From 898d1740f53c5d0a09c3c52e05e2d8595c3c0575 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Tue, 22 Nov 2022 15:19:26 -0500 Subject: [PATCH] feat: [cloudkms] add SHA-2 import methods (#8835) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add SHA-2 import methods PiperOrigin-RevId: 490250391 Source-Link: https://github.com/googleapis/googleapis/commit/4713c109a984e88155c7b0f6ba47739a05234d69 Source-Link: https://github.com/googleapis/googleapis-gen/commit/23c40fd800946befcc760f472e998db6b3b65d64 Copy-Tag: eyJwIjoiamF2YS1rbXMvLk93bEJvdC55YW1sIiwiaCI6IjIzYzQwZmQ4MDA5NDZiZWZjYzc2MGY0NzJlOTk4ZGI2YjNiNjVkNjQifQ== * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot --- .../kms/v1/KeyManagementServiceClient.java | 22 +- .../kms/v1/stub/HttpJsonEkmServiceStub.java | 3 + .../HttpJsonKeyManagementServiceStub.java | 3 + ...eyManagementServiceClientHttpJsonTest.java | 2 + .../v1/KeyManagementServiceClientTest.java | 3 + .../kms/v1/CreateEkmConnectionRequest.java | 6 +- .../google/cloud/kms/v1/EkmConnection.java | 133 ++--- .../cloud/kms/v1/EkmConnectionOrBuilder.java | 14 +- .../google/cloud/kms/v1/EkmServiceProto.java | 84 ++-- .../google/cloud/kms/v1/EncryptRequest.java | 40 +- .../cloud/kms/v1/EncryptRequestOrBuilder.java | 10 +- .../cloud/kms/v1/GetEkmConnectionRequest.java | 6 +- .../kms/v1/ImportCryptoKeyVersionRequest.java | 331 ++++++++---- ...mportCryptoKeyVersionRequestOrBuilder.java | 81 +-- .../com/google/cloud/kms/v1/ImportJob.java | 120 +++++ .../cloud/kms/v1/KeyOperationAttestation.java | 4 + .../com/google/cloud/kms/v1/KmsProto.java | 469 +++++++++--------- .../cloud/kms/v1/KmsResourcesProto.java | 41 +- .../kms/v1/ListEkmConnectionsRequest.java | 6 +- .../kms/v1/ListEkmConnectionsResponse.java | 6 +- .../kms/v1/UpdateEkmConnectionRequest.java | 6 +- .../google/cloud/kms/v1/ekm_service.proto | 27 +- .../proto/google/cloud/kms/v1/resources.proto | 33 +- .../proto/google/cloud/kms/v1/service.proto | 87 ++-- .../AsyncImportCryptoKeyVersion.java | 2 + .../SyncImportCryptoKeyVersion.java | 2 + 26 files changed, 967 insertions(+), 574 deletions(-) diff --git a/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceClient.java b/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceClient.java index b7a782e2f1d8..4176f59d742b 100644 --- a/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceClient.java +++ b/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceClient.java @@ -2070,6 +2070,7 @@ public final CryptoKeyVersion createCryptoKeyVersion(CreateCryptoKeyVersionReque * "[CRYPTO_KEY_VERSION]") * .toString()) * .setImportJob("importJob-208547368") + * .setWrappedKey(ByteString.EMPTY) * .build(); * CryptoKeyVersion response = keyManagementServiceClient.importCryptoKeyVersion(request); * } @@ -2116,6 +2117,7 @@ public final CryptoKeyVersion importCryptoKeyVersion(ImportCryptoKeyVersionReque * "[CRYPTO_KEY_VERSION]") * .toString()) * .setImportJob("importJob-208547368") + * .setWrappedKey(ByteString.EMPTY) * .build(); * ApiFuture future = * keyManagementServiceClient.importCryptoKeyVersionCallable().futureCall(request); @@ -3047,10 +3049,12 @@ public final CryptoKeyVersion restoreCryptoKeyVersion(RestoreCryptoKeyVersionReq * @param plaintext Required. The data to encrypt. Must be no larger than 64KiB. *

The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For - * [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the plaintext must be no - * larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined - * length of the plaintext and additional_authenticated_data fields must be no larger than - * 8KiB. + * [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the plaintext must + * be no larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the + * combined length of the plaintext and additional_authenticated_data fields must be no larger + * than 8KiB. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final EncryptResponse encrypt(ResourceName name, ByteString plaintext) { @@ -3132,10 +3136,12 @@ public final EncryptResponse encrypt(CryptoKeyPathName name, ByteString plaintex * @param plaintext Required. The data to encrypt. Must be no larger than 64KiB. *

The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For - * [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the plaintext must be no - * larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined - * length of the plaintext and additional_authenticated_data fields must be no larger than - * 8KiB. + * [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the plaintext must + * be no larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the + * combined length of the plaintext and additional_authenticated_data fields must be no larger + * than 8KiB. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ public final EncryptResponse encrypt(String name, ByteString plaintext) { diff --git a/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/stub/HttpJsonEkmServiceStub.java b/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/stub/HttpJsonEkmServiceStub.java index ee8b9528e5bd..ff6d00919995 100644 --- a/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/stub/HttpJsonEkmServiceStub.java +++ b/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/stub/HttpJsonEkmServiceStub.java @@ -298,6 +298,7 @@ public class HttpJsonEkmServiceStub extends EkmServiceStub { .setAdditionalPaths( "/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:setIamPolicy", "/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:setIamPolicy", + "/v1/{resource=projects/*/locations/*/ekmConfig}:setIamPolicy", "/v1/{resource=projects/*/locations/*/ekmConnections/*}:setIamPolicy") .setQueryParamsExtractor( request -> { @@ -338,6 +339,7 @@ public class HttpJsonEkmServiceStub extends EkmServiceStub { .setAdditionalPaths( "/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:getIamPolicy", "/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:getIamPolicy", + "/v1/{resource=projects/*/locations/*/ekmConfig}:getIamPolicy", "/v1/{resource=projects/*/locations/*/ekmConnections/*}:getIamPolicy") .setQueryParamsExtractor( request -> { @@ -375,6 +377,7 @@ public class HttpJsonEkmServiceStub extends EkmServiceStub { .setAdditionalPaths( "/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:testIamPermissions", "/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:testIamPermissions", + "/v1/{resource=projects/*/locations/*/ekmConfig}:testIamPermissions", "/v1/{resource=projects/*/locations/*/ekmConnections/*}:testIamPermissions") .setQueryParamsExtractor( request -> { diff --git a/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/stub/HttpJsonKeyManagementServiceStub.java b/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/stub/HttpJsonKeyManagementServiceStub.java index 230451dbd907..a94dc910d7dc 100644 --- a/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/stub/HttpJsonKeyManagementServiceStub.java +++ b/java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/stub/HttpJsonKeyManagementServiceStub.java @@ -1136,6 +1136,7 @@ public class HttpJsonKeyManagementServiceStub extends KeyManagementServiceStub { .setAdditionalPaths( "/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:setIamPolicy", "/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:setIamPolicy", + "/v1/{resource=projects/*/locations/*/ekmConfig}:setIamPolicy", "/v1/{resource=projects/*/locations/*/ekmConnections/*}:setIamPolicy") .setQueryParamsExtractor( request -> { @@ -1176,6 +1177,7 @@ public class HttpJsonKeyManagementServiceStub extends KeyManagementServiceStub { .setAdditionalPaths( "/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:getIamPolicy", "/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:getIamPolicy", + "/v1/{resource=projects/*/locations/*/ekmConfig}:getIamPolicy", "/v1/{resource=projects/*/locations/*/ekmConnections/*}:getIamPolicy") .setQueryParamsExtractor( request -> { @@ -1213,6 +1215,7 @@ public class HttpJsonKeyManagementServiceStub extends KeyManagementServiceStub { .setAdditionalPaths( "/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:testIamPermissions", "/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:testIamPermissions", + "/v1/{resource=projects/*/locations/*/ekmConfig}:testIamPermissions", "/v1/{resource=projects/*/locations/*/ekmConnections/*}:testIamPermissions") .setQueryParamsExtractor( request -> { diff --git a/java-kms/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientHttpJsonTest.java b/java-kms/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientHttpJsonTest.java index 6306b386d0ef..b4a0e8964775 100644 --- a/java-kms/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientHttpJsonTest.java +++ b/java-kms/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientHttpJsonTest.java @@ -1434,6 +1434,7 @@ public void importCryptoKeyVersionTest() throws Exception { "[CRYPTO_KEY_VERSION]") .toString()) .setImportJob("importJob-208547368") + .setWrappedKey(ByteString.EMPTY) .build(); CryptoKeyVersion actualResponse = client.importCryptoKeyVersion(request); @@ -1476,6 +1477,7 @@ public void importCryptoKeyVersionExceptionTest() throws Exception { "[CRYPTO_KEY_VERSION]") .toString()) .setImportJob("importJob-208547368") + .setWrappedKey(ByteString.EMPTY) .build(); client.importCryptoKeyVersion(request); Assert.fail("No exception raised"); diff --git a/java-kms/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientTest.java b/java-kms/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientTest.java index a7ddf9ddc9c3..76ae53e3d9ff 100644 --- a/java-kms/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientTest.java +++ b/java-kms/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientTest.java @@ -1300,6 +1300,7 @@ public void importCryptoKeyVersionTest() throws Exception { "[CRYPTO_KEY_VERSION]") .toString()) .setImportJob("importJob-208547368") + .setWrappedKey(ByteString.EMPTY) .build(); CryptoKeyVersion actualResponse = client.importCryptoKeyVersion(request); @@ -1314,6 +1315,7 @@ public void importCryptoKeyVersionTest() throws Exception { Assert.assertEquals(request.getCryptoKeyVersion(), actualRequest.getCryptoKeyVersion()); Assert.assertEquals(request.getAlgorithm(), actualRequest.getAlgorithm()); Assert.assertEquals(request.getImportJob(), actualRequest.getImportJob()); + Assert.assertEquals(request.getWrappedKey(), actualRequest.getWrappedKey()); Assert.assertEquals(request.getRsaAesWrappedKey(), actualRequest.getRsaAesWrappedKey()); Assert.assertTrue( channelProvider.isHeaderSent( @@ -1341,6 +1343,7 @@ public void importCryptoKeyVersionExceptionTest() throws Exception { "[CRYPTO_KEY_VERSION]") .toString()) .setImportJob("importJob-208547368") + .setWrappedKey(ByteString.EMPTY) .build(); client.importCryptoKeyVersion(request); Assert.fail("No exception raised"); diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CreateEkmConnectionRequest.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CreateEkmConnectionRequest.java index 4ef71f758eb0..355e505f6c1b 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CreateEkmConnectionRequest.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CreateEkmConnectionRequest.java @@ -22,7 +22,8 @@ * * *

- * Request message for [KeyManagementService.CreateEkmConnection][].
+ * Request message for
+ * [EkmService.CreateEkmConnection][google.cloud.kms.v1.EkmService.CreateEkmConnection].
  * 
* * Protobuf type {@code google.cloud.kms.v1.CreateEkmConnectionRequest} @@ -419,7 +420,8 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build * * *
-   * Request message for [KeyManagementService.CreateEkmConnection][].
+   * Request message for
+   * [EkmService.CreateEkmConnection][google.cloud.kms.v1.EkmService.CreateEkmConnection].
    * 
* * Protobuf type {@code google.cloud.kms.v1.CreateEkmConnectionRequest} diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmConnection.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmConnection.java index 5d32d8d3413f..215ed98a6cf7 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmConnection.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmConnection.java @@ -177,7 +177,8 @@ public interface ServiceResolverOrBuilder * *
      * Required. A list of leaf server certificates used to authenticate HTTPS
-     * connections to the EKM replica.
+     * connections to the EKM replica. Currently, a maximum of 10
+     * [Certificate][google.cloud.kms.v1.Certificate] is supported.
      * 
* * @@ -190,7 +191,8 @@ public interface ServiceResolverOrBuilder * *
      * Required. A list of leaf server certificates used to authenticate HTTPS
-     * connections to the EKM replica.
+     * connections to the EKM replica. Currently, a maximum of 10
+     * [Certificate][google.cloud.kms.v1.Certificate] is supported.
      * 
* * @@ -203,7 +205,8 @@ public interface ServiceResolverOrBuilder * *
      * Required. A list of leaf server certificates used to authenticate HTTPS
-     * connections to the EKM replica.
+     * connections to the EKM replica. Currently, a maximum of 10
+     * [Certificate][google.cloud.kms.v1.Certificate] is supported.
      * 
* * @@ -216,7 +219,8 @@ public interface ServiceResolverOrBuilder * *
      * Required. A list of leaf server certificates used to authenticate HTTPS
-     * connections to the EKM replica.
+     * connections to the EKM replica. Currently, a maximum of 10
+     * [Certificate][google.cloud.kms.v1.Certificate] is supported.
      * 
* * @@ -230,7 +234,8 @@ public interface ServiceResolverOrBuilder * *
      * Required. A list of leaf server certificates used to authenticate HTTPS
-     * connections to the EKM replica.
+     * connections to the EKM replica. Currently, a maximum of 10
+     * [Certificate][google.cloud.kms.v1.Certificate] is supported.
      * 
* * @@ -463,7 +468,8 @@ public com.google.protobuf.ByteString getHostnameBytes() { * *
      * Required. A list of leaf server certificates used to authenticate HTTPS
-     * connections to the EKM replica.
+     * connections to the EKM replica. Currently, a maximum of 10
+     * [Certificate][google.cloud.kms.v1.Certificate] is supported.
      * 
* * @@ -479,7 +485,8 @@ public java.util.List getServerCertificates * *
      * Required. A list of leaf server certificates used to authenticate HTTPS
-     * connections to the EKM replica.
+     * connections to the EKM replica. Currently, a maximum of 10
+     * [Certificate][google.cloud.kms.v1.Certificate] is supported.
      * 
* * @@ -496,7 +503,8 @@ public java.util.List getServerCertificates * *
      * Required. A list of leaf server certificates used to authenticate HTTPS
-     * connections to the EKM replica.
+     * connections to the EKM replica. Currently, a maximum of 10
+     * [Certificate][google.cloud.kms.v1.Certificate] is supported.
      * 
* * @@ -512,7 +520,8 @@ public int getServerCertificatesCount() { * *
      * Required. A list of leaf server certificates used to authenticate HTTPS
-     * connections to the EKM replica.
+     * connections to the EKM replica. Currently, a maximum of 10
+     * [Certificate][google.cloud.kms.v1.Certificate] is supported.
      * 
* * @@ -528,7 +537,8 @@ public com.google.cloud.kms.v1.Certificate getServerCertificates(int index) { * *
      * Required. A list of leaf server certificates used to authenticate HTTPS
-     * connections to the EKM replica.
+     * connections to the EKM replica. Currently, a maximum of 10
+     * [Certificate][google.cloud.kms.v1.Certificate] is supported.
      * 
* * @@ -1373,7 +1383,8 @@ private void ensureServerCertificatesIsMutable() { * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1392,7 +1403,8 @@ public java.util.List getServerCertificates * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1411,7 +1423,8 @@ public int getServerCertificatesCount() { * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1430,7 +1443,8 @@ public com.google.cloud.kms.v1.Certificate getServerCertificates(int index) { * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1455,7 +1469,8 @@ public Builder setServerCertificates(int index, com.google.cloud.kms.v1.Certific * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1478,7 +1493,8 @@ public Builder setServerCertificates( * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1503,7 +1519,8 @@ public Builder addServerCertificates(com.google.cloud.kms.v1.Certificate value) * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1528,7 +1545,8 @@ public Builder addServerCertificates(int index, com.google.cloud.kms.v1.Certific * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1551,7 +1569,8 @@ public Builder addServerCertificates( * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1574,7 +1593,8 @@ public Builder addServerCertificates( * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1597,7 +1617,8 @@ public Builder addAllServerCertificates( * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1619,7 +1640,8 @@ public Builder clearServerCertificates() { * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1641,7 +1663,8 @@ public Builder removeServerCertificates(int index) { * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1656,7 +1679,8 @@ public com.google.cloud.kms.v1.Certificate.Builder getServerCertificatesBuilder( * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1676,7 +1700,8 @@ public com.google.cloud.kms.v1.CertificateOrBuilder getServerCertificatesOrBuild * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1696,7 +1721,8 @@ public com.google.cloud.kms.v1.CertificateOrBuilder getServerCertificatesOrBuild * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1712,7 +1738,8 @@ public com.google.cloud.kms.v1.Certificate.Builder addServerCertificatesBuilder( * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -1728,7 +1755,8 @@ public com.google.cloud.kms.v1.Certificate.Builder addServerCertificatesBuilder( * *
        * Required. A list of leaf server certificates used to authenticate HTTPS
-       * connections to the EKM replica.
+       * connections to the EKM replica. Currently, a maximum of 10
+       * [Certificate][google.cloud.kms.v1.Certificate] is supported.
        * 
* * @@ -2031,12 +2059,11 @@ public com.google.cloud.kms.v1.EkmConnection.ServiceResolver getServiceResolvers * * *
-   * This checksum is computed by the server based on the value of other fields,
-   * and may be sent on update requests to ensure the client has an up-to-date
-   * value before proceeding.
+   * Optional. Etag of the currently stored
+   * [EkmConnection][google.cloud.kms.v1.EkmConnection].
    * 
* - * string etag = 5; + * string etag = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return The etag. */ @@ -2056,12 +2083,11 @@ public java.lang.String getEtag() { * * *
-   * This checksum is computed by the server based on the value of other fields,
-   * and may be sent on update requests to ensure the client has an up-to-date
-   * value before proceeding.
+   * Optional. Etag of the currently stored
+   * [EkmConnection][google.cloud.kms.v1.EkmConnection].
    * 
* - * string etag = 5; + * string etag = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return The bytes for etag. */ @@ -3343,12 +3369,11 @@ public com.google.cloud.kms.v1.EkmConnection.ServiceResolver.Builder addServiceR * * *
-     * This checksum is computed by the server based on the value of other fields,
-     * and may be sent on update requests to ensure the client has an up-to-date
-     * value before proceeding.
+     * Optional. Etag of the currently stored
+     * [EkmConnection][google.cloud.kms.v1.EkmConnection].
      * 
* - * string etag = 5; + * string etag = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return The etag. */ @@ -3367,12 +3392,11 @@ public java.lang.String getEtag() { * * *
-     * This checksum is computed by the server based on the value of other fields,
-     * and may be sent on update requests to ensure the client has an up-to-date
-     * value before proceeding.
+     * Optional. Etag of the currently stored
+     * [EkmConnection][google.cloud.kms.v1.EkmConnection].
      * 
* - * string etag = 5; + * string etag = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return The bytes for etag. */ @@ -3391,12 +3415,11 @@ public com.google.protobuf.ByteString getEtagBytes() { * * *
-     * This checksum is computed by the server based on the value of other fields,
-     * and may be sent on update requests to ensure the client has an up-to-date
-     * value before proceeding.
+     * Optional. Etag of the currently stored
+     * [EkmConnection][google.cloud.kms.v1.EkmConnection].
      * 
* - * string etag = 5; + * string etag = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @param value The etag to set. * @return This builder for chaining. @@ -3414,12 +3437,11 @@ public Builder setEtag(java.lang.String value) { * * *
-     * This checksum is computed by the server based on the value of other fields,
-     * and may be sent on update requests to ensure the client has an up-to-date
-     * value before proceeding.
+     * Optional. Etag of the currently stored
+     * [EkmConnection][google.cloud.kms.v1.EkmConnection].
      * 
* - * string etag = 5; + * string etag = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return This builder for chaining. */ @@ -3433,12 +3455,11 @@ public Builder clearEtag() { * * *
-     * This checksum is computed by the server based on the value of other fields,
-     * and may be sent on update requests to ensure the client has an up-to-date
-     * value before proceeding.
+     * Optional. Etag of the currently stored
+     * [EkmConnection][google.cloud.kms.v1.EkmConnection].
      * 
* - * string etag = 5; + * string etag = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @param value The bytes for etag to set. * @return This builder for chaining. diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmConnectionOrBuilder.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmConnectionOrBuilder.java index bac931a1f4bf..07d7492cd9a3 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmConnectionOrBuilder.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmConnectionOrBuilder.java @@ -175,12 +175,11 @@ com.google.cloud.kms.v1.EkmConnection.ServiceResolverOrBuilder getServiceResolve * * *
-   * This checksum is computed by the server based on the value of other fields,
-   * and may be sent on update requests to ensure the client has an up-to-date
-   * value before proceeding.
+   * Optional. Etag of the currently stored
+   * [EkmConnection][google.cloud.kms.v1.EkmConnection].
    * 
* - * string etag = 5; + * string etag = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return The etag. */ @@ -189,12 +188,11 @@ com.google.cloud.kms.v1.EkmConnection.ServiceResolverOrBuilder getServiceResolve * * *
-   * This checksum is computed by the server based on the value of other fields,
-   * and may be sent on update requests to ensure the client has an up-to-date
-   * value before proceeding.
+   * Optional. Etag of the currently stored
+   * [EkmConnection][google.cloud.kms.v1.EkmConnection].
    * 
* - * string etag = 5; + * string etag = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return The bytes for etag. */ diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmServiceProto.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmServiceProto.java index 37216f110d7e..874b7dd507cc 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmServiceProto.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EkmServiceProto.java @@ -100,51 +100,51 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() { + "google.protobuf.TimestampB\003\340A\003\0227\n\016not_af" + "ter_time\030\007 \001(\0132\032.google.protobuf.Timesta" + "mpB\003\340A\003\022\032\n\rserial_number\030\010 \001(\tB\003\340A\003\022\037\n\022s" - + "ha256_fingerprint\030\t \001(\tB\003\340A\003\"\213\004\n\rEkmConn" + + "ha256_fingerprint\030\t \001(\tB\003\340A\003\"\220\004\n\rEkmConn" + "ection\022\021\n\004name\030\001 \001(\tB\003\340A\003\0224\n\013create_time" + "\030\002 \001(\0132\032.google.protobuf.TimestampB\003\340A\003\022" + "M\n\021service_resolvers\030\003 \003(\01322.google.clou" - + "d.kms.v1.EkmConnection.ServiceResolver\022\014" - + "\n\004etag\030\005 \001(\t\032\336\001\n\017ServiceResolver\022R\n\031serv" - + "ice_directory_service\030\001 \001(\tB/\340A\002\372A)\n\'ser" - + "vicedirectory.googleapis.com/Service\022\034\n\017" - + "endpoint_filter\030\002 \001(\tB\003\340A\001\022\025\n\010hostname\030\003" - + " \001(\tB\003\340A\002\022B\n\023server_certificates\030\004 \003(\0132 " - + ".google.cloud.kms.v1.CertificateB\003\340A\002:s\352" - + "Ap\n%cloudkms.googleapis.com/EkmConnectio" - + "n\022Gprojects/{project}/locations/{locatio" - + "n}/ekmConnections/{ekm_connection}2\261\007\n\nE" - + "kmService\022\272\001\n\022ListEkmConnections\022..googl" - + "e.cloud.kms.v1.ListEkmConnectionsRequest" - + "\032/.google.cloud.kms.v1.ListEkmConnection" - + "sResponse\"C\202\323\344\223\0024\0222/v1/{parent=projects/" - + "*/locations/*}/ekmConnections\332A\006parent\022\247" - + "\001\n\020GetEkmConnection\022,.google.cloud.kms.v" - + "1.GetEkmConnectionRequest\032\".google.cloud" - + ".kms.v1.EkmConnection\"A\202\323\344\223\0024\0222/v1/{name" - + "=projects/*/locations/*/ekmConnections/*" - + "}\332A\004name\022\340\001\n\023CreateEkmConnection\022/.googl" - + "e.cloud.kms.v1.CreateEkmConnectionReques" - + "t\032\".google.cloud.kms.v1.EkmConnection\"t\202" - + "\323\344\223\002D\"2/v1/{parent=projects/*/locations/" - + "*}/ekmConnections:\016ekm_connection\332A\'pare" - + "nt,ekm_connection_id,ekm_connection\022\342\001\n\023" - + "UpdateEkmConnection\022/.google.cloud.kms.v" - + "1.UpdateEkmConnectionRequest\032\".google.cl" - + "oud.kms.v1.EkmConnection\"v\202\323\344\223\002S2A/v1/{e" - + "km_connection.name=projects/*/locations/" - + "*/ekmConnections/*}:\016ekm_connection\332A\032ek" - + "m_connection,update_mask\032t\312A\027cloudkms.go" - + "ogleapis.com\322AWhttps://www.googleapis.co" - + "m/auth/cloud-platform,https://www.google" - + "apis.com/auth/cloudkmsB\222\002\n\027com.google.cl" - + "oud.kms.v1B\017EkmServiceProtoP\001Z6google.go" - + "lang.org/genproto/googleapis/cloud/kms/v" - + "1;kms\370\001\001\252\002\023Google.Cloud.Kms.V1\312\002\023Google\\" - + "Cloud\\Kms\\V1\352A|\n\'servicedirectory.google" - + "apis.com/Service\022Qprojects/{project}/loc" - + "ations/{location}/namespaces/{namespace}" - + "/services/{service}b\006proto3" + + "d.kms.v1.EkmConnection.ServiceResolver\022\021" + + "\n\004etag\030\005 \001(\tB\003\340A\001\032\336\001\n\017ServiceResolver\022R\n" + + "\031service_directory_service\030\001 \001(\tB/\340A\002\372A)" + + "\n\'servicedirectory.googleapis.com/Servic" + + "e\022\034\n\017endpoint_filter\030\002 \001(\tB\003\340A\001\022\025\n\010hostn" + + "ame\030\003 \001(\tB\003\340A\002\022B\n\023server_certificates\030\004 " + + "\003(\0132 .google.cloud.kms.v1.CertificateB\003\340" + + "A\002:s\352Ap\n%cloudkms.googleapis.com/EkmConn" + + "ection\022Gprojects/{project}/locations/{lo" + + "cation}/ekmConnections/{ekm_connection}2" + + "\261\007\n\nEkmService\022\272\001\n\022ListEkmConnections\022.." + + "google.cloud.kms.v1.ListEkmConnectionsRe" + + "quest\032/.google.cloud.kms.v1.ListEkmConne" + + "ctionsResponse\"C\202\323\344\223\0024\0222/v1/{parent=proj" + + "ects/*/locations/*}/ekmConnections\332A\006par" + + "ent\022\247\001\n\020GetEkmConnection\022,.google.cloud." + + "kms.v1.GetEkmConnectionRequest\032\".google." + + "cloud.kms.v1.EkmConnection\"A\202\323\344\223\0024\0222/v1/" + + "{name=projects/*/locations/*/ekmConnecti" + + "ons/*}\332A\004name\022\340\001\n\023CreateEkmConnection\022/." + + "google.cloud.kms.v1.CreateEkmConnectionR" + + "equest\032\".google.cloud.kms.v1.EkmConnecti" + + "on\"t\202\323\344\223\002D\"2/v1/{parent=projects/*/locat" + + "ions/*}/ekmConnections:\016ekm_connection\332A" + + "\'parent,ekm_connection_id,ekm_connection" + + "\022\342\001\n\023UpdateEkmConnection\022/.google.cloud." + + "kms.v1.UpdateEkmConnectionRequest\032\".goog" + + "le.cloud.kms.v1.EkmConnection\"v\202\323\344\223\002S2A/" + + "v1/{ekm_connection.name=projects/*/locat" + + "ions/*/ekmConnections/*}:\016ekm_connection" + + "\332A\032ekm_connection,update_mask\032t\312A\027cloudk" + + "ms.googleapis.com\322AWhttps://www.googleap" + + "is.com/auth/cloud-platform,https://www.g" + + "oogleapis.com/auth/cloudkmsB\222\002\n\027com.goog" + + "le.cloud.kms.v1B\017EkmServiceProtoP\001Z6goog" + + "le.golang.org/genproto/googleapis/cloud/" + + "kms/v1;kms\370\001\001\252\002\023Google.Cloud.Kms.V1\312\002\023Go" + + "ogle\\Cloud\\Kms\\V1\352A|\n\'servicedirectory.g" + + "oogleapis.com/Service\022Qprojects/{project" + + "}/locations/{location}/namespaces/{names" + + "pace}/services/{service}b\006proto3" }; descriptor = com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom( diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EncryptRequest.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EncryptRequest.java index eda4c0c44fc4..cf3c80c0c145 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EncryptRequest.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EncryptRequest.java @@ -142,7 +142,9 @@ public com.google.protobuf.ByteString getNameBytes() { * Required. The data to encrypt. Must be no larger than 64KiB. * The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the + * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the * plaintext must be no larger than 64KiB. For * [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger @@ -169,8 +171,10 @@ public com.google.protobuf.ByteString getPlaintext() { * [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. * The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD - * must be no larger than 64KiB. For + * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the + * AAD must be no larger than 64KiB. For * [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger * than 8KiB. @@ -998,7 +1002,9 @@ public Builder setNameBytes(com.google.protobuf.ByteString value) { * Required. The data to encrypt. Must be no larger than 64KiB. * The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the + * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the * plaintext must be no larger than 64KiB. For * [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger @@ -1020,7 +1026,9 @@ public com.google.protobuf.ByteString getPlaintext() { * Required. The data to encrypt. Must be no larger than 64KiB. * The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the + * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the * plaintext must be no larger than 64KiB. For * [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger @@ -1048,7 +1056,9 @@ public Builder setPlaintext(com.google.protobuf.ByteString value) { * Required. The data to encrypt. Must be no larger than 64KiB. * The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the + * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the * plaintext must be no larger than 64KiB. For * [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger @@ -1077,8 +1087,10 @@ public Builder clearPlaintext() { * [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. * The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD - * must be no larger than 64KiB. For + * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the + * AAD must be no larger than 64KiB. For * [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger * than 8KiB. @@ -1102,8 +1114,10 @@ public com.google.protobuf.ByteString getAdditionalAuthenticatedData() { * [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. * The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD - * must be no larger than 64KiB. For + * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the + * AAD must be no larger than 64KiB. For * [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger * than 8KiB. @@ -1133,8 +1147,10 @@ public Builder setAdditionalAuthenticatedData(com.google.protobuf.ByteString val * [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. * The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD - * must be no larger than 64KiB. For + * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the + * AAD must be no larger than 64KiB. For * [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger * than 8KiB. diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EncryptRequestOrBuilder.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EncryptRequestOrBuilder.java index 48244a345b7c..954ecc443b49 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EncryptRequestOrBuilder.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/EncryptRequestOrBuilder.java @@ -69,7 +69,9 @@ public interface EncryptRequestOrBuilder * Required. The data to encrypt. Must be no larger than 64KiB. * The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the + * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the * plaintext must be no larger than 64KiB. For * [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger @@ -91,8 +93,10 @@ public interface EncryptRequestOrBuilder * [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. * The maximum size depends on the key version's * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD - * must be no larger than 64KiB. For + * For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + * [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + * [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the + * AAD must be no larger than 64KiB. For * [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger * than 8KiB. diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/GetEkmConnectionRequest.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/GetEkmConnectionRequest.java index 5374d9000e49..ba260f59f80a 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/GetEkmConnectionRequest.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/GetEkmConnectionRequest.java @@ -22,7 +22,8 @@ * * *
- * Request message for [KeyManagementService.GetEkmConnection][].
+ * Request message for
+ * [EkmService.GetEkmConnection][google.cloud.kms.v1.EkmService.GetEkmConnection].
  * 
* * Protobuf type {@code google.cloud.kms.v1.GetEkmConnectionRequest} @@ -285,7 +286,8 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build * * *
-   * Request message for [KeyManagementService.GetEkmConnection][].
+   * Request message for
+   * [EkmService.GetEkmConnection][google.cloud.kms.v1.EkmService.GetEkmConnection].
    * 
* * Protobuf type {@code google.cloud.kms.v1.GetEkmConnectionRequest} diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequest.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequest.java index 15b517a6e71c..1c214cdaed56 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequest.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequest.java @@ -43,6 +43,7 @@ private ImportCryptoKeyVersionRequest() { cryptoKeyVersion_ = ""; algorithm_ = 0; importJob_ = ""; + wrappedKey_ = com.google.protobuf.ByteString.EMPTY; } @java.lang.Override @@ -366,35 +367,68 @@ public com.google.protobuf.ByteString getImportJobBytes() { } } - public static final int RSA_AES_WRAPPED_KEY_FIELD_NUMBER = 5; + public static final int WRAPPED_KEY_FIELD_NUMBER = 8; + private com.google.protobuf.ByteString wrappedKey_; /** * * *
-   * Wrapped key material produced with
-   * [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
+   * Optional. The wrapped key material to import.
+   * Before wrapping, key material must be formatted. If importing symmetric key
+   * material, the expected key material format is plain bytes. If importing
+   * asymmetric key material, the expected key material format is PKCS#8-encoded
+   * DER (the PrivateKeyInfo structure from RFC 5208).
+   * When wrapping with import methods
+   * ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
+   * or
+   * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]
    * or
-   * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
-   * This field contains the concatenation of two wrapped keys:
+   * [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256]
+   * or
+   * [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]),
+   * this field must contain the concatenation of:
    * <ol>
    *   <li>An ephemeral AES-256 wrapping key wrapped with the
    *       [public_key][google.cloud.kms.v1.ImportJob.public_key] using
-   *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
-   *       empty label.
+   *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
+   *       label.
    *   </li>
-   *   <li>The key to be imported, wrapped with the ephemeral AES-256 key
-   *       using AES-KWP (RFC 5649).
+   *   <li>The formatted key to be imported, wrapped with the ephemeral AES-256
+   *       key using AES-KWP (RFC 5649).
    *   </li>
    * </ol>
-   * If importing symmetric key material, it is expected that the unwrapped
-   * key contains plain bytes. If importing asymmetric key material, it is
-   * expected that the unwrapped key is in PKCS#8-encoded DER format (the
-   * PrivateKeyInfo structure from RFC 5208).
    * This format is the same as the format produced by PKCS#11 mechanism
    * CKM_RSA_AES_KEY_WRAP.
+   * When wrapping with import methods
+   * ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256]
+   * or
+   * [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]),
+   * this field must contain the formatted key to be imported, wrapped with the
+   * [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP
+   * with SHA-256, MGF1 with SHA-256, and an empty label.
    * 
* - * bytes rsa_aes_wrapped_key = 5; + * bytes wrapped_key = 8 [(.google.api.field_behavior) = OPTIONAL]; + * + * @return The wrappedKey. + */ + @java.lang.Override + public com.google.protobuf.ByteString getWrappedKey() { + return wrappedKey_; + } + + public static final int RSA_AES_WRAPPED_KEY_FIELD_NUMBER = 5; + /** + * + * + *
+   * Optional. This field has the same meaning as
+   * [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
+   * Prefer to use that field in new work. Either that field or this field
+   * (but not both) must be specified.
+   * 
+ * + * bytes rsa_aes_wrapped_key = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return Whether the rsaAesWrappedKey field is set. */ @@ -406,30 +440,13 @@ public boolean hasRsaAesWrappedKey() { * * *
-   * Wrapped key material produced with
-   * [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
-   * or
-   * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
-   * This field contains the concatenation of two wrapped keys:
-   * <ol>
-   *   <li>An ephemeral AES-256 wrapping key wrapped with the
-   *       [public_key][google.cloud.kms.v1.ImportJob.public_key] using
-   *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
-   *       empty label.
-   *   </li>
-   *   <li>The key to be imported, wrapped with the ephemeral AES-256 key
-   *       using AES-KWP (RFC 5649).
-   *   </li>
-   * </ol>
-   * If importing symmetric key material, it is expected that the unwrapped
-   * key contains plain bytes. If importing asymmetric key material, it is
-   * expected that the unwrapped key is in PKCS#8-encoded DER format (the
-   * PrivateKeyInfo structure from RFC 5208).
-   * This format is the same as the format produced by PKCS#11 mechanism
-   * CKM_RSA_AES_KEY_WRAP.
+   * Optional. This field has the same meaning as
+   * [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
+   * Prefer to use that field in new work. Either that field or this field
+   * (but not both) must be specified.
    * 
* - * bytes rsa_aes_wrapped_key = 5; + * bytes rsa_aes_wrapped_key = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return The rsaAesWrappedKey. */ @@ -473,6 +490,9 @@ public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(cryptoKeyVersion_)) { com.google.protobuf.GeneratedMessageV3.writeString(output, 6, cryptoKeyVersion_); } + if (!wrappedKey_.isEmpty()) { + output.writeBytes(8, wrappedKey_); + } getUnknownFields().writeTo(output); } @@ -502,6 +522,9 @@ public int getSerializedSize() { if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(cryptoKeyVersion_)) { size += com.google.protobuf.GeneratedMessageV3.computeStringSize(6, cryptoKeyVersion_); } + if (!wrappedKey_.isEmpty()) { + size += com.google.protobuf.CodedOutputStream.computeBytesSize(8, wrappedKey_); + } size += getUnknownFields().getSerializedSize(); memoizedSize = size; return size; @@ -522,6 +545,7 @@ public boolean equals(final java.lang.Object obj) { if (!getCryptoKeyVersion().equals(other.getCryptoKeyVersion())) return false; if (algorithm_ != other.algorithm_) return false; if (!getImportJob().equals(other.getImportJob())) return false; + if (!getWrappedKey().equals(other.getWrappedKey())) return false; if (!getWrappedKeyMaterialCase().equals(other.getWrappedKeyMaterialCase())) return false; switch (wrappedKeyMaterialCase_) { case 5: @@ -549,6 +573,8 @@ public int hashCode() { hash = (53 * hash) + algorithm_; hash = (37 * hash) + IMPORT_JOB_FIELD_NUMBER; hash = (53 * hash) + getImportJob().hashCode(); + hash = (37 * hash) + WRAPPED_KEY_FIELD_NUMBER; + hash = (53 * hash) + getWrappedKey().hashCode(); switch (wrappedKeyMaterialCase_) { case 5: hash = (37 * hash) + RSA_AES_WRAPPED_KEY_FIELD_NUMBER; @@ -705,6 +731,8 @@ public Builder clear() { importJob_ = ""; + wrappedKey_ = com.google.protobuf.ByteString.EMPTY; + wrappedKeyMaterialCase_ = 0; wrappedKeyMaterial_ = null; return this; @@ -738,6 +766,7 @@ public com.google.cloud.kms.v1.ImportCryptoKeyVersionRequest buildPartial() { result.cryptoKeyVersion_ = cryptoKeyVersion_; result.algorithm_ = algorithm_; result.importJob_ = importJob_; + result.wrappedKey_ = wrappedKey_; if (wrappedKeyMaterialCase_ == 5) { result.wrappedKeyMaterial_ = wrappedKeyMaterial_; } @@ -807,6 +836,9 @@ public Builder mergeFrom(com.google.cloud.kms.v1.ImportCryptoKeyVersionRequest o importJob_ = other.importJob_; onChanged(); } + if (other.getWrappedKey() != com.google.protobuf.ByteString.EMPTY) { + setWrappedKey(other.getWrappedKey()); + } switch (other.getWrappedKeyMaterialCase()) { case RSA_AES_WRAPPED_KEY: { @@ -874,6 +906,12 @@ public Builder mergeFrom( break; } // case 50 + case 66: + { + wrappedKey_ = input.readBytes(); + + break; + } // case 66 default: { if (!super.parseUnknownField(input, extensionRegistry, tag)) { @@ -1482,105 +1520,205 @@ public Builder setImportJobBytes(com.google.protobuf.ByteString value) { return this; } + private com.google.protobuf.ByteString wrappedKey_ = com.google.protobuf.ByteString.EMPTY; /** * * *
-     * Wrapped key material produced with
-     * [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
+     * Optional. The wrapped key material to import.
+     * Before wrapping, key material must be formatted. If importing symmetric key
+     * material, the expected key material format is plain bytes. If importing
+     * asymmetric key material, the expected key material format is PKCS#8-encoded
+     * DER (the PrivateKeyInfo structure from RFC 5208).
+     * When wrapping with import methods
+     * ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
+     * or
+     * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]
+     * or
+     * [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256]
      * or
-     * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
-     * This field contains the concatenation of two wrapped keys:
+     * [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]),
+     * this field must contain the concatenation of:
      * <ol>
      *   <li>An ephemeral AES-256 wrapping key wrapped with the
      *       [public_key][google.cloud.kms.v1.ImportJob.public_key] using
-     *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
-     *       empty label.
+     *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
+     *       label.
      *   </li>
-     *   <li>The key to be imported, wrapped with the ephemeral AES-256 key
-     *       using AES-KWP (RFC 5649).
+     *   <li>The formatted key to be imported, wrapped with the ephemeral AES-256
+     *       key using AES-KWP (RFC 5649).
      *   </li>
      * </ol>
-     * If importing symmetric key material, it is expected that the unwrapped
-     * key contains plain bytes. If importing asymmetric key material, it is
-     * expected that the unwrapped key is in PKCS#8-encoded DER format (the
-     * PrivateKeyInfo structure from RFC 5208).
      * This format is the same as the format produced by PKCS#11 mechanism
      * CKM_RSA_AES_KEY_WRAP.
+     * When wrapping with import methods
+     * ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256]
+     * or
+     * [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]),
+     * this field must contain the formatted key to be imported, wrapped with the
+     * [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP
+     * with SHA-256, MGF1 with SHA-256, and an empty label.
      * 
* - * bytes rsa_aes_wrapped_key = 5; + * bytes wrapped_key = 8 [(.google.api.field_behavior) = OPTIONAL]; * - * @return Whether the rsaAesWrappedKey field is set. + * @return The wrappedKey. */ - public boolean hasRsaAesWrappedKey() { - return wrappedKeyMaterialCase_ == 5; + @java.lang.Override + public com.google.protobuf.ByteString getWrappedKey() { + return wrappedKey_; } /** * * *
-     * Wrapped key material produced with
-     * [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
+     * Optional. The wrapped key material to import.
+     * Before wrapping, key material must be formatted. If importing symmetric key
+     * material, the expected key material format is plain bytes. If importing
+     * asymmetric key material, the expected key material format is PKCS#8-encoded
+     * DER (the PrivateKeyInfo structure from RFC 5208).
+     * When wrapping with import methods
+     * ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
+     * or
+     * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]
      * or
-     * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
-     * This field contains the concatenation of two wrapped keys:
+     * [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256]
+     * or
+     * [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]),
+     * this field must contain the concatenation of:
      * <ol>
      *   <li>An ephemeral AES-256 wrapping key wrapped with the
      *       [public_key][google.cloud.kms.v1.ImportJob.public_key] using
-     *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
-     *       empty label.
+     *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
+     *       label.
      *   </li>
-     *   <li>The key to be imported, wrapped with the ephemeral AES-256 key
-     *       using AES-KWP (RFC 5649).
+     *   <li>The formatted key to be imported, wrapped with the ephemeral AES-256
+     *       key using AES-KWP (RFC 5649).
      *   </li>
      * </ol>
-     * If importing symmetric key material, it is expected that the unwrapped
-     * key contains plain bytes. If importing asymmetric key material, it is
-     * expected that the unwrapped key is in PKCS#8-encoded DER format (the
-     * PrivateKeyInfo structure from RFC 5208).
      * This format is the same as the format produced by PKCS#11 mechanism
      * CKM_RSA_AES_KEY_WRAP.
+     * When wrapping with import methods
+     * ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256]
+     * or
+     * [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]),
+     * this field must contain the formatted key to be imported, wrapped with the
+     * [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP
+     * with SHA-256, MGF1 with SHA-256, and an empty label.
      * 
* - * bytes rsa_aes_wrapped_key = 5; + * bytes wrapped_key = 8 [(.google.api.field_behavior) = OPTIONAL]; * - * @return The rsaAesWrappedKey. + * @param value The wrappedKey to set. + * @return This builder for chaining. */ - public com.google.protobuf.ByteString getRsaAesWrappedKey() { - if (wrappedKeyMaterialCase_ == 5) { - return (com.google.protobuf.ByteString) wrappedKeyMaterial_; + public Builder setWrappedKey(com.google.protobuf.ByteString value) { + if (value == null) { + throw new NullPointerException(); } - return com.google.protobuf.ByteString.EMPTY; + + wrappedKey_ = value; + onChanged(); + return this; } /** * * *
-     * Wrapped key material produced with
-     * [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
+     * Optional. The wrapped key material to import.
+     * Before wrapping, key material must be formatted. If importing symmetric key
+     * material, the expected key material format is plain bytes. If importing
+     * asymmetric key material, the expected key material format is PKCS#8-encoded
+     * DER (the PrivateKeyInfo structure from RFC 5208).
+     * When wrapping with import methods
+     * ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
      * or
-     * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
-     * This field contains the concatenation of two wrapped keys:
+     * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]
+     * or
+     * [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256]
+     * or
+     * [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]),
+     * this field must contain the concatenation of:
      * <ol>
      *   <li>An ephemeral AES-256 wrapping key wrapped with the
      *       [public_key][google.cloud.kms.v1.ImportJob.public_key] using
-     *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
-     *       empty label.
+     *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
+     *       label.
      *   </li>
-     *   <li>The key to be imported, wrapped with the ephemeral AES-256 key
-     *       using AES-KWP (RFC 5649).
+     *   <li>The formatted key to be imported, wrapped with the ephemeral AES-256
+     *       key using AES-KWP (RFC 5649).
      *   </li>
      * </ol>
-     * If importing symmetric key material, it is expected that the unwrapped
-     * key contains plain bytes. If importing asymmetric key material, it is
-     * expected that the unwrapped key is in PKCS#8-encoded DER format (the
-     * PrivateKeyInfo structure from RFC 5208).
      * This format is the same as the format produced by PKCS#11 mechanism
      * CKM_RSA_AES_KEY_WRAP.
+     * When wrapping with import methods
+     * ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256]
+     * or
+     * [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]),
+     * this field must contain the formatted key to be imported, wrapped with the
+     * [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP
+     * with SHA-256, MGF1 with SHA-256, and an empty label.
      * 
* - * bytes rsa_aes_wrapped_key = 5; + * bytes wrapped_key = 8 [(.google.api.field_behavior) = OPTIONAL]; + * + * @return This builder for chaining. + */ + public Builder clearWrappedKey() { + + wrappedKey_ = getDefaultInstance().getWrappedKey(); + onChanged(); + return this; + } + + /** + * + * + *
+     * Optional. This field has the same meaning as
+     * [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
+     * Prefer to use that field in new work. Either that field or this field
+     * (but not both) must be specified.
+     * 
+ * + * bytes rsa_aes_wrapped_key = 5 [(.google.api.field_behavior) = OPTIONAL]; + * + * @return Whether the rsaAesWrappedKey field is set. + */ + public boolean hasRsaAesWrappedKey() { + return wrappedKeyMaterialCase_ == 5; + } + /** + * + * + *
+     * Optional. This field has the same meaning as
+     * [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
+     * Prefer to use that field in new work. Either that field or this field
+     * (but not both) must be specified.
+     * 
+ * + * bytes rsa_aes_wrapped_key = 5 [(.google.api.field_behavior) = OPTIONAL]; + * + * @return The rsaAesWrappedKey. + */ + public com.google.protobuf.ByteString getRsaAesWrappedKey() { + if (wrappedKeyMaterialCase_ == 5) { + return (com.google.protobuf.ByteString) wrappedKeyMaterial_; + } + return com.google.protobuf.ByteString.EMPTY; + } + /** + * + * + *
+     * Optional. This field has the same meaning as
+     * [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
+     * Prefer to use that field in new work. Either that field or this field
+     * (but not both) must be specified.
+     * 
+ * + * bytes rsa_aes_wrapped_key = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @param value The rsaAesWrappedKey to set. * @return This builder for chaining. @@ -1598,30 +1736,13 @@ public Builder setRsaAesWrappedKey(com.google.protobuf.ByteString value) { * * *
-     * Wrapped key material produced with
-     * [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
-     * or
-     * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
-     * This field contains the concatenation of two wrapped keys:
-     * <ol>
-     *   <li>An ephemeral AES-256 wrapping key wrapped with the
-     *       [public_key][google.cloud.kms.v1.ImportJob.public_key] using
-     *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
-     *       empty label.
-     *   </li>
-     *   <li>The key to be imported, wrapped with the ephemeral AES-256 key
-     *       using AES-KWP (RFC 5649).
-     *   </li>
-     * </ol>
-     * If importing symmetric key material, it is expected that the unwrapped
-     * key contains plain bytes. If importing asymmetric key material, it is
-     * expected that the unwrapped key is in PKCS#8-encoded DER format (the
-     * PrivateKeyInfo structure from RFC 5208).
-     * This format is the same as the format produced by PKCS#11 mechanism
-     * CKM_RSA_AES_KEY_WRAP.
+     * Optional. This field has the same meaning as
+     * [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
+     * Prefer to use that field in new work. Either that field or this field
+     * (but not both) must be specified.
      * 
* - * bytes rsa_aes_wrapped_key = 5; + * bytes rsa_aes_wrapped_key = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return This builder for chaining. */ diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequestOrBuilder.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequestOrBuilder.java index 1fe021564d55..dcb696c7812b 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequestOrBuilder.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequestOrBuilder.java @@ -193,30 +193,58 @@ public interface ImportCryptoKeyVersionRequestOrBuilder * * *
-   * Wrapped key material produced with
-   * [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
+   * Optional. The wrapped key material to import.
+   * Before wrapping, key material must be formatted. If importing symmetric key
+   * material, the expected key material format is plain bytes. If importing
+   * asymmetric key material, the expected key material format is PKCS#8-encoded
+   * DER (the PrivateKeyInfo structure from RFC 5208).
+   * When wrapping with import methods
+   * ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
    * or
-   * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
-   * This field contains the concatenation of two wrapped keys:
+   * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]
+   * or
+   * [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256]
+   * or
+   * [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]),
+   * this field must contain the concatenation of:
    * <ol>
    *   <li>An ephemeral AES-256 wrapping key wrapped with the
    *       [public_key][google.cloud.kms.v1.ImportJob.public_key] using
-   *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
-   *       empty label.
+   *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
+   *       label.
    *   </li>
-   *   <li>The key to be imported, wrapped with the ephemeral AES-256 key
-   *       using AES-KWP (RFC 5649).
+   *   <li>The formatted key to be imported, wrapped with the ephemeral AES-256
+   *       key using AES-KWP (RFC 5649).
    *   </li>
    * </ol>
-   * If importing symmetric key material, it is expected that the unwrapped
-   * key contains plain bytes. If importing asymmetric key material, it is
-   * expected that the unwrapped key is in PKCS#8-encoded DER format (the
-   * PrivateKeyInfo structure from RFC 5208).
    * This format is the same as the format produced by PKCS#11 mechanism
    * CKM_RSA_AES_KEY_WRAP.
+   * When wrapping with import methods
+   * ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256]
+   * or
+   * [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]),
+   * this field must contain the formatted key to be imported, wrapped with the
+   * [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP
+   * with SHA-256, MGF1 with SHA-256, and an empty label.
    * 
* - * bytes rsa_aes_wrapped_key = 5; + * bytes wrapped_key = 8 [(.google.api.field_behavior) = OPTIONAL]; + * + * @return The wrappedKey. + */ + com.google.protobuf.ByteString getWrappedKey(); + + /** + * + * + *
+   * Optional. This field has the same meaning as
+   * [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
+   * Prefer to use that field in new work. Either that field or this field
+   * (but not both) must be specified.
+   * 
+ * + * bytes rsa_aes_wrapped_key = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return Whether the rsaAesWrappedKey field is set. */ @@ -225,30 +253,13 @@ public interface ImportCryptoKeyVersionRequestOrBuilder * * *
-   * Wrapped key material produced with
-   * [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
-   * or
-   * [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
-   * This field contains the concatenation of two wrapped keys:
-   * <ol>
-   *   <li>An ephemeral AES-256 wrapping key wrapped with the
-   *       [public_key][google.cloud.kms.v1.ImportJob.public_key] using
-   *       RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
-   *       empty label.
-   *   </li>
-   *   <li>The key to be imported, wrapped with the ephemeral AES-256 key
-   *       using AES-KWP (RFC 5649).
-   *   </li>
-   * </ol>
-   * If importing symmetric key material, it is expected that the unwrapped
-   * key contains plain bytes. If importing asymmetric key material, it is
-   * expected that the unwrapped key is in PKCS#8-encoded DER format (the
-   * PrivateKeyInfo structure from RFC 5208).
-   * This format is the same as the format produced by PKCS#11 mechanism
-   * CKM_RSA_AES_KEY_WRAP.
+   * Optional. This field has the same meaning as
+   * [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
+   * Prefer to use that field in new work. Either that field or this field
+   * (but not both) must be specified.
    * 
* - * bytes rsa_aes_wrapped_key = 5; + * bytes rsa_aes_wrapped_key = 5 [(.google.api.field_behavior) = OPTIONAL]; * * @return The rsaAesWrappedKey. */ diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportJob.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportJob.java index 876646200f5f..01ba98f4439b 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportJob.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportJob.java @@ -150,6 +150,62 @@ public enum ImportMethod implements com.google.protobuf.ProtocolMessageEnum { * RSA_OAEP_4096_SHA1_AES_256 = 2; */ RSA_OAEP_4096_SHA1_AES_256(2), + /** + * + * + *
+     * This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
+     * scheme defined in the PKCS #11 standard. In summary, this involves
+     * wrapping the raw key with an ephemeral AES key, and wrapping the
+     * ephemeral AES key with a 3072 bit RSA key. For more details, see
+     * [RSA AES key wrap
+     * mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
+     * 
+ * + * RSA_OAEP_3072_SHA256_AES_256 = 3; + */ + RSA_OAEP_3072_SHA256_AES_256(3), + /** + * + * + *
+     * This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
+     * scheme defined in the PKCS #11 standard. In summary, this involves
+     * wrapping the raw key with an ephemeral AES key, and wrapping the
+     * ephemeral AES key with a 4096 bit RSA key. For more details, see
+     * [RSA AES key wrap
+     * mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
+     * 
+ * + * RSA_OAEP_4096_SHA256_AES_256 = 4; + */ + RSA_OAEP_4096_SHA256_AES_256(4), + /** + * + * + *
+     * This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The
+     * key material to be imported is wrapped directly with the RSA key. Due
+     * to technical limitations of RSA wrapping, this method cannot be used to
+     * wrap RSA keys for import.
+     * 
+ * + * RSA_OAEP_3072_SHA256 = 5; + */ + RSA_OAEP_3072_SHA256(5), + /** + * + * + *
+     * This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The
+     * key material to be imported is wrapped directly with the RSA key. Due
+     * to technical limitations of RSA wrapping, this method cannot be used to
+     * wrap RSA keys for import.
+     * 
+ * + * RSA_OAEP_4096_SHA256 = 6; + */ + RSA_OAEP_4096_SHA256(6), UNRECOGNIZED(-1), ; @@ -193,6 +249,62 @@ public enum ImportMethod implements com.google.protobuf.ProtocolMessageEnum { * RSA_OAEP_4096_SHA1_AES_256 = 2; */ public static final int RSA_OAEP_4096_SHA1_AES_256_VALUE = 2; + /** + * + * + *
+     * This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
+     * scheme defined in the PKCS #11 standard. In summary, this involves
+     * wrapping the raw key with an ephemeral AES key, and wrapping the
+     * ephemeral AES key with a 3072 bit RSA key. For more details, see
+     * [RSA AES key wrap
+     * mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
+     * 
+ * + * RSA_OAEP_3072_SHA256_AES_256 = 3; + */ + public static final int RSA_OAEP_3072_SHA256_AES_256_VALUE = 3; + /** + * + * + *
+     * This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
+     * scheme defined in the PKCS #11 standard. In summary, this involves
+     * wrapping the raw key with an ephemeral AES key, and wrapping the
+     * ephemeral AES key with a 4096 bit RSA key. For more details, see
+     * [RSA AES key wrap
+     * mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
+     * 
+ * + * RSA_OAEP_4096_SHA256_AES_256 = 4; + */ + public static final int RSA_OAEP_4096_SHA256_AES_256_VALUE = 4; + /** + * + * + *
+     * This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The
+     * key material to be imported is wrapped directly with the RSA key. Due
+     * to technical limitations of RSA wrapping, this method cannot be used to
+     * wrap RSA keys for import.
+     * 
+ * + * RSA_OAEP_3072_SHA256 = 5; + */ + public static final int RSA_OAEP_3072_SHA256_VALUE = 5; + /** + * + * + *
+     * This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The
+     * key material to be imported is wrapped directly with the RSA key. Due
+     * to technical limitations of RSA wrapping, this method cannot be used to
+     * wrap RSA keys for import.
+     * 
+ * + * RSA_OAEP_4096_SHA256 = 6; + */ + public static final int RSA_OAEP_4096_SHA256_VALUE = 6; public final int getNumber() { if (this == UNRECOGNIZED) { @@ -224,6 +336,14 @@ public static ImportMethod forNumber(int value) { return RSA_OAEP_3072_SHA1_AES_256; case 2: return RSA_OAEP_4096_SHA1_AES_256; + case 3: + return RSA_OAEP_3072_SHA256_AES_256; + case 4: + return RSA_OAEP_4096_SHA256_AES_256; + case 5: + return RSA_OAEP_3072_SHA256; + case 6: + return RSA_OAEP_4096_SHA256; default: return null; } diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KeyOperationAttestation.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KeyOperationAttestation.java index 80f3482c157a..666fc8e39763 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KeyOperationAttestation.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KeyOperationAttestation.java @@ -96,6 +96,8 @@ public enum AttestationFormat implements com.google.protobuf.ProtocolMessageEnum *
      * Cavium HSM attestation compressed with gzip. Note that this format is
      * defined by Cavium and subject to change at any time.
+     * See
+     * https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html.
      * 
* * CAVIUM_V1_COMPRESSED = 3; @@ -131,6 +133,8 @@ public enum AttestationFormat implements com.google.protobuf.ProtocolMessageEnum *
      * Cavium HSM attestation compressed with gzip. Note that this format is
      * defined by Cavium and subject to change at any time.
+     * See
+     * https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html.
      * 
* * CAVIUM_V1_COMPRESSED = 3; diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsProto.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsProto.java index fed7e01c9b81..ef44546d3294 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsProto.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsProto.java @@ -257,253 +257,253 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() { + "\n\006parent\030\001 \001(\tB)\340A\002\372A#\n!cloudkms.googlea" + "pis.com/CryptoKey\022F\n\022crypto_key_version\030" + "\002 \001(\0132%.google.cloud.kms.v1.CryptoKeyVer" - + "sionB\003\340A\002\"\321\002\n\035ImportCryptoKeyVersionRequ" + + "sionB\003\340A\002\"\360\002\n\035ImportCryptoKeyVersionRequ" + "est\0229\n\006parent\030\001 \001(\tB)\340A\002\372A#\n!cloudkms.go" + "ogleapis.com/CryptoKey\022L\n\022crypto_key_ver" + "sion\030\006 \001(\tB0\340A\001\372A*\n(cloudkms.googleapis." + "com/CryptoKeyVersion\022W\n\talgorithm\030\002 \001(\0162" + "?.google.cloud.kms.v1.CryptoKeyVersion.C" + "ryptoKeyVersionAlgorithmB\003\340A\002\022\027\n\nimport_" - + "job\030\004 \001(\tB\003\340A\002\022\035\n\023rsa_aes_wrapped_key\030\005 " - + "\001(\014H\000B\026\n\024wrapped_key_material\"\246\001\n\026Create" - + "ImportJobRequest\0227\n\006parent\030\001 \001(\tB\'\340A\002\372A!" - + "\n\037cloudkms.googleapis.com/KeyRing\022\032\n\rimp" - + "ort_job_id\030\002 \001(\tB\003\340A\002\0227\n\nimport_job\030\003 \001(" - + "\0132\036.google.cloud.kms.v1.ImportJobB\003\340A\002\"\207" - + "\001\n\026UpdateCryptoKeyRequest\0227\n\ncrypto_key\030" - + "\001 \001(\0132\036.google.cloud.kms.v1.CryptoKeyB\003\340" - + "A\002\0224\n\013update_mask\030\002 \001(\0132\032.google.protobu" - + "f.FieldMaskB\003\340A\002\"\235\001\n\035UpdateCryptoKeyVers" - + "ionRequest\022F\n\022crypto_key_version\030\001 \001(\0132%" - + ".google.cloud.kms.v1.CryptoKeyVersionB\003\340" - + "A\002\0224\n\013update_mask\030\002 \001(\0132\032.google.protobu" - + "f.FieldMaskB\003\340A\002\"\203\001\n$UpdateCryptoKeyPrim" - + "aryVersionRequest\0227\n\004name\030\001 \001(\tB)\340A\002\372A#\n" - + "!cloudkms.googleapis.com/CryptoKey\022\"\n\025cr" - + "ypto_key_version_id\030\002 \001(\tB\003\340A\002\"`\n\036Destro" - + "yCryptoKeyVersionRequest\022>\n\004name\030\001 \001(\tB0" - + "\340A\002\372A*\n(cloudkms.googleapis.com/CryptoKe" - + "yVersion\"`\n\036RestoreCryptoKeyVersionReque" - + "st\022>\n\004name\030\001 \001(\tB0\340A\002\372A*\n(cloudkms.googl" - + "eapis.com/CryptoKeyVersion\"\371\001\n\016EncryptRe" - + "quest\022\027\n\004name\030\001 \001(\tB\t\340A\002\372A\003\n\001*\022\026\n\tplaint" - + "ext\030\002 \001(\014B\003\340A\002\022*\n\035additional_authenticat" - + "ed_data\030\003 \001(\014B\003\340A\001\022:\n\020plaintext_crc32c\030\007" - + " \001(\0132\033.google.protobuf.Int64ValueB\003\340A\001\022N" - + "\n$additional_authenticated_data_crc32c\030\010" - + " \001(\0132\033.google.protobuf.Int64ValueB\003\340A\001\"\233" - + "\002\n\016DecryptRequest\0227\n\004name\030\001 \001(\tB)\340A\002\372A#\n" - + "!cloudkms.googleapis.com/CryptoKey\022\027\n\nci" - + "phertext\030\002 \001(\014B\003\340A\002\022*\n\035additional_authen" - + "ticated_data\030\003 \001(\014B\003\340A\001\022;\n\021ciphertext_cr" - + "c32c\030\005 \001(\0132\033.google.protobuf.Int64ValueB" - + "\003\340A\001\022N\n$additional_authenticated_data_cr" - + "c32c\030\006 \001(\0132\033.google.protobuf.Int64ValueB" - + "\003\340A\001\"\214\002\n\025AsymmetricSignRequest\022>\n\004name\030\001" - + " \001(\tB0\340A\002\372A*\n(cloudkms.googleapis.com/Cr" - + "yptoKeyVersion\0220\n\006digest\030\003 \001(\0132\033.google." - + "cloud.kms.v1.DigestB\003\340A\001\0227\n\rdigest_crc32" - + "c\030\004 \001(\0132\033.google.protobuf.Int64ValueB\003\340A" - + "\001\022\021\n\004data\030\006 \001(\014B\003\340A\001\0225\n\013data_crc32c\030\007 \001(" - + "\0132\033.google.protobuf.Int64ValueB\003\340A\001\"\260\001\n\030" - + "AsymmetricDecryptRequest\022>\n\004name\030\001 \001(\tB0" - + "\340A\002\372A*\n(cloudkms.googleapis.com/CryptoKe" - + "yVersion\022\027\n\nciphertext\030\003 \001(\014B\003\340A\002\022;\n\021cip" - + "hertext_crc32c\030\004 \001(\0132\033.google.protobuf.I" - + "nt64ValueB\003\340A\001\"\232\001\n\016MacSignRequest\022>\n\004nam" + + "job\030\004 \001(\tB\003\340A\002\022\030\n\013wrapped_key\030\010 \001(\014B\003\340A\001" + + "\022\"\n\023rsa_aes_wrapped_key\030\005 \001(\014B\003\340A\001H\000B\026\n\024" + + "wrapped_key_material\"\246\001\n\026CreateImportJob" + + "Request\0227\n\006parent\030\001 \001(\tB\'\340A\002\372A!\n\037cloudkm" + + "s.googleapis.com/KeyRing\022\032\n\rimport_job_i" + + "d\030\002 \001(\tB\003\340A\002\0227\n\nimport_job\030\003 \001(\0132\036.googl" + + "e.cloud.kms.v1.ImportJobB\003\340A\002\"\207\001\n\026Update" + + "CryptoKeyRequest\0227\n\ncrypto_key\030\001 \001(\0132\036.g" + + "oogle.cloud.kms.v1.CryptoKeyB\003\340A\002\0224\n\013upd" + + "ate_mask\030\002 \001(\0132\032.google.protobuf.FieldMa" + + "skB\003\340A\002\"\235\001\n\035UpdateCryptoKeyVersionReques" + + "t\022F\n\022crypto_key_version\030\001 \001(\0132%.google.c" + + "loud.kms.v1.CryptoKeyVersionB\003\340A\002\0224\n\013upd" + + "ate_mask\030\002 \001(\0132\032.google.protobuf.FieldMa" + + "skB\003\340A\002\"\203\001\n$UpdateCryptoKeyPrimaryVersio" + + "nRequest\0227\n\004name\030\001 \001(\tB)\340A\002\372A#\n!cloudkms" + + ".googleapis.com/CryptoKey\022\"\n\025crypto_key_" + + "version_id\030\002 \001(\tB\003\340A\002\"`\n\036DestroyCryptoKe" + + "yVersionRequest\022>\n\004name\030\001 \001(\tB0\340A\002\372A*\n(c" + + "loudkms.googleapis.com/CryptoKeyVersion\"" + + "`\n\036RestoreCryptoKeyVersionRequest\022>\n\004nam" + "e\030\001 \001(\tB0\340A\002\372A*\n(cloudkms.googleapis.com" - + "/CryptoKeyVersion\022\021\n\004data\030\002 \001(\014B\003\340A\002\0225\n\013" - + "data_crc32c\030\003 \001(\0132\033.google.protobuf.Int6" - + "4ValueB\003\340A\001\"\344\001\n\020MacVerifyRequest\022>\n\004name" - + "\030\001 \001(\tB0\340A\002\372A*\n(cloudkms.googleapis.com/" - + "CryptoKeyVersion\022\021\n\004data\030\002 \001(\014B\003\340A\002\0225\n\013d" - + "ata_crc32c\030\003 \001(\0132\033.google.protobuf.Int64" - + "ValueB\003\340A\001\022\020\n\003mac\030\004 \001(\014B\003\340A\002\0224\n\nmac_crc3" - + "2c\030\005 \001(\0132\033.google.protobuf.Int64ValueB\003\340" - + "A\001\"\204\001\n\032GenerateRandomBytesRequest\022\020\n\010loc" - + "ation\030\001 \001(\t\022\024\n\014length_bytes\030\002 \001(\005\022>\n\020pro" - + "tection_level\030\003 \001(\0162$.google.cloud.kms.v" - + "1.ProtectionLevel\"\205\002\n\017EncryptResponse\022\014\n" - + "\004name\030\001 \001(\t\022\022\n\nciphertext\030\002 \001(\014\0226\n\021ciphe" - + "rtext_crc32c\030\004 \001(\0132\033.google.protobuf.Int" - + "64Value\022!\n\031verified_plaintext_crc32c\030\005 \001" - + "(\010\0225\n-verified_additional_authenticated_" - + "data_crc32c\030\006 \001(\010\022>\n\020protection_level\030\007 " - + "\001(\0162$.google.cloud.kms.v1.ProtectionLeve" - + "l\"\261\001\n\017DecryptResponse\022\021\n\tplaintext\030\001 \001(\014" - + "\0225\n\020plaintext_crc32c\030\002 \001(\0132\033.google.prot" - + "obuf.Int64Value\022\024\n\014used_primary\030\003 \001(\010\022>\n" - + "\020protection_level\030\004 \001(\0162$.google.cloud.k" - + "ms.v1.ProtectionLevel\"\356\001\n\026AsymmetricSign" - + "Response\022\021\n\tsignature\030\001 \001(\014\0225\n\020signature" - + "_crc32c\030\002 \001(\0132\033.google.protobuf.Int64Val" - + "ue\022\036\n\026verified_digest_crc32c\030\003 \001(\010\022\014\n\004na" - + "me\030\004 \001(\t\022\034\n\024verified_data_crc32c\030\005 \001(\010\022>" - + "\n\020protection_level\030\006 \001(\0162$.google.cloud." - + "kms.v1.ProtectionLevel\"\311\001\n\031AsymmetricDec" + + "/CryptoKeyVersion\"\371\001\n\016EncryptRequest\022\027\n\004" + + "name\030\001 \001(\tB\t\340A\002\372A\003\n\001*\022\026\n\tplaintext\030\002 \001(\014" + + "B\003\340A\002\022*\n\035additional_authenticated_data\030\003" + + " \001(\014B\003\340A\001\022:\n\020plaintext_crc32c\030\007 \001(\0132\033.go" + + "ogle.protobuf.Int64ValueB\003\340A\001\022N\n$additio" + + "nal_authenticated_data_crc32c\030\010 \001(\0132\033.go" + + "ogle.protobuf.Int64ValueB\003\340A\001\"\233\002\n\016Decryp" + + "tRequest\0227\n\004name\030\001 \001(\tB)\340A\002\372A#\n!cloudkms" + + ".googleapis.com/CryptoKey\022\027\n\nciphertext\030" + + "\002 \001(\014B\003\340A\002\022*\n\035additional_authenticated_d" + + "ata\030\003 \001(\014B\003\340A\001\022;\n\021ciphertext_crc32c\030\005 \001(" + + "\0132\033.google.protobuf.Int64ValueB\003\340A\001\022N\n$a" + + "dditional_authenticated_data_crc32c\030\006 \001(" + + "\0132\033.google.protobuf.Int64ValueB\003\340A\001\"\214\002\n\025" + + "AsymmetricSignRequest\022>\n\004name\030\001 \001(\tB0\340A\002" + + "\372A*\n(cloudkms.googleapis.com/CryptoKeyVe" + + "rsion\0220\n\006digest\030\003 \001(\0132\033.google.cloud.kms" + + ".v1.DigestB\003\340A\001\0227\n\rdigest_crc32c\030\004 \001(\0132\033" + + ".google.protobuf.Int64ValueB\003\340A\001\022\021\n\004data" + + "\030\006 \001(\014B\003\340A\001\0225\n\013data_crc32c\030\007 \001(\0132\033.googl" + + "e.protobuf.Int64ValueB\003\340A\001\"\260\001\n\030Asymmetri" + + "cDecryptRequest\022>\n\004name\030\001 \001(\tB0\340A\002\372A*\n(c" + + "loudkms.googleapis.com/CryptoKeyVersion\022" + + "\027\n\nciphertext\030\003 \001(\014B\003\340A\002\022;\n\021ciphertext_c" + + "rc32c\030\004 \001(\0132\033.google.protobuf.Int64Value" + + "B\003\340A\001\"\232\001\n\016MacSignRequest\022>\n\004name\030\001 \001(\tB0" + + "\340A\002\372A*\n(cloudkms.googleapis.com/CryptoKe" + + "yVersion\022\021\n\004data\030\002 \001(\014B\003\340A\002\0225\n\013data_crc3" + + "2c\030\003 \001(\0132\033.google.protobuf.Int64ValueB\003\340" + + "A\001\"\344\001\n\020MacVerifyRequest\022>\n\004name\030\001 \001(\tB0\340" + + "A\002\372A*\n(cloudkms.googleapis.com/CryptoKey" + + "Version\022\021\n\004data\030\002 \001(\014B\003\340A\002\0225\n\013data_crc32" + + "c\030\003 \001(\0132\033.google.protobuf.Int64ValueB\003\340A" + + "\001\022\020\n\003mac\030\004 \001(\014B\003\340A\002\0224\n\nmac_crc32c\030\005 \001(\0132" + + "\033.google.protobuf.Int64ValueB\003\340A\001\"\204\001\n\032Ge" + + "nerateRandomBytesRequest\022\020\n\010location\030\001 \001" + + "(\t\022\024\n\014length_bytes\030\002 \001(\005\022>\n\020protection_l" + + "evel\030\003 \001(\0162$.google.cloud.kms.v1.Protect" + + "ionLevel\"\205\002\n\017EncryptResponse\022\014\n\004name\030\001 \001" + + "(\t\022\022\n\nciphertext\030\002 \001(\014\0226\n\021ciphertext_crc" + + "32c\030\004 \001(\0132\033.google.protobuf.Int64Value\022!" + + "\n\031verified_plaintext_crc32c\030\005 \001(\010\0225\n-ver" + + "ified_additional_authenticated_data_crc3" + + "2c\030\006 \001(\010\022>\n\020protection_level\030\007 \001(\0162$.goo" + + "gle.cloud.kms.v1.ProtectionLevel\"\261\001\n\017Dec" + "ryptResponse\022\021\n\tplaintext\030\001 \001(\014\0225\n\020plain" + "text_crc32c\030\002 \001(\0132\033.google.protobuf.Int6" - + "4Value\022\"\n\032verified_ciphertext_crc32c\030\003 \001" - + "(\010\022>\n\020protection_level\030\004 \001(\0162$.google.cl" - + "oud.kms.v1.ProtectionLevel\"\273\001\n\017MacSignRe" - + "sponse\022\014\n\004name\030\001 \001(\t\022\013\n\003mac\030\002 \001(\014\022/\n\nmac" - + "_crc32c\030\003 \001(\0132\033.google.protobuf.Int64Val" - + "ue\022\034\n\024verified_data_crc32c\030\004 \001(\010\022>\n\020prot" - + "ection_level\030\005 \001(\0162$.google.cloud.kms.v1" - + ".ProtectionLevel\"\321\001\n\021MacVerifyResponse\022\014" - + "\n\004name\030\001 \001(\t\022\017\n\007success\030\002 \001(\010\022\034\n\024verifie" - + "d_data_crc32c\030\003 \001(\010\022\033\n\023verified_mac_crc3" - + "2c\030\004 \001(\010\022\"\n\032verified_success_integrity\030\005" - + " \001(\010\022>\n\020protection_level\030\006 \001(\0162$.google." - + "cloud.kms.v1.ProtectionLevel\"]\n\033Generate" - + "RandomBytesResponse\022\014\n\004data\030\001 \001(\014\0220\n\013dat" - + "a_crc32c\030\003 \001(\0132\033.google.protobuf.Int64Va" - + "lue\"H\n\006Digest\022\020\n\006sha256\030\001 \001(\014H\000\022\020\n\006sha38" - + "4\030\002 \001(\014H\000\022\020\n\006sha512\030\003 \001(\014H\000B\010\n\006digest\"@\n" - + "\020LocationMetadata\022\025\n\rhsm_available\030\001 \001(\010" - + "\022\025\n\rekm_available\030\002 \001(\0102\206+\n\024KeyManagemen" - + "tService\022\242\001\n\014ListKeyRings\022(.google.cloud" - + ".kms.v1.ListKeyRingsRequest\032).google.clo" - + "ud.kms.v1.ListKeyRingsResponse\"=\202\323\344\223\002.\022," - + "/v1/{parent=projects/*/locations/*}/keyR" - + "ings\332A\006parent\022\265\001\n\016ListCryptoKeys\022*.googl" - + "e.cloud.kms.v1.ListCryptoKeysRequest\032+.g" - + "oogle.cloud.kms.v1.ListCryptoKeysRespons" + + "4Value\022\024\n\014used_primary\030\003 \001(\010\022>\n\020protecti" + + "on_level\030\004 \001(\0162$.google.cloud.kms.v1.Pro" + + "tectionLevel\"\356\001\n\026AsymmetricSignResponse\022" + + "\021\n\tsignature\030\001 \001(\014\0225\n\020signature_crc32c\030\002" + + " \001(\0132\033.google.protobuf.Int64Value\022\036\n\026ver" + + "ified_digest_crc32c\030\003 \001(\010\022\014\n\004name\030\004 \001(\t\022" + + "\034\n\024verified_data_crc32c\030\005 \001(\010\022>\n\020protect" + + "ion_level\030\006 \001(\0162$.google.cloud.kms.v1.Pr" + + "otectionLevel\"\311\001\n\031AsymmetricDecryptRespo" + + "nse\022\021\n\tplaintext\030\001 \001(\014\0225\n\020plaintext_crc3" + + "2c\030\002 \001(\0132\033.google.protobuf.Int64Value\022\"\n" + + "\032verified_ciphertext_crc32c\030\003 \001(\010\022>\n\020pro" + + "tection_level\030\004 \001(\0162$.google.cloud.kms.v" + + "1.ProtectionLevel\"\273\001\n\017MacSignResponse\022\014\n" + + "\004name\030\001 \001(\t\022\013\n\003mac\030\002 \001(\014\022/\n\nmac_crc32c\030\003" + + " \001(\0132\033.google.protobuf.Int64Value\022\034\n\024ver" + + "ified_data_crc32c\030\004 \001(\010\022>\n\020protection_le" + + "vel\030\005 \001(\0162$.google.cloud.kms.v1.Protecti" + + "onLevel\"\321\001\n\021MacVerifyResponse\022\014\n\004name\030\001 " + + "\001(\t\022\017\n\007success\030\002 \001(\010\022\034\n\024verified_data_cr" + + "c32c\030\003 \001(\010\022\033\n\023verified_mac_crc32c\030\004 \001(\010\022" + + "\"\n\032verified_success_integrity\030\005 \001(\010\022>\n\020p" + + "rotection_level\030\006 \001(\0162$.google.cloud.kms" + + ".v1.ProtectionLevel\"]\n\033GenerateRandomByt" + + "esResponse\022\014\n\004data\030\001 \001(\014\0220\n\013data_crc32c\030" + + "\003 \001(\0132\033.google.protobuf.Int64Value\"H\n\006Di" + + "gest\022\020\n\006sha256\030\001 \001(\014H\000\022\020\n\006sha384\030\002 \001(\014H\000" + + "\022\020\n\006sha512\030\003 \001(\014H\000B\010\n\006digest\"@\n\020Location" + + "Metadata\022\025\n\rhsm_available\030\001 \001(\010\022\025\n\rekm_a" + + "vailable\030\002 \001(\0102\206+\n\024KeyManagementService\022" + + "\242\001\n\014ListKeyRings\022(.google.cloud.kms.v1.L" + + "istKeyRingsRequest\032).google.cloud.kms.v1" + + ".ListKeyRingsResponse\"=\202\323\344\223\002.\022,/v1/{pare" + + "nt=projects/*/locations/*}/keyRings\332A\006pa" + + "rent\022\265\001\n\016ListCryptoKeys\022*.google.cloud.k" + + "ms.v1.ListCryptoKeysRequest\032+.google.clo" + + "ud.kms.v1.ListCryptoKeysResponse\"J\202\323\344\223\002;" + + "\0229/v1/{parent=projects/*/locations/*/key" + + "Rings/*}/cryptoKeys\332A\006parent\022\336\001\n\025ListCry" + + "ptoKeyVersions\0221.google.cloud.kms.v1.Lis" + + "tCryptoKeyVersionsRequest\0322.google.cloud" + + ".kms.v1.ListCryptoKeyVersionsResponse\"^\202" + + "\323\344\223\002O\022M/v1/{parent=projects/*/locations/" + + "*/keyRings/*/cryptoKeys/*}/cryptoKeyVers" + + "ions\332A\006parent\022\265\001\n\016ListImportJobs\022*.googl" + + "e.cloud.kms.v1.ListImportJobsRequest\032+.g" + + "oogle.cloud.kms.v1.ListImportJobsRespons" + "e\"J\202\323\344\223\002;\0229/v1/{parent=projects/*/locati" - + "ons/*/keyRings/*}/cryptoKeys\332A\006parent\022\336\001" - + "\n\025ListCryptoKeyVersions\0221.google.cloud.k" - + "ms.v1.ListCryptoKeyVersionsRequest\0322.goo" - + "gle.cloud.kms.v1.ListCryptoKeyVersionsRe" - + "sponse\"^\202\323\344\223\002O\022M/v1/{parent=projects/*/l" - + "ocations/*/keyRings/*/cryptoKeys/*}/cryp" - + "toKeyVersions\332A\006parent\022\265\001\n\016ListImportJob" - + "s\022*.google.cloud.kms.v1.ListImportJobsRe" - + "quest\032+.google.cloud.kms.v1.ListImportJo" - + "bsResponse\"J\202\323\344\223\002;\0229/v1/{parent=projects" - + "/*/locations/*/keyRings/*}/importJobs\332A\006" - + "parent\022\217\001\n\nGetKeyRing\022&.google.cloud.kms" - + ".v1.GetKeyRingRequest\032\034.google.cloud.kms" - + ".v1.KeyRing\";\202\323\344\223\002.\022,/v1/{name=projects/" - + "*/locations/*/keyRings/*}\332A\004name\022\242\001\n\014Get" - + "CryptoKey\022(.google.cloud.kms.v1.GetCrypt" - + "oKeyRequest\032\036.google.cloud.kms.v1.Crypto" - + "Key\"H\202\323\344\223\002;\0229/v1/{name=projects/*/locati" - + "ons/*/keyRings/*/cryptoKeys/*}\332A\004name\022\313\001" - + "\n\023GetCryptoKeyVersion\022/.google.cloud.kms" - + ".v1.GetCryptoKeyVersionRequest\032%.google." - + "cloud.kms.v1.CryptoKeyVersion\"\\\202\323\344\223\002O\022M/" - + "v1/{name=projects/*/locations/*/keyRings" - + "/*/cryptoKeys/*/cryptoKeyVersions/*}\332A\004n" - + "ame\022\300\001\n\014GetPublicKey\022(.google.cloud.kms." - + "v1.GetPublicKeyRequest\032\036.google.cloud.km" - + "s.v1.PublicKey\"f\202\323\344\223\002Y\022W/v1/{name=projec" - + "ts/*/locations/*/keyRings/*/cryptoKeys/*" - + "/cryptoKeyVersions/*}/publicKey\332A\004name\022\242" - + "\001\n\014GetImportJob\022(.google.cloud.kms.v1.Ge" - + "tImportJobRequest\032\036.google.cloud.kms.v1." - + "ImportJob\"H\202\323\344\223\002;\0229/v1/{name=projects/*/" - + "locations/*/keyRings/*/importJobs/*}\332A\004n" - + "ame\022\266\001\n\rCreateKeyRing\022).google.cloud.kms" - + ".v1.CreateKeyRingRequest\032\034.google.cloud." - + "kms.v1.KeyRing\"\\\202\323\344\223\0028\",/v1/{parent=proj" - + "ects/*/locations/*}/keyRings:\010key_ring\332A" - + "\033parent,key_ring_id,key_ring\022\317\001\n\017CreateC" - + "ryptoKey\022+.google.cloud.kms.v1.CreateCry" + + "ons/*/keyRings/*}/importJobs\332A\006parent\022\217\001" + + "\n\nGetKeyRing\022&.google.cloud.kms.v1.GetKe" + + "yRingRequest\032\034.google.cloud.kms.v1.KeyRi" + + "ng\";\202\323\344\223\002.\022,/v1/{name=projects/*/locatio" + + "ns/*/keyRings/*}\332A\004name\022\242\001\n\014GetCryptoKey" + + "\022(.google.cloud.kms.v1.GetCryptoKeyReque" + + "st\032\036.google.cloud.kms.v1.CryptoKey\"H\202\323\344\223" + + "\002;\0229/v1/{name=projects/*/locations/*/key" + + "Rings/*/cryptoKeys/*}\332A\004name\022\313\001\n\023GetCryp" + + "toKeyVersion\022/.google.cloud.kms.v1.GetCr" + + "yptoKeyVersionRequest\032%.google.cloud.kms" + + ".v1.CryptoKeyVersion\"\\\202\323\344\223\002O\022M/v1/{name=" + + "projects/*/locations/*/keyRings/*/crypto" + + "Keys/*/cryptoKeyVersions/*}\332A\004name\022\300\001\n\014G" + + "etPublicKey\022(.google.cloud.kms.v1.GetPub" + + "licKeyRequest\032\036.google.cloud.kms.v1.Publ" + + "icKey\"f\202\323\344\223\002Y\022W/v1/{name=projects/*/loca" + + "tions/*/keyRings/*/cryptoKeys/*/cryptoKe" + + "yVersions/*}/publicKey\332A\004name\022\242\001\n\014GetImp" + + "ortJob\022(.google.cloud.kms.v1.GetImportJo" + + "bRequest\032\036.google.cloud.kms.v1.ImportJob" + + "\"H\202\323\344\223\002;\0229/v1/{name=projects/*/locations" + + "/*/keyRings/*/importJobs/*}\332A\004name\022\266\001\n\rC" + + "reateKeyRing\022).google.cloud.kms.v1.Creat" + + "eKeyRingRequest\032\034.google.cloud.kms.v1.Ke" + + "yRing\"\\\202\323\344\223\0028\",/v1/{parent=projects/*/lo" + + "cations/*}/keyRings:\010key_ring\332A\033parent,k" + + "ey_ring_id,key_ring\022\317\001\n\017CreateCryptoKey\022" + + "+.google.cloud.kms.v1.CreateCryptoKeyReq" + + "uest\032\036.google.cloud.kms.v1.CryptoKey\"o\202\323" + + "\344\223\002G\"9/v1/{parent=projects/*/locations/*" + + "/keyRings/*}/cryptoKeys:\ncrypto_key\332A\037pa" + + "rent,crypto_key_id,crypto_key\022\373\001\n\026Create" + + "CryptoKeyVersion\0222.google.cloud.kms.v1.C" + + "reateCryptoKeyVersionRequest\032%.google.cl" + + "oud.kms.v1.CryptoKeyVersion\"\205\001\202\323\344\223\002c\"M/v" + + "1/{parent=projects/*/locations/*/keyRing" + + "s/*/cryptoKeys/*}/cryptoKeyVersions:\022cry" + + "pto_key_version\332A\031parent,crypto_key_vers" + + "ion\022\324\001\n\026ImportCryptoKeyVersion\0222.google." + + "cloud.kms.v1.ImportCryptoKeyVersionReque" + + "st\032%.google.cloud.kms.v1.CryptoKeyVersio" + + "n\"_\202\323\344\223\002Y\"T/v1/{parent=projects/*/locati" + + "ons/*/keyRings/*/cryptoKeys/*}/cryptoKey" + + "Versions:import:\001*\022\317\001\n\017CreateImportJob\022+" + + ".google.cloud.kms.v1.CreateImportJobRequ" + + "est\032\036.google.cloud.kms.v1.ImportJob\"o\202\323\344" + + "\223\002G\"9/v1/{parent=projects/*/locations/*/" + + "keyRings/*}/importJobs:\nimport_job\332A\037par" + + "ent,import_job_id,import_job\022\321\001\n\017UpdateC" + + "ryptoKey\022+.google.cloud.kms.v1.UpdateCry" + "ptoKeyRequest\032\036.google.cloud.kms.v1.Cryp" - + "toKey\"o\202\323\344\223\002G\"9/v1/{parent=projects/*/lo" - + "cations/*/keyRings/*}/cryptoKeys:\ncrypto" - + "_key\332A\037parent,crypto_key_id,crypto_key\022\373" - + "\001\n\026CreateCryptoKeyVersion\0222.google.cloud" - + ".kms.v1.CreateCryptoKeyVersionRequest\032%." - + "google.cloud.kms.v1.CryptoKeyVersion\"\205\001\202" - + "\323\344\223\002c\"M/v1/{parent=projects/*/locations/" - + "*/keyRings/*/cryptoKeys/*}/cryptoKeyVers" - + "ions:\022crypto_key_version\332A\031parent,crypto" - + "_key_version\022\324\001\n\026ImportCryptoKeyVersion\022" - + "2.google.cloud.kms.v1.ImportCryptoKeyVer" - + "sionRequest\032%.google.cloud.kms.v1.Crypto" - + "KeyVersion\"_\202\323\344\223\002Y\"T/v1/{parent=projects" - + "/*/locations/*/keyRings/*/cryptoKeys/*}/" - + "cryptoKeyVersions:import:\001*\022\317\001\n\017CreateIm" - + "portJob\022+.google.cloud.kms.v1.CreateImpo" - + "rtJobRequest\032\036.google.cloud.kms.v1.Impor" - + "tJob\"o\202\323\344\223\002G\"9/v1/{parent=projects/*/loc" - + "ations/*/keyRings/*}/importJobs:\nimport_" - + "job\332A\037parent,import_job_id,import_job\022\321\001" - + "\n\017UpdateCryptoKey\022+.google.cloud.kms.v1." - + "UpdateCryptoKeyRequest\032\036.google.cloud.km" - + "s.v1.CryptoKey\"q\202\323\344\223\002R2D/v1/{crypto_key." - + "name=projects/*/locations/*/keyRings/*/c" - + "ryptoKeys/*}:\ncrypto_key\332A\026crypto_key,up" - + "date_mask\022\223\002\n\026UpdateCryptoKeyVersion\0222.g" - + "oogle.cloud.kms.v1.UpdateCryptoKeyVersio" - + "nRequest\032%.google.cloud.kms.v1.CryptoKey" - + "Version\"\235\001\202\323\344\223\002v2`/v1/{crypto_key_versio" - + "n.name=projects/*/locations/*/keyRings/*" - + "/cryptoKeys/*/cryptoKeyVersions/*}:\022cryp" - + "to_key_version\332A\036crypto_key_version,upda" - + "te_mask\022\362\001\n\035UpdateCryptoKeyPrimaryVersio" - + "n\0229.google.cloud.kms.v1.UpdateCryptoKeyP" - + "rimaryVersionRequest\032\036.google.cloud.kms." - + "v1.CryptoKey\"v\202\323\344\223\002S\"N/v1/{name=projects" - + "/*/locations/*/keyRings/*/cryptoKeys/*}:" - + "updatePrimaryVersion:\001*\332A\032name,crypto_ke" - + "y_version_id\022\336\001\n\027DestroyCryptoKeyVersion" - + "\0223.google.cloud.kms.v1.DestroyCryptoKeyV" - + "ersionRequest\032%.google.cloud.kms.v1.Cryp" - + "toKeyVersion\"g\202\323\344\223\002Z\"U/v1/{name=projects" - + "/*/locations/*/keyRings/*/cryptoKeys/*/c" - + "ryptoKeyVersions/*}:destroy:\001*\332A\004name\022\336\001" - + "\n\027RestoreCryptoKeyVersion\0223.google.cloud" - + ".kms.v1.RestoreCryptoKeyVersionRequest\032%" - + ".google.cloud.kms.v1.CryptoKeyVersion\"g\202" - + "\323\344\223\002Z\"U/v1/{name=projects/*/locations/*/" - + "keyRings/*/cryptoKeys/*/cryptoKeyVersion" - + "s/*}:restore:\001*\332A\004name\022\264\001\n\007Encrypt\022#.goo" - + "gle.cloud.kms.v1.EncryptRequest\032$.google" - + ".cloud.kms.v1.EncryptResponse\"^\202\323\344\223\002G\"B/" - + "v1/{name=projects/*/locations/*/keyRings" - + "/*/cryptoKeys/**}:encrypt:\001*\332A\016name,plai" - + "ntext\022\264\001\n\007Decrypt\022#.google.cloud.kms.v1." - + "DecryptRequest\032$.google.cloud.kms.v1.Dec" - + "ryptResponse\"^\202\323\344\223\002F\"A/v1/{name=projects" - + "/*/locations/*/keyRings/*/cryptoKeys/*}:" - + "decrypt:\001*\332A\017name,ciphertext\022\340\001\n\016Asymmet" - + "ricSign\022*.google.cloud.kms.v1.Asymmetric" - + "SignRequest\032+.google.cloud.kms.v1.Asymme" - + "tricSignResponse\"u\202\323\344\223\002a\"\\/v1/{name=proj" + + "toKey\"q\202\323\344\223\002R2D/v1/{crypto_key.name=proj" + "ects/*/locations/*/keyRings/*/cryptoKeys" - + "/*/cryptoKeyVersions/*}:asymmetricSign:\001" - + "*\332A\013name,digest\022\360\001\n\021AsymmetricDecrypt\022-." - + "google.cloud.kms.v1.AsymmetricDecryptReq" - + "uest\032..google.cloud.kms.v1.AsymmetricDec" - + "ryptResponse\"|\202\323\344\223\002d\"_/v1/{name=projects" - + "/*/locations/*/keyRings/*/cryptoKeys/*/c" - + "ryptoKeyVersions/*}:asymmetricDecrypt:\001*" - + "\332A\017name,ciphertext\022\302\001\n\007MacSign\022#.google." - + "cloud.kms.v1.MacSignRequest\032$.google.clo" - + "ud.kms.v1.MacSignResponse\"l\202\323\344\223\002Z\"U/v1/{" - + "name=projects/*/locations/*/keyRings/*/c" - + "ryptoKeys/*/cryptoKeyVersions/*}:macSign" - + ":\001*\332A\tname,data\022\316\001\n\tMacVerify\022%.google.c" - + "loud.kms.v1.MacVerifyRequest\032&.google.cl" - + "oud.kms.v1.MacVerifyResponse\"r\202\323\344\223\002\\\"W/v" + + "/*}:\ncrypto_key\332A\026crypto_key,update_mask" + + "\022\223\002\n\026UpdateCryptoKeyVersion\0222.google.clo" + + "ud.kms.v1.UpdateCryptoKeyVersionRequest\032" + + "%.google.cloud.kms.v1.CryptoKeyVersion\"\235" + + "\001\202\323\344\223\002v2`/v1/{crypto_key_version.name=pr" + + "ojects/*/locations/*/keyRings/*/cryptoKe" + + "ys/*/cryptoKeyVersions/*}:\022crypto_key_ve" + + "rsion\332A\036crypto_key_version,update_mask\022\362" + + "\001\n\035UpdateCryptoKeyPrimaryVersion\0229.googl" + + "e.cloud.kms.v1.UpdateCryptoKeyPrimaryVer" + + "sionRequest\032\036.google.cloud.kms.v1.Crypto" + + "Key\"v\202\323\344\223\002S\"N/v1/{name=projects/*/locati" + + "ons/*/keyRings/*/cryptoKeys/*}:updatePri" + + "maryVersion:\001*\332A\032name,crypto_key_version" + + "_id\022\336\001\n\027DestroyCryptoKeyVersion\0223.google" + + ".cloud.kms.v1.DestroyCryptoKeyVersionReq" + + "uest\032%.google.cloud.kms.v1.CryptoKeyVers" + + "ion\"g\202\323\344\223\002Z\"U/v1/{name=projects/*/locati" + + "ons/*/keyRings/*/cryptoKeys/*/cryptoKeyV" + + "ersions/*}:destroy:\001*\332A\004name\022\336\001\n\027Restore" + + "CryptoKeyVersion\0223.google.cloud.kms.v1.R" + + "estoreCryptoKeyVersionRequest\032%.google.c" + + "loud.kms.v1.CryptoKeyVersion\"g\202\323\344\223\002Z\"U/v" + "1/{name=projects/*/locations/*/keyRings/" - + "*/cryptoKeys/*/cryptoKeyVersions/*}:macV" - + "erify:\001*\332A\rname,data,mac\022\347\001\n\023GenerateRan" - + "domBytes\022/.google.cloud.kms.v1.GenerateR" - + "andomBytesRequest\0320.google.cloud.kms.v1." - + "GenerateRandomBytesResponse\"m\202\323\344\223\002>\"9/v1" - + "/{location=projects/*/locations/*}:gener" - + "ateRandomBytes:\001*\332A&location,length_byte" - + "s,protection_level\032t\312A\027cloudkms.googleap" - + "is.com\322AWhttps://www.googleapis.com/auth" - + "/cloud-platform,https://www.googleapis.c" - + "om/auth/cloudkmsB\214\001\n\027com.google.cloud.km" - + "s.v1B\010KmsProtoP\001Z6google.golang.org/genp" - + "roto/googleapis/cloud/kms/v1;kms\370\001\001\252\002\023Go" - + "ogle.Cloud.Kms.V1\312\002\023Google\\Cloud\\Kms\\V1b" - + "\006proto3" + + "*/cryptoKeys/*/cryptoKeyVersions/*}:rest" + + "ore:\001*\332A\004name\022\264\001\n\007Encrypt\022#.google.cloud" + + ".kms.v1.EncryptRequest\032$.google.cloud.km" + + "s.v1.EncryptResponse\"^\202\323\344\223\002G\"B/v1/{name=" + + "projects/*/locations/*/keyRings/*/crypto" + + "Keys/**}:encrypt:\001*\332A\016name,plaintext\022\264\001\n" + + "\007Decrypt\022#.google.cloud.kms.v1.DecryptRe" + + "quest\032$.google.cloud.kms.v1.DecryptRespo" + + "nse\"^\202\323\344\223\002F\"A/v1/{name=projects/*/locati" + + "ons/*/keyRings/*/cryptoKeys/*}:decrypt:\001" + + "*\332A\017name,ciphertext\022\340\001\n\016AsymmetricSign\022*" + + ".google.cloud.kms.v1.AsymmetricSignReque" + + "st\032+.google.cloud.kms.v1.AsymmetricSignR" + + "esponse\"u\202\323\344\223\002a\"\\/v1/{name=projects/*/lo" + + "cations/*/keyRings/*/cryptoKeys/*/crypto" + + "KeyVersions/*}:asymmetricSign:\001*\332A\013name," + + "digest\022\360\001\n\021AsymmetricDecrypt\022-.google.cl" + + "oud.kms.v1.AsymmetricDecryptRequest\032..go" + + "ogle.cloud.kms.v1.AsymmetricDecryptRespo" + + "nse\"|\202\323\344\223\002d\"_/v1/{name=projects/*/locati" + + "ons/*/keyRings/*/cryptoKeys/*/cryptoKeyV" + + "ersions/*}:asymmetricDecrypt:\001*\332A\017name,c" + + "iphertext\022\302\001\n\007MacSign\022#.google.cloud.kms" + + ".v1.MacSignRequest\032$.google.cloud.kms.v1" + + ".MacSignResponse\"l\202\323\344\223\002Z\"U/v1/{name=proj" + + "ects/*/locations/*/keyRings/*/cryptoKeys" + + "/*/cryptoKeyVersions/*}:macSign:\001*\332A\tnam" + + "e,data\022\316\001\n\tMacVerify\022%.google.cloud.kms." + + "v1.MacVerifyRequest\032&.google.cloud.kms.v" + + "1.MacVerifyResponse\"r\202\323\344\223\002\\\"W/v1/{name=p" + + "rojects/*/locations/*/keyRings/*/cryptoK" + + "eys/*/cryptoKeyVersions/*}:macVerify:\001*\332" + + "A\rname,data,mac\022\347\001\n\023GenerateRandomBytes\022" + + "/.google.cloud.kms.v1.GenerateRandomByte" + + "sRequest\0320.google.cloud.kms.v1.GenerateR" + + "andomBytesResponse\"m\202\323\344\223\002>\"9/v1/{locatio" + + "n=projects/*/locations/*}:generateRandom" + + "Bytes:\001*\332A&location,length_bytes,protect" + + "ion_level\032t\312A\027cloudkms.googleapis.com\322AW" + + "https://www.googleapis.com/auth/cloud-pl" + + "atform,https://www.googleapis.com/auth/c" + + "loudkmsB\214\001\n\027com.google.cloud.kms.v1B\010Kms" + + "ProtoP\001Z6google.golang.org/genproto/goog" + + "leapis/cloud/kms/v1;kms\370\001\001\252\002\023Google.Clou" + + "d.Kms.V1\312\002\023Google\\Cloud\\Kms\\V1b\006proto3" }; descriptor = com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom( @@ -655,6 +655,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() { "CryptoKeyVersion", "Algorithm", "ImportJob", + "WrappedKey", "RsaAesWrappedKey", "WrappedKeyMaterial", }); diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsResourcesProto.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsResourcesProto.java index 74d5a6cd5f2c..83ba650f8357 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsResourcesProto.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsResourcesProto.java @@ -192,7 +192,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() { + "s/{project}/locations/{location}/keyRing" + "s/{key_ring}/cryptoKeys/{crypto_key}/cry" + "ptoKeyVersions/{crypto_key_version}/publ" - + "icKey\"\333\007\n\tImportJob\022\021\n\004name\030\001 \001(\tB\003\340A\003\022J" + + "icKey\"\324\010\n\tImportJob\022\021\n\004name\030\001 \001(\tB\003\340A\003\022J" + "\n\rimport_method\030\002 \001(\0162+.google.cloud.kms" + ".v1.ImportJob.ImportMethodB\006\340A\002\340A\005\022F\n\020pr" + "otection_level\030\t \001(\0162$.google.cloud.kms." @@ -208,24 +208,27 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() { + "ImportJob.WrappingPublicKeyB\003\340A\003\022F\n\013atte" + "station\030\010 \001(\0132,.google.cloud.kms.v1.KeyO" + "perationAttestationB\003\340A\003\032 \n\021WrappingPubl" - + "icKey\022\013\n\003pem\030\001 \001(\t\"m\n\014ImportMethod\022\035\n\031IM" - + "PORT_METHOD_UNSPECIFIED\020\000\022\036\n\032RSA_OAEP_30" - + "72_SHA1_AES_256\020\001\022\036\n\032RSA_OAEP_4096_SHA1_" - + "AES_256\020\002\"c\n\016ImportJobState\022 \n\034IMPORT_JO" - + "B_STATE_UNSPECIFIED\020\000\022\026\n\022PENDING_GENERAT" - + "ION\020\001\022\n\n\006ACTIVE\020\002\022\013\n\007EXPIRED\020\003:{\352Ax\n!clo" - + "udkms.googleapis.com/ImportJob\022Sprojects" - + "/{project}/locations/{location}/keyRings" - + "/{key_ring}/importJobs/{import_job}\"[\n\036E" - + "xternalProtectionLevelOptions\022\030\n\020externa" - + "l_key_uri\030\001 \001(\t\022\037\n\027ekm_connection_key_pa" - + "th\030\002 \001(\t*j\n\017ProtectionLevel\022 \n\034PROTECTIO" - + "N_LEVEL_UNSPECIFIED\020\000\022\014\n\010SOFTWARE\020\001\022\007\n\003H" - + "SM\020\002\022\014\n\010EXTERNAL\020\003\022\020\n\014EXTERNAL_VPC\020\004B\225\001\n" - + "\027com.google.cloud.kms.v1B\021KmsResourcesPr" - + "otoP\001Z6google.golang.org/genproto/google" - + "apis/cloud/kms/v1;kms\370\001\001\252\002\023Google.Cloud." - + "Kms.V1\312\002\023Google\\Cloud\\Kms\\V1b\006proto3" + + "icKey\022\013\n\003pem\030\001 \001(\t\"\345\001\n\014ImportMethod\022\035\n\031I" + + "MPORT_METHOD_UNSPECIFIED\020\000\022\036\n\032RSA_OAEP_3" + + "072_SHA1_AES_256\020\001\022\036\n\032RSA_OAEP_4096_SHA1" + + "_AES_256\020\002\022 \n\034RSA_OAEP_3072_SHA256_AES_2" + + "56\020\003\022 \n\034RSA_OAEP_4096_SHA256_AES_256\020\004\022\030" + + "\n\024RSA_OAEP_3072_SHA256\020\005\022\030\n\024RSA_OAEP_409" + + "6_SHA256\020\006\"c\n\016ImportJobState\022 \n\034IMPORT_J" + + "OB_STATE_UNSPECIFIED\020\000\022\026\n\022PENDING_GENERA" + + "TION\020\001\022\n\n\006ACTIVE\020\002\022\013\n\007EXPIRED\020\003:{\352Ax\n!cl" + + "oudkms.googleapis.com/ImportJob\022Sproject" + + "s/{project}/locations/{location}/keyRing" + + "s/{key_ring}/importJobs/{import_job}\"[\n\036" + + "ExternalProtectionLevelOptions\022\030\n\020extern" + + "al_key_uri\030\001 \001(\t\022\037\n\027ekm_connection_key_p" + + "ath\030\002 \001(\t*j\n\017ProtectionLevel\022 \n\034PROTECTI" + + "ON_LEVEL_UNSPECIFIED\020\000\022\014\n\010SOFTWARE\020\001\022\007\n\003" + + "HSM\020\002\022\014\n\010EXTERNAL\020\003\022\020\n\014EXTERNAL_VPC\020\004B\225\001" + + "\n\027com.google.cloud.kms.v1B\021KmsResourcesP" + + "rotoP\001Z6google.golang.org/genproto/googl" + + "eapis/cloud/kms/v1;kms\370\001\001\252\002\023Google.Cloud" + + ".Kms.V1\312\002\023Google\\Cloud\\Kms\\V1b\006proto3" }; descriptor = com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom( diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ListEkmConnectionsRequest.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ListEkmConnectionsRequest.java index 4fa577a25a98..7864b6c0d371 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ListEkmConnectionsRequest.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ListEkmConnectionsRequest.java @@ -22,7 +22,8 @@ * * *
- * Request message for [KeyManagementService.ListEkmConnections][].
+ * Request message for
+ * [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections].
  * 
* * Protobuf type {@code google.cloud.kms.v1.ListEkmConnectionsRequest} @@ -511,7 +512,8 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build * * *
-   * Request message for [KeyManagementService.ListEkmConnections][].
+   * Request message for
+   * [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections].
    * 
* * Protobuf type {@code google.cloud.kms.v1.ListEkmConnectionsRequest} diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ListEkmConnectionsResponse.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ListEkmConnectionsResponse.java index 83affd9b164f..d129d6271a88 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ListEkmConnectionsResponse.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ListEkmConnectionsResponse.java @@ -22,7 +22,8 @@ * * *
- * Response message for [KeyManagementService.ListEkmConnections][].
+ * Response message for
+ * [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections].
  * 
* * Protobuf type {@code google.cloud.kms.v1.ListEkmConnectionsResponse} @@ -392,7 +393,8 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build * * *
-   * Response message for [KeyManagementService.ListEkmConnections][].
+   * Response message for
+   * [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections].
    * 
* * Protobuf type {@code google.cloud.kms.v1.ListEkmConnectionsResponse} diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/UpdateEkmConnectionRequest.java b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/UpdateEkmConnectionRequest.java index 19b98627a9da..c07d383c7e69 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/UpdateEkmConnectionRequest.java +++ b/java-kms/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/UpdateEkmConnectionRequest.java @@ -22,7 +22,8 @@ * * *
- * Request message for [KeyManagementService.UpdateEkmConnection][].
+ * Request message for
+ * [EkmService.UpdateEkmConnection][google.cloud.kms.v1.EkmService.UpdateEkmConnection].
  * 
* * Protobuf type {@code google.cloud.kms.v1.UpdateEkmConnectionRequest} @@ -353,7 +354,8 @@ protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.Build * * *
-   * Request message for [KeyManagementService.UpdateEkmConnection][].
+   * Request message for
+   * [EkmService.UpdateEkmConnection][google.cloud.kms.v1.EkmService.UpdateEkmConnection].
    * 
* * Protobuf type {@code google.cloud.kms.v1.UpdateEkmConnectionRequest} diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/ekm_service.proto b/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/ekm_service.proto index de8669dbf3d3..c179d4a6c35b 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/ekm_service.proto +++ b/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/ekm_service.proto @@ -1,4 +1,4 @@ -// Copyright 2021 Google LLC +// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -85,7 +85,8 @@ service EkmService { } } -// Request message for [KeyManagementService.ListEkmConnections][]. +// Request message for +// [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections]. message ListEkmConnectionsRequest { // Required. The resource name of the location associated with the // [EkmConnections][google.cloud.kms.v1.EkmConnection] to list, in the format @@ -123,7 +124,8 @@ message ListEkmConnectionsRequest { string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; } -// Response message for [KeyManagementService.ListEkmConnections][]. +// Response message for +// [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections]. message ListEkmConnectionsResponse { // The list of [EkmConnections][google.cloud.kms.v1.EkmConnection]. repeated EkmConnection ekm_connections = 1; @@ -138,7 +140,8 @@ message ListEkmConnectionsResponse { int32 total_size = 3; } -// Request message for [KeyManagementService.GetEkmConnection][]. +// Request message for +// [EkmService.GetEkmConnection][google.cloud.kms.v1.EkmService.GetEkmConnection]. message GetEkmConnectionRequest { // Required. The [name][google.cloud.kms.v1.EkmConnection.name] of the // [EkmConnection][google.cloud.kms.v1.EkmConnection] to get. @@ -150,7 +153,8 @@ message GetEkmConnectionRequest { ]; } -// Request message for [KeyManagementService.CreateEkmConnection][]. +// Request message for +// [EkmService.CreateEkmConnection][google.cloud.kms.v1.EkmService.CreateEkmConnection]. message CreateEkmConnectionRequest { // Required. The resource name of the location associated with the // [EkmConnection][google.cloud.kms.v1.EkmConnection], in the format @@ -171,7 +175,8 @@ message CreateEkmConnectionRequest { EkmConnection ekm_connection = 3 [(google.api.field_behavior) = REQUIRED]; } -// Request message for [KeyManagementService.UpdateEkmConnection][]. +// Request message for +// [EkmService.UpdateEkmConnection][google.cloud.kms.v1.EkmService.UpdateEkmConnection]. message UpdateEkmConnectionRequest { // Required. [EkmConnection][google.cloud.kms.v1.EkmConnection] with updated // values. @@ -263,7 +268,8 @@ message EkmConnection { string hostname = 3 [(google.api.field_behavior) = REQUIRED]; // Required. A list of leaf server certificates used to authenticate HTTPS - // connections to the EKM replica. + // connections to the EKM replica. Currently, a maximum of 10 + // [Certificate][google.cloud.kms.v1.Certificate] is supported. repeated Certificate server_certificates = 4 [(google.api.field_behavior) = REQUIRED]; } @@ -286,8 +292,7 @@ message EkmConnection { // supported. repeated ServiceResolver service_resolvers = 3; - // This checksum is computed by the server based on the value of other fields, - // and may be sent on update requests to ensure the client has an up-to-date - // value before proceeding. - string etag = 5; + // Optional. Etag of the currently stored + // [EkmConnection][google.cloud.kms.v1.EkmConnection]. + string etag = 5 [(google.api.field_behavior) = OPTIONAL]; } diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/resources.proto b/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/resources.proto index b32d85464575..fa89122c8a0e 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/resources.proto +++ b/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/resources.proto @@ -1,4 +1,4 @@ -// Copyright 2021 Google LLC +// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -235,6 +235,9 @@ message KeyOperationAttestation { // Cavium HSM attestation compressed with gzip. Note that this format is // defined by Cavium and subject to change at any time. + // + // See + // https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html. CAVIUM_V1_COMPRESSED = 3; // Cavium HSM attestation V2 compressed with gzip. This is a new format @@ -688,6 +691,34 @@ message ImportJob { // [RSA AES key wrap // mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). RSA_OAEP_4096_SHA1_AES_256 = 2; + + // This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping + // scheme defined in the PKCS #11 standard. In summary, this involves + // wrapping the raw key with an ephemeral AES key, and wrapping the + // ephemeral AES key with a 3072 bit RSA key. For more details, see + // [RSA AES key wrap + // mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). + RSA_OAEP_3072_SHA256_AES_256 = 3; + + // This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping + // scheme defined in the PKCS #11 standard. In summary, this involves + // wrapping the raw key with an ephemeral AES key, and wrapping the + // ephemeral AES key with a 4096 bit RSA key. For more details, see + // [RSA AES key wrap + // mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). + RSA_OAEP_4096_SHA256_AES_256 = 4; + + // This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The + // key material to be imported is wrapped directly with the RSA key. Due + // to technical limitations of RSA wrapping, this method cannot be used to + // wrap RSA keys for import. + RSA_OAEP_3072_SHA256 = 5; + + // This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The + // key material to be imported is wrapped directly with the RSA key. Due + // to technical limitations of RSA wrapping, this method cannot be used to + // wrap RSA keys for import. + RSA_OAEP_4096_SHA256 = 6; } // The state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if diff --git a/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/service.proto b/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/service.proto index 565678da32cd..938f1e2550ec 100644 --- a/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/service.proto +++ b/java-kms/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/service.proto @@ -1,4 +1,4 @@ -// Copyright 2021 Google LLC +// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -797,33 +797,56 @@ message ImportCryptoKeyVersionRequest { // material. string import_job = 4 [(google.api.field_behavior) = REQUIRED]; - // Required. The incoming wrapped key material that is to be imported. + // Optional. The wrapped key material to import. + // + // Before wrapping, key material must be formatted. If importing symmetric key + // material, the expected key material format is plain bytes. If importing + // asymmetric key material, the expected key material format is PKCS#8-encoded + // DER (the PrivateKeyInfo structure from RFC 5208). + // + // When wrapping with import methods + // ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256] + // or + // [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256] + // or + // [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256] + // or + // [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]), + // + // this field must contain the concatenation of: + //
    + //
  1. An ephemeral AES-256 wrapping key wrapped with the + // [public_key][google.cloud.kms.v1.ImportJob.public_key] using + // RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty + // label. + //
  2. + //
  3. The formatted key to be imported, wrapped with the ephemeral AES-256 + // key using AES-KWP (RFC 5649). + //
  4. + //
+ // + // This format is the same as the format produced by PKCS#11 mechanism + // CKM_RSA_AES_KEY_WRAP. + // + // When wrapping with import methods + // ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256] + // or + // [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]), + // + // this field must contain the formatted key to be imported, wrapped with the + // [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP + // with SHA-256, MGF1 with SHA-256, and an empty label. + bytes wrapped_key = 8 [(google.api.field_behavior) = OPTIONAL]; + + // This field is legacy. Use the field + // [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key] + // instead. oneof wrapped_key_material { - // Wrapped key material produced with - // [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256] - // or - // [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]. - // - // This field contains the concatenation of two wrapped keys: - //
    - //
  1. An ephemeral AES-256 wrapping key wrapped with the - // [public_key][google.cloud.kms.v1.ImportJob.public_key] using - // RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an - // empty label. - //
  2. - //
  3. The key to be imported, wrapped with the ephemeral AES-256 key - // using AES-KWP (RFC 5649). - //
  4. - //
- // - // If importing symmetric key material, it is expected that the unwrapped - // key contains plain bytes. If importing asymmetric key material, it is - // expected that the unwrapped key is in PKCS#8-encoded DER format (the - // PrivateKeyInfo structure from RFC 5208). - // - // This format is the same as the format produced by PKCS#11 mechanism - // CKM_RSA_AES_KEY_WRAP. - bytes rsa_aes_wrapped_key = 5; + // Optional. This field has the same meaning as + // [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key]. + // Prefer to use that field in new work. Either that field or this field + // (but not both) must be specified. + bytes rsa_aes_wrapped_key = 5 [(google.api.field_behavior) = OPTIONAL]; } } @@ -935,7 +958,9 @@ message EncryptRequest { // // The maximum size depends on the key version's // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the + // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + // [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the // plaintext must be no larger than 64KiB. For // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of // the plaintext and additional_authenticated_data fields must be no larger @@ -948,8 +973,10 @@ message EncryptRequest { // // The maximum size depends on the key version's // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. - // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD - // must be no larger than 64KiB. For + // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], + // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and + // [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the + // AAD must be no larger than 64KiB. For // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of // the plaintext and additional_authenticated_data fields must be no larger // than 8KiB. diff --git a/java-kms/samples/snippets/generated/com/google/cloud/kms/v1/keymanagementservice/importcryptokeyversion/AsyncImportCryptoKeyVersion.java b/java-kms/samples/snippets/generated/com/google/cloud/kms/v1/keymanagementservice/importcryptokeyversion/AsyncImportCryptoKeyVersion.java index 9dc424d2c1e7..3cd3e6ed0c80 100644 --- a/java-kms/samples/snippets/generated/com/google/cloud/kms/v1/keymanagementservice/importcryptokeyversion/AsyncImportCryptoKeyVersion.java +++ b/java-kms/samples/snippets/generated/com/google/cloud/kms/v1/keymanagementservice/importcryptokeyversion/AsyncImportCryptoKeyVersion.java @@ -23,6 +23,7 @@ import com.google.cloud.kms.v1.CryptoKeyVersionName; import com.google.cloud.kms.v1.ImportCryptoKeyVersionRequest; import com.google.cloud.kms.v1.KeyManagementServiceClient; +import com.google.protobuf.ByteString; public class AsyncImportCryptoKeyVersion { @@ -52,6 +53,7 @@ public static void asyncImportCryptoKeyVersion() throws Exception { "[CRYPTO_KEY_VERSION]") .toString()) .setImportJob("importJob-208547368") + .setWrappedKey(ByteString.EMPTY) .build(); ApiFuture future = keyManagementServiceClient.importCryptoKeyVersionCallable().futureCall(request); diff --git a/java-kms/samples/snippets/generated/com/google/cloud/kms/v1/keymanagementservice/importcryptokeyversion/SyncImportCryptoKeyVersion.java b/java-kms/samples/snippets/generated/com/google/cloud/kms/v1/keymanagementservice/importcryptokeyversion/SyncImportCryptoKeyVersion.java index 22e9869e3889..38e8b948a9df 100644 --- a/java-kms/samples/snippets/generated/com/google/cloud/kms/v1/keymanagementservice/importcryptokeyversion/SyncImportCryptoKeyVersion.java +++ b/java-kms/samples/snippets/generated/com/google/cloud/kms/v1/keymanagementservice/importcryptokeyversion/SyncImportCryptoKeyVersion.java @@ -22,6 +22,7 @@ import com.google.cloud.kms.v1.CryptoKeyVersionName; import com.google.cloud.kms.v1.ImportCryptoKeyVersionRequest; import com.google.cloud.kms.v1.KeyManagementServiceClient; +import com.google.protobuf.ByteString; public class SyncImportCryptoKeyVersion { @@ -51,6 +52,7 @@ public static void syncImportCryptoKeyVersion() throws Exception { "[CRYPTO_KEY_VERSION]") .toString()) .setImportJob("importJob-208547368") + .setWrappedKey(ByteString.EMPTY) .build(); CryptoKeyVersion response = keyManagementServiceClient.importCryptoKeyVersion(request); }