GrantConstraints (AWS SDK for Android

java.lang.Object
- com.amazonaws.services.kms.model.GrantConstraints

All Implemented Interfaces:

java.io.Serializable
```
public class GrantConstraints
extends java.lang.Object
implements java.io.Serializable
```
Use this structure to allow cryptographic operations in the grant only when the operation request includes the specified encryption context.

AWS KMS applies the grant constraints only to cryptographic operations that support an encryption context, that is, all cryptographic operations with a symmetric CMK. Grant constraints are not applied to operations that do not support an encryption context, such as cryptographic operations with asymmetric CMKs and management operations, such as DescribeKey or RetireGrant.

In a cryptographic operation, the encryption context in the decryption operation must be an exact, case-sensitive match for the keys and values in the encryption context of the encryption operation. Only the order of the pairs can vary.

However, in a grant constraint, the key in each key-value pair is not case sensitive, but the value is case sensitive.

To avoid confusion, do not use multiple encryption context pairs that differ only by case. To require a fully case-sensitive encryption context, use the kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM or key policy. For details, see kms:EncryptionContext: in the AWS Key Management Service Developer Guide .

See Also:

Serialized Form

Constructor Summary

Constructors
Constructor and Description

GrantConstraints()

Constructors
Constructor and Description
`GrantConstraints()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`GrantConstraints`	`addEncryptionContextEqualsEntry(java.lang.String key, java.lang.String value)` A list of key-value pairs that must match the encryption context in the cryptographic operation request.
`GrantConstraints`	`addEncryptionContextSubsetEntry(java.lang.String key, java.lang.String value)` A list of key-value pairs that must be included in the encryption context of the cryptographic operation request.
`GrantConstraints`	`clearEncryptionContextEqualsEntries()` Removes all the entries added into EncryptionContextEquals.
`GrantConstraints`	`clearEncryptionContextSubsetEntries()` Removes all the entries added into EncryptionContextSubset.
`boolean`	`equals(java.lang.Object obj)`
`java.util.Map<java.lang.String,java.lang.String>`	`getEncryptionContextEquals()` A list of key-value pairs that must match the encryption context in the cryptographic operation request.
`java.util.Map<java.lang.String,java.lang.String>`	`getEncryptionContextSubset()` A list of key-value pairs that must be included in the encryption context of the cryptographic operation request.
`int`	`hashCode()`
`void`	`setEncryptionContextEquals(java.util.Map<java.lang.String,java.lang.String> encryptionContextEquals)` A list of key-value pairs that must match the encryption context in the cryptographic operation request.
`void`	`setEncryptionContextSubset(java.util.Map<java.lang.String,java.lang.String> encryptionContextSubset)` A list of key-value pairs that must be included in the encryption context of the cryptographic operation request.
`java.lang.String`	`toString()` Returns a string representation of this object; useful for testing and debugging.
`GrantConstraints`	`withEncryptionContextEquals(java.util.Map<java.lang.String,java.lang.String> encryptionContextEquals)` A list of key-value pairs that must match the encryption context in the cryptographic operation request.
`GrantConstraints`	`withEncryptionContextSubset(java.util.Map<java.lang.String,java.lang.String> encryptionContextSubset)` A list of key-value pairs that must be included in the encryption context of the cryptographic operation request.

Methods inherited from class java.lang.Object
getClass, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - GrantConstraints
```
public GrantConstraints()
```
- Method Detail
  - getEncryptionContextSubset
```
public java.util.Map<java.lang.String,java.lang.String> getEncryptionContextSubset()
```
    A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
    
    Returns:
    
    A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
  - setEncryptionContextSubset
```
public void setEncryptionContextSubset(java.util.Map<java.lang.String,java.lang.String> encryptionContextSubset)
```
    A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
    
    Parameters:
    
    encryptionContextSubset -
    A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
  - withEncryptionContextSubset
```
public GrantConstraints withEncryptionContextSubset(java.util.Map<java.lang.String,java.lang.String> encryptionContextSubset)
```
    A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
    
    Returns a reference to this object so that method calls can be chained together.
    
    Parameters:
    
    encryptionContextSubset -
    A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
    
    Returns:
    
    A reference to this updated object so that method calls can be chained together.
  - addEncryptionContextSubsetEntry
```
public GrantConstraints addEncryptionContextSubsetEntry(java.lang.String key,
                                                        java.lang.String value)
```
    A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
    
    The method adds a new key-value pair into EncryptionContextSubset parameter, and returns a reference to this object so that method calls can be chained together.
    
    Parameters:
    
    key - The key of the entry to be added into EncryptionContextSubset.
    
    value - The corresponding value of the entry to be added into EncryptionContextSubset.
    
    Returns:
    
    A reference to this updated object so that method calls can be chained together.
  - clearEncryptionContextSubsetEntries
```
public GrantConstraints clearEncryptionContextSubsetEntries()
```
    Removes all the entries added into EncryptionContextSubset.
    Returns a reference to this object so that method calls can be chained together.
  - getEncryptionContextEquals
```
public java.util.Map<java.lang.String,java.lang.String> getEncryptionContextEquals()
```
    A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
    
    Returns:
    
    A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
  - setEncryptionContextEquals
```
public void setEncryptionContextEquals(java.util.Map<java.lang.String,java.lang.String> encryptionContextEquals)
```
    A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
    
    Parameters:
    
    encryptionContextEquals -
    A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
  - withEncryptionContextEquals
```
public GrantConstraints withEncryptionContextEquals(java.util.Map<java.lang.String,java.lang.String> encryptionContextEquals)
```
    A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
    
    Returns a reference to this object so that method calls can be chained together.
    
    Parameters:
    
    encryptionContextEquals -
    A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
    
    Returns:
    
    A reference to this updated object so that method calls can be chained together.
  - addEncryptionContextEqualsEntry
```
public GrantConstraints addEncryptionContextEqualsEntry(java.lang.String key,
                                                        java.lang.String value)
```
    A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
    
    The method adds a new key-value pair into EncryptionContextEquals parameter, and returns a reference to this object so that method calls can be chained together.
    
    Parameters:
    
    key - The key of the entry to be added into EncryptionContextEquals.
    
    value - The corresponding value of the entry to be added into EncryptionContextEquals.
    
    Returns:
    
    A reference to this updated object so that method calls can be chained together.
  - clearEncryptionContextEqualsEntries
```
public GrantConstraints clearEncryptionContextEqualsEntries()
```
    Removes all the entries added into EncryptionContextEquals.
    Returns a reference to this object so that method calls can be chained together.
  - toString
```
public java.lang.String toString()
```
    Returns a string representation of this object; useful for testing and debugging.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    
    A string representation of this object.
    
    See Also:
    
    Object.toString()
  - hashCode
```
public int hashCode()
```
    Overrides:
    
    hashCode in class java.lang.Object
  - equals
```
public boolean equals(java.lang.Object obj)
```
    Overrides:
    
    equals in class java.lang.Object

Class GrantConstraints

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

GrantConstraints

Method Detail

getEncryptionContextSubset

setEncryptionContextSubset

withEncryptionContextSubset

addEncryptionContextSubsetEntry

clearEncryptionContextSubsetEntries

getEncryptionContextEquals

setEncryptionContextEquals

withEncryptionContextEquals

addEncryptionContextEqualsEntry

clearEncryptionContextEqualsEntries

toString

hashCode

equals