+ #
993
+ # @return [Types::ReEncryptDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
994
+ #
995
+ # * {Types::ReEncryptDataOutput#cipher_text #cipher_text} => String
996
+ # * {Types::ReEncryptDataOutput#key_arn #key_arn} => String
997
+ # * {Types::ReEncryptDataOutput#key_check_value #key_check_value} => String
998
+ #
999
+ # @example Request syntax with placeholder values
1000
+ #
1001
+ # resp = client.re_encrypt_data({
1002
+ # cipher_text: "HexEvenLengthBetween16And4096", # required
1003
+ # incoming_encryption_attributes: { # required
1004
+ # dukpt: {
1005
+ # dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
1006
+ # dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
1007
+ # initialization_vector: "HexLength16Or32",
1008
+ # key_serial_number: "HexLengthBetween10And24", # required
1009
+ # mode: "ECB", # accepts ECB, CBC
1010
+ # },
1011
+ # symmetric: {
1012
+ # initialization_vector: "HexLength16Or32",
1013
+ # mode: "ECB", # required, accepts ECB, CBC, CFB, CFB1, CFB8, CFB64, CFB128, OFB
1014
+ # padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
1015
+ # },
1016
+ # },
1017
+ # incoming_key_identifier: "KeyArnOrKeyAliasType", # required
1018
+ # outgoing_encryption_attributes: { # required
1019
+ # dukpt: {
1020
+ # dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
1021
+ # dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
1022
+ # initialization_vector: "HexLength16Or32",
1023
+ # key_serial_number: "HexLengthBetween10And24", # required
1024
+ # mode: "ECB", # accepts ECB, CBC
1025
+ # },
1026
+ # symmetric: {
1027
+ # initialization_vector: "HexLength16Or32",
1028
+ # mode: "ECB", # required, accepts ECB, CBC, CFB, CFB1, CFB8, CFB64, CFB128, OFB
1029
+ # padding_type: "PKCS1", # accepts PKCS1, OAEP_SHA1, OAEP_SHA256, OAEP_SHA512
1030
+ # },
1031
+ # },
1032
+ # outgoing_key_identifier: "KeyArnOrKeyAliasType", # required
1033
+ # })
1034
+ #
1035
+ # @example Response structure
1036
+ #
1037
+ # resp.cipher_text #=> String
1038
+ # resp.key_arn #=> String
1039
+ # resp.key_check_value #=> String
1040
+ #
1041
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/ReEncryptData AWS API Documentation
1042
+ #
1043
+ # @overload re_encrypt_data(params = {})
1044
+ # @param [Hash] params ({})
1045
+ def re_encrypt_data(params = {}, options = {})
1046
+ req = build_request(:re_encrypt_data, params)
1047
+ req.send_request(options)
1048
+ end
1049
+
1050
+ # Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4.
1051
+ # For more information, see [Translate PIN data][1] in the *Amazon Web
1052
+ # Services Payment Cryptography User Guide*.
1053
+ #
1054
+ # PIN block translation involves changing the encrytion of PIN block
1055
+ # from one encryption key to another encryption key and changing PIN
1056
+ # block format from one to another without PIN block data leaving Amazon
1057
+ # Web Services Payment Cryptography. The encryption key transformation
1058
+ # can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for
1059
+ # DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment
1060
+ # Cryptography supports `TDES` and `AES` key derivation type for DUKPT
1061
+ # tranlations. You can use this operation for P2PE (Point to Point
1062
+ # Encryption) use cases where the encryption keys should change but the
1063
+ # processing system either does not need to, or is not permitted to,
1064
+ # decrypt the data.
1065
+ #
1066
+ # The allowed combinations of PIN block format translations are guided
1067
+ # by PCI. It is important to note that not all encrypted PIN block
1068
+ # formats (example, format 1) require PAN (Primary Account Number) as
1069
+ # input. And as such, PIN block format that requires PAN (example,
1070
+ # formats 0,3,4) cannot be translated to a format (format 1) that does
1071
+ # not require a PAN for generation.
1072
+ #
1073
+ # For information about valid keys for this operation, see
1074
+ # [Understanding key attributes][2] and [Key types for specific data
1075
+ # operations][3] in the *Amazon Web Services Payment Cryptography User
1076
+ # Guide*.
1077
+ #
1078
+ # <note markdown="1"> At this time, Amazon Web Services Payment Cryptography does not
1079
+ # support translations to PIN format 4.
1080
+ #
1081
+ # </note>
1082
+ #
1083
+ # **Cross-account use**: This operation can't be used across different
1084
+ # Amazon Web Services accounts.
1085
+ #
1086
+ # **Related operations:**
1087
+ #
1088
+ # * GeneratePinData
1089
+ #
1090
+ # * VerifyPinData
1091
+ #
1092
+ #
1093
+ #
1094
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/translate-pin-data.html
1095
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
1096
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
1097
+ #
1098
+ # @option params [required, String] :encrypted_pin_block
1099
+ # The encrypted PIN block data that Amazon Web Services Payment
1100
+ # Cryptography translates.
1101
+ #
1102
+ # @option params [Types::DukptDerivationAttributes] :incoming_dukpt_attributes
1103
+ # The attributes and values to use for incoming DUKPT encryption key for
1104
+ # PIN block tranlation.
1105
+ #
1106
+ # @option params [required, String] :incoming_key_identifier
1107
+ # The `keyARN` of the encryption key under which incoming PIN block data
1108
+ # is encrypted. This key type can be PEK or BDK.
1109
+ #
1110
+ # @option params [required, Types::TranslationIsoFormats] :incoming_translation_attributes
1111
+ # The format of the incoming PIN block data for tranlation within Amazon
1112
+ # Web Services Payment Cryptography.
1113
+ #
1114
+ # @option params [Types::DukptDerivationAttributes] :outgoing_dukpt_attributes
1115
+ # The attributes and values to use for outgoing DUKPT encryption key
1116
+ # after PIN block translation.
1117
+ #
1118
+ # @option params [required, String] :outgoing_key_identifier
1119
+ # The `keyARN` of the encryption key for encrypting outgoing PIN block
1120
+ # data. This key type can be PEK or BDK.
1121
+ #
1122
+ # @option params [required, Types::TranslationIsoFormats] :outgoing_translation_attributes
1123
+ # The format of the outgoing PIN block data after tranlation by Amazon
1124
+ # Web Services Payment Cryptography.
1125
+ #
1126
+ # @return [Types::TranslatePinDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1127
+ #
1128
+ # * {Types::TranslatePinDataOutput#key_arn #key_arn} => String
1129
+ # * {Types::TranslatePinDataOutput#key_check_value #key_check_value} => String
1130
+ # * {Types::TranslatePinDataOutput#pin_block #pin_block} => String
1131
+ #
1132
+ # @example Request syntax with placeholder values
1133
+ #
1134
+ # resp = client.translate_pin_data({
1135
+ # encrypted_pin_block: "HexLengthBetween16And32", # required
1136
+ # incoming_dukpt_attributes: {
1137
+ # dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
1138
+ # dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
1139
+ # key_serial_number: "HexLengthBetween10And24", # required
1140
+ # },
1141
+ # incoming_key_identifier: "KeyArnOrKeyAliasType", # required
1142
+ # incoming_translation_attributes: { # required
1143
+ # iso_format_0: {
1144
+ # primary_account_number: "NumberLengthBetween12And19", # required
1145
+ # },
1146
+ # iso_format_1: {
1147
+ # },
1148
+ # iso_format_3: {
1149
+ # primary_account_number: "NumberLengthBetween12And19", # required
1150
+ # },
1151
+ # iso_format_4: {
1152
+ # primary_account_number: "NumberLengthBetween12And19", # required
1153
+ # },
1154
+ # },
1155
+ # outgoing_dukpt_attributes: {
1156
+ # dukpt_key_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
1157
+ # dukpt_key_variant: "BIDIRECTIONAL", # accepts BIDIRECTIONAL, REQUEST, RESPONSE
1158
+ # key_serial_number: "HexLengthBetween10And24", # required
1159
+ # },
1160
+ # outgoing_key_identifier: "KeyArnOrKeyAliasType", # required
1161
+ # outgoing_translation_attributes: { # required
1162
+ # iso_format_0: {
1163
+ # primary_account_number: "NumberLengthBetween12And19", # required
1164
+ # },
1165
+ # iso_format_1: {
1166
+ # },
1167
+ # iso_format_3: {
1168
+ # primary_account_number: "NumberLengthBetween12And19", # required
1169
+ # },
1170
+ # iso_format_4: {
1171
+ # primary_account_number: "NumberLengthBetween12And19", # required
1172
+ # },
1173
+ # },
1174
+ # })
1175
+ #
1176
+ # @example Response structure
1177
+ #
1178
+ # resp.key_arn #=> String
1179
+ # resp.key_check_value #=> String
1180
+ # resp.pin_block #=> String
1181
+ #
1182
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslatePinData AWS API Documentation
1183
+ #
1184
+ # @overload translate_pin_data(params = {})
1185
+ # @param [Hash] params ({})
1186
+ def translate_pin_data(params = {}, options = {})
1187
+ req = build_request(:translate_pin_data, params)
1188
+ req.send_request(options)
1189
+ end
1190
+
1191
+ # Verifies Authorization Request Cryptogram (ARQC) for a EMV chip
1192
+ # payment card authorization. For more information, see [Verify auth
1193
+ # request cryptogram][1] in the *Amazon Web Services Payment
1194
+ # Cryptography User Guide*.
1195
+ #
1196
+ # ARQC generation is done outside of Amazon Web Services Payment
1197
+ # Cryptography and is typically generated on a point of sale terminal
1198
+ # for an EMV chip card to obtain payment authorization during
1199
+ # transaction time. For ARQC verification, you must first import the
1200
+ # ARQC generated outside of Amazon Web Services Payment Cryptography by
1201
+ # calling [ImportKey][2]. This operation uses the imported ARQC and an
1202
+ # major encryption key (DUKPT) created by calling [CreateKey][3] to
1203
+ # either provide a boolean ARQC verification result or provide an APRC
1204
+ # (Authorization Response Cryptogram) response using Method 1 or Method
1205
+ # 2. The `ARPC_METHOD_1` uses `AuthResponseCode` to generate ARPC and
1206
+ # `ARPC_METHOD_2` uses `CardStatusUpdate` to generate ARPC.
1207
+ #
1208
+ # For information about valid keys for this operation, see
1209
+ # [Understanding key attributes][4] and [Key types for specific data
1210
+ # operations][5] in the *Amazon Web Services Payment Cryptography User
1211
+ # Guide*.
1212
+ #
1213
+ # **Cross-account use**: This operation can't be used across different
1214
+ # Amazon Web Services accounts.
1215
+ #
1216
+ # **Related operations:**
1217
+ #
1218
+ # * VerifyCardValidationData
1219
+ #
1220
+ # * VerifyPinData
1221
+ #
1222
+ #
1223
+ #
1224
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/data-operations.verifyauthrequestcryptogram.html
1225
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
1226
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
1227
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
1228
+ # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
1229
+ #
1230
+ # @option params [required, String] :auth_request_cryptogram
1231
+ # The auth request cryptogram imported into Amazon Web Services Payment
1232
+ # Cryptography for ARQC verification using a major encryption key and
1233
+ # transaction data.
1234
+ #
1235
+ # @option params [Types::CryptogramAuthResponse] :auth_response_attributes
1236
+ # The attributes and values for auth request cryptogram verification.
1237
+ # These parameters are required in case using ARPC Method 1 or Method 2
1238
+ # for ARQC verification.
1239
+ #
1240
+ # @option params [required, String] :key_identifier
1241
+ # The `keyARN` of the major encryption key that Amazon Web Services
1242
+ # Payment Cryptography uses for ARQC verification.
1243
+ #
1244
+ # @option params [required, String] :major_key_derivation_mode
1245
+ # The method to use when deriving the major encryption key for ARQC
1246
+ # verification within Amazon Web Services Payment Cryptography. The same
1247
+ # key derivation mode was used for ARQC generation outside of Amazon Web
1248
+ # Services Payment Cryptography.
1249
+ #
1250
+ # @option params [required, Types::SessionKeyDerivation] :session_key_derivation_attributes
1251
+ # The attributes and values to use for deriving a session key for ARQC
1252
+ # verification within Amazon Web Services Payment Cryptography. The same
1253
+ # attributes were used for ARQC generation outside of Amazon Web
1254
+ # Services Payment Cryptography.
1255
+ #
1256
+ # @option params [required, String] :transaction_data
1257
+ # The transaction data that Amazon Web Services Payment Cryptography
1258
+ # uses for ARQC verification. The same transaction is used for ARQC
1259
+ # generation outside of Amazon Web Services Payment Cryptography.
1260
+ #
1261
+ # @return [Types::VerifyAuthRequestCryptogramOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1262
+ #
1263
+ # * {Types::VerifyAuthRequestCryptogramOutput#auth_response_value #auth_response_value} => String
1264
+ # * {Types::VerifyAuthRequestCryptogramOutput#key_arn #key_arn} => String
1265
+ # * {Types::VerifyAuthRequestCryptogramOutput#key_check_value #key_check_value} => String
1266
+ #
1267
+ # @example Request syntax with placeholder values
1268
+ #
1269
+ # resp = client.verify_auth_request_cryptogram({
1270
+ # auth_request_cryptogram: "HexLengthEquals16", # required
1271
+ # auth_response_attributes: {
1272
+ # arpc_method_1: {
1273
+ # auth_response_code: "HexLengthEquals4", # required
1274
+ # },
1275
+ # arpc_method_2: {
1276
+ # card_status_update: "HexLengthEquals8", # required
1277
+ # proprietary_authentication_data: "HexLengthBetween1And16",
1278
+ # },
1279
+ # },
1280
+ # key_identifier: "KeyArnOrKeyAliasType", # required
1281
+ # major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
1282
+ # session_key_derivation_attributes: { # required
1283
+ # amex: {
1284
+ # pan_sequence_number: "HexLengthEquals2", # required
1285
+ # primary_account_number: "NumberLengthBetween12And19", # required
1286
+ # },
1287
+ # emv_2000: {
1288
+ # application_transaction_counter: "HexLengthBetween2And4", # required
1289
+ # pan_sequence_number: "HexLengthEquals2", # required
1290
+ # primary_account_number: "NumberLengthBetween12And19", # required
1291
+ # },
1292
+ # emv_common: {
1293
+ # application_transaction_counter: "HexLengthBetween2And4", # required
1294
+ # pan_sequence_number: "HexLengthEquals2", # required
1295
+ # primary_account_number: "NumberLengthBetween12And19", # required
1296
+ # },
1297
+ # mastercard: {
1298
+ # application_transaction_counter: "HexLengthBetween2And4", # required
1299
+ # pan_sequence_number: "HexLengthEquals2", # required
1300
+ # primary_account_number: "NumberLengthBetween12And19", # required
1301
+ # unpredictable_number: "HexLengthBetween2And8", # required
1302
+ # },
1303
+ # visa: {
1304
+ # pan_sequence_number: "HexLengthEquals2", # required
1305
+ # primary_account_number: "NumberLengthBetween12And19", # required
1306
+ # },
1307
+ # },
1308
+ # transaction_data: "HexLengthBetween2And1024", # required
1309
+ # })
1310
+ #
1311
+ # @example Response structure
1312
+ #
1313
+ # resp.auth_response_value #=> String
1314
+ # resp.key_arn #=> String
1315
+ # resp.key_check_value #=> String
1316
+ #
1317
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyAuthRequestCryptogram AWS API Documentation
1318
+ #
1319
+ # @overload verify_auth_request_cryptogram(params = {})
1320
+ # @param [Hash] params ({})
1321
+ def verify_auth_request_cryptogram(params = {}, options = {})
1322
+ req = build_request(:verify_auth_request_cryptogram, params)
1323
+ req.send_request(options)
1324
+ end
1325
+
1326
+ # Verifies card-related validation data using algorithms such as Card
1327
+ # Verification Values (CVV/CVV2), Dynamic Card Verification Values
1328
+ # (dCVV/dCVV2) and Card Security Codes (CSC). For more information, see
1329
+ # [Verify card data][1] in the *Amazon Web Services Payment Cryptography
1330
+ # User Guide*.
1331
+ #
1332
+ # This operation validates the CVV or CSC codes that is printed on a
1333
+ # payment credit or debit card during card payment transaction. The
1334
+ # input values are typically provided as part of an inbound transaction
1335
+ # to an issuer or supporting platform partner. Amazon Web Services
1336
+ # Payment Cryptography uses CVV or CSC, PAN (Primary Account Number) and
1337
+ # expiration date of the card to check its validity during transaction
1338
+ # processing. In this operation, the CVK (Card Verification Key)
1339
+ # encryption key for use with card data verification is same as the one
1340
+ # in used for GenerateCardValidationData.
1341
+ #
1342
+ # For information about valid keys for this operation, see
1343
+ # [Understanding key attributes][2] and [Key types for specific data
1344
+ # operations][3] in the *Amazon Web Services Payment Cryptography User
1345
+ # Guide*.
1346
+ #
1347
+ # **Cross-account use**: This operation can't be used across different
1348
+ # Amazon Web Services accounts.
1349
+ #
1350
+ # **Related operations:**
1351
+ #
1352
+ # * GenerateCardValidationData
1353
+ #
1354
+ # * VerifyAuthRequestCryptogram
1355
+ #
1356
+ # * VerifyPinData
1357
+ #
1358
+ #
1359
+ #
1360
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/verify-card-data.html
1361
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
1362
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
1363
+ #
1364
+ # @option params [required, String] :key_identifier
1365
+ # The `keyARN` of the CVK encryption key that Amazon Web Services
1366
+ # Payment Cryptography uses to verify card data.
1367
+ #
1368
+ # @option params [required, String] :primary_account_number
1369
+ # The Primary Account Number (PAN), a unique identifier for a payment
1370
+ # credit or debit card that associates the card with a specific account
1371
+ # holder.
1372
+ #
1373
+ # @option params [required, String] :validation_data
1374
+ # The CVV or CSC value for use for card data verification within Amazon
1375
+ # Web Services Payment Cryptography.
1376
+ #
1377
+ # @option params [required, Types::CardVerificationAttributes] :verification_attributes
1378
+ # The algorithm to use for verification of card data within Amazon Web
1379
+ # Services Payment Cryptography.
1380
+ #
1381
+ # @return [Types::VerifyCardValidationDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1382
+ #
1383
+ # * {Types::VerifyCardValidationDataOutput#key_arn #key_arn} => String
1384
+ # * {Types::VerifyCardValidationDataOutput#key_check_value #key_check_value} => String
1385
+ #
1386
+ # @example Request syntax with placeholder values
1387
+ #
1388
+ # resp = client.verify_card_validation_data({
1389
+ # key_identifier: "KeyArnOrKeyAliasType", # required
1390
+ # primary_account_number: "NumberLengthBetween12And19", # required
1391
+ # validation_data: "NumberLengthBetween3And5", # required
1392
+ # verification_attributes: { # required
1393
+ # amex_card_security_code_version_1: {
1394
+ # card_expiry_date: "NumberLengthEquals4", # required
1395
+ # },
1396
+ # amex_card_security_code_version_2: {
1397
+ # card_expiry_date: "NumberLengthEquals4", # required
1398
+ # service_code: "NumberLengthEquals3", # required
1399
+ # },
1400
+ # card_holder_verification_value: {
1401
+ # application_transaction_counter: "HexLengthBetween2And4", # required
1402
+ # pan_sequence_number: "HexLengthEquals2", # required
1403
+ # unpredictable_number: "HexLengthBetween2And8", # required
1404
+ # },
1405
+ # card_verification_value_1: {
1406
+ # card_expiry_date: "NumberLengthEquals4", # required
1407
+ # service_code: "NumberLengthEquals3", # required
1408
+ # },
1409
+ # card_verification_value_2: {
1410
+ # card_expiry_date: "NumberLengthEquals4", # required
1411
+ # },
1412
+ # discover_dynamic_card_verification_code: {
1413
+ # application_transaction_counter: "HexLengthBetween2And4", # required
1414
+ # card_expiry_date: "NumberLengthEquals4", # required
1415
+ # unpredictable_number: "HexLengthBetween2And8", # required
1416
+ # },
1417
+ # dynamic_card_verification_code: {
1418
+ # application_transaction_counter: "HexLengthBetween2And4", # required
1419
+ # pan_sequence_number: "HexLengthEquals2", # required
1420
+ # track_data: "HexLengthBetween2And160", # required
1421
+ # unpredictable_number: "HexLengthBetween2And8", # required
1422
+ # },
1423
+ # dynamic_card_verification_value: {
1424
+ # application_transaction_counter: "HexLengthBetween2And4", # required
1425
+ # card_expiry_date: "NumberLengthEquals4", # required
1426
+ # pan_sequence_number: "HexLengthEquals2", # required
1427
+ # service_code: "NumberLengthEquals3", # required
1428
+ # },
1429
+ # },
1430
+ # })
1431
+ #
1432
+ # @example Response structure
1433
+ #
1434
+ # resp.key_arn #=> String
1435
+ # resp.key_check_value #=> String
1436
+ #
1437
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyCardValidationData AWS API Documentation
1438
+ #
1439
+ # @overload verify_card_validation_data(params = {})
1440
+ # @param [Hash] params ({})
1441
+ def verify_card_validation_data(params = {}, options = {})
1442
+ req = build_request(:verify_card_validation_data, params)
1443
+ req.send_request(options)
1444
+ end
1445
+
1446
+ # Verifies a Message Authentication Code (MAC).
1447
+ #
1448
+ # You can use this operation when keys won't be shared but mutual data
1449
+ # is present on both ends for validation. In this case, known data
1450
+ # values are used to generate a MAC on both ends for verification
1451
+ # without sending or receiving data in ciphertext or plaintext. You can
1452
+ # use this operation to verify a DUPKT, HMAC or EMV MAC by setting
1453
+ # generation attributes and algorithm to the associated values. Use the
1454
+ # same encryption key for MAC verification as you use for GenerateMac.
1455
+ #
1456
+ # For information about valid keys for this operation, see
1457
+ # [Understanding key attributes][1] and [Key types for specific data
1458
+ # operations][2] in the *Amazon Web Services Payment Cryptography User
1459
+ # Guide*.
1460
+ #
1461
+ # **Cross-account use**: This operation can't be used across different
1462
+ # Amazon Web Services accounts.
1463
+ #
1464
+ # **Related operations:**
1465
+ #
1466
+ # * GenerateMac
1467
+ #
1468
+ # ^
1469
+ #
1470
+ #
1471
+ #
1472
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
1473
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
1474
+ #
1475
+ # @option params [required, String] :key_identifier
1476
+ # The `keyARN` of the encryption key that Amazon Web Services Payment
1477
+ # Cryptography uses to verify MAC data.
1478
+ #
1479
+ # @option params [required, String] :mac
1480
+ # The MAC being verified.
1481
+ #
1482
+ # @option params [Integer] :mac_length
1483
+ # The length of the MAC.
1484
+ #
1485
+ # @option params [required, String] :message_data
1486
+ # The data on for which MAC is under verification.
1487
+ #
1488
+ # @option params [required, Types::MacAttributes] :verification_attributes
1489
+ # The attributes and data values to use for MAC verification within
1490
+ # Amazon Web Services Payment Cryptography.
1491
+ #
1492
+ # @return [Types::VerifyMacOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1493
+ #
1494
+ # * {Types::VerifyMacOutput#key_arn #key_arn} => String
1495
+ # * {Types::VerifyMacOutput#key_check_value #key_check_value} => String
1496
+ #
1497
+ # @example Request syntax with placeholder values
1498
+ #
1499
+ # resp = client.verify_mac({
1500
+ # key_identifier: "KeyArnOrKeyAliasType", # required
1501
+ # mac: "HexLengthBetween4And128", # required
1502
+ # mac_length: 1,
1503
+ # message_data: "HexLengthBetween2And4096", # required
1504
+ # verification_attributes: { # required
1505
+ # algorithm: "ISO9797_ALGORITHM1", # accepts ISO9797_ALGORITHM1, ISO9797_ALGORITHM3, CMAC, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512
1506
+ # dukpt_cmac: {
1507
+ # dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
1508
+ # dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
1509
+ # key_serial_number: "HexLengthBetween10And24", # required
1510
+ # },
1511
+ # dukpt_iso_9797_algorithm_1: {
1512
+ # dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
1513
+ # dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
1514
+ # key_serial_number: "HexLengthBetween10And24", # required
1515
+ # },
1516
+ # dukpt_iso_9797_algorithm_3: {
1517
+ # dukpt_derivation_type: "TDES_2KEY", # accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
1518
+ # dukpt_key_variant: "BIDIRECTIONAL", # required, accepts BIDIRECTIONAL, REQUEST, RESPONSE
1519
+ # key_serial_number: "HexLengthBetween10And24", # required
1520
+ # },
1521
+ # emv_mac: {
1522
+ # major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
1523
+ # pan_sequence_number: "HexLengthEquals2", # required
1524
+ # primary_account_number: "NumberLengthBetween12And19", # required
1525
+ # session_key_derivation_mode: "EMV_COMMON_SESSION_KEY", # required, accepts EMV_COMMON_SESSION_KEY, EMV2000, AMEX, MASTERCARD_SESSION_KEY, VISA
1526
+ # session_key_derivation_value: { # required
1527
+ # application_cryptogram: "HexLengthEquals16",
1528
+ # application_transaction_counter: "HexLengthBetween2And4",
1529
+ # },
1530
+ # },
1531
+ # },
1532
+ # })
1533
+ #
1534
+ # @example Response structure
1535
+ #
1536
+ # resp.key_arn #=> String
1537
+ # resp.key_check_value #=> String
1538
+ #
1539
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyMac AWS API Documentation
1540
+ #
1541
+ # @overload verify_mac(params = {})
1542
+ # @param [Hash] params ({})
1543
+ def verify_mac(params = {}, options = {})
1544
+ req = build_request(:verify_mac, params)
1545
+ req.send_request(options)
1546
+ end
1547
+
1548
+ # Verifies pin-related data such as PIN and PIN Offset using algorithms
1549
+ # including VISA PVV and IBM3624. For more information, see [Verify PIN
1550
+ # data][1] in the *Amazon Web Services Payment Cryptography User Guide*.
1551
+ #
1552
+ # This operation verifies PIN data for user payment card. A card holder
1553
+ # PIN data is never transmitted in clear to or from Amazon Web Services
1554
+ # Payment Cryptography. This operation uses PIN Verification Key (PVK)
1555
+ # for PIN or PIN Offset generation and then encrypts it using PIN
1556
+ # Encryption Key (PEK) to create an `EncryptedPinBlock` for transmission
1557
+ # from Amazon Web Services Payment Cryptography.
1558
+ #
1559
+ # For information about valid keys for this operation, see
1560
+ # [Understanding key attributes][2] and [Key types for specific data
1561
+ # operations][3] in the *Amazon Web Services Payment Cryptography User
1562
+ # Guide*.
1563
+ #
1564
+ # **Cross-account use**: This operation can't be used across different
1565
+ # Amazon Web Services accounts.
1566
+ #
1567
+ # **Related operations:**
1568
+ #
1569
+ # * GeneratePinData
1570
+ #
1571
+ # * TranslatePinData
1572
+ #
1573
+ #
1574
+ #
1575
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/verify-pin-data.html
1576
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
1577
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
1578
+ #
1579
+ # @option params [Types::DukptAttributes] :dukpt_attributes
1580
+ # The attributes and values for the DUKPT encrypted PIN block data.
1581
+ #
1582
+ # @option params [required, String] :encrypted_pin_block
1583
+ # The encrypted PIN block data that Amazon Web Services Payment
1584
+ # Cryptography verifies.
1585
+ #
1586
+ # @option params [required, String] :encryption_key_identifier
1587
+ # The `keyARN` of the encryption key under which the PIN block data is
1588
+ # encrypted. This key type can be PEK or BDK.
1589
+ #
1590
+ # @option params [required, String] :pin_block_format
1591
+ # The PIN encoding format for pin data generation as specified in ISO
1592
+ # 9564. Amazon Web Services Payment Cryptography supports `ISO_Format_0`
1593
+ # and `ISO_Format_3`.
1594
+ #
1595
+ # The `ISO_Format_0` PIN block format is equivalent to the ANSI X9.8,
1596
+ # VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN
1597
+ # block format. It supports a PIN from 4 to 12 digits in length.
1598
+ #
1599
+ # The `ISO_Format_3` PIN block format is the same as `ISO_Format_0`
1600
+ # except that the fill digits are random values from 10 to 15.
1601
+ #
1602
+ # @option params [Integer] :pin_data_length
1603
+ # The length of PIN being verified.
1604
+ #
1605
+ # @option params [required, String] :primary_account_number
1606
+ # The Primary Account Number (PAN), a unique identifier for a payment
1607
+ # credit or debit card that associates the card with a specific account
1608
+ # holder.
1609
+ #
1610
+ # @option params [required, Types::PinVerificationAttributes] :verification_attributes
1611
+ # The attributes and values for PIN data verification.
1612
+ #
1613
+ # @option params [required, String] :verification_key_identifier
1614
+ # The `keyARN` of the PIN verification key.
1615
+ #
1616
+ # @return [Types::VerifyPinDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1617
+ #
1618
+ # * {Types::VerifyPinDataOutput#encryption_key_arn #encryption_key_arn} => String
1619
+ # * {Types::VerifyPinDataOutput#encryption_key_check_value #encryption_key_check_value} => String
1620
+ # * {Types::VerifyPinDataOutput#verification_key_arn #verification_key_arn} => String
1621
+ # * {Types::VerifyPinDataOutput#verification_key_check_value #verification_key_check_value} => String
1622
+ #
1623
+ # @example Request syntax with placeholder values
1624
+ #
1625
+ # resp = client.verify_pin_data({
1626
+ # dukpt_attributes: {
1627
+ # dukpt_derivation_type: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256
1628
+ # key_serial_number: "HexLengthBetween10And24", # required
1629
+ # },
1630
+ # encrypted_pin_block: "HexLengthBetween16And32", # required
1631
+ # encryption_key_identifier: "KeyArnOrKeyAliasType", # required
1632
+ # pin_block_format: "ISO_FORMAT_0", # required, accepts ISO_FORMAT_0, ISO_FORMAT_3
1633
+ # pin_data_length: 1,
1634
+ # primary_account_number: "NumberLengthBetween12And19", # required
1635
+ # verification_attributes: { # required
1636
+ # ibm_3624_pin: {
1637
+ # decimalization_table: "NumberLengthEquals16", # required
1638
+ # pin_offset: "NumberLengthBetween4And12", # required
1639
+ # pin_validation_data: "NumberLengthBetween4And16", # required
1640
+ # pin_validation_data_pad_character: "HexLengthEquals1", # required
1641
+ # },
1642
+ # visa_pin: {
1643
+ # pin_verification_key_index: 1, # required
1644
+ # verification_value: "NumberLengthBetween4And12", # required
1645
+ # },
1646
+ # },
1647
+ # verification_key_identifier: "KeyArnOrKeyAliasType", # required
1648
+ # })
1649
+ #
1650
+ # @example Response structure
1651
+ #
1652
+ # resp.encryption_key_arn #=> String
1653
+ # resp.encryption_key_check_value #=> String
1654
+ # resp.verification_key_arn #=> String
1655
+ # resp.verification_key_check_value #=> String
1656
+ #
1657
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyPinData AWS API Documentation
1658
+ #
1659
+ # @overload verify_pin_data(params = {})
1660
+ # @param [Hash] params ({})
1661
+ def verify_pin_data(params = {}, options = {})
1662
+ req = build_request(:verify_pin_data, params)
1663
+ req.send_request(options)
1664
+ end
1665
+
1666
+ # @!endgroup
1667
+
1668
+ # @param params ({})
1669
+ # @api private
1670
+ def build_request(operation_name, params = {})
1671
+ handlers = @handlers.for(operation_name)
1672
+ context = Seahorse::Client::RequestContext.new(
1673
+ operation_name: operation_name,
1674
+ operation: config.api.operation(operation_name),
1675
+ client: self,
1676
+ params: params,
1677
+ config: config)
1678
+ context[:gem_name] = 'aws-sdk-paymentcryptographydata'
1679
+ context[:gem_version] = '1.0.0'
1680
+ Seahorse::Client::Request.new(handlers, context)
1681
+ end
1682
+
1683
+ # @api private
1684
+ # @deprecated
1685
+ def waiter_names
1686
+ []
1687
+ end
1688
+
1689
+ class << self
1690
+
1691
+ # @api private
1692
+ attr_reader :identifier
1693
+
1694
+ # @api private
1695
+ def errors_module
1696
+ Errors
1697
+ end
1698
+
1699
+ end
1700
+ end
1701
+ end