@aws-sdk/client-kms 3.58.0 → 3.73.0

package/CHANGELOG.md

@@ -3,6 +3,33 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.73.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.72.0...v3.73.0) (2022-04-19)
+
+
+### Features
+
+* **client-kms:** Adds support for KMS keys and APIs that generate and verify HMAC codes ([90a9a16](https://github.com/aws/aws-sdk-js-v3/commit/90a9a16314deb5df692167e002fcdbb3f60025c2))
+
+
+
+
+
+# [3.72.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.71.0...v3.72.0) (2022-04-15)
+
+**Note:** Version bump only for package @aws-sdk/client-kms
+
+
+
+
+
+# [3.67.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.66.0...v3.67.0) (2022-04-08)
+
+**Note:** Version bump only for package @aws-sdk/client-kms
+
+
+
+
+
 # [3.58.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.57.0...v3.58.0) (2022-03-28)
 
 **Note:** Version bump only for package @aws-sdk/client-kms

package/README.md

@@ -24,7 +24,10 @@ retrying requests automatically. For more information about the Amazon Web Servi
 download and install them, see <a href="http://aws.amazon.com/tools/">Tools for Amazon Web
 Services</a>.</p>
 </note>
-<p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.</p>
+<p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS. </p>
+<p>If you need to use FIPS 140-2 validated cryptographic modules when communicating with
+Amazon Web Services, use the FIPS endpoint in your preferred Amazon Web Services Region. For more information about the
+available FIPS endpoints, see <a href="https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region">Service endpoints</a> in the Key Management Service topic of the <i>Amazon Web Services General Reference</i>.</p>
 <p>Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients
 must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral
 Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems
@@ -205,7 +208,7 @@ but they are supported by the send operation.
 ```js
 // callbacks.
 client.send(command, (err, data) => {
-  // proccess err and data.
+  // process err and data.
 });
 ```
 
@@ -239,7 +242,7 @@ client
 
 // callbacks.
 client.cancelKeyDeletion(params, (err, data) => {
-  // proccess err and data.
+  // process err and data.
 });
 ```
 

package/dist-cjs/KMS.js

@@ -23,6 +23,7 @@ const GenerateDataKeyCommand_1 = require("./commands/GenerateDataKeyCommand");
 const GenerateDataKeyPairCommand_1 = require("./commands/GenerateDataKeyPairCommand");
 const GenerateDataKeyPairWithoutPlaintextCommand_1 = require("./commands/GenerateDataKeyPairWithoutPlaintextCommand");
 const GenerateDataKeyWithoutPlaintextCommand_1 = require("./commands/GenerateDataKeyWithoutPlaintextCommand");
+const GenerateMacCommand_1 = require("./commands/GenerateMacCommand");
 const GenerateRandomCommand_1 = require("./commands/GenerateRandomCommand");
 const GetKeyPolicyCommand_1 = require("./commands/GetKeyPolicyCommand");
 const GetKeyRotationStatusCommand_1 = require("./commands/GetKeyRotationStatusCommand");
@@ -49,6 +50,7 @@ const UpdateCustomKeyStoreCommand_1 = require("./commands/UpdateCustomKeyStoreCo
 const UpdateKeyDescriptionCommand_1 = require("./commands/UpdateKeyDescriptionCommand");
 const UpdatePrimaryRegionCommand_1 = require("./commands/UpdatePrimaryRegionCommand");
 const VerifyCommand_1 = require("./commands/VerifyCommand");
+const VerifyMacCommand_1 = require("./commands/VerifyMacCommand");
 const KMSClient_1 = require("./KMSClient");
 class KMS extends KMSClient_1.KMSClient {
     cancelKeyDeletion(args, optionsOrCb, cb) {
@@ -359,6 +361,20 @@ class KMS extends KMSClient_1.KMSClient {
             return this.send(command, optionsOrCb);
         }
     }
+    generateMac(args, optionsOrCb, cb) {
+        const command = new GenerateMacCommand_1.GenerateMacCommand(args);
+        if (typeof optionsOrCb === "function") {
+            this.send(command, optionsOrCb);
+        }
+        else if (typeof cb === "function") {
+            if (typeof optionsOrCb !== "object")
+                throw new Error(`Expect http options but get ${typeof optionsOrCb}`);
+            this.send(command, optionsOrCb || {}, cb);
+        }
+        else {
+            return this.send(command, optionsOrCb);
+        }
+    }
     generateRandom(args, optionsOrCb, cb) {
         const command = new GenerateRandomCommand_1.GenerateRandomCommand(args);
         if (typeof optionsOrCb === "function") {
@@ -723,5 +739,19 @@ class KMS extends KMSClient_1.KMSClient {
             return this.send(command, optionsOrCb);
         }
     }
+    verifyMac(args, optionsOrCb, cb) {
+        const command = new VerifyMacCommand_1.VerifyMacCommand(args);
+        if (typeof optionsOrCb === "function") {
+            this.send(command, optionsOrCb);
+        }
+        else if (typeof cb === "function") {
+            if (typeof optionsOrCb !== "object")
+                throw new Error(`Expect http options but get ${typeof optionsOrCb}`);
+            this.send(command, optionsOrCb || {}, cb);
+        }
+        else {
+            return this.send(command, optionsOrCb);
+        }
+    }
 }
 exports.KMS = KMS;

package/dist-cjs/commands/GenerateMacCommand.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GenerateMacCommand = void 0;
+const middleware_serde_1 = require("@aws-sdk/middleware-serde");
+const smithy_client_1 = require("@aws-sdk/smithy-client");
+const models_0_1 = require("../models/models_0");
+const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
+class GenerateMacCommand extends smithy_client_1.Command {
+    constructor(input) {
+        super();
+        this.input = input;
+    }
+    resolveMiddleware(clientStack, configuration, options) {
+        this.middlewareStack.use((0, middleware_serde_1.getSerdePlugin)(configuration, this.serialize, this.deserialize));
+        const stack = clientStack.concat(this.middlewareStack);
+        const { logger } = configuration;
+        const clientName = "KMSClient";
+        const commandName = "GenerateMacCommand";
+        const handlerExecutionContext = {
+            logger,
+            clientName,
+            commandName,
+            inputFilterSensitiveLog: models_0_1.GenerateMacRequest.filterSensitiveLog,
+            outputFilterSensitiveLog: models_0_1.GenerateMacResponse.filterSensitiveLog,
+        };
+        const { requestHandler } = configuration;
+        return stack.resolve((request) => requestHandler.handle(request.request, options || {}), handlerExecutionContext);
+    }
+    serialize(input, context) {
+        return (0, Aws_json1_1_1.serializeAws_json1_1GenerateMacCommand)(input, context);
+    }
+    deserialize(output, context) {
+        return (0, Aws_json1_1_1.deserializeAws_json1_1GenerateMacCommand)(output, context);
+    }
+}
+exports.GenerateMacCommand = GenerateMacCommand;

package/dist-cjs/commands/VerifyMacCommand.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VerifyMacCommand = void 0;
+const middleware_serde_1 = require("@aws-sdk/middleware-serde");
+const smithy_client_1 = require("@aws-sdk/smithy-client");
+const models_0_1 = require("../models/models_0");
+const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
+class VerifyMacCommand extends smithy_client_1.Command {
+    constructor(input) {
+        super();
+        this.input = input;
+    }
+    resolveMiddleware(clientStack, configuration, options) {
+        this.middlewareStack.use((0, middleware_serde_1.getSerdePlugin)(configuration, this.serialize, this.deserialize));
+        const stack = clientStack.concat(this.middlewareStack);
+        const { logger } = configuration;
+        const clientName = "KMSClient";
+        const commandName = "VerifyMacCommand";
+        const handlerExecutionContext = {
+            logger,
+            clientName,
+            commandName,
+            inputFilterSensitiveLog: models_0_1.VerifyMacRequest.filterSensitiveLog,
+            outputFilterSensitiveLog: models_0_1.VerifyMacResponse.filterSensitiveLog,
+        };
+        const { requestHandler } = configuration;
+        return stack.resolve((request) => requestHandler.handle(request.request, options || {}), handlerExecutionContext);
+    }
+    serialize(input, context) {
+        return (0, Aws_json1_1_1.serializeAws_json1_1VerifyMacCommand)(input, context);
+    }
+    deserialize(output, context) {
+        return (0, Aws_json1_1_1.deserializeAws_json1_1VerifyMacCommand)(output, context);
+    }
+}
+exports.VerifyMacCommand = VerifyMacCommand;

package/dist-cjs/commands/index.js

@@ -23,6 +23,7 @@ tslib_1.__exportStar(require("./GenerateDataKeyCommand"), exports);
 tslib_1.__exportStar(require("./GenerateDataKeyPairCommand"), exports);
 tslib_1.__exportStar(require("./GenerateDataKeyPairWithoutPlaintextCommand"), exports);
 tslib_1.__exportStar(require("./GenerateDataKeyWithoutPlaintextCommand"), exports);
+tslib_1.__exportStar(require("./GenerateMacCommand"), exports);
 tslib_1.__exportStar(require("./GenerateRandomCommand"), exports);
 tslib_1.__exportStar(require("./GetKeyPolicyCommand"), exports);
 tslib_1.__exportStar(require("./GetKeyRotationStatusCommand"), exports);
@@ -49,3 +50,4 @@ tslib_1.__exportStar(require("./UpdateCustomKeyStoreCommand"), exports);
 tslib_1.__exportStar(require("./UpdateKeyDescriptionCommand"), exports);
 tslib_1.__exportStar(require("./UpdatePrimaryRegionCommand"), exports);
 tslib_1.__exportStar(require("./VerifyCommand"), exports);
+tslib_1.__exportStar(require("./VerifyMacCommand"), exports);

package/dist-cjs/models/models_0.js

@@ -1,8 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CreateKeyResponse = exports.KeyMetadata = exports.SigningAlgorithmSpec = exports.MultiRegionConfiguration = exports.MultiRegionKey = exports.MultiRegionKeyType = exports.KeyState = exports.KeyManagerType = exports.ExpirationModelType = exports.EncryptionAlgorithmSpec = exports.CreateKeyRequest = exports.Tag = exports.OriginType = exports.KeyUsageType = exports.KeySpec = exports.CustomerMasterKeySpec = exports.InvalidGrantTokenException = exports.DisabledException = exports.CreateGrantResponse = exports.CreateGrantRequest = exports.GrantOperation = exports.GrantConstraints = exports.IncorrectTrustAnchorException = exports.CustomKeyStoreNameInUseException = exports.CreateCustomKeyStoreResponse = exports.CreateCustomKeyStoreRequest = exports.LimitExceededException = exports.InvalidAliasNameException = exports.CreateAliasRequest = exports.ConnectionStateType = exports.ConnectionErrorCodeType = exports.CustomKeyStoreNotFoundException = exports.CustomKeyStoreInvalidStateException = exports.ConnectCustomKeyStoreResponse = exports.ConnectCustomKeyStoreRequest = exports.CloudHsmClusterNotRelatedException = exports.CloudHsmClusterNotFoundException = exports.CloudHsmClusterNotActiveException = exports.CloudHsmClusterInvalidConfigurationException = exports.CloudHsmClusterInUseException = exports.NotFoundException = exports.KMSInvalidStateException = exports.KMSInternalException = exports.InvalidArnException = exports.DependencyTimeoutException = exports.CancelKeyDeletionResponse = exports.CancelKeyDeletionRequest = exports.AlreadyExistsException = exports.AliasListEntry = exports.AlgorithmSpec = void 0;
-exports.GetPublicKeyResponse = exports.GetPublicKeyRequest = exports.GetParametersForImportResponse = exports.GetParametersForImportRequest = exports.WrappingKeySpec = exports.GetKeyRotationStatusResponse = exports.GetKeyRotationStatusRequest = exports.GetKeyPolicyResponse = exports.GetKeyPolicyRequest = exports.GenerateRandomResponse = exports.GenerateRandomRequest = exports.GenerateDataKeyWithoutPlaintextResponse = exports.GenerateDataKeyWithoutPlaintextRequest = exports.GenerateDataKeyPairWithoutPlaintextResponse = exports.GenerateDataKeyPairWithoutPlaintextRequest = exports.GenerateDataKeyPairResponse = exports.GenerateDataKeyPairRequest = exports.GenerateDataKeyResponse = exports.GenerateDataKeyRequest = exports.ExpiredImportTokenException = exports.EncryptResponse = exports.EncryptRequest = exports.EnableKeyRotationRequest = exports.EnableKeyRequest = exports.DisconnectCustomKeyStoreResponse = exports.DisconnectCustomKeyStoreRequest = exports.DisableKeyRotationRequest = exports.DisableKeyRequest = exports.DescribeKeyResponse = exports.DescribeKeyRequest = exports.InvalidMarkerException = exports.DescribeCustomKeyStoresResponse = exports.DescribeCustomKeyStoresRequest = exports.DeleteImportedKeyMaterialRequest = exports.DeleteCustomKeyStoreResponse = exports.DeleteCustomKeyStoreRequest = exports.DeleteAliasRequest = exports.KeyUnavailableException = exports.InvalidKeyUsageException = exports.InvalidCiphertextException = exports.IncorrectKeyException = exports.DecryptResponse = exports.DecryptRequest = exports.DataKeySpec = exports.DataKeyPairSpec = exports.CustomKeyStoresListEntry = exports.CustomKeyStoreHasCMKsException = exports.UnsupportedOperationException = exports.TagException = exports.MalformedPolicyDocumentException = void 0;
-exports.VerifyResponse = exports.VerifyRequest = exports.UpdatePrimaryRegionRequest = exports.UpdateKeyDescriptionRequest = exports.UpdateCustomKeyStoreResponse = exports.UpdateCustomKeyStoreRequest = exports.UpdateAliasRequest = exports.UntagResourceRequest = exports.TagResourceRequest = exports.SignResponse = exports.SignRequest = exports.ScheduleKeyDeletionResponse = exports.ScheduleKeyDeletionRequest = exports.RevokeGrantRequest = exports.RetireGrantRequest = exports.ReplicateKeyResponse = exports.ReplicateKeyRequest = exports.ReEncryptResponse = exports.ReEncryptRequest = exports.PutKeyPolicyRequest = exports.MessageType = exports.ListRetirableGrantsRequest = exports.ListResourceTagsResponse = exports.ListResourceTagsRequest = exports.ListKeysResponse = exports.ListKeysRequest = exports.ListKeyPoliciesResponse = exports.ListKeyPoliciesRequest = exports.ListGrantsResponse = exports.ListGrantsRequest = exports.ListAliasesResponse = exports.ListAliasesRequest = exports.KMSInvalidSignatureException = exports.KeyListEntry = exports.InvalidGrantIdException = exports.InvalidImportTokenException = exports.IncorrectKeyMaterialException = exports.ImportKeyMaterialResponse = exports.ImportKeyMaterialRequest = exports.GrantListEntry = void 0;
+exports.KeyMetadata = exports.SigningAlgorithmSpec = exports.MultiRegionConfiguration = exports.MultiRegionKey = exports.MultiRegionKeyType = exports.MacAlgorithmSpec = exports.KeyState = exports.KeyManagerType = exports.ExpirationModelType = exports.EncryptionAlgorithmSpec = exports.CreateKeyRequest = exports.Tag = exports.OriginType = exports.KeyUsageType = exports.KeySpec = exports.CustomerMasterKeySpec = exports.InvalidGrantTokenException = exports.DisabledException = exports.CreateGrantResponse = exports.CreateGrantRequest = exports.GrantOperation = exports.GrantConstraints = exports.IncorrectTrustAnchorException = exports.CustomKeyStoreNameInUseException = exports.CreateCustomKeyStoreResponse = exports.CreateCustomKeyStoreRequest = exports.LimitExceededException = exports.InvalidAliasNameException = exports.CreateAliasRequest = exports.ConnectionStateType = exports.ConnectionErrorCodeType = exports.CustomKeyStoreNotFoundException = exports.CustomKeyStoreInvalidStateException = exports.ConnectCustomKeyStoreResponse = exports.ConnectCustomKeyStoreRequest = exports.CloudHsmClusterNotRelatedException = exports.CloudHsmClusterNotFoundException = exports.CloudHsmClusterNotActiveException = exports.CloudHsmClusterInvalidConfigurationException = exports.CloudHsmClusterInUseException = exports.NotFoundException = exports.KMSInvalidStateException = exports.KMSInternalException = exports.InvalidArnException = exports.DependencyTimeoutException = exports.CancelKeyDeletionResponse = exports.CancelKeyDeletionRequest = exports.AlreadyExistsException = exports.AliasListEntry = exports.AlgorithmSpec = void 0;
+exports.GetParametersForImportRequest = exports.WrappingKeySpec = exports.GetKeyRotationStatusResponse = exports.GetKeyRotationStatusRequest = exports.GetKeyPolicyResponse = exports.GetKeyPolicyRequest = exports.GenerateRandomResponse = exports.GenerateRandomRequest = exports.GenerateMacResponse = exports.GenerateMacRequest = exports.GenerateDataKeyWithoutPlaintextResponse = exports.GenerateDataKeyWithoutPlaintextRequest = exports.GenerateDataKeyPairWithoutPlaintextResponse = exports.GenerateDataKeyPairWithoutPlaintextRequest = exports.GenerateDataKeyPairResponse = exports.GenerateDataKeyPairRequest = exports.GenerateDataKeyResponse = exports.GenerateDataKeyRequest = exports.ExpiredImportTokenException = exports.EncryptResponse = exports.EncryptRequest = exports.EnableKeyRotationRequest = exports.EnableKeyRequest = exports.DisconnectCustomKeyStoreResponse = exports.DisconnectCustomKeyStoreRequest = exports.DisableKeyRotationRequest = exports.DisableKeyRequest = exports.DescribeKeyResponse = exports.DescribeKeyRequest = exports.InvalidMarkerException = exports.DescribeCustomKeyStoresResponse = exports.DescribeCustomKeyStoresRequest = exports.DeleteImportedKeyMaterialRequest = exports.DeleteCustomKeyStoreResponse = exports.DeleteCustomKeyStoreRequest = exports.DeleteAliasRequest = exports.KeyUnavailableException = exports.InvalidKeyUsageException = exports.InvalidCiphertextException = exports.IncorrectKeyException = exports.DecryptResponse = exports.DecryptRequest = exports.DataKeySpec = exports.DataKeyPairSpec = exports.CustomKeyStoresListEntry = exports.CustomKeyStoreHasCMKsException = exports.UnsupportedOperationException = exports.TagException = exports.MalformedPolicyDocumentException = exports.CreateKeyResponse = void 0;
+exports.VerifyMacResponse = exports.VerifyMacRequest = exports.VerifyResponse = exports.VerifyRequest = exports.UpdatePrimaryRegionRequest = exports.UpdateKeyDescriptionRequest = exports.UpdateCustomKeyStoreResponse = exports.UpdateCustomKeyStoreRequest = exports.UpdateAliasRequest = exports.UntagResourceRequest = exports.TagResourceRequest = exports.SignResponse = exports.SignRequest = exports.ScheduleKeyDeletionResponse = exports.ScheduleKeyDeletionRequest = exports.RevokeGrantRequest = exports.RetireGrantRequest = exports.ReplicateKeyResponse = exports.ReplicateKeyRequest = exports.ReEncryptResponse = exports.ReEncryptRequest = exports.PutKeyPolicyRequest = exports.MessageType = exports.ListRetirableGrantsRequest = exports.ListResourceTagsResponse = exports.ListResourceTagsRequest = exports.ListKeysResponse = exports.ListKeysRequest = exports.ListKeyPoliciesResponse = exports.ListKeyPoliciesRequest = exports.ListGrantsResponse = exports.ListGrantsRequest = exports.ListAliasesResponse = exports.ListAliasesRequest = exports.KMSInvalidSignatureException = exports.KMSInvalidMacException = exports.KeyListEntry = exports.InvalidGrantIdException = exports.InvalidImportTokenException = exports.IncorrectKeyMaterialException = exports.ImportKeyMaterialResponse = exports.ImportKeyMaterialRequest = exports.GrantListEntry = exports.GetPublicKeyResponse = exports.GetPublicKeyRequest = exports.GetParametersForImportResponse = void 0;
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const KMSServiceException_1 = require("./KMSServiceException");
 var AlgorithmSpec;
@@ -317,12 +317,14 @@ var GrantOperation;
     GrantOperation["GenerateDataKeyPair"] = "GenerateDataKeyPair";
     GrantOperation["GenerateDataKeyPairWithoutPlaintext"] = "GenerateDataKeyPairWithoutPlaintext";
     GrantOperation["GenerateDataKeyWithoutPlaintext"] = "GenerateDataKeyWithoutPlaintext";
+    GrantOperation["GenerateMac"] = "GenerateMac";
     GrantOperation["GetPublicKey"] = "GetPublicKey";
     GrantOperation["ReEncryptFrom"] = "ReEncryptFrom";
     GrantOperation["ReEncryptTo"] = "ReEncryptTo";
     GrantOperation["RetireGrant"] = "RetireGrant";
     GrantOperation["Sign"] = "Sign";
     GrantOperation["Verify"] = "Verify";
+    GrantOperation["VerifyMac"] = "VerifyMac";
 })(GrantOperation = exports.GrantOperation || (exports.GrantOperation = {}));
 var CreateGrantRequest;
 (function (CreateGrantRequest) {
@@ -368,6 +370,10 @@ var CustomerMasterKeySpec;
     CustomerMasterKeySpec["ECC_NIST_P384"] = "ECC_NIST_P384";
     CustomerMasterKeySpec["ECC_NIST_P521"] = "ECC_NIST_P521";
     CustomerMasterKeySpec["ECC_SECG_P256K1"] = "ECC_SECG_P256K1";
+    CustomerMasterKeySpec["HMAC_224"] = "HMAC_224";
+    CustomerMasterKeySpec["HMAC_256"] = "HMAC_256";
+    CustomerMasterKeySpec["HMAC_384"] = "HMAC_384";
+    CustomerMasterKeySpec["HMAC_512"] = "HMAC_512";
     CustomerMasterKeySpec["RSA_2048"] = "RSA_2048";
     CustomerMasterKeySpec["RSA_3072"] = "RSA_3072";
     CustomerMasterKeySpec["RSA_4096"] = "RSA_4096";
@@ -379,6 +385,10 @@ var KeySpec;
     KeySpec["ECC_NIST_P384"] = "ECC_NIST_P384";
     KeySpec["ECC_NIST_P521"] = "ECC_NIST_P521";
     KeySpec["ECC_SECG_P256K1"] = "ECC_SECG_P256K1";
+    KeySpec["HMAC_224"] = "HMAC_224";
+    KeySpec["HMAC_256"] = "HMAC_256";
+    KeySpec["HMAC_384"] = "HMAC_384";
+    KeySpec["HMAC_512"] = "HMAC_512";
     KeySpec["RSA_2048"] = "RSA_2048";
     KeySpec["RSA_3072"] = "RSA_3072";
     KeySpec["RSA_4096"] = "RSA_4096";
@@ -387,6 +397,7 @@ var KeySpec;
 var KeyUsageType;
 (function (KeyUsageType) {
     KeyUsageType["ENCRYPT_DECRYPT"] = "ENCRYPT_DECRYPT";
+    KeyUsageType["GENERATE_VERIFY_MAC"] = "GENERATE_VERIFY_MAC";
     KeyUsageType["SIGN_VERIFY"] = "SIGN_VERIFY";
 })(KeyUsageType = exports.KeyUsageType || (exports.KeyUsageType = {}));
 var OriginType;
@@ -434,6 +445,13 @@ var KeyState;
     KeyState["Unavailable"] = "Unavailable";
     KeyState["Updating"] = "Updating";
 })(KeyState = exports.KeyState || (exports.KeyState = {}));
+var MacAlgorithmSpec;
+(function (MacAlgorithmSpec) {
+    MacAlgorithmSpec["HMAC_SHA_224"] = "HMAC_SHA_224";
+    MacAlgorithmSpec["HMAC_SHA_256"] = "HMAC_SHA_256";
+    MacAlgorithmSpec["HMAC_SHA_384"] = "HMAC_SHA_384";
+    MacAlgorithmSpec["HMAC_SHA_512"] = "HMAC_SHA_512";
+})(MacAlgorithmSpec = exports.MacAlgorithmSpec || (exports.MacAlgorithmSpec = {}));
 var MultiRegionKeyType;
 (function (MultiRegionKeyType) {
     MultiRegionKeyType["PRIMARY"] = "PRIMARY";
@@ -786,6 +804,19 @@ var GenerateDataKeyWithoutPlaintextResponse;
         ...obj,
     });
 })(GenerateDataKeyWithoutPlaintextResponse = exports.GenerateDataKeyWithoutPlaintextResponse || (exports.GenerateDataKeyWithoutPlaintextResponse = {}));
+var GenerateMacRequest;
+(function (GenerateMacRequest) {
+    GenerateMacRequest.filterSensitiveLog = (obj) => ({
+        ...obj,
+        ...(obj.Message && { Message: smithy_client_1.SENSITIVE_STRING }),
+    });
+})(GenerateMacRequest = exports.GenerateMacRequest || (exports.GenerateMacRequest = {}));
+var GenerateMacResponse;
+(function (GenerateMacResponse) {
+    GenerateMacResponse.filterSensitiveLog = (obj) => ({
+        ...obj,
+    });
+})(GenerateMacResponse = exports.GenerateMacResponse || (exports.GenerateMacResponse = {}));
 var GenerateRandomRequest;
 (function (GenerateRandomRequest) {
     GenerateRandomRequest.filterSensitiveLog = (obj) => ({
@@ -915,6 +946,19 @@ var KeyListEntry;
         ...obj,
     });
 })(KeyListEntry = exports.KeyListEntry || (exports.KeyListEntry = {}));
+class KMSInvalidMacException extends KMSServiceException_1.KMSServiceException {
+    constructor(opts) {
+        super({
+            name: "KMSInvalidMacException",
+            $fault: "client",
+            ...opts,
+        });
+        this.name = "KMSInvalidMacException";
+        this.$fault = "client";
+        Object.setPrototypeOf(this, KMSInvalidMacException.prototype);
+    }
+}
+exports.KMSInvalidMacException = KMSInvalidMacException;
 class KMSInvalidSignatureException extends KMSServiceException_1.KMSServiceException {
     constructor(opts) {
         super({
@@ -1122,3 +1166,16 @@ var VerifyResponse;
         ...obj,
     });
 })(VerifyResponse = exports.VerifyResponse || (exports.VerifyResponse = {}));
+var VerifyMacRequest;
+(function (VerifyMacRequest) {
+    VerifyMacRequest.filterSensitiveLog = (obj) => ({
+        ...obj,
+        ...(obj.Message && { Message: smithy_client_1.SENSITIVE_STRING }),
+    });
+})(VerifyMacRequest = exports.VerifyMacRequest || (exports.VerifyMacRequest = {}));
+var VerifyMacResponse;
+(function (VerifyMacResponse) {
+    VerifyMacResponse.filterSensitiveLog = (obj) => ({
+        ...obj,
+    });
+})(VerifyMacResponse = exports.VerifyMacResponse || (exports.VerifyMacResponse = {}));

package/dist-cjs/protocols/Aws_json1_1.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.deserializeAws_json1_1ConnectCustomKeyStoreCommand = exports.deserializeAws_json1_1CancelKeyDeletionCommand = exports.serializeAws_json1_1VerifyCommand = exports.serializeAws_json1_1UpdatePrimaryRegionCommand = exports.serializeAws_json1_1UpdateKeyDescriptionCommand = exports.serializeAws_json1_1UpdateCustomKeyStoreCommand = exports.serializeAws_json1_1UpdateAliasCommand = exports.serializeAws_json1_1UntagResourceCommand = exports.serializeAws_json1_1TagResourceCommand = exports.serializeAws_json1_1SignCommand = exports.serializeAws_json1_1ScheduleKeyDeletionCommand = exports.serializeAws_json1_1RevokeGrantCommand = exports.serializeAws_json1_1RetireGrantCommand = exports.serializeAws_json1_1ReplicateKeyCommand = exports.serializeAws_json1_1ReEncryptCommand = exports.serializeAws_json1_1PutKeyPolicyCommand = exports.serializeAws_json1_1ListRetirableGrantsCommand = exports.serializeAws_json1_1ListResourceTagsCommand = exports.serializeAws_json1_1ListKeysCommand = exports.serializeAws_json1_1ListKeyPoliciesCommand = exports.serializeAws_json1_1ListGrantsCommand = exports.serializeAws_json1_1ListAliasesCommand = exports.serializeAws_json1_1ImportKeyMaterialCommand = exports.serializeAws_json1_1GetPublicKeyCommand = exports.serializeAws_json1_1GetParametersForImportCommand = exports.serializeAws_json1_1GetKeyRotationStatusCommand = exports.serializeAws_json1_1GetKeyPolicyCommand = exports.serializeAws_json1_1GenerateRandomCommand = exports.serializeAws_json1_1GenerateDataKeyWithoutPlaintextCommand = exports.serializeAws_json1_1GenerateDataKeyPairWithoutPlaintextCommand = exports.serializeAws_json1_1GenerateDataKeyPairCommand = exports.serializeAws_json1_1GenerateDataKeyCommand = exports.serializeAws_json1_1EncryptCommand = exports.serializeAws_json1_1EnableKeyRotationCommand = exports.serializeAws_json1_1EnableKeyCommand = exports.serializeAws_json1_1DisconnectCustomKeyStoreCommand = exports.serializeAws_json1_1DisableKeyRotationCommand = exports.serializeAws_json1_1DisableKeyCommand = exports.serializeAws_json1_1DescribeKeyCommand = exports.serializeAws_json1_1DescribeCustomKeyStoresCommand = exports.serializeAws_json1_1DeleteImportedKeyMaterialCommand = exports.serializeAws_json1_1DeleteCustomKeyStoreCommand = exports.serializeAws_json1_1DeleteAliasCommand = exports.serializeAws_json1_1DecryptCommand = exports.serializeAws_json1_1CreateKeyCommand = exports.serializeAws_json1_1CreateGrantCommand = exports.serializeAws_json1_1CreateCustomKeyStoreCommand = exports.serializeAws_json1_1CreateAliasCommand = exports.serializeAws_json1_1ConnectCustomKeyStoreCommand = exports.serializeAws_json1_1CancelKeyDeletionCommand = void 0;
-exports.deserializeAws_json1_1VerifyCommand = exports.deserializeAws_json1_1UpdatePrimaryRegionCommand = exports.deserializeAws_json1_1UpdateKeyDescriptionCommand = exports.deserializeAws_json1_1UpdateCustomKeyStoreCommand = exports.deserializeAws_json1_1UpdateAliasCommand = exports.deserializeAws_json1_1UntagResourceCommand = exports.deserializeAws_json1_1TagResourceCommand = exports.deserializeAws_json1_1SignCommand = exports.deserializeAws_json1_1ScheduleKeyDeletionCommand = exports.deserializeAws_json1_1RevokeGrantCommand = exports.deserializeAws_json1_1RetireGrantCommand = exports.deserializeAws_json1_1ReplicateKeyCommand = exports.deserializeAws_json1_1ReEncryptCommand = exports.deserializeAws_json1_1PutKeyPolicyCommand = exports.deserializeAws_json1_1ListRetirableGrantsCommand = exports.deserializeAws_json1_1ListResourceTagsCommand = exports.deserializeAws_json1_1ListKeysCommand = exports.deserializeAws_json1_1ListKeyPoliciesCommand = exports.deserializeAws_json1_1ListGrantsCommand = exports.deserializeAws_json1_1ListAliasesCommand = exports.deserializeAws_json1_1ImportKeyMaterialCommand = exports.deserializeAws_json1_1GetPublicKeyCommand = exports.deserializeAws_json1_1GetParametersForImportCommand = exports.deserializeAws_json1_1GetKeyRotationStatusCommand = exports.deserializeAws_json1_1GetKeyPolicyCommand = exports.deserializeAws_json1_1GenerateRandomCommand = exports.deserializeAws_json1_1GenerateDataKeyWithoutPlaintextCommand = exports.deserializeAws_json1_1GenerateDataKeyPairWithoutPlaintextCommand = exports.deserializeAws_json1_1GenerateDataKeyPairCommand = exports.deserializeAws_json1_1GenerateDataKeyCommand = exports.deserializeAws_json1_1EncryptCommand = exports.deserializeAws_json1_1EnableKeyRotationCommand = exports.deserializeAws_json1_1EnableKeyCommand = exports.deserializeAws_json1_1DisconnectCustomKeyStoreCommand = exports.deserializeAws_json1_1DisableKeyRotationCommand = exports.deserializeAws_json1_1DisableKeyCommand = exports.deserializeAws_json1_1DescribeKeyCommand = exports.deserializeAws_json1_1DescribeCustomKeyStoresCommand = exports.deserializeAws_json1_1DeleteImportedKeyMaterialCommand = exports.deserializeAws_json1_1DeleteCustomKeyStoreCommand = exports.deserializeAws_json1_1DeleteAliasCommand = exports.deserializeAws_json1_1DecryptCommand = exports.deserializeAws_json1_1CreateKeyCommand = exports.deserializeAws_json1_1CreateGrantCommand = exports.deserializeAws_json1_1CreateCustomKeyStoreCommand = exports.deserializeAws_json1_1CreateAliasCommand = void 0;
+exports.serializeAws_json1_1VerifyMacCommand = exports.serializeAws_json1_1VerifyCommand = exports.serializeAws_json1_1UpdatePrimaryRegionCommand = exports.serializeAws_json1_1UpdateKeyDescriptionCommand = exports.serializeAws_json1_1UpdateCustomKeyStoreCommand = exports.serializeAws_json1_1UpdateAliasCommand = exports.serializeAws_json1_1UntagResourceCommand = exports.serializeAws_json1_1TagResourceCommand = exports.serializeAws_json1_1SignCommand = exports.serializeAws_json1_1ScheduleKeyDeletionCommand = exports.serializeAws_json1_1RevokeGrantCommand = exports.serializeAws_json1_1RetireGrantCommand = exports.serializeAws_json1_1ReplicateKeyCommand = exports.serializeAws_json1_1ReEncryptCommand = exports.serializeAws_json1_1PutKeyPolicyCommand = exports.serializeAws_json1_1ListRetirableGrantsCommand = exports.serializeAws_json1_1ListResourceTagsCommand = exports.serializeAws_json1_1ListKeysCommand = exports.serializeAws_json1_1ListKeyPoliciesCommand = exports.serializeAws_json1_1ListGrantsCommand = exports.serializeAws_json1_1ListAliasesCommand = exports.serializeAws_json1_1ImportKeyMaterialCommand = exports.serializeAws_json1_1GetPublicKeyCommand = exports.serializeAws_json1_1GetParametersForImportCommand = exports.serializeAws_json1_1GetKeyRotationStatusCommand = exports.serializeAws_json1_1GetKeyPolicyCommand = exports.serializeAws_json1_1GenerateRandomCommand = exports.serializeAws_json1_1GenerateMacCommand = exports.serializeAws_json1_1GenerateDataKeyWithoutPlaintextCommand = exports.serializeAws_json1_1GenerateDataKeyPairWithoutPlaintextCommand = exports.serializeAws_json1_1GenerateDataKeyPairCommand = exports.serializeAws_json1_1GenerateDataKeyCommand = exports.serializeAws_json1_1EncryptCommand = exports.serializeAws_json1_1EnableKeyRotationCommand = exports.serializeAws_json1_1EnableKeyCommand = exports.serializeAws_json1_1DisconnectCustomKeyStoreCommand = exports.serializeAws_json1_1DisableKeyRotationCommand = exports.serializeAws_json1_1DisableKeyCommand = exports.serializeAws_json1_1DescribeKeyCommand = exports.serializeAws_json1_1DescribeCustomKeyStoresCommand = exports.serializeAws_json1_1DeleteImportedKeyMaterialCommand = exports.serializeAws_json1_1DeleteCustomKeyStoreCommand = exports.serializeAws_json1_1DeleteAliasCommand = exports.serializeAws_json1_1DecryptCommand = exports.serializeAws_json1_1CreateKeyCommand = exports.serializeAws_json1_1CreateGrantCommand = exports.serializeAws_json1_1CreateCustomKeyStoreCommand = exports.serializeAws_json1_1CreateAliasCommand = exports.serializeAws_json1_1ConnectCustomKeyStoreCommand = exports.serializeAws_json1_1CancelKeyDeletionCommand = void 0;
+exports.deserializeAws_json1_1VerifyMacCommand = exports.deserializeAws_json1_1VerifyCommand = exports.deserializeAws_json1_1UpdatePrimaryRegionCommand = exports.deserializeAws_json1_1UpdateKeyDescriptionCommand = exports.deserializeAws_json1_1UpdateCustomKeyStoreCommand = exports.deserializeAws_json1_1UpdateAliasCommand = exports.deserializeAws_json1_1UntagResourceCommand = exports.deserializeAws_json1_1TagResourceCommand = exports.deserializeAws_json1_1SignCommand = exports.deserializeAws_json1_1ScheduleKeyDeletionCommand = exports.deserializeAws_json1_1RevokeGrantCommand = exports.deserializeAws_json1_1RetireGrantCommand = exports.deserializeAws_json1_1ReplicateKeyCommand = exports.deserializeAws_json1_1ReEncryptCommand = exports.deserializeAws_json1_1PutKeyPolicyCommand = exports.deserializeAws_json1_1ListRetirableGrantsCommand = exports.deserializeAws_json1_1ListResourceTagsCommand = exports.deserializeAws_json1_1ListKeysCommand = exports.deserializeAws_json1_1ListKeyPoliciesCommand = exports.deserializeAws_json1_1ListGrantsCommand = exports.deserializeAws_json1_1ListAliasesCommand = exports.deserializeAws_json1_1ImportKeyMaterialCommand = exports.deserializeAws_json1_1GetPublicKeyCommand = exports.deserializeAws_json1_1GetParametersForImportCommand = exports.deserializeAws_json1_1GetKeyRotationStatusCommand = exports.deserializeAws_json1_1GetKeyPolicyCommand = exports.deserializeAws_json1_1GenerateRandomCommand = exports.deserializeAws_json1_1GenerateMacCommand = exports.deserializeAws_json1_1GenerateDataKeyWithoutPlaintextCommand = exports.deserializeAws_json1_1GenerateDataKeyPairWithoutPlaintextCommand = exports.deserializeAws_json1_1GenerateDataKeyPairCommand = exports.deserializeAws_json1_1GenerateDataKeyCommand = exports.deserializeAws_json1_1EncryptCommand = exports.deserializeAws_json1_1EnableKeyRotationCommand = exports.deserializeAws_json1_1EnableKeyCommand = exports.deserializeAws_json1_1DisconnectCustomKeyStoreCommand = exports.deserializeAws_json1_1DisableKeyRotationCommand = exports.deserializeAws_json1_1DisableKeyCommand = exports.deserializeAws_json1_1DescribeKeyCommand = exports.deserializeAws_json1_1DescribeCustomKeyStoresCommand = exports.deserializeAws_json1_1DeleteImportedKeyMaterialCommand = exports.deserializeAws_json1_1DeleteCustomKeyStoreCommand = exports.deserializeAws_json1_1DeleteAliasCommand = exports.deserializeAws_json1_1DecryptCommand = exports.deserializeAws_json1_1CreateKeyCommand = exports.deserializeAws_json1_1CreateGrantCommand = exports.deserializeAws_json1_1CreateCustomKeyStoreCommand = exports.deserializeAws_json1_1CreateAliasCommand = exports.deserializeAws_json1_1ConnectCustomKeyStoreCommand = exports.deserializeAws_json1_1CancelKeyDeletionCommand = void 0;
 const protocol_http_1 = require("@aws-sdk/protocol-http");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const KMSServiceException_1 = require("../models/KMSServiceException");
@@ -226,6 +226,16 @@ const serializeAws_json1_1GenerateDataKeyWithoutPlaintextCommand = async (input,
     return buildHttpRpcRequest(context, headers, "/", undefined, body);
 };
 exports.serializeAws_json1_1GenerateDataKeyWithoutPlaintextCommand = serializeAws_json1_1GenerateDataKeyWithoutPlaintextCommand;
+const serializeAws_json1_1GenerateMacCommand = async (input, context) => {
+    const headers = {
+        "content-type": "application/x-amz-json-1.1",
+        "x-amz-target": "TrentService.GenerateMac",
+    };
+    let body;
+    body = JSON.stringify(serializeAws_json1_1GenerateMacRequest(input, context));
+    return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
+exports.serializeAws_json1_1GenerateMacCommand = serializeAws_json1_1GenerateMacCommand;
 const serializeAws_json1_1GenerateRandomCommand = async (input, context) => {
     const headers = {
         "content-type": "application/x-amz-json-1.1",
@@ -486,6 +496,16 @@ const serializeAws_json1_1VerifyCommand = async (input, context) => {
     return buildHttpRpcRequest(context, headers, "/", undefined, body);
 };
 exports.serializeAws_json1_1VerifyCommand = serializeAws_json1_1VerifyCommand;
+const serializeAws_json1_1VerifyMacCommand = async (input, context) => {
+    const headers = {
+        "content-type": "application/x-amz-json-1.1",
+        "x-amz-target": "TrentService.VerifyMac",
+    };
+    let body;
+    body = JSON.stringify(serializeAws_json1_1VerifyMacRequest(input, context));
+    return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
+exports.serializeAws_json1_1VerifyMacCommand = serializeAws_json1_1VerifyMacCommand;
 const deserializeAws_json1_1CancelKeyDeletionCommand = async (output, context) => {
     if (output.statusCode >= 300) {
         return deserializeAws_json1_1CancelKeyDeletionCommandError(output, context);
@@ -1620,6 +1640,60 @@ const deserializeAws_json1_1GenerateDataKeyWithoutPlaintextCommandError = async
             throw (0, smithy_client_1.decorateServiceException)(response, parsedBody);
     }
 };
+const deserializeAws_json1_1GenerateMacCommand = async (output, context) => {
+    if (output.statusCode >= 300) {
+        return deserializeAws_json1_1GenerateMacCommandError(output, context);
+    }
+    const data = await parseBody(output.body, context);
+    let contents = {};
+    contents = deserializeAws_json1_1GenerateMacResponse(data, context);
+    const response = {
+        $metadata: deserializeMetadata(output),
+        ...contents,
+    };
+    return Promise.resolve(response);
+};
+exports.deserializeAws_json1_1GenerateMacCommand = deserializeAws_json1_1GenerateMacCommand;
+const deserializeAws_json1_1GenerateMacCommandError = async (output, context) => {
+    const parsedOutput = {
+        ...output,
+        body: await parseBody(output.body, context),
+    };
+    let response;
+    let errorCode = "UnknownError";
+    errorCode = loadRestJsonErrorCode(output, parsedOutput.body);
+    switch (errorCode) {
+        case "DisabledException":
+        case "com.amazonaws.kms#DisabledException":
+            throw await deserializeAws_json1_1DisabledExceptionResponse(parsedOutput, context);
+        case "InvalidGrantTokenException":
+        case "com.amazonaws.kms#InvalidGrantTokenException":
+            throw await deserializeAws_json1_1InvalidGrantTokenExceptionResponse(parsedOutput, context);
+        case "InvalidKeyUsageException":
+        case "com.amazonaws.kms#InvalidKeyUsageException":
+            throw await deserializeAws_json1_1InvalidKeyUsageExceptionResponse(parsedOutput, context);
+        case "KeyUnavailableException":
+        case "com.amazonaws.kms#KeyUnavailableException":
+            throw await deserializeAws_json1_1KeyUnavailableExceptionResponse(parsedOutput, context);
+        case "KMSInternalException":
+        case "com.amazonaws.kms#KMSInternalException":
+            throw await deserializeAws_json1_1KMSInternalExceptionResponse(parsedOutput, context);
+        case "KMSInvalidStateException":
+        case "com.amazonaws.kms#KMSInvalidStateException":
+            throw await deserializeAws_json1_1KMSInvalidStateExceptionResponse(parsedOutput, context);
+        case "NotFoundException":
+        case "com.amazonaws.kms#NotFoundException":
+            throw await deserializeAws_json1_1NotFoundExceptionResponse(parsedOutput, context);
+        default:
+            const parsedBody = parsedOutput.body;
+            response = new KMSServiceException_1.KMSServiceException({
+                name: parsedBody.code || parsedBody.Code || errorCode,
+                $fault: "client",
+                $metadata: deserializeMetadata(output),
+            });
+            throw (0, smithy_client_1.decorateServiceException)(response, parsedBody);
+    }
+};
 const deserializeAws_json1_1GenerateRandomCommand = async (output, context) => {
     if (output.statusCode >= 300) {
         return deserializeAws_json1_1GenerateRandomCommandError(output, context);
@@ -2958,6 +3032,63 @@ const deserializeAws_json1_1VerifyCommandError = async (output, context) => {
             throw (0, smithy_client_1.decorateServiceException)(response, parsedBody);
     }
 };
+const deserializeAws_json1_1VerifyMacCommand = async (output, context) => {
+    if (output.statusCode >= 300) {
+        return deserializeAws_json1_1VerifyMacCommandError(output, context);
+    }
+    const data = await parseBody(output.body, context);
+    let contents = {};
+    contents = deserializeAws_json1_1VerifyMacResponse(data, context);
+    const response = {
+        $metadata: deserializeMetadata(output),
+        ...contents,
+    };
+    return Promise.resolve(response);
+};
+exports.deserializeAws_json1_1VerifyMacCommand = deserializeAws_json1_1VerifyMacCommand;
+const deserializeAws_json1_1VerifyMacCommandError = async (output, context) => {
+    const parsedOutput = {
+        ...output,
+        body: await parseBody(output.body, context),
+    };
+    let response;
+    let errorCode = "UnknownError";
+    errorCode = loadRestJsonErrorCode(output, parsedOutput.body);
+    switch (errorCode) {
+        case "DisabledException":
+        case "com.amazonaws.kms#DisabledException":
+            throw await deserializeAws_json1_1DisabledExceptionResponse(parsedOutput, context);
+        case "InvalidGrantTokenException":
+        case "com.amazonaws.kms#InvalidGrantTokenException":
+            throw await deserializeAws_json1_1InvalidGrantTokenExceptionResponse(parsedOutput, context);
+        case "InvalidKeyUsageException":
+        case "com.amazonaws.kms#InvalidKeyUsageException":
+            throw await deserializeAws_json1_1InvalidKeyUsageExceptionResponse(parsedOutput, context);
+        case "KeyUnavailableException":
+        case "com.amazonaws.kms#KeyUnavailableException":
+            throw await deserializeAws_json1_1KeyUnavailableExceptionResponse(parsedOutput, context);
+        case "KMSInternalException":
+        case "com.amazonaws.kms#KMSInternalException":
+            throw await deserializeAws_json1_1KMSInternalExceptionResponse(parsedOutput, context);
+        case "KMSInvalidMacException":
+        case "com.amazonaws.kms#KMSInvalidMacException":
+            throw await deserializeAws_json1_1KMSInvalidMacExceptionResponse(parsedOutput, context);
+        case "KMSInvalidStateException":
+        case "com.amazonaws.kms#KMSInvalidStateException":
+            throw await deserializeAws_json1_1KMSInvalidStateExceptionResponse(parsedOutput, context);
+        case "NotFoundException":
+        case "com.amazonaws.kms#NotFoundException":
+            throw await deserializeAws_json1_1NotFoundExceptionResponse(parsedOutput, context);
+        default:
+            const parsedBody = parsedOutput.body;
+            response = new KMSServiceException_1.KMSServiceException({
+                name: parsedBody.code || parsedBody.Code || errorCode,
+                $fault: "client",
+                $metadata: deserializeMetadata(output),
+            });
+            throw (0, smithy_client_1.decorateServiceException)(response, parsedBody);
+    }
+};
 const deserializeAws_json1_1AlreadyExistsExceptionResponse = async (parsedOutput, context) => {
     const body = parsedOutput.body;
     const deserialized = deserializeAws_json1_1AlreadyExistsException(body, context);
@@ -3192,6 +3323,15 @@ const deserializeAws_json1_1KMSInternalExceptionResponse = async (parsedOutput,
     });
     return (0, smithy_client_1.decorateServiceException)(exception, body);
 };
+const deserializeAws_json1_1KMSInvalidMacExceptionResponse = async (parsedOutput, context) => {
+    const body = parsedOutput.body;
+    const deserialized = deserializeAws_json1_1KMSInvalidMacException(body, context);
+    const exception = new models_0_1.KMSInvalidMacException({
+        $metadata: deserializeMetadata(parsedOutput),
+        ...deserialized,
+    });
+    return (0, smithy_client_1.decorateServiceException)(exception, body);
+};
 const deserializeAws_json1_1KMSInvalidSignatureExceptionResponse = async (parsedOutput, context) => {
     const body = parsedOutput.body;
     const deserialized = deserializeAws_json1_1KMSInvalidSignatureException(body, context);
@@ -3469,6 +3609,15 @@ const serializeAws_json1_1GenerateDataKeyWithoutPlaintextRequest = (input, conte
         ...(input.NumberOfBytes !== undefined && input.NumberOfBytes !== null && { NumberOfBytes: input.NumberOfBytes }),
     };
 };
+const serializeAws_json1_1GenerateMacRequest = (input, context) => {
+    return {
+        ...(input.GrantTokens !== undefined &&
+            input.GrantTokens !== null && { GrantTokens: serializeAws_json1_1GrantTokenList(input.GrantTokens, context) }),
+        ...(input.KeyId !== undefined && input.KeyId !== null && { KeyId: input.KeyId }),
+        ...(input.MacAlgorithm !== undefined && input.MacAlgorithm !== null && { MacAlgorithm: input.MacAlgorithm }),
+        ...(input.Message !== undefined && input.Message !== null && { Message: context.base64Encoder(input.Message) }),
+    };
+};
 const serializeAws_json1_1GenerateRandomRequest = (input, context) => {
     return {
         ...(input.CustomKeyStoreId !== undefined &&
@@ -3744,6 +3893,16 @@ const serializeAws_json1_1UpdatePrimaryRegionRequest = (input, context) => {
         ...(input.PrimaryRegion !== undefined && input.PrimaryRegion !== null && { PrimaryRegion: input.PrimaryRegion }),
     };
 };
+const serializeAws_json1_1VerifyMacRequest = (input, context) => {
+    return {
+        ...(input.GrantTokens !== undefined &&
+            input.GrantTokens !== null && { GrantTokens: serializeAws_json1_1GrantTokenList(input.GrantTokens, context) }),
+        ...(input.KeyId !== undefined && input.KeyId !== null && { KeyId: input.KeyId }),
+        ...(input.Mac !== undefined && input.Mac !== null && { Mac: context.base64Encoder(input.Mac) }),
+        ...(input.MacAlgorithm !== undefined && input.MacAlgorithm !== null && { MacAlgorithm: input.MacAlgorithm }),
+        ...(input.Message !== undefined && input.Message !== null && { Message: context.base64Encoder(input.Message) }),
+    };
+};
 const serializeAws_json1_1VerifyRequest = (input, context) => {
     return {
         ...(input.GrantTokens !== undefined &&
@@ -3996,6 +4155,13 @@ const deserializeAws_json1_1GenerateDataKeyWithoutPlaintextResponse = (output, c
         KeyId: (0, smithy_client_1.expectString)(output.KeyId),
     };
 };
+const deserializeAws_json1_1GenerateMacResponse = (output, context) => {
+    return {
+        KeyId: (0, smithy_client_1.expectString)(output.KeyId),
+        Mac: output.Mac !== undefined && output.Mac !== null ? context.base64Decoder(output.Mac) : undefined,
+        MacAlgorithm: (0, smithy_client_1.expectString)(output.MacAlgorithm),
+    };
+};
 const deserializeAws_json1_1GenerateRandomResponse = (output, context) => {
     return {
         Plaintext: output.Plaintext !== undefined && output.Plaintext !== null ? context.base64Decoder(output.Plaintext) : undefined,
@@ -4188,6 +4354,9 @@ const deserializeAws_json1_1KeyMetadata = (output, context) => {
         KeySpec: (0, smithy_client_1.expectString)(output.KeySpec),
         KeyState: (0, smithy_client_1.expectString)(output.KeyState),
         KeyUsage: (0, smithy_client_1.expectString)(output.KeyUsage),
+        MacAlgorithms: output.MacAlgorithms !== undefined && output.MacAlgorithms !== null
+            ? deserializeAws_json1_1MacAlgorithmSpecList(output.MacAlgorithms, context)
+            : undefined,
         MultiRegion: (0, smithy_client_1.expectBoolean)(output.MultiRegion),
         MultiRegionConfiguration: output.MultiRegionConfiguration !== undefined && output.MultiRegionConfiguration !== null
             ? deserializeAws_json1_1MultiRegionConfiguration(output.MultiRegionConfiguration, context)
@@ -4212,6 +4381,11 @@ const deserializeAws_json1_1KMSInternalException = (output, context) => {
         message: (0, smithy_client_1.expectString)(output.message),
     };
 };
+const deserializeAws_json1_1KMSInvalidMacException = (output, context) => {
+    return {
+        message: (0, smithy_client_1.expectString)(output.message),
+    };
+};
 const deserializeAws_json1_1KMSInvalidSignatureException = (output, context) => {
     return {
         message: (0, smithy_client_1.expectString)(output.message),
@@ -4272,6 +4446,17 @@ const deserializeAws_json1_1ListResourceTagsResponse = (output, context) => {
         Truncated: (0, smithy_client_1.expectBoolean)(output.Truncated),
     };
 };
+const deserializeAws_json1_1MacAlgorithmSpecList = (output, context) => {
+    const retVal = (output || [])
+        .filter((e) => e != null)
+        .map((entry) => {
+        if (entry === null) {
+            return null;
+        }
+        return (0, smithy_client_1.expectString)(entry);
+    });
+    return retVal;
+};
 const deserializeAws_json1_1MalformedPolicyDocumentException = (output, context) => {
     return {
         message: (0, smithy_client_1.expectString)(output.message),
@@ -4401,6 +4586,13 @@ const deserializeAws_json1_1UnsupportedOperationException = (output, context) =>
 const deserializeAws_json1_1UpdateCustomKeyStoreResponse = (output, context) => {
     return {};
 };
+const deserializeAws_json1_1VerifyMacResponse = (output, context) => {
+    return {
+        KeyId: (0, smithy_client_1.expectString)(output.KeyId),
+        MacAlgorithm: (0, smithy_client_1.expectString)(output.MacAlgorithm),
+        MacValid: (0, smithy_client_1.expectBoolean)(output.MacValid),
+    };
+};
 const deserializeAws_json1_1VerifyResponse = (output, context) => {
     return {
         KeyId: (0, smithy_client_1.expectString)(output.KeyId),