404 Not Found

info server
Uname: Linux in-mum-web1557.main-hosting.eu 5.14.0-611.42.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 24 05:30:20 EDT 2026 x86_64
Software: LiteSpeed
PHP version: 8.2.30 [ PHP INFO ] PHP os: Linux
Server Ip: 91.108.106.197
Your Ip: 216.73.216.168
User: u848900432 (848900432) | Group: o51372345 (1051372345)
Safe Mode: OFF
Disable Function:
NONE
upload mass deface mass delete console
name : api.go
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.

package paymentcryptography

import (
	"fmt"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awsutil"
	"github.com/aws/aws-sdk-go/aws/request"
	"github.com/aws/aws-sdk-go/private/protocol"
	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
)

const opCreateAlias = "CreateAlias"

// CreateAliasRequest generates a "aws/request.Request" representing the
// client's request for the CreateAlias operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateAlias for more information on using the CreateAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the CreateAliasRequest method.
//	req, resp := client.CreateAliasRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateAlias
func (c *PaymentCryptography) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, output *CreateAliasOutput) {
	op := &request.Operation{
		Name:       opCreateAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateAliasInput{}
	}

	output = &CreateAliasOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateAlias API operation for Payment Cryptography Control Plane.
//
// Creates an alias, or a friendly name, for an Amazon Web Services Payment
// Cryptography key. You can use an alias to identify a key in the console and
// when you call cryptographic operations such as EncryptData (https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_EncryptData.html)
// or DecryptData (https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_DecryptData.html).
//
// You can associate the alias with any key in the same Amazon Web Services
// Region. Each alias is associated with only one key at a time, but a key can
// have multiple aliases. You can't create an alias without a key. The alias
// must be unique in the account and Amazon Web Services Region, but you can
// create another alias with the same name in a different Amazon Web Services
// Region.
//
// To change the key that's associated with the alias, call UpdateAlias. To
// delete the alias, call DeleteAlias. These operations don't affect the underlying
// key. To get the alias that you created, call ListAliases.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - DeleteAlias
//
//   - GetAlias
//
//   - ListAliases
//
//   - UpdateAlias
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation CreateAlias for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateAlias
func (c *PaymentCryptography) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) {
	req, out := c.CreateAliasRequest(input)
	return out, req.Send()
}

// CreateAliasWithContext is the same as CreateAlias with the addition of
// the ability to pass a context and additional request options.
//
// See CreateAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) CreateAliasWithContext(ctx aws.Context, input *CreateAliasInput, opts ...request.Option) (*CreateAliasOutput, error) {
	req, out := c.CreateAliasRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateKey = "CreateKey"

// CreateKeyRequest generates a "aws/request.Request" representing the
// client's request for the CreateKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateKey for more information on using the CreateKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the CreateKeyRequest method.
//	req, resp := client.CreateKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateKey
func (c *PaymentCryptography) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, output *CreateKeyOutput) {
	op := &request.Operation{
		Name:       opCreateKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateKeyInput{}
	}

	output = &CreateKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateKey API operation for Payment Cryptography Control Plane.
//
// Creates an Amazon Web Services Payment Cryptography key, a logical representation
// of a cryptographic key, that is unique in your account and Amazon Web Services
// Region. You use keys for cryptographic functions such as encryption and decryption.
//
// In addition to the key material used in cryptographic operations, an Amazon
// Web Services Payment Cryptography key includes metadata such as the key ARN,
// key usage, key origin, creation date, description, and key state.
//
// When you create a key, you specify both immutable and mutable data about
// the key. The immutable data contains key attributes that define the scope
// and cryptographic operations that you can perform using the key, for example
// key class (example: SYMMETRIC_KEY), key algorithm (example: TDES_2KEY), key
// usage (example: TR31_P0_PIN_ENCRYPTION_KEY) and key modes of use (example:
// Encrypt). For information about valid combinations of key attributes, see
// Understanding key attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html)
// in the Amazon Web Services Payment Cryptography User Guide. The mutable data
// contained within a key includes usage timestamp and key deletion timestamp
// and can be modified after creation.
//
// Amazon Web Services Payment Cryptography binds key attributes to keys using
// key blocks when you store or export them. Amazon Web Services Payment Cryptography
// stores the key contents wrapped and never stores or transmits them in the
// clear.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - DeleteKey
//
//   - GetKey
//
//   - ListKeys
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation CreateKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateKey
func (c *PaymentCryptography) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) {
	req, out := c.CreateKeyRequest(input)
	return out, req.Send()
}

// CreateKeyWithContext is the same as CreateKey with the addition of
// the ability to pass a context and additional request options.
//
// See CreateKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) CreateKeyWithContext(ctx aws.Context, input *CreateKeyInput, opts ...request.Option) (*CreateKeyOutput, error) {
	req, out := c.CreateKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteAlias = "DeleteAlias"

// DeleteAliasRequest generates a "aws/request.Request" representing the
// client's request for the DeleteAlias operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteAlias for more information on using the DeleteAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the DeleteAliasRequest method.
//	req, resp := client.DeleteAliasRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteAlias
func (c *PaymentCryptography) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, output *DeleteAliasOutput) {
	op := &request.Operation{
		Name:       opDeleteAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteAliasInput{}
	}

	output = &DeleteAliasOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteAlias API operation for Payment Cryptography Control Plane.
//
// Deletes the alias, but doesn't affect the underlying key.
//
// Each key can have multiple aliases. To get the aliases of all keys, use the
// ListAliases operation. To change the alias of a key, first use DeleteAlias
// to delete the current alias and then use CreateAlias to create a new alias.
// To associate an existing alias with a different key, call UpdateAlias.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateAlias
//
//   - GetAlias
//
//   - ListAliases
//
//   - UpdateAlias
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation DeleteAlias for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteAlias
func (c *PaymentCryptography) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) {
	req, out := c.DeleteAliasRequest(input)
	return out, req.Send()
}

// DeleteAliasWithContext is the same as DeleteAlias with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) DeleteAliasWithContext(ctx aws.Context, input *DeleteAliasInput, opts ...request.Option) (*DeleteAliasOutput, error) {
	req, out := c.DeleteAliasRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteKey = "DeleteKey"

// DeleteKeyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteKey for more information on using the DeleteKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the DeleteKeyRequest method.
//	req, resp := client.DeleteKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteKey
func (c *PaymentCryptography) DeleteKeyRequest(input *DeleteKeyInput) (req *request.Request, output *DeleteKeyOutput) {
	op := &request.Operation{
		Name:       opDeleteKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteKeyInput{}
	}

	output = &DeleteKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// DeleteKey API operation for Payment Cryptography Control Plane.
//
// Deletes the key material and metadata associated with Amazon Web Services
// Payment Cryptography key.
//
// Key deletion is irreversible. After a key is deleted, you can't perform cryptographic
// operations using the key. For example, you can't decrypt data that was encrypted
// by a deleted Amazon Web Services Payment Cryptography key, and the data may
// become unrecoverable. Because key deletion is destructive, Amazon Web Services
// Payment Cryptography has a safety mechanism to prevent accidental deletion
// of a key. When you call this operation, Amazon Web Services Payment Cryptography
// disables the specified key but doesn't delete it until after a waiting period
// set using DeleteKeyInDays. The default waiting period is 7 days. During the
// waiting period, the KeyState is DELETE_PENDING. After the key is deleted,
// the KeyState is DELETE_COMPLETE.
//
// You should delete a key only when you are sure that you don't need to use
// it anymore and no other parties are utilizing this key. If you aren't sure,
// consider deactivating it instead by calling StopKeyUsage.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - RestoreKey
//
//   - StartKeyUsage
//
//   - StopKeyUsage
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation DeleteKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteKey
func (c *PaymentCryptography) DeleteKey(input *DeleteKeyInput) (*DeleteKeyOutput, error) {
	req, out := c.DeleteKeyRequest(input)
	return out, req.Send()
}

// DeleteKeyWithContext is the same as DeleteKey with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) DeleteKeyWithContext(ctx aws.Context, input *DeleteKeyInput, opts ...request.Option) (*DeleteKeyOutput, error) {
	req, out := c.DeleteKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opExportKey = "ExportKey"

// ExportKeyRequest generates a "aws/request.Request" representing the
// client's request for the ExportKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ExportKey for more information on using the ExportKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ExportKeyRequest method.
//	req, resp := client.ExportKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKey
func (c *PaymentCryptography) ExportKeyRequest(input *ExportKeyInput) (req *request.Request, output *ExportKeyOutput) {
	op := &request.Operation{
		Name:       opExportKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ExportKeyInput{}
	}

	output = &ExportKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ExportKey API operation for Payment Cryptography Control Plane.
//
// Exports a key from Amazon Web Services Payment Cryptography.
//
// Amazon Web Services Payment Cryptography simplifies key exchange by replacing
// the existing paper-based approach with a modern electronic approach. With
// ExportKey you can export symmetric keys using either symmetric and asymmetric
// key exchange mechanisms. Using this operation, you can share your Amazon
// Web Services Payment Cryptography generated keys with other service partners
// to perform cryptographic operations outside of Amazon Web Services Payment
// Cryptography
//
// For symmetric key exchange, Amazon Web Services Payment Cryptography uses
// the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And for asymmetric
// key exchange, Amazon Web Services Payment Cryptography supports ANSI X9 TR-34
// norm and RSA wrap and unwrap key exchange mechanism. Asymmetric key exchange
// methods are typically used to establish bi-directional trust between the
// two parties exhanging keys and are used for initial key exchange such as
// Key Encryption Key (KEK). After which you can export working keys using symmetric
// method to perform various cryptographic operations within Amazon Web Services
// Payment Cryptography.
//
// The TR-34 norm is intended for exchanging 3DES keys only and keys are imported
// in a WrappedKeyBlock format. Key attributes (such as KeyUsage, KeyAlgorithm,
// KeyModesOfUse, Exportability) are contained within the key block. With RSA
// wrap and unwrap, you can exchange both 3DES and AES-128 keys. The keys are
// imported in a WrappedKeyCryptogram format and you will need to specify the
// key attributes during import.
//
// You can also use ExportKey functionality to generate and export an IPEK (Initial
// Pin Encryption Key) from Amazon Web Services Payment Cryptography using either
// TR-31 or TR-34 export key exchange. IPEK is generated from BDK (Base Derivation
// Key) and ExportDukptInitialKey attribute KSN (KeySerialNumber). The generated
// IPEK does not persist within Amazon Web Services Payment Cryptography and
// has to be re-generated each time during export.
//
// # To export initial keys (KEK) or IPEK using TR-34
//
// Using this operation, you can export initial key using TR-34 asymmetric key
// exchange. You can only export KEK generated within Amazon Web Services Payment
// Cryptography. In TR-34 terminology, the sending party of the key is called
// Key Distribution Host (KDH) and the receiving party of the key is called
// Key Receiving Device (KRD). During key export process, KDH is Amazon Web
// Services Payment Cryptography which initiates key export and KRD is the user
// receiving the key.
//
// To initiate TR-34 key export, the KRD must obtain an export token by calling
// GetParametersForExport. This operation also generates a key pair for the
// purpose of key export, signs the key and returns back the signing public
// key certificate (also known as KDH signing certificate) and root certificate
// chain. The KDH uses the private key to sign the the export payload and the
// signing public key certificate is provided to KRD to verify the signature.
// The KRD can import the root certificate into its Hardware Security Module
// (HSM), as required. The export token and the associated KDH signing certificate
// expires after 7 days.
//
// Next the KRD generates a key pair for the the purpose of encrypting the KDH
// key and provides the public key cerificate (also known as KRD wrapping certificate)
// back to KDH. The KRD will also import the root cerificate chain into Amazon
// Web Services Payment Cryptography by calling ImportKey for RootCertificatePublicKey.
// The KDH, Amazon Web Services Payment Cryptography, will use the KRD wrapping
// cerificate to encrypt (wrap) the key under export and signs it with signing
// private key to generate a TR-34 WrappedKeyBlock. For more information on
// TR-34 key export, see section Exporting symmetric keys (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-export.html)
// in the Amazon Web Services Payment Cryptography User Guide.
//
// Set the following parameters:
//
//   - ExportAttributes: Specify export attributes in case of IPEK export.
//     This parameter is optional for KEK export.
//
//   - ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK)
//     under export.
//
//   - KeyMaterial: Use Tr34KeyBlock parameters.
//
//   - CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate
//     chain that signed the KRD wrapping key certificate.
//
//   - ExportToken: Obtained from KDH by calling GetParametersForImport.
//
//   - WrappingKeyCertificate: The public key certificate in PEM format (base64
//     encoded) of the KRD wrapping key Amazon Web Services Payment Cryptography
//     uses for encryption of the TR-34 export payload. This certificate must
//     be signed by the root certificate (CertificateAuthorityPublicKeyIdentifier)
//     imported into Amazon Web Services Payment Cryptography.
//
// When this operation is successful, Amazon Web Services Payment Cryptography
// returns the KEK or IPEK as a TR-34 WrappedKeyBlock.
//
// # To export initial keys (KEK) or IPEK using RSA Wrap and Unwrap
//
// Using this operation, you can export initial key using asymmetric RSA wrap
// and unwrap key exchange method. To initiate export, generate an asymmetric
// key pair on the receiving HSM and obtain the public key certificate in PEM
// format (base64 encoded) for the purpose of wrapping and the root certifiate
// chain. Import the root certificate into Amazon Web Services Payment Cryptography
// by calling ImportKey for RootCertificatePublicKey.
//
// Next call ExportKey and set the following parameters:
//
//   - CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate
//     chain that signed wrapping key certificate.
//
//   - KeyMaterial: Set to KeyCryptogram.
//
//   - WrappingKeyCertificate: The public key certificate in PEM format (base64
//     encoded) obtained by the receiving HSM and signed by the root certificate
//     (CertificateAuthorityPublicKeyIdentifier) imported into Amazon Web Services
//     Payment Cryptography. The receiving HSM uses its private key component
//     to unwrap the WrappedKeyCryptogram.
//
// When this operation is successful, Amazon Web Services Payment Cryptography
// returns the WrappedKeyCryptogram.
//
// # To export working keys or IPEK using TR-31
//
// Using this operation, you can export working keys or IPEK using TR-31 symmetric
// key exchange. In TR-31, you must use an initial key such as KEK to encrypt
// or wrap the key under export. To establish a KEK, you can use CreateKey or
// ImportKey.
//
// Set the following parameters:
//
//   - ExportAttributes: Specify export attributes in case of IPEK export.
//     This parameter is optional for KEK export.
//
//   - ExportKeyIdentifier: The KeyARN of the KEK or BDK (in case of IPEK)
//     under export.
//
//   - KeyMaterial: Use Tr31KeyBlock parameters.
//
// When this operation is successful, Amazon Web Services Payment Cryptography
// returns the working key or IPEK as a TR-31 WrappedKeyBlock.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - GetParametersForExport
//
//   - ImportKey
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation ExportKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKey
func (c *PaymentCryptography) ExportKey(input *ExportKeyInput) (*ExportKeyOutput, error) {
	req, out := c.ExportKeyRequest(input)
	return out, req.Send()
}

// ExportKeyWithContext is the same as ExportKey with the addition of
// the ability to pass a context and additional request options.
//
// See ExportKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ExportKeyWithContext(ctx aws.Context, input *ExportKeyInput, opts ...request.Option) (*ExportKeyOutput, error) {
	req, out := c.ExportKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetAlias = "GetAlias"

// GetAliasRequest generates a "aws/request.Request" representing the
// client's request for the GetAlias operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetAlias for more information on using the GetAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetAliasRequest method.
//	req, resp := client.GetAliasRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetAlias
func (c *PaymentCryptography) GetAliasRequest(input *GetAliasInput) (req *request.Request, output *GetAliasOutput) {
	op := &request.Operation{
		Name:       opGetAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetAliasInput{}
	}

	output = &GetAliasOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetAlias API operation for Payment Cryptography Control Plane.
//
// Gets the Amazon Web Services Payment Cryptography key associated with the
// alias.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateAlias
//
//   - DeleteAlias
//
//   - ListAliases
//
//   - UpdateAlias
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation GetAlias for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetAlias
func (c *PaymentCryptography) GetAlias(input *GetAliasInput) (*GetAliasOutput, error) {
	req, out := c.GetAliasRequest(input)
	return out, req.Send()
}

// GetAliasWithContext is the same as GetAlias with the addition of
// the ability to pass a context and additional request options.
//
// See GetAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) GetAliasWithContext(ctx aws.Context, input *GetAliasInput, opts ...request.Option) (*GetAliasOutput, error) {
	req, out := c.GetAliasRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetKey = "GetKey"

// GetKeyRequest generates a "aws/request.Request" representing the
// client's request for the GetKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetKey for more information on using the GetKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetKeyRequest method.
//	req, resp := client.GetKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetKey
func (c *PaymentCryptography) GetKeyRequest(input *GetKeyInput) (req *request.Request, output *GetKeyOutput) {
	op := &request.Operation{
		Name:       opGetKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetKeyInput{}
	}

	output = &GetKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetKey API operation for Payment Cryptography Control Plane.
//
// Gets the key material for an Amazon Web Services Payment Cryptography key,
// including the immutable and mutable data specified when the key was created.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateKey
//
//   - DeleteKey
//
//   - ListKeys
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation GetKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetKey
func (c *PaymentCryptography) GetKey(input *GetKeyInput) (*GetKeyOutput, error) {
	req, out := c.GetKeyRequest(input)
	return out, req.Send()
}

// GetKeyWithContext is the same as GetKey with the addition of
// the ability to pass a context and additional request options.
//
// See GetKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) GetKeyWithContext(ctx aws.Context, input *GetKeyInput, opts ...request.Option) (*GetKeyOutput, error) {
	req, out := c.GetKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetParametersForExport = "GetParametersForExport"

// GetParametersForExportRequest generates a "aws/request.Request" representing the
// client's request for the GetParametersForExport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetParametersForExport for more information on using the GetParametersForExport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetParametersForExportRequest method.
//	req, resp := client.GetParametersForExportRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExport
func (c *PaymentCryptography) GetParametersForExportRequest(input *GetParametersForExportInput) (req *request.Request, output *GetParametersForExportOutput) {
	op := &request.Operation{
		Name:       opGetParametersForExport,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetParametersForExportInput{}
	}

	output = &GetParametersForExportOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetParametersForExport API operation for Payment Cryptography Control Plane.
//
// Gets the export token and the signing key certificate to initiate a TR-34
// key export from Amazon Web Services Payment Cryptography.
//
// The signing key certificate signs the wrapped key under export within the
// TR-34 key payload. The export token and signing key certificate must be in
// place and operational before calling ExportKey. The export token expires
// in 7 days. You can use the same export token to export multiple keys from
// your service account.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - ExportKey
//
//   - GetParametersForImport
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation GetParametersForExport for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExport
func (c *PaymentCryptography) GetParametersForExport(input *GetParametersForExportInput) (*GetParametersForExportOutput, error) {
	req, out := c.GetParametersForExportRequest(input)
	return out, req.Send()
}

// GetParametersForExportWithContext is the same as GetParametersForExport with the addition of
// the ability to pass a context and additional request options.
//
// See GetParametersForExport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) GetParametersForExportWithContext(ctx aws.Context, input *GetParametersForExportInput, opts ...request.Option) (*GetParametersForExportOutput, error) {
	req, out := c.GetParametersForExportRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetParametersForImport = "GetParametersForImport"

// GetParametersForImportRequest generates a "aws/request.Request" representing the
// client's request for the GetParametersForImport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetParametersForImport for more information on using the GetParametersForImport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetParametersForImportRequest method.
//	req, resp := client.GetParametersForImportRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImport
func (c *PaymentCryptography) GetParametersForImportRequest(input *GetParametersForImportInput) (req *request.Request, output *GetParametersForImportOutput) {
	op := &request.Operation{
		Name:       opGetParametersForImport,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetParametersForImportInput{}
	}

	output = &GetParametersForImportOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetParametersForImport API operation for Payment Cryptography Control Plane.
//
// Gets the import token and the wrapping key certificate in PEM format (base64
// encoded) to initiate a TR-34 WrappedKeyBlock or a RSA WrappedKeyCryptogram
// import into Amazon Web Services Payment Cryptography.
//
// The wrapping key certificate wraps the key under import. The import token
// and wrapping key certificate must be in place and operational before calling
// ImportKey. The import token expires in 7 days. You can use the same import
// token to import multiple keys into your service account.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - GetParametersForExport
//
//   - ImportKey
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation GetParametersForImport for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImport
func (c *PaymentCryptography) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) {
	req, out := c.GetParametersForImportRequest(input)
	return out, req.Send()
}

// GetParametersForImportWithContext is the same as GetParametersForImport with the addition of
// the ability to pass a context and additional request options.
//
// See GetParametersForImport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) GetParametersForImportWithContext(ctx aws.Context, input *GetParametersForImportInput, opts ...request.Option) (*GetParametersForImportOutput, error) {
	req, out := c.GetParametersForImportRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetPublicKeyCertificate = "GetPublicKeyCertificate"

// GetPublicKeyCertificateRequest generates a "aws/request.Request" representing the
// client's request for the GetPublicKeyCertificate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetPublicKeyCertificate for more information on using the GetPublicKeyCertificate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetPublicKeyCertificateRequest method.
//	req, resp := client.GetPublicKeyCertificateRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetPublicKeyCertificate
func (c *PaymentCryptography) GetPublicKeyCertificateRequest(input *GetPublicKeyCertificateInput) (req *request.Request, output *GetPublicKeyCertificateOutput) {
	op := &request.Operation{
		Name:       opGetPublicKeyCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetPublicKeyCertificateInput{}
	}

	output = &GetPublicKeyCertificateOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetPublicKeyCertificate API operation for Payment Cryptography Control Plane.
//
// Gets the public key certificate of the asymmetric key pair that exists within
// Amazon Web Services Payment Cryptography.
//
// Unlike the private key of an asymmetric key, which never leaves Amazon Web
// Services Payment Cryptography unencrypted, callers with GetPublicKeyCertificate
// permission can download the public key certificate of the asymmetric key.
// You can share the public key certificate to allow others to encrypt messages
// and verify signatures outside of Amazon Web Services Payment Cryptography
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation GetPublicKeyCertificate for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetPublicKeyCertificate
func (c *PaymentCryptography) GetPublicKeyCertificate(input *GetPublicKeyCertificateInput) (*GetPublicKeyCertificateOutput, error) {
	req, out := c.GetPublicKeyCertificateRequest(input)
	return out, req.Send()
}

// GetPublicKeyCertificateWithContext is the same as GetPublicKeyCertificate with the addition of
// the ability to pass a context and additional request options.
//
// See GetPublicKeyCertificate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) GetPublicKeyCertificateWithContext(ctx aws.Context, input *GetPublicKeyCertificateInput, opts ...request.Option) (*GetPublicKeyCertificateOutput, error) {
	req, out := c.GetPublicKeyCertificateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opImportKey = "ImportKey"

// ImportKeyRequest generates a "aws/request.Request" representing the
// client's request for the ImportKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ImportKey for more information on using the ImportKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ImportKeyRequest method.
//	req, resp := client.ImportKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKey
func (c *PaymentCryptography) ImportKeyRequest(input *ImportKeyInput) (req *request.Request, output *ImportKeyOutput) {
	op := &request.Operation{
		Name:       opImportKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ImportKeyInput{}
	}

	output = &ImportKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ImportKey API operation for Payment Cryptography Control Plane.
//
// Imports symmetric keys and public key certificates in PEM format (base64
// encoded) into Amazon Web Services Payment Cryptography.
//
// Amazon Web Services Payment Cryptography simplifies key exchange by replacing
// the existing paper-based approach with a modern electronic approach. With
// ImportKey you can import symmetric keys using either symmetric and asymmetric
// key exchange mechanisms.
//
// For symmetric key exchange, Amazon Web Services Payment Cryptography uses
// the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And for asymmetric
// key exchange, Amazon Web Services Payment Cryptography supports ANSI X9 TR-34
// norm and RSA wrap and unwrap key exchange mechanisms. Asymmetric key exchange
// methods are typically used to establish bi-directional trust between the
// two parties exhanging keys and are used for initial key exchange such as
// Key Encryption Key (KEK) or Zone Master Key (ZMK). After which you can import
// working keys using symmetric method to perform various cryptographic operations
// within Amazon Web Services Payment Cryptography.
//
// The TR-34 norm is intended for exchanging 3DES keys only and keys are imported
// in a WrappedKeyBlock format. Key attributes (such as KeyUsage, KeyAlgorithm,
// KeyModesOfUse, Exportability) are contained within the key block. With RSA
// wrap and unwrap, you can exchange both 3DES and AES-128 keys. The keys are
// imported in a WrappedKeyCryptogram format and you will need to specify the
// key attributes during import.
//
// You can also import a root public key certificate, used to sign other public
// key certificates, or a trusted public key certificate under an already established
// root public key certificate.
//
// # To import a public root key certificate
//
// You can also import a root public key certificate, used to sign other public
// key certificates, or a trusted public key certificate under an already established
// root public key certificate.
//
// # To import a public root key certificate
//
// Using this operation, you can import the public component (in PEM cerificate
// format) of your private root key. You can use the imported public root key
// certificate for digital signatures, for example signing wrapping key or signing
// key in TR-34, within your Amazon Web Services Payment Cryptography account.
//
// Set the following parameters:
//
//   - KeyMaterial: RootCertificatePublicKey
//
//   - KeyClass: PUBLIC_KEY
//
//   - KeyModesOfUse: Verify
//
//   - KeyUsage: TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
//
//   - PublicKeyCertificate: The public key certificate in PEM format (base64
//     encoded) of the private root key under import.
//
// # To import a trusted public key certificate
//
// The root public key certificate must be in place and operational before you
// import a trusted public key certificate. Set the following parameters:
//
//   - KeyMaterial: TrustedCertificatePublicKey
//
//   - CertificateAuthorityPublicKeyIdentifier: KeyArn of the RootCertificatePublicKey.
//
//   - KeyModesOfUse and KeyUsage: Corresponding to the cryptographic operations
//     such as wrap, sign, or encrypt that you will allow the trusted public
//     key certificate to perform.
//
//   - PublicKeyCertificate: The trusted public key certificate in PEM format
//     (base64 encoded) under import.
//
// # To import initial keys (KEK or ZMK or similar) using TR-34
//
// Using this operation, you can import initial key using TR-34 asymmetric key
// exchange. In TR-34 terminology, the sending party of the key is called Key
// Distribution Host (KDH) and the receiving party of the key is called Key
// Receiving Device (KRD). During the key import process, KDH is the user who
// initiates the key import and KRD is Amazon Web Services Payment Cryptography
// who receives the key.
//
// To initiate TR-34 key import, the KDH must obtain an import token by calling
// GetParametersForImport. This operation generates an encryption keypair for
// the purpose of key import, signs the key and returns back the wrapping key
// certificate (also known as KRD wrapping certificate) and the root certificate
// chain. The KDH must trust and install the KRD wrapping certificate on its
// HSM and use it to encrypt (wrap) the KDH key during TR-34 WrappedKeyBlock
// generation. The import token and associated KRD wrapping certificate expires
// after 7 days.
//
// Next the KDH generates a key pair for the purpose of signing the encrypted
// KDH key and provides the public certificate of the signing key to Amazon
// Web Services Payment Cryptography. The KDH will also need to import the root
// certificate chain of the KDH signing certificate by calling ImportKey for
// RootCertificatePublicKey. For more information on TR-34 key import, see section
// Importing symmetric keys (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-import.html)
// in the Amazon Web Services Payment Cryptography User Guide.
//
// Set the following parameters:
//
//   - KeyMaterial: Use Tr34KeyBlock parameters.
//
//   - CertificateAuthorityPublicKeyIdentifier: The KeyARN of the certificate
//     chain that signed the KDH signing key certificate.
//
//   - ImportToken: Obtained from KRD by calling GetParametersForImport.
//
//   - WrappedKeyBlock: The TR-34 wrapped key material from KDH. It contains
//     the KDH key under import, wrapped with KRD wrapping certificate and signed
//     by KDH signing private key. This TR-34 key block is typically generated
//     by the KDH Hardware Security Module (HSM) outside of Amazon Web Services
//     Payment Cryptography.
//
//   - SigningKeyCertificate: The public key certificate in PEM format (base64
//     encoded) of the KDH signing key generated under the root certificate (CertificateAuthorityPublicKeyIdentifier)
//     imported in Amazon Web Services Payment Cryptography.
//
// # To import initial keys (KEK or ZMK or similar) using RSA Wrap and Unwrap
//
// Using this operation, you can import initial key using asymmetric RSA wrap
// and unwrap key exchange method. To initiate import, call GetParametersForImport
// with KeyMaterial set to KEY_CRYPTOGRAM to generate an import token. This
// operation also generates an encryption keypair for the purpose of key import,
// signs the key and returns back the wrapping key certificate in PEM format
// (base64 encoded) and its root certificate chain. The import token and associated
// KRD wrapping certificate expires after 7 days.
//
// You must trust and install the wrapping certificate and its certificate chain
// on the sending HSM and use it to wrap the key under export for WrappedKeyCryptogram
// generation. Next call ImportKey with KeyMaterial set to KEY_CRYPTOGRAM and
// provide the ImportToken and KeyAttributes for the key under import.
//
// # To import working keys using TR-31
//
// Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange
// norm to import working keys. A KEK must be established within Amazon Web
// Services Payment Cryptography by using TR-34 key import or by using CreateKey.
// To initiate a TR-31 key import, set the following parameters:
//
//   - KeyMaterial: Use Tr31KeyBlock parameters.
//
//   - WrappedKeyBlock: The TR-31 wrapped key material. It contains the key
//     under import, encrypted using KEK. The TR-31 key block is typically generated
//     by a HSM outside of Amazon Web Services Payment Cryptography.
//
//   - WrappingKeyIdentifier: The KeyArn of the KEK that Amazon Web Services
//     Payment Cryptography uses to decrypt or unwrap the key under import.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - ExportKey
//
//   - GetParametersForImport
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation ImportKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKey
func (c *PaymentCryptography) ImportKey(input *ImportKeyInput) (*ImportKeyOutput, error) {
	req, out := c.ImportKeyRequest(input)
	return out, req.Send()
}

// ImportKeyWithContext is the same as ImportKey with the addition of
// the ability to pass a context and additional request options.
//
// See ImportKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ImportKeyWithContext(ctx aws.Context, input *ImportKeyInput, opts ...request.Option) (*ImportKeyOutput, error) {
	req, out := c.ImportKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListAliases = "ListAliases"

// ListAliasesRequest generates a "aws/request.Request" representing the
// client's request for the ListAliases operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListAliases for more information on using the ListAliases
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ListAliasesRequest method.
//	req, resp := client.ListAliasesRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListAliases
func (c *PaymentCryptography) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, output *ListAliasesOutput) {
	op := &request.Operation{
		Name:       opListAliases,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"NextToken"},
			OutputTokens:    []string{"NextToken"},
			LimitToken:      "MaxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListAliasesInput{}
	}

	output = &ListAliasesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListAliases API operation for Payment Cryptography Control Plane.
//
// Lists the aliases for all keys in the caller's Amazon Web Services account
// and Amazon Web Services Region. You can filter the list of aliases. For more
// information, see Using aliases (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-managealias.html)
// in the Amazon Web Services Payment Cryptography User Guide.
//
// This is a paginated operation, which means that each response might contain
// only a subset of all the aliases. When the response contains only a subset
// of aliases, it includes a NextToken value. Use this value in a subsequent
// ListAliases request to get more aliases. When you receive a response with
// no NextToken (or an empty or null value), that means there are no more aliases
// to get.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateAlias
//
//   - DeleteAlias
//
//   - GetAlias
//
//   - UpdateAlias
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation ListAliases for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListAliases
func (c *PaymentCryptography) ListAliases(input *ListAliasesInput) (*ListAliasesOutput, error) {
	req, out := c.ListAliasesRequest(input)
	return out, req.Send()
}

// ListAliasesWithContext is the same as ListAliases with the addition of
// the ability to pass a context and additional request options.
//
// See ListAliases for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListAliasesWithContext(ctx aws.Context, input *ListAliasesInput, opts ...request.Option) (*ListAliasesOutput, error) {
	req, out := c.ListAliasesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListAliasesPages iterates over the pages of a ListAliases operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAliases method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//	// Example iterating over at most 3 pages of a ListAliases operation.
//	pageNum := 0
//	err := client.ListAliasesPages(params,
//	    func(page *paymentcryptography.ListAliasesOutput, lastPage bool) bool {
//	        pageNum++
//	        fmt.Println(page)
//	        return pageNum <= 3
//	    })
func (c *PaymentCryptography) ListAliasesPages(input *ListAliasesInput, fn func(*ListAliasesOutput, bool) bool) error {
	return c.ListAliasesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListAliasesPagesWithContext same as ListAliasesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListAliasesPagesWithContext(ctx aws.Context, input *ListAliasesInput, fn func(*ListAliasesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListAliasesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListAliasesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListAliasesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListKeys = "ListKeys"

// ListKeysRequest generates a "aws/request.Request" representing the
// client's request for the ListKeys operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListKeys for more information on using the ListKeys
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ListKeysRequest method.
//	req, resp := client.ListKeysRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListKeys
func (c *PaymentCryptography) ListKeysRequest(input *ListKeysInput) (req *request.Request, output *ListKeysOutput) {
	op := &request.Operation{
		Name:       opListKeys,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"NextToken"},
			OutputTokens:    []string{"NextToken"},
			LimitToken:      "MaxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListKeysInput{}
	}

	output = &ListKeysOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListKeys API operation for Payment Cryptography Control Plane.
//
// Lists the keys in the caller's Amazon Web Services account and Amazon Web
// Services Region. You can filter the list of keys.
//
// This is a paginated operation, which means that each response might contain
// only a subset of all the keys. When the response contains only a subset of
// keys, it includes a NextToken value. Use this value in a subsequent ListKeys
// request to get more keys. When you receive a response with no NextToken (or
// an empty or null value), that means there are no more keys to get.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateKey
//
//   - DeleteKey
//
//   - GetKey
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation ListKeys for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListKeys
func (c *PaymentCryptography) ListKeys(input *ListKeysInput) (*ListKeysOutput, error) {
	req, out := c.ListKeysRequest(input)
	return out, req.Send()
}

// ListKeysWithContext is the same as ListKeys with the addition of
// the ability to pass a context and additional request options.
//
// See ListKeys for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListKeysWithContext(ctx aws.Context, input *ListKeysInput, opts ...request.Option) (*ListKeysOutput, error) {
	req, out := c.ListKeysRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListKeysPages iterates over the pages of a ListKeys operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListKeys method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//	// Example iterating over at most 3 pages of a ListKeys operation.
//	pageNum := 0
//	err := client.ListKeysPages(params,
//	    func(page *paymentcryptography.ListKeysOutput, lastPage bool) bool {
//	        pageNum++
//	        fmt.Println(page)
//	        return pageNum <= 3
//	    })
func (c *PaymentCryptography) ListKeysPages(input *ListKeysInput, fn func(*ListKeysOutput, bool) bool) error {
	return c.ListKeysPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListKeysPagesWithContext same as ListKeysPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListKeysPagesWithContext(ctx aws.Context, input *ListKeysInput, fn func(*ListKeysOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListKeysInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListKeysRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListKeysOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListTagsForResource = "ListTagsForResource"

// ListTagsForResourceRequest generates a "aws/request.Request" representing the
// client's request for the ListTagsForResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListTagsForResource for more information on using the ListTagsForResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ListTagsForResourceRequest method.
//	req, resp := client.ListTagsForResourceRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListTagsForResource
func (c *PaymentCryptography) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
	op := &request.Operation{
		Name:       opListTagsForResource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"NextToken"},
			OutputTokens:    []string{"NextToken"},
			LimitToken:      "MaxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListTagsForResourceInput{}
	}

	output = &ListTagsForResourceOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListTagsForResource API operation for Payment Cryptography Control Plane.
//
// Lists the tags for an Amazon Web Services resource.
//
// This is a paginated operation, which means that each response might contain
// only a subset of all the tags. When the response contains only a subset of
// tags, it includes a NextToken value. Use this value in a subsequent ListTagsForResource
// request to get more tags. When you receive a response with no NextToken (or
// an empty or null value), that means there are no more tags to get.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - TagResource
//
//   - UntagResource
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation ListTagsForResource for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListTagsForResource
func (c *PaymentCryptography) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
	req, out := c.ListTagsForResourceRequest(input)
	return out, req.Send()
}

// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
// the ability to pass a context and additional request options.
//
// See ListTagsForResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
	req, out := c.ListTagsForResourceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListTagsForResource method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//	// Example iterating over at most 3 pages of a ListTagsForResource operation.
//	pageNum := 0
//	err := client.ListTagsForResourcePages(params,
//	    func(page *paymentcryptography.ListTagsForResourceOutput, lastPage bool) bool {
//	        pageNum++
//	        fmt.Println(page)
//	        return pageNum <= 3
//	    })
func (c *PaymentCryptography) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error {
	return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListTagsForResourceInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListTagsForResourceRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opRestoreKey = "RestoreKey"

// RestoreKeyRequest generates a "aws/request.Request" representing the
// client's request for the RestoreKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See RestoreKey for more information on using the RestoreKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the RestoreKeyRequest method.
//	req, resp := client.RestoreKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/RestoreKey
func (c *PaymentCryptography) RestoreKeyRequest(input *RestoreKeyInput) (req *request.Request, output *RestoreKeyOutput) {
	op := &request.Operation{
		Name:       opRestoreKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &RestoreKeyInput{}
	}

	output = &RestoreKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// RestoreKey API operation for Payment Cryptography Control Plane.
//
// Cancels a scheduled key deletion during the waiting period. Use this operation
// to restore a Key that is scheduled for deletion.
//
// During the waiting period, the KeyState is DELETE_PENDING and deletePendingTimestamp
// contains the date and time after which the Key will be deleted. After Key
// is restored, the KeyState is CREATE_COMPLETE, and the value for deletePendingTimestamp
// is removed.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - DeleteKey
//
//   - StartKeyUsage
//
//   - StopKeyUsage
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation RestoreKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/RestoreKey
func (c *PaymentCryptography) RestoreKey(input *RestoreKeyInput) (*RestoreKeyOutput, error) {
	req, out := c.RestoreKeyRequest(input)
	return out, req.Send()
}

// RestoreKeyWithContext is the same as RestoreKey with the addition of
// the ability to pass a context and additional request options.
//
// See RestoreKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) RestoreKeyWithContext(ctx aws.Context, input *RestoreKeyInput, opts ...request.Option) (*RestoreKeyOutput, error) {
	req, out := c.RestoreKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opStartKeyUsage = "StartKeyUsage"

// StartKeyUsageRequest generates a "aws/request.Request" representing the
// client's request for the StartKeyUsage operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See StartKeyUsage for more information on using the StartKeyUsage
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the StartKeyUsageRequest method.
//	req, resp := client.StartKeyUsageRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StartKeyUsage
func (c *PaymentCryptography) StartKeyUsageRequest(input *StartKeyUsageInput) (req *request.Request, output *StartKeyUsageOutput) {
	op := &request.Operation{
		Name:       opStartKeyUsage,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &StartKeyUsageInput{}
	}

	output = &StartKeyUsageOutput{}
	req = c.newRequest(op, input, output)
	return
}

// StartKeyUsage API operation for Payment Cryptography Control Plane.
//
// Enables an Amazon Web Services Payment Cryptography key, which makes it active
// for cryptographic operations within Amazon Web Services Payment Cryptography
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - StopKeyUsage
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation StartKeyUsage for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StartKeyUsage
func (c *PaymentCryptography) StartKeyUsage(input *StartKeyUsageInput) (*StartKeyUsageOutput, error) {
	req, out := c.StartKeyUsageRequest(input)
	return out, req.Send()
}

// StartKeyUsageWithContext is the same as StartKeyUsage with the addition of
// the ability to pass a context and additional request options.
//
// See StartKeyUsage for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) StartKeyUsageWithContext(ctx aws.Context, input *StartKeyUsageInput, opts ...request.Option) (*StartKeyUsageOutput, error) {
	req, out := c.StartKeyUsageRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opStopKeyUsage = "StopKeyUsage"

// StopKeyUsageRequest generates a "aws/request.Request" representing the
// client's request for the StopKeyUsage operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See StopKeyUsage for more information on using the StopKeyUsage
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the StopKeyUsageRequest method.
//	req, resp := client.StopKeyUsageRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StopKeyUsage
func (c *PaymentCryptography) StopKeyUsageRequest(input *StopKeyUsageInput) (req *request.Request, output *StopKeyUsageOutput) {
	op := &request.Operation{
		Name:       opStopKeyUsage,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &StopKeyUsageInput{}
	}

	output = &StopKeyUsageOutput{}
	req = c.newRequest(op, input, output)
	return
}

// StopKeyUsage API operation for Payment Cryptography Control Plane.
//
// Disables an Amazon Web Services Payment Cryptography key, which makes it
// inactive within Amazon Web Services Payment Cryptography.
//
// You can use this operation instead of DeleteKey to deactivate a key. You
// can enable the key in the future by calling StartKeyUsage.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - DeleteKey
//
//   - StartKeyUsage
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation StopKeyUsage for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StopKeyUsage
func (c *PaymentCryptography) StopKeyUsage(input *StopKeyUsageInput) (*StopKeyUsageOutput, error) {
	req, out := c.StopKeyUsageRequest(input)
	return out, req.Send()
}

// StopKeyUsageWithContext is the same as StopKeyUsage with the addition of
// the ability to pass a context and additional request options.
//
// See StopKeyUsage for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) StopKeyUsageWithContext(ctx aws.Context, input *StopKeyUsageInput, opts ...request.Option) (*StopKeyUsageOutput, error) {
	req, out := c.StopKeyUsageRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opTagResource = "TagResource"

// TagResourceRequest generates a "aws/request.Request" representing the
// client's request for the TagResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagResource for more information on using the TagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the TagResourceRequest method.
//	req, resp := client.TagResourceRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/TagResource
func (c *PaymentCryptography) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
	op := &request.Operation{
		Name:       opTagResource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &TagResourceInput{}
	}

	output = &TagResourceOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// TagResource API operation for Payment Cryptography Control Plane.
//
// Adds or edits tags on an Amazon Web Services Payment Cryptography key.
//
// Tagging or untagging an Amazon Web Services Payment Cryptography key can
// allow or deny permission to the key.
//
// Each tag consists of a tag key and a tag value, both of which are case-sensitive
// strings. The tag value can be an empty (null) string. To add a tag, specify
// a new tag key and a tag value. To edit a tag, specify an existing tag key
// and a new tag value. You can also add tags to an Amazon Web Services Payment
// Cryptography key when you create it with CreateKey.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - ListTagsForResource
//
//   - UntagResource
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation TagResource for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/TagResource
func (c *PaymentCryptography) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
	req, out := c.TagResourceRequest(input)
	return out, req.Send()
}

// TagResourceWithContext is the same as TagResource with the addition of
// the ability to pass a context and additional request options.
//
// See TagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
	req, out := c.TagResourceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUntagResource = "UntagResource"

// UntagResourceRequest generates a "aws/request.Request" representing the
// client's request for the UntagResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagResource for more information on using the UntagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the UntagResourceRequest method.
//	req, resp := client.UntagResourceRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UntagResource
func (c *PaymentCryptography) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
	op := &request.Operation{
		Name:       opUntagResource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UntagResourceInput{}
	}

	output = &UntagResourceOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UntagResource API operation for Payment Cryptography Control Plane.
//
// Deletes a tag from an Amazon Web Services Payment Cryptography key.
//
// Tagging or untagging an Amazon Web Services Payment Cryptography key can
// allow or deny permission to the key.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - ListTagsForResource
//
//   - TagResource
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation UntagResource for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UntagResource
func (c *PaymentCryptography) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
	req, out := c.UntagResourceRequest(input)
	return out, req.Send()
}

// UntagResourceWithContext is the same as UntagResource with the addition of
// the ability to pass a context and additional request options.
//
// See UntagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
	req, out := c.UntagResourceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateAlias = "UpdateAlias"

// UpdateAliasRequest generates a "aws/request.Request" representing the
// client's request for the UpdateAlias operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateAlias for more information on using the UpdateAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the UpdateAliasRequest method.
//	req, resp := client.UpdateAliasRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UpdateAlias
func (c *PaymentCryptography) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, output *UpdateAliasOutput) {
	op := &request.Operation{
		Name:       opUpdateAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateAliasInput{}
	}

	output = &UpdateAliasOutput{}
	req = c.newRequest(op, input, output)
	return
}

// UpdateAlias API operation for Payment Cryptography Control Plane.
//
// Associates an existing Amazon Web Services Payment Cryptography alias with
// a different key. Each alias is associated with only one Amazon Web Services
// Payment Cryptography key at a time, although a key can have multiple aliases.
// The alias and the Amazon Web Services Payment Cryptography key must be in
// the same Amazon Web Services account and Amazon Web Services Region
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateAlias
//
//   - DeleteAlias
//
//   - GetAlias
//
//   - ListAliases
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation UpdateAlias for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UpdateAlias
func (c *PaymentCryptography) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) {
	req, out := c.UpdateAliasRequest(input)
	return out, req.Send()
}

// UpdateAliasWithContext is the same as UpdateAlias with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) UpdateAliasWithContext(ctx aws.Context, input *UpdateAliasInput, opts ...request.Option) (*UpdateAliasOutput, error) {
	req, out := c.UpdateAliasRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// You do not have sufficient access to perform this action.
type AccessDeniedException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDeniedException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDeniedException) GoString() string {
	return s.String()
}

func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
	return &AccessDeniedException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *AccessDeniedException) Code() string {
	return "AccessDeniedException"
}

// Message returns the exception's message.
func (s *AccessDeniedException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccessDeniedException) OrigErr() error {
	return nil
}

func (s *AccessDeniedException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *AccessDeniedException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *AccessDeniedException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Contains information about an alias.
type Alias struct {
	_ struct{} `type:"structure"`

	// A friendly name that you can use to refer to a key. The value must begin
	// with alias/.
	//
	// Do not include confidential or sensitive information in this field. This
	// field may be displayed in plaintext in CloudTrail logs and other output.
	//
	// AliasName is a required field
	AliasName *string `min:"7" type:"string" required:"true"`

	// The KeyARN of the key associated with the alias.
	KeyArn *string `min:"70" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Alias) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Alias) GoString() string {
	return s.String()
}

// SetAliasName sets the AliasName field's value.
func (s *Alias) SetAliasName(v string) *Alias {
	s.AliasName = &v
	return s
}

// SetKeyArn sets the KeyArn field's value.
func (s *Alias) SetKeyArn(v string) *Alias {
	s.KeyArn = &v
	return s
}

// This request can cause an inconsistent state for the resource.
type ConflictException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConflictException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConflictException) GoString() string {
	return s.String()
}

func newErrorConflictException(v protocol.ResponseMetadata) error {
	return &ConflictException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ConflictException) Code() string {
	return "ConflictException"
}

// Message returns the exception's message.
func (s *ConflictException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ConflictException) OrigErr() error {
	return nil
}

func (s *ConflictException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ConflictException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ConflictException) RequestID() string {
	return s.RespMetadata.RequestID
}

type CreateAliasInput struct {
	_ struct{} `type:"structure"`

	// A friendly name that you can use to refer to a key. An alias must begin with
	// alias/ followed by a name, for example alias/ExampleAlias. It can contain
	// only alphanumeric characters, forward slashes (/), underscores (_), and dashes
	// (-).
	//
	// Don't include personal, confidential or sensitive information in this field.
	// This field may be displayed in plaintext in CloudTrail logs and other output.
	//
	// AliasName is a required field
	AliasName *string `min:"7" type:"string" required:"true"`

	// The KeyARN of the key to associate with the alias.
	KeyArn *string `min:"70" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateAliasInput"}
	if s.AliasName == nil {
		invalidParams.Add(request.NewErrParamRequired("AliasName"))
	}
	if s.AliasName != nil && len(*s.AliasName) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("AliasName", 7))
	}
	if s.KeyArn != nil && len(*s.KeyArn) < 70 {
		invalidParams.Add(request.NewErrParamMinLen("KeyArn", 70))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAliasName sets the AliasName field's value.
func (s *CreateAliasInput) SetAliasName(v string) *CreateAliasInput {
	s.AliasName = &v
	return s
}

// SetKeyArn sets the KeyArn field's value.
func (s *CreateAliasInput) SetKeyArn(v string) *CreateAliasInput {
	s.KeyArn = &v
	return s
}

type CreateAliasOutput struct {
	_ struct{} `type:"structure"`

	// The alias for the key.
	//
	// Alias is a required field
	Alias *Alias `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAliasOutput) GoString() string {
	return s.String()
}

// SetAlias sets the Alias field's value.
func (s *CreateAliasOutput) SetAlias(v *Alias) *CreateAliasOutput {
	s.Alias = v
	return s
}

type CreateKeyInput struct {
	_ struct{} `type:"structure"`

	// Specifies whether to enable the key. If the key is enabled, it is activated
	// for use within the service. If the key is not enabled, then it is created
	// but not activated. The default value is enabled.
	Enabled *bool `type:"boolean"`

	// Specifies whether the key is exportable from the service.
	//
	// Exportable is a required field
	Exportable *bool `type:"boolean" required:"true"`

	// The role of the key, the algorithm it supports, and the cryptographic operations
	// allowed with the key. This data is immutable after the key is created.
	//
	// KeyAttributes is a required field
	KeyAttributes *KeyAttributes `type:"structure" required:"true"`

	// The algorithm that Amazon Web Services Payment Cryptography uses to calculate
	// the key check value (KCV). It is used to validate the key integrity.
	//
	// For TDES keys, the KCV is computed by encrypting 8 bytes, each with value
	// of zero, with the key to be checked and retaining the 3 highest order bytes
	// of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm
	// where the input data is 16 bytes of zero and retaining the 3 highest order
	// bytes of the encrypted result.
	KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"`

	// Assigns one or more tags to the Amazon Web Services Payment Cryptography
	// key. Use this parameter to tag a key when it is created. To tag an existing
	// Amazon Web Services Payment Cryptography key, use the TagResource operation.
	//
	// Each tag consists of a tag key and a tag value. Both the tag key and the
	// tag value are required, but the tag value can be an empty (null) string.
	// You can't have more than one tag on an Amazon Web Services Payment Cryptography
	// key with the same tag key.
	//
	// Don't include personal, confidential or sensitive information in this field.
	// This field may be displayed in plaintext in CloudTrail logs and other output.
	//
	// Tagging or untagging an Amazon Web Services Payment Cryptography key can
	// allow or deny permission to the key.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateKeyInput"}
	if s.Exportable == nil {
		invalidParams.Add(request.NewErrParamRequired("Exportable"))
	}
	if s.KeyAttributes == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyAttributes"))
	}
	if s.KeyAttributes != nil {
		if err := s.KeyAttributes.Validate(); err != nil {
			invalidParams.AddNested("KeyAttributes", err.(request.ErrInvalidParams))
		}
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetEnabled sets the Enabled field's value.
func (s *CreateKeyInput) SetEnabled(v bool) *CreateKeyInput {
	s.Enabled = &v
	return s
}

// SetExportable sets the Exportable field's value.
func (s *CreateKeyInput) SetExportable(v bool) *CreateKeyInput {
	s.Exportable = &v
	return s
}

// SetKeyAttributes sets the KeyAttributes field's value.
func (s *CreateKeyInput) SetKeyAttributes(v *KeyAttributes) *CreateKeyInput {
	s.KeyAttributes = v
	return s
}

// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value.
func (s *CreateKeyInput) SetKeyCheckValueAlgorithm(v string) *CreateKeyInput {
	s.KeyCheckValueAlgorithm = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *CreateKeyInput) SetTags(v []*Tag) *CreateKeyInput {
	s.Tags = v
	return s
}

type CreateKeyOutput struct {
	_ struct{} `type:"structure"`

	// The key material that contains all the key attributes.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateKeyOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *CreateKeyOutput) SetKey(v *Key) *CreateKeyOutput {
	s.Key = v
	return s
}

type DeleteAliasInput struct {
	_ struct{} `type:"structure"`

	// A friendly name that you can use to refer Amazon Web Services Payment Cryptography
	// key. This value must begin with alias/ followed by a name, such as alias/ExampleAlias.
	//
	// AliasName is a required field
	AliasName *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteAliasInput"}
	if s.AliasName == nil {
		invalidParams.Add(request.NewErrParamRequired("AliasName"))
	}
	if s.AliasName != nil && len(*s.AliasName) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("AliasName", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAliasName sets the AliasName field's value.
func (s *DeleteAliasInput) SetAliasName(v string) *DeleteAliasInput {
	s.AliasName = &v
	return s
}

type DeleteAliasOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAliasOutput) GoString() string {
	return s.String()
}

type DeleteKeyInput struct {
	_ struct{} `type:"structure"`

	// The waiting period for key deletion. The default value is seven days.
	DeleteKeyInDays *int64 `min:"3" type:"integer"`

	// The KeyARN of the key that is scheduled for deletion.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteKeyInput"}
	if s.DeleteKeyInDays != nil && *s.DeleteKeyInDays < 3 {
		invalidParams.Add(request.NewErrParamMinValue("DeleteKeyInDays", 3))
	}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDeleteKeyInDays sets the DeleteKeyInDays field's value.
func (s *DeleteKeyInput) SetDeleteKeyInDays(v int64) *DeleteKeyInput {
	s.DeleteKeyInDays = &v
	return s
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *DeleteKeyInput) SetKeyIdentifier(v string) *DeleteKeyInput {
	s.KeyIdentifier = &v
	return s
}

type DeleteKeyOutput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key that is scheduled for deletion.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteKeyOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *DeleteKeyOutput) SetKey(v *Key) *DeleteKeyOutput {
	s.Key = v
	return s
}

// The attributes for IPEK generation during export.
type ExportAttributes struct {
	_ struct{} `type:"structure"`

	// Parameter information for IPEK export.
	ExportDukptInitialKey *ExportDukptInitialKey `type:"structure"`

	// The algorithm that Amazon Web Services Payment Cryptography uses to calculate
	// the key check value (KCV). It is used to validate the key integrity. Specify
	// KCV for IPEK export only.
	//
	// For TDES keys, the KCV is computed by encrypting 8 bytes, each with value
	// of zero, with the key to be checked and retaining the 3 highest order bytes
	// of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm
	// where the input data is 16 bytes of zero and retaining the 3 highest order
	// bytes of the encrypted result.
	KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportAttributes) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportAttributes) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ExportAttributes) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ExportAttributes"}
	if s.ExportDukptInitialKey != nil {
		if err := s.ExportDukptInitialKey.Validate(); err != nil {
			invalidParams.AddNested("ExportDukptInitialKey", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetExportDukptInitialKey sets the ExportDukptInitialKey field's value.
func (s *ExportAttributes) SetExportDukptInitialKey(v *ExportDukptInitialKey) *ExportAttributes {
	s.ExportDukptInitialKey = v
	return s
}

// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value.
func (s *ExportAttributes) SetKeyCheckValueAlgorithm(v string) *ExportAttributes {
	s.KeyCheckValueAlgorithm = &v
	return s
}

// Parameter information for IPEK generation during export.
type ExportDukptInitialKey struct {
	_ struct{} `type:"structure"`

	// The KSN for IPEK generation using DUKPT.
	//
	// KSN must be padded before sending to Amazon Web Services Payment Cryptography.
	// KSN hex length should be 20 for a TDES_2KEY key or 24 for an AES key.
	//
	// KeySerialNumber is a required field
	KeySerialNumber *string `min:"20" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportDukptInitialKey) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportDukptInitialKey) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ExportDukptInitialKey) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ExportDukptInitialKey"}
	if s.KeySerialNumber == nil {
		invalidParams.Add(request.NewErrParamRequired("KeySerialNumber"))
	}
	if s.KeySerialNumber != nil && len(*s.KeySerialNumber) < 20 {
		invalidParams.Add(request.NewErrParamMinLen("KeySerialNumber", 20))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeySerialNumber sets the KeySerialNumber field's value.
func (s *ExportDukptInitialKey) SetKeySerialNumber(v string) *ExportDukptInitialKey {
	s.KeySerialNumber = &v
	return s
}

// Parameter information for key material export using asymmetric RSA wrap and
// unwrap key exchange method.
type ExportKeyCryptogram struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the certificate chain that signs the wrapping key certificate
	// during RSA wrap and unwrap key export.
	//
	// CertificateAuthorityPublicKeyIdentifier is a required field
	CertificateAuthorityPublicKeyIdentifier *string `min:"7" type:"string" required:"true"`

	// The wrapping key certificate in PEM format (base64 encoded). Amazon Web Services
	// Payment Cryptography uses this certificate to wrap the key under export.
	//
	// WrappingKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by ExportKeyCryptogram's
	// String and GoString methods.
	//
	// WrappingKeyCertificate is a required field
	WrappingKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// The wrapping spec for the key under export.
	WrappingSpec *string `type:"string" enum:"WrappingKeySpec"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyCryptogram) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyCryptogram) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ExportKeyCryptogram) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ExportKeyCryptogram"}
	if s.CertificateAuthorityPublicKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityPublicKeyIdentifier"))
	}
	if s.CertificateAuthorityPublicKeyIdentifier != nil && len(*s.CertificateAuthorityPublicKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityPublicKeyIdentifier", 7))
	}
	if s.WrappingKeyCertificate == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappingKeyCertificate"))
	}
	if s.WrappingKeyCertificate != nil && len(*s.WrappingKeyCertificate) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("WrappingKeyCertificate", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCertificateAuthorityPublicKeyIdentifier sets the CertificateAuthorityPublicKeyIdentifier field's value.
func (s *ExportKeyCryptogram) SetCertificateAuthorityPublicKeyIdentifier(v string) *ExportKeyCryptogram {
	s.CertificateAuthorityPublicKeyIdentifier = &v
	return s
}

// SetWrappingKeyCertificate sets the WrappingKeyCertificate field's value.
func (s *ExportKeyCryptogram) SetWrappingKeyCertificate(v string) *ExportKeyCryptogram {
	s.WrappingKeyCertificate = &v
	return s
}

// SetWrappingSpec sets the WrappingSpec field's value.
func (s *ExportKeyCryptogram) SetWrappingSpec(v string) *ExportKeyCryptogram {
	s.WrappingSpec = &v
	return s
}

type ExportKeyInput struct {
	_ struct{} `type:"structure"`

	// The attributes for IPEK generation during export.
	ExportAttributes *ExportAttributes `type:"structure"`

	// The KeyARN of the key under export from Amazon Web Services Payment Cryptography.
	//
	// ExportKeyIdentifier is a required field
	ExportKeyIdentifier *string `min:"7" type:"string" required:"true"`

	// The key block format type, for example, TR-34 or TR-31, to use during key
	// material export.
	//
	// KeyMaterial is a required field
	KeyMaterial *ExportKeyMaterial `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ExportKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ExportKeyInput"}
	if s.ExportKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("ExportKeyIdentifier"))
	}
	if s.ExportKeyIdentifier != nil && len(*s.ExportKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("ExportKeyIdentifier", 7))
	}
	if s.KeyMaterial == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyMaterial"))
	}
	if s.ExportAttributes != nil {
		if err := s.ExportAttributes.Validate(); err != nil {
			invalidParams.AddNested("ExportAttributes", err.(request.ErrInvalidParams))
		}
	}
	if s.KeyMaterial != nil {
		if err := s.KeyMaterial.Validate(); err != nil {
			invalidParams.AddNested("KeyMaterial", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetExportAttributes sets the ExportAttributes field's value.
func (s *ExportKeyInput) SetExportAttributes(v *ExportAttributes) *ExportKeyInput {
	s.ExportAttributes = v
	return s
}

// SetExportKeyIdentifier sets the ExportKeyIdentifier field's value.
func (s *ExportKeyInput) SetExportKeyIdentifier(v string) *ExportKeyInput {
	s.ExportKeyIdentifier = &v
	return s
}

// SetKeyMaterial sets the KeyMaterial field's value.
func (s *ExportKeyInput) SetKeyMaterial(v *ExportKeyMaterial) *ExportKeyInput {
	s.KeyMaterial = v
	return s
}

// Parameter information for key material export from Amazon Web Services Payment
// Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key exchange method.
type ExportKeyMaterial struct {
	_ struct{} `type:"structure"`

	// Parameter information for key material export using asymmetric RSA wrap and
	// unwrap key exchange method
	KeyCryptogram *ExportKeyCryptogram `type:"structure"`

	// Parameter information for key material export using symmetric TR-31 key exchange
	// method.
	Tr31KeyBlock *ExportTr31KeyBlock `type:"structure"`

	// Parameter information for key material export using the asymmetric TR-34
	// key exchange method.
	Tr34KeyBlock *ExportTr34KeyBlock `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyMaterial) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyMaterial) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ExportKeyMaterial) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ExportKeyMaterial"}
	if s.KeyCryptogram != nil {
		if err := s.KeyCryptogram.Validate(); err != nil {
			invalidParams.AddNested("KeyCryptogram", err.(request.ErrInvalidParams))
		}
	}
	if s.Tr31KeyBlock != nil {
		if err := s.Tr31KeyBlock.Validate(); err != nil {
			invalidParams.AddNested("Tr31KeyBlock", err.(request.ErrInvalidParams))
		}
	}
	if s.Tr34KeyBlock != nil {
		if err := s.Tr34KeyBlock.Validate(); err != nil {
			invalidParams.AddNested("Tr34KeyBlock", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyCryptogram sets the KeyCryptogram field's value.
func (s *ExportKeyMaterial) SetKeyCryptogram(v *ExportKeyCryptogram) *ExportKeyMaterial {
	s.KeyCryptogram = v
	return s
}

// SetTr31KeyBlock sets the Tr31KeyBlock field's value.
func (s *ExportKeyMaterial) SetTr31KeyBlock(v *ExportTr31KeyBlock) *ExportKeyMaterial {
	s.Tr31KeyBlock = v
	return s
}

// SetTr34KeyBlock sets the Tr34KeyBlock field's value.
func (s *ExportKeyMaterial) SetTr34KeyBlock(v *ExportTr34KeyBlock) *ExportKeyMaterial {
	s.Tr34KeyBlock = v
	return s
}

type ExportKeyOutput struct {
	_ struct{} `type:"structure"`

	// The key material under export as a TR-34 WrappedKeyBlock or a TR-31 WrappedKeyBlock.
	// or a RSA WrappedKeyCryptogram.
	WrappedKey *WrappedKey `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyOutput) GoString() string {
	return s.String()
}

// SetWrappedKey sets the WrappedKey field's value.
func (s *ExportKeyOutput) SetWrappedKey(v *WrappedKey) *ExportKeyOutput {
	s.WrappedKey = v
	return s
}

// Parameter information for key material export using symmetric TR-31 key exchange
// method.
type ExportTr31KeyBlock struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the the wrapping key. This key encrypts or wraps the key under
	// export for TR-31 key block generation.
	//
	// WrappingKeyIdentifier is a required field
	WrappingKeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportTr31KeyBlock) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportTr31KeyBlock) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ExportTr31KeyBlock) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ExportTr31KeyBlock"}
	if s.WrappingKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappingKeyIdentifier"))
	}
	if s.WrappingKeyIdentifier != nil && len(*s.WrappingKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("WrappingKeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetWrappingKeyIdentifier sets the WrappingKeyIdentifier field's value.
func (s *ExportTr31KeyBlock) SetWrappingKeyIdentifier(v string) *ExportTr31KeyBlock {
	s.WrappingKeyIdentifier = &v
	return s
}

// Parameter information for key material export using the asymmetric TR-34
// key exchange method.
type ExportTr34KeyBlock struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the certificate chain that signs the wrapping key certificate
	// during TR-34 key export.
	//
	// CertificateAuthorityPublicKeyIdentifier is a required field
	CertificateAuthorityPublicKeyIdentifier *string `min:"7" type:"string" required:"true"`

	// The export token to initiate key export from Amazon Web Services Payment
	// Cryptography. It also contains the signing key certificate that will sign
	// the wrapped key during TR-34 key block generation. Call GetParametersForExport
	// to receive an export token. It expires after 7 days. You can use the same
	// export token to export multiple keys from the same service account.
	//
	// ExportToken is a required field
	ExportToken *string `type:"string" required:"true"`

	// The format of key block that Amazon Web Services Payment Cryptography will
	// use during key export.
	//
	// KeyBlockFormat is a required field
	KeyBlockFormat *string `type:"string" required:"true" enum:"Tr34KeyBlockFormat"`

	// A random number value that is unique to the TR-34 key block generated using
	// 2 pass. The operation will fail, if a random nonce value is not provided
	// for a TR-34 key block generated using 2 pass.
	RandomNonce *string `min:"16" type:"string"`

	// The KeyARN of the wrapping key certificate. Amazon Web Services Payment Cryptography
	// uses this certificate to wrap the key under export.
	//
	// WrappingKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by ExportTr34KeyBlock's
	// String and GoString methods.
	//
	// WrappingKeyCertificate is a required field
	WrappingKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportTr34KeyBlock) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportTr34KeyBlock) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ExportTr34KeyBlock) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ExportTr34KeyBlock"}
	if s.CertificateAuthorityPublicKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityPublicKeyIdentifier"))
	}
	if s.CertificateAuthorityPublicKeyIdentifier != nil && len(*s.CertificateAuthorityPublicKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityPublicKeyIdentifier", 7))
	}
	if s.ExportToken == nil {
		invalidParams.Add(request.NewErrParamRequired("ExportToken"))
	}
	if s.KeyBlockFormat == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyBlockFormat"))
	}
	if s.RandomNonce != nil && len(*s.RandomNonce) < 16 {
		invalidParams.Add(request.NewErrParamMinLen("RandomNonce", 16))
	}
	if s.WrappingKeyCertificate == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappingKeyCertificate"))
	}
	if s.WrappingKeyCertificate != nil && len(*s.WrappingKeyCertificate) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("WrappingKeyCertificate", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCertificateAuthorityPublicKeyIdentifier sets the CertificateAuthorityPublicKeyIdentifier field's value.
func (s *ExportTr34KeyBlock) SetCertificateAuthorityPublicKeyIdentifier(v string) *ExportTr34KeyBlock {
	s.CertificateAuthorityPublicKeyIdentifier = &v
	return s
}

// SetExportToken sets the ExportToken field's value.
func (s *ExportTr34KeyBlock) SetExportToken(v string) *ExportTr34KeyBlock {
	s.ExportToken = &v
	return s
}

// SetKeyBlockFormat sets the KeyBlockFormat field's value.
func (s *ExportTr34KeyBlock) SetKeyBlockFormat(v string) *ExportTr34KeyBlock {
	s.KeyBlockFormat = &v
	return s
}

// SetRandomNonce sets the RandomNonce field's value.
func (s *ExportTr34KeyBlock) SetRandomNonce(v string) *ExportTr34KeyBlock {
	s.RandomNonce = &v
	return s
}

// SetWrappingKeyCertificate sets the WrappingKeyCertificate field's value.
func (s *ExportTr34KeyBlock) SetWrappingKeyCertificate(v string) *ExportTr34KeyBlock {
	s.WrappingKeyCertificate = &v
	return s
}

type GetAliasInput struct {
	_ struct{} `type:"structure"`

	// The alias of the Amazon Web Services Payment Cryptography key.
	//
	// AliasName is a required field
	AliasName *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetAliasInput"}
	if s.AliasName == nil {
		invalidParams.Add(request.NewErrParamRequired("AliasName"))
	}
	if s.AliasName != nil && len(*s.AliasName) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("AliasName", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAliasName sets the AliasName field's value.
func (s *GetAliasInput) SetAliasName(v string) *GetAliasInput {
	s.AliasName = &v
	return s
}

type GetAliasOutput struct {
	_ struct{} `type:"structure"`

	// The alias of the Amazon Web Services Payment Cryptography key.
	//
	// Alias is a required field
	Alias *Alias `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAliasOutput) GoString() string {
	return s.String()
}

// SetAlias sets the Alias field's value.
func (s *GetAliasOutput) SetAlias(v *Alias) *GetAliasOutput {
	s.Alias = v
	return s
}

type GetKeyInput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the Amazon Web Services Payment Cryptography key.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetKeyInput"}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *GetKeyInput) SetKeyIdentifier(v string) *GetKeyInput {
	s.KeyIdentifier = &v
	return s
}

type GetKeyOutput struct {
	_ struct{} `type:"structure"`

	// The key material, including the immutable and mutable data for the key.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetKeyOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *GetKeyOutput) SetKey(v *Key) *GetKeyOutput {
	s.Key = v
	return s
}

type GetParametersForExportInput struct {
	_ struct{} `type:"structure"`

	// The key block format type (for example, TR-34 or TR-31) to use during key
	// material export. Export token is only required for a TR-34 key export, TR34_KEY_BLOCK.
	// Export token is not required for TR-31 key export.
	//
	// KeyMaterialType is a required field
	KeyMaterialType *string `type:"string" required:"true" enum:"KeyMaterialType"`

	// The signing key algorithm to generate a signing key certificate. This certificate
	// signs the wrapped key under export within the TR-34 key block. RSA_2048 is
	// the only signing key algorithm allowed.
	//
	// SigningKeyAlgorithm is a required field
	SigningKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForExportInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForExportInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetParametersForExportInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetParametersForExportInput"}
	if s.KeyMaterialType == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyMaterialType"))
	}
	if s.SigningKeyAlgorithm == nil {
		invalidParams.Add(request.NewErrParamRequired("SigningKeyAlgorithm"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyMaterialType sets the KeyMaterialType field's value.
func (s *GetParametersForExportInput) SetKeyMaterialType(v string) *GetParametersForExportInput {
	s.KeyMaterialType = &v
	return s
}

// SetSigningKeyAlgorithm sets the SigningKeyAlgorithm field's value.
func (s *GetParametersForExportInput) SetSigningKeyAlgorithm(v string) *GetParametersForExportInput {
	s.SigningKeyAlgorithm = &v
	return s
}

type GetParametersForExportOutput struct {
	_ struct{} `type:"structure"`

	// The export token to initiate key export from Amazon Web Services Payment
	// Cryptography. The export token expires after 7 days. You can use the same
	// export token to export multiple keys from the same service account.
	//
	// ExportToken is a required field
	ExportToken *string `type:"string" required:"true"`

	// The validity period of the export token.
	//
	// ParametersValidUntilTimestamp is a required field
	ParametersValidUntilTimestamp *time.Time `type:"timestamp" required:"true"`

	// The algorithm of the signing key certificate for use in TR-34 key block generation.
	// RSA_2048 is the only signing key algorithm allowed.
	//
	// SigningKeyAlgorithm is a required field
	SigningKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"`

	// The signing key certificate in PEM format (base64 encoded) of the public
	// key for signature within the TR-34 key block. The certificate expires after
	// 7 days.
	//
	// SigningKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetParametersForExportOutput's
	// String and GoString methods.
	//
	// SigningKeyCertificate is a required field
	SigningKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// The root certificate authority (CA) that signed the signing key certificate
	// in PEM format (base64 encoded).
	//
	// SigningKeyCertificateChain is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetParametersForExportOutput's
	// String and GoString methods.
	//
	// SigningKeyCertificateChain is a required field
	SigningKeyCertificateChain *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForExportOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForExportOutput) GoString() string {
	return s.String()
}

// SetExportToken sets the ExportToken field's value.
func (s *GetParametersForExportOutput) SetExportToken(v string) *GetParametersForExportOutput {
	s.ExportToken = &v
	return s
}

// SetParametersValidUntilTimestamp sets the ParametersValidUntilTimestamp field's value.
func (s *GetParametersForExportOutput) SetParametersValidUntilTimestamp(v time.Time) *GetParametersForExportOutput {
	s.ParametersValidUntilTimestamp = &v
	return s
}

// SetSigningKeyAlgorithm sets the SigningKeyAlgorithm field's value.
func (s *GetParametersForExportOutput) SetSigningKeyAlgorithm(v string) *GetParametersForExportOutput {
	s.SigningKeyAlgorithm = &v
	return s
}

// SetSigningKeyCertificate sets the SigningKeyCertificate field's value.
func (s *GetParametersForExportOutput) SetSigningKeyCertificate(v string) *GetParametersForExportOutput {
	s.SigningKeyCertificate = &v
	return s
}

// SetSigningKeyCertificateChain sets the SigningKeyCertificateChain field's value.
func (s *GetParametersForExportOutput) SetSigningKeyCertificateChain(v string) *GetParametersForExportOutput {
	s.SigningKeyCertificateChain = &v
	return s
}

type GetParametersForImportInput struct {
	_ struct{} `type:"structure"`

	// The method to use for key material import. Import token is only required
	// for TR-34 WrappedKeyBlock (TR34_KEY_BLOCK) and RSA WrappedKeyCryptogram (KEY_CRYPTOGRAM).
	//
	// Import token is not required for TR-31, root public key cerificate or trusted
	// public key certificate.
	//
	// KeyMaterialType is a required field
	KeyMaterialType *string `type:"string" required:"true" enum:"KeyMaterialType"`

	// The wrapping key algorithm to generate a wrapping key certificate. This certificate
	// wraps the key under import.
	//
	// At this time, RSA_2048 is the allowed algorithm for TR-34 WrappedKeyBlock
	// import. Additionally, RSA_2048, RSA_3072, RSA_4096 are the allowed algorithms
	// for RSA WrappedKeyCryptogram import.
	//
	// WrappingKeyAlgorithm is a required field
	WrappingKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForImportInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForImportInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetParametersForImportInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetParametersForImportInput"}
	if s.KeyMaterialType == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyMaterialType"))
	}
	if s.WrappingKeyAlgorithm == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappingKeyAlgorithm"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyMaterialType sets the KeyMaterialType field's value.
func (s *GetParametersForImportInput) SetKeyMaterialType(v string) *GetParametersForImportInput {
	s.KeyMaterialType = &v
	return s
}

// SetWrappingKeyAlgorithm sets the WrappingKeyAlgorithm field's value.
func (s *GetParametersForImportInput) SetWrappingKeyAlgorithm(v string) *GetParametersForImportInput {
	s.WrappingKeyAlgorithm = &v
	return s
}

type GetParametersForImportOutput struct {
	_ struct{} `type:"structure"`

	// The import token to initiate key import into Amazon Web Services Payment
	// Cryptography. The import token expires after 7 days. You can use the same
	// import token to import multiple keys to the same service account.
	//
	// ImportToken is a required field
	ImportToken *string `type:"string" required:"true"`

	// The validity period of the import token.
	//
	// ParametersValidUntilTimestamp is a required field
	ParametersValidUntilTimestamp *time.Time `type:"timestamp" required:"true"`

	// The algorithm of the wrapping key for use within TR-34 WrappedKeyBlock or
	// RSA WrappedKeyCryptogram.
	//
	// WrappingKeyAlgorithm is a required field
	WrappingKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"`

	// The wrapping key certificate in PEM format (base64 encoded) of the wrapping
	// key for use within the TR-34 key block. The certificate expires in 7 days.
	//
	// WrappingKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetParametersForImportOutput's
	// String and GoString methods.
	//
	// WrappingKeyCertificate is a required field
	WrappingKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// The Amazon Web Services Payment Cryptography root certificate authority (CA)
	// that signed the wrapping key certificate in PEM format (base64 encoded).
	//
	// WrappingKeyCertificateChain is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetParametersForImportOutput's
	// String and GoString methods.
	//
	// WrappingKeyCertificateChain is a required field
	WrappingKeyCertificateChain *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForImportOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForImportOutput) GoString() string {
	return s.String()
}

// SetImportToken sets the ImportToken field's value.
func (s *GetParametersForImportOutput) SetImportToken(v string) *GetParametersForImportOutput {
	s.ImportToken = &v
	return s
}

// SetParametersValidUntilTimestamp sets the ParametersValidUntilTimestamp field's value.
func (s *GetParametersForImportOutput) SetParametersValidUntilTimestamp(v time.Time) *GetParametersForImportOutput {
	s.ParametersValidUntilTimestamp = &v
	return s
}

// SetWrappingKeyAlgorithm sets the WrappingKeyAlgorithm field's value.
func (s *GetParametersForImportOutput) SetWrappingKeyAlgorithm(v string) *GetParametersForImportOutput {
	s.WrappingKeyAlgorithm = &v
	return s
}

// SetWrappingKeyCertificate sets the WrappingKeyCertificate field's value.
func (s *GetParametersForImportOutput) SetWrappingKeyCertificate(v string) *GetParametersForImportOutput {
	s.WrappingKeyCertificate = &v
	return s
}

// SetWrappingKeyCertificateChain sets the WrappingKeyCertificateChain field's value.
func (s *GetParametersForImportOutput) SetWrappingKeyCertificateChain(v string) *GetParametersForImportOutput {
	s.WrappingKeyCertificateChain = &v
	return s
}

type GetPublicKeyCertificateInput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the asymmetric key pair.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPublicKeyCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPublicKeyCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetPublicKeyCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetPublicKeyCertificateInput"}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *GetPublicKeyCertificateInput) SetKeyIdentifier(v string) *GetPublicKeyCertificateInput {
	s.KeyIdentifier = &v
	return s
}

type GetPublicKeyCertificateOutput struct {
	_ struct{} `type:"structure"`

	// The public key component of the asymmetric key pair in a certificate PEM
	// format (base64 encoded). It is signed by the root certificate authority (CA).
	// The certificate expires in 90 days.
	//
	// KeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetPublicKeyCertificateOutput's
	// String and GoString methods.
	//
	// KeyCertificate is a required field
	KeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// The root certificate authority (CA) that signed the public key certificate
	// in PEM format (base64 encoded) of the asymmetric key pair.
	//
	// KeyCertificateChain is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetPublicKeyCertificateOutput's
	// String and GoString methods.
	//
	// KeyCertificateChain is a required field
	KeyCertificateChain *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPublicKeyCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPublicKeyCertificateOutput) GoString() string {
	return s.String()
}

// SetKeyCertificate sets the KeyCertificate field's value.
func (s *GetPublicKeyCertificateOutput) SetKeyCertificate(v string) *GetPublicKeyCertificateOutput {
	s.KeyCertificate = &v
	return s
}

// SetKeyCertificateChain sets the KeyCertificateChain field's value.
func (s *GetPublicKeyCertificateOutput) SetKeyCertificateChain(v string) *GetPublicKeyCertificateOutput {
	s.KeyCertificateChain = &v
	return s
}

// Parameter information for key material import using asymmetric RSA wrap and
// unwrap key exchange method.
type ImportKeyCryptogram struct {
	_ struct{} `type:"structure"`

	// Specifies whether the key is exportable from the service.
	//
	// Exportable is a required field
	Exportable *bool `type:"boolean" required:"true"`

	// The import token that initiates key import using the asymmetric RSA wrap
	// and unwrap key exchange method into AWS Payment Cryptography. It expires
	// after 7 days. You can use the same import token to import multiple keys to
	// the same service account.
	//
	// ImportToken is a required field
	ImportToken *string `type:"string" required:"true"`

	// The role of the key, the algorithm it supports, and the cryptographic operations
	// allowed with the key. This data is immutable after the key is created.
	//
	// KeyAttributes is a required field
	KeyAttributes *KeyAttributes `type:"structure" required:"true"`

	// The RSA wrapped key cryptogram under import.
	//
	// WrappedKeyCryptogram is a required field
	WrappedKeyCryptogram *string `min:"16" type:"string" required:"true"`

	// The wrapping spec for the wrapped key cryptogram.
	WrappingSpec *string `type:"string" enum:"WrappingKeySpec"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyCryptogram) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyCryptogram) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ImportKeyCryptogram) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ImportKeyCryptogram"}
	if s.Exportable == nil {
		invalidParams.Add(request.NewErrParamRequired("Exportable"))
	}
	if s.ImportToken == nil {
		invalidParams.Add(request.NewErrParamRequired("ImportToken"))
	}
	if s.KeyAttributes == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyAttributes"))
	}
	if s.WrappedKeyCryptogram == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappedKeyCryptogram"))
	}
	if s.WrappedKeyCryptogram != nil && len(*s.WrappedKeyCryptogram) < 16 {
		invalidParams.Add(request.NewErrParamMinLen("WrappedKeyCryptogram", 16))
	}
	if s.KeyAttributes != nil {
		if err := s.KeyAttributes.Validate(); err != nil {
			invalidParams.AddNested("KeyAttributes", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetExportable sets the Exportable field's value.
func (s *ImportKeyCryptogram) SetExportable(v bool) *ImportKeyCryptogram {
	s.Exportable = &v
	return s
}

// SetImportToken sets the ImportToken field's value.
func (s *ImportKeyCryptogram) SetImportToken(v string) *ImportKeyCryptogram {
	s.ImportToken = &v
	return s
}

// SetKeyAttributes sets the KeyAttributes field's value.
func (s *ImportKeyCryptogram) SetKeyAttributes(v *KeyAttributes) *ImportKeyCryptogram {
	s.KeyAttributes = v
	return s
}

// SetWrappedKeyCryptogram sets the WrappedKeyCryptogram field's value.
func (s *ImportKeyCryptogram) SetWrappedKeyCryptogram(v string) *ImportKeyCryptogram {
	s.WrappedKeyCryptogram = &v
	return s
}

// SetWrappingSpec sets the WrappingSpec field's value.
func (s *ImportKeyCryptogram) SetWrappingSpec(v string) *ImportKeyCryptogram {
	s.WrappingSpec = &v
	return s
}

type ImportKeyInput struct {
	_ struct{} `type:"structure"`

	// Specifies whether import key is enabled.
	Enabled *bool `type:"boolean"`

	// The algorithm that Amazon Web Services Payment Cryptography uses to calculate
	// the key check value (KCV). It is used to validate the key integrity.
	//
	// For TDES keys, the KCV is computed by encrypting 8 bytes, each with value
	// of zero, with the key to be checked and retaining the 3 highest order bytes
	// of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm
	// where the input data is 16 bytes of zero and retaining the 3 highest order
	// bytes of the encrypted result.
	KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"`

	// The key or public key certificate type to use during key material import,
	// for example TR-34 or RootCertificatePublicKey.
	//
	// KeyMaterial is a required field
	KeyMaterial *ImportKeyMaterial `type:"structure" required:"true"`

	// Assigns one or more tags to the Amazon Web Services Payment Cryptography
	// key. Use this parameter to tag a key when it is imported. To tag an existing
	// Amazon Web Services Payment Cryptography key, use the TagResource operation.
	//
	// Each tag consists of a tag key and a tag value. Both the tag key and the
	// tag value are required, but the tag value can be an empty (null) string.
	// You can't have more than one tag on an Amazon Web Services Payment Cryptography
	// key with the same tag key. If you specify an existing tag key with a different
	// tag value, Amazon Web Services Payment Cryptography replaces the current
	// tag value with the specified one.
	//
	// Don't include personal, confidential or sensitive information in this field.
	// This field may be displayed in plaintext in CloudTrail logs and other output.
	//
	// Tagging or untagging an Amazon Web Services Payment Cryptography key can
	// allow or deny permission to the key.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ImportKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ImportKeyInput"}
	if s.KeyMaterial == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyMaterial"))
	}
	if s.KeyMaterial != nil {
		if err := s.KeyMaterial.Validate(); err != nil {
			invalidParams.AddNested("KeyMaterial", err.(request.ErrInvalidParams))
		}
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetEnabled sets the Enabled field's value.
func (s *ImportKeyInput) SetEnabled(v bool) *ImportKeyInput {
	s.Enabled = &v
	return s
}

// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value.
func (s *ImportKeyInput) SetKeyCheckValueAlgorithm(v string) *ImportKeyInput {
	s.KeyCheckValueAlgorithm = &v
	return s
}

// SetKeyMaterial sets the KeyMaterial field's value.
func (s *ImportKeyInput) SetKeyMaterial(v *ImportKeyMaterial) *ImportKeyInput {
	s.KeyMaterial = v
	return s
}

// SetTags sets the Tags field's value.
func (s *ImportKeyInput) SetTags(v []*Tag) *ImportKeyInput {
	s.Tags = v
	return s
}

// Parameter information for key material import into Amazon Web Services Payment
// Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key exchange method.
type ImportKeyMaterial struct {
	_ struct{} `type:"structure"`

	// Parameter information for key material import using asymmetric RSA wrap and
	// unwrap key exchange method.
	KeyCryptogram *ImportKeyCryptogram `type:"structure"`

	// Parameter information for root public key certificate import.
	RootCertificatePublicKey *RootCertificatePublicKey `type:"structure"`

	// Parameter information for key material import using symmetric TR-31 key exchange
	// method.
	Tr31KeyBlock *ImportTr31KeyBlock `type:"structure"`

	// Parameter information for key material import using the asymmetric TR-34
	// key exchange method.
	Tr34KeyBlock *ImportTr34KeyBlock `type:"structure"`

	// Parameter information for trusted public key certificate import.
	TrustedCertificatePublicKey *TrustedCertificatePublicKey `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyMaterial) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyMaterial) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ImportKeyMaterial) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ImportKeyMaterial"}
	if s.KeyCryptogram != nil {
		if err := s.KeyCryptogram.Validate(); err != nil {
			invalidParams.AddNested("KeyCryptogram", err.(request.ErrInvalidParams))
		}
	}
	if s.RootCertificatePublicKey != nil {
		if err := s.RootCertificatePublicKey.Validate(); err != nil {
			invalidParams.AddNested("RootCertificatePublicKey", err.(request.ErrInvalidParams))
		}
	}
	if s.Tr31KeyBlock != nil {
		if err := s.Tr31KeyBlock.Validate(); err != nil {
			invalidParams.AddNested("Tr31KeyBlock", err.(request.ErrInvalidParams))
		}
	}
	if s.Tr34KeyBlock != nil {
		if err := s.Tr34KeyBlock.Validate(); err != nil {
			invalidParams.AddNested("Tr34KeyBlock", err.(request.ErrInvalidParams))
		}
	}
	if s.TrustedCertificatePublicKey != nil {
		if err := s.TrustedCertificatePublicKey.Validate(); err != nil {
			invalidParams.AddNested("TrustedCertificatePublicKey", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyCryptogram sets the KeyCryptogram field's value.
func (s *ImportKeyMaterial) SetKeyCryptogram(v *ImportKeyCryptogram) *ImportKeyMaterial {
	s.KeyCryptogram = v
	return s
}

// SetRootCertificatePublicKey sets the RootCertificatePublicKey field's value.
func (s *ImportKeyMaterial) SetRootCertificatePublicKey(v *RootCertificatePublicKey) *ImportKeyMaterial {
	s.RootCertificatePublicKey = v
	return s
}

// SetTr31KeyBlock sets the Tr31KeyBlock field's value.
func (s *ImportKeyMaterial) SetTr31KeyBlock(v *ImportTr31KeyBlock) *ImportKeyMaterial {
	s.Tr31KeyBlock = v
	return s
}

// SetTr34KeyBlock sets the Tr34KeyBlock field's value.
func (s *ImportKeyMaterial) SetTr34KeyBlock(v *ImportTr34KeyBlock) *ImportKeyMaterial {
	s.Tr34KeyBlock = v
	return s
}

// SetTrustedCertificatePublicKey sets the TrustedCertificatePublicKey field's value.
func (s *ImportKeyMaterial) SetTrustedCertificatePublicKey(v *TrustedCertificatePublicKey) *ImportKeyMaterial {
	s.TrustedCertificatePublicKey = v
	return s
}

type ImportKeyOutput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key material imported within Amazon Web Services Payment
	// Cryptography.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *ImportKeyOutput) SetKey(v *Key) *ImportKeyOutput {
	s.Key = v
	return s
}

// Parameter information for key material import using symmetric TR-31 key exchange
// method.
type ImportTr31KeyBlock struct {
	_ struct{} `type:"structure"`

	// The TR-31 wrapped key block to import.
	//
	// WrappedKeyBlock is a required field
	WrappedKeyBlock *string `min:"56" type:"string" required:"true"`

	// The KeyARN of the key that will decrypt or unwrap a TR-31 key block during
	// import.
	//
	// WrappingKeyIdentifier is a required field
	WrappingKeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportTr31KeyBlock) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportTr31KeyBlock) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ImportTr31KeyBlock) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ImportTr31KeyBlock"}
	if s.WrappedKeyBlock == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappedKeyBlock"))
	}
	if s.WrappedKeyBlock != nil && len(*s.WrappedKeyBlock) < 56 {
		invalidParams.Add(request.NewErrParamMinLen("WrappedKeyBlock", 56))
	}
	if s.WrappingKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappingKeyIdentifier"))
	}
	if s.WrappingKeyIdentifier != nil && len(*s.WrappingKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("WrappingKeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetWrappedKeyBlock sets the WrappedKeyBlock field's value.
func (s *ImportTr31KeyBlock) SetWrappedKeyBlock(v string) *ImportTr31KeyBlock {
	s.WrappedKeyBlock = &v
	return s
}

// SetWrappingKeyIdentifier sets the WrappingKeyIdentifier field's value.
func (s *ImportTr31KeyBlock) SetWrappingKeyIdentifier(v string) *ImportTr31KeyBlock {
	s.WrappingKeyIdentifier = &v
	return s
}

// Parameter information for key material import using the asymmetric TR-34
// key exchange method.
type ImportTr34KeyBlock struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the certificate chain that signs the signing key certificate
	// during TR-34 key import.
	//
	// CertificateAuthorityPublicKeyIdentifier is a required field
	CertificateAuthorityPublicKeyIdentifier *string `min:"7" type:"string" required:"true"`

	// The import token that initiates key import using the asymmetric TR-34 key
	// exchange method into Amazon Web Services Payment Cryptography. It expires
	// after 7 days. You can use the same import token to import multiple keys to
	// the same service account.
	//
	// ImportToken is a required field
	ImportToken *string `type:"string" required:"true"`

	// The key block format to use during key import. The only value allowed is
	// X9_TR34_2012.
	//
	// KeyBlockFormat is a required field
	KeyBlockFormat *string `type:"string" required:"true" enum:"Tr34KeyBlockFormat"`

	// A random number value that is unique to the TR-34 key block generated using
	// 2 pass. The operation will fail, if a random nonce value is not provided
	// for a TR-34 key block generated using 2 pass.
	RandomNonce *string `min:"16" type:"string"`

	// The public key component in PEM certificate format of the private key that
	// signs the KDH TR-34 WrappedKeyBlock.
	//
	// SigningKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by ImportTr34KeyBlock's
	// String and GoString methods.
	//
	// SigningKeyCertificate is a required field
	SigningKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// The TR-34 wrapped key block to import.
	//
	// WrappedKeyBlock is a required field
	WrappedKeyBlock *string `min:"2" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportTr34KeyBlock) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportTr34KeyBlock) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ImportTr34KeyBlock) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ImportTr34KeyBlock"}
	if s.CertificateAuthorityPublicKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityPublicKeyIdentifier"))
	}
	if s.CertificateAuthorityPublicKeyIdentifier != nil && len(*s.CertificateAuthorityPublicKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityPublicKeyIdentifier", 7))
	}
	if s.ImportToken == nil {
		invalidParams.Add(request.NewErrParamRequired("ImportToken"))
	}
	if s.KeyBlockFormat == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyBlockFormat"))
	}
	if s.RandomNonce != nil && len(*s.RandomNonce) < 16 {
		invalidParams.Add(request.NewErrParamMinLen("RandomNonce", 16))
	}
	if s.SigningKeyCertificate == nil {
		invalidParams.Add(request.NewErrParamRequired("SigningKeyCertificate"))
	}
	if s.SigningKeyCertificate != nil && len(*s.SigningKeyCertificate) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("SigningKeyCertificate", 1))
	}
	if s.WrappedKeyBlock == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappedKeyBlock"))
	}
	if s.WrappedKeyBlock != nil && len(*s.WrappedKeyBlock) < 2 {
		invalidParams.Add(request.NewErrParamMinLen("WrappedKeyBlock", 2))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCertificateAuthorityPublicKeyIdentifier sets the CertificateAuthorityPublicKeyIdentifier field's value.
func (s *ImportTr34KeyBlock) SetCertificateAuthorityPublicKeyIdentifier(v string) *ImportTr34KeyBlock {
	s.CertificateAuthorityPublicKeyIdentifier = &v
	return s
}

// SetImportToken sets the ImportToken field's value.
func (s *ImportTr34KeyBlock) SetImportToken(v string) *ImportTr34KeyBlock {
	s.ImportToken = &v
	return s
}

// SetKeyBlockFormat sets the KeyBlockFormat field's value.
func (s *ImportTr34KeyBlock) SetKeyBlockFormat(v string) *ImportTr34KeyBlock {
	s.KeyBlockFormat = &v
	return s
}

// SetRandomNonce sets the RandomNonce field's value.
func (s *ImportTr34KeyBlock) SetRandomNonce(v string) *ImportTr34KeyBlock {
	s.RandomNonce = &v
	return s
}

// SetSigningKeyCertificate sets the SigningKeyCertificate field's value.
func (s *ImportTr34KeyBlock) SetSigningKeyCertificate(v string) *ImportTr34KeyBlock {
	s.SigningKeyCertificate = &v
	return s
}

// SetWrappedKeyBlock sets the WrappedKeyBlock field's value.
func (s *ImportTr34KeyBlock) SetWrappedKeyBlock(v string) *ImportTr34KeyBlock {
	s.WrappedKeyBlock = &v
	return s
}

// The request processing has failed because of an unknown error, exception,
// or failure.
type InternalServerException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InternalServerException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InternalServerException) GoString() string {
	return s.String()
}

func newErrorInternalServerException(v protocol.ResponseMetadata) error {
	return &InternalServerException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *InternalServerException) Code() string {
	return "InternalServerException"
}

// Message returns the exception's message.
func (s *InternalServerException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InternalServerException) OrigErr() error {
	return nil
}

func (s *InternalServerException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *InternalServerException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *InternalServerException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Metadata about an Amazon Web Services Payment Cryptography key.
type Key struct {
	_ struct{} `type:"structure"`

	// The date and time when the key was created.
	//
	// CreateTimestamp is a required field
	CreateTimestamp *time.Time `type:"timestamp" required:"true"`

	// The date and time after which Amazon Web Services Payment Cryptography will
	// delete the key. This value is present only when KeyState is DELETE_PENDING
	// and the key is scheduled for deletion.
	DeletePendingTimestamp *time.Time `type:"timestamp"`

	// The date and time after which Amazon Web Services Payment Cryptography will
	// delete the key. This value is present only when when the KeyState is DELETE_COMPLETE
	// and the Amazon Web Services Payment Cryptography key is deleted.
	DeleteTimestamp *time.Time `type:"timestamp"`

	// Specifies whether the key is enabled.
	//
	// Enabled is a required field
	Enabled *bool `type:"boolean" required:"true"`

	// Specifies whether the key is exportable. This data is immutable after the
	// key is created.
	//
	// Exportable is a required field
	Exportable *bool `type:"boolean" required:"true"`

	// The Amazon Resource Name (ARN) of the key.
	//
	// KeyArn is a required field
	KeyArn *string `min:"70" type:"string" required:"true"`

	// The role of the key, the algorithm it supports, and the cryptographic operations
	// allowed with the key. This data is immutable after the key is created.
	//
	// KeyAttributes is a required field
	KeyAttributes *KeyAttributes `type:"structure" required:"true"`

	// The key check value (KCV) is used to check if all parties holding a given
	// key have the same key or to detect that a key has changed.
	//
	// KeyCheckValue is a required field
	KeyCheckValue *string `min:"4" type:"string" required:"true"`

	// The algorithm that Amazon Web Services Payment Cryptography uses to calculate
	// the key check value (KCV). It is used to validate the key integrity.
	//
	// For TDES keys, the KCV is computed by encrypting 8 bytes, each with value
	// of zero, with the key to be checked and retaining the 3 highest order bytes
	// of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm
	// where the input data is 16 bytes of zero and retaining the 3 highest order
	// bytes of the encrypted result.
	//
	// KeyCheckValueAlgorithm is a required field
	KeyCheckValueAlgorithm *string `type:"string" required:"true" enum:"KeyCheckValueAlgorithm"`

	// The source of the key material. For keys created within Amazon Web Services
	// Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY. For keys imported
	// into Amazon Web Services Payment Cryptography, the value is EXTERNAL.
	//
	// KeyOrigin is a required field
	KeyOrigin *string `type:"string" required:"true" enum:"KeyOrigin"`

	// The state of key that is being created or deleted.
	//
	// KeyState is a required field
	KeyState *string `type:"string" required:"true" enum:"KeyState"`

	// The date and time after which Amazon Web Services Payment Cryptography will
	// start using the key material for cryptographic operations.
	UsageStartTimestamp *time.Time `type:"timestamp"`

	// The date and time after which Amazon Web Services Payment Cryptography will
	// stop using the key material for cryptographic operations.
	UsageStopTimestamp *time.Time `type:"timestamp"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Key) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Key) GoString() string {
	return s.String()
}

// SetCreateTimestamp sets the CreateTimestamp field's value.
func (s *Key) SetCreateTimestamp(v time.Time) *Key {
	s.CreateTimestamp = &v
	return s
}

// SetDeletePendingTimestamp sets the DeletePendingTimestamp field's value.
func (s *Key) SetDeletePendingTimestamp(v time.Time) *Key {
	s.DeletePendingTimestamp = &v
	return s
}

// SetDeleteTimestamp sets the DeleteTimestamp field's value.
func (s *Key) SetDeleteTimestamp(v time.Time) *Key {
	s.DeleteTimestamp = &v
	return s
}

// SetEnabled sets the Enabled field's value.
func (s *Key) SetEnabled(v bool) *Key {
	s.Enabled = &v
	return s
}

// SetExportable sets the Exportable field's value.
func (s *Key) SetExportable(v bool) *Key {
	s.Exportable = &v
	return s
}

// SetKeyArn sets the KeyArn field's value.
func (s *Key) SetKeyArn(v string) *Key {
	s.KeyArn = &v
	return s
}

// SetKeyAttributes sets the KeyAttributes field's value.
func (s *Key) SetKeyAttributes(v *KeyAttributes) *Key {
	s.KeyAttributes = v
	return s
}

// SetKeyCheckValue sets the KeyCheckValue field's value.
func (s *Key) SetKeyCheckValue(v string) *Key {
	s.KeyCheckValue = &v
	return s
}

// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value.
func (s *Key) SetKeyCheckValueAlgorithm(v string) *Key {
	s.KeyCheckValueAlgorithm = &v
	return s
}

// SetKeyOrigin sets the KeyOrigin field's value.
func (s *Key) SetKeyOrigin(v string) *Key {
	s.KeyOrigin = &v
	return s
}

// SetKeyState sets the KeyState field's value.
func (s *Key) SetKeyState(v string) *Key {
	s.KeyState = &v
	return s
}

// SetUsageStartTimestamp sets the UsageStartTimestamp field's value.
func (s *Key) SetUsageStartTimestamp(v time.Time) *Key {
	s.UsageStartTimestamp = &v
	return s
}

// SetUsageStopTimestamp sets the UsageStopTimestamp field's value.
func (s *Key) SetUsageStopTimestamp(v time.Time) *Key {
	s.UsageStopTimestamp = &v
	return s
}

// The role of the key, the algorithm it supports, and the cryptographic operations
// allowed with the key. This data is immutable after the key is created.
type KeyAttributes struct {
	_ struct{} `type:"structure"`

	// The key algorithm to be use during creation of an Amazon Web Services Payment
	// Cryptography key.
	//
	// For symmetric keys, Amazon Web Services Payment Cryptography supports AES
	// and TDES algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography
	// supports RSA and ECC_NIST algorithms.
	//
	// KeyAlgorithm is a required field
	KeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"`

	// The type of Amazon Web Services Payment Cryptography key to create, which
	// determines the classiﬁcation of the cryptographic method and whether Amazon
	// Web Services Payment Cryptography key contains a symmetric key or an asymmetric
	// key pair.
	//
	// KeyClass is a required field
	KeyClass *string `type:"string" required:"true" enum:"KeyClass"`

	// The list of cryptographic operations that you can perform using the key.
	//
	// KeyModesOfUse is a required field
	KeyModesOfUse *KeyModesOfUse `type:"structure" required:"true"`

	// The cryptographic usage of an Amazon Web Services Payment Cryptography key
	// as deﬁned in section A.5.2 of the TR-31 spec.
	//
	// KeyUsage is a required field
	KeyUsage *string `type:"string" required:"true" enum:"KeyUsage"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeyAttributes) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeyAttributes) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *KeyAttributes) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "KeyAttributes"}
	if s.KeyAlgorithm == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyAlgorithm"))
	}
	if s.KeyClass == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyClass"))
	}
	if s.KeyModesOfUse == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyModesOfUse"))
	}
	if s.KeyUsage == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyUsage"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyAlgorithm sets the KeyAlgorithm field's value.
func (s *KeyAttributes) SetKeyAlgorithm(v string) *KeyAttributes {
	s.KeyAlgorithm = &v
	return s
}

// SetKeyClass sets the KeyClass field's value.
func (s *KeyAttributes) SetKeyClass(v string) *KeyAttributes {
	s.KeyClass = &v
	return s
}

// SetKeyModesOfUse sets the KeyModesOfUse field's value.
func (s *KeyAttributes) SetKeyModesOfUse(v *KeyModesOfUse) *KeyAttributes {
	s.KeyModesOfUse = v
	return s
}

// SetKeyUsage sets the KeyUsage field's value.
func (s *KeyAttributes) SetKeyUsage(v string) *KeyAttributes {
	s.KeyUsage = &v
	return s
}

// The list of cryptographic operations that you can perform using the key.
// The modes of use are deﬁned in section A.5.3 of the TR-31 spec.
type KeyModesOfUse struct {
	_ struct{} `type:"structure"`

	// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be
	// used to decrypt data.
	Decrypt *bool `type:"boolean"`

	// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be
	// used to derive new keys.
	DeriveKey *bool `type:"boolean"`

	// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be
	// used to encrypt data.
	Encrypt *bool `type:"boolean"`

	// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be
	// used to generate and verify other card and PIN verification keys.
	Generate *bool `type:"boolean"`

	// Speciﬁes whether an Amazon Web Services Payment Cryptography key has no
	// special restrictions other than the restrictions implied by KeyUsage.
	NoRestrictions *bool `type:"boolean"`

	// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be
	// used for signing.
	Sign *bool `type:"boolean"`

	// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be
	// used to unwrap other keys.
	Unwrap *bool `type:"boolean"`

	// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be
	// used to verify signatures.
	Verify *bool `type:"boolean"`

	// Speciﬁes whether an Amazon Web Services Payment Cryptography key can be
	// used to wrap other keys.
	Wrap *bool `type:"boolean"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeyModesOfUse) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeyModesOfUse) GoString() string {
	return s.String()
}

// SetDecrypt sets the Decrypt field's value.
func (s *KeyModesOfUse) SetDecrypt(v bool) *KeyModesOfUse {
	s.Decrypt = &v
	return s
}

// SetDeriveKey sets the DeriveKey field's value.
func (s *KeyModesOfUse) SetDeriveKey(v bool) *KeyModesOfUse {
	s.DeriveKey = &v
	return s
}

// SetEncrypt sets the Encrypt field's value.
func (s *KeyModesOfUse) SetEncrypt(v bool) *KeyModesOfUse {
	s.Encrypt = &v
	return s
}

// SetGenerate sets the Generate field's value.
func (s *KeyModesOfUse) SetGenerate(v bool) *KeyModesOfUse {
	s.Generate = &v
	return s
}

// SetNoRestrictions sets the NoRestrictions field's value.
func (s *KeyModesOfUse) SetNoRestrictions(v bool) *KeyModesOfUse {
	s.NoRestrictions = &v
	return s
}

// SetSign sets the Sign field's value.
func (s *KeyModesOfUse) SetSign(v bool) *KeyModesOfUse {
	s.Sign = &v
	return s
}

// SetUnwrap sets the Unwrap field's value.
func (s *KeyModesOfUse) SetUnwrap(v bool) *KeyModesOfUse {
	s.Unwrap = &v
	return s
}

// SetVerify sets the Verify field's value.
func (s *KeyModesOfUse) SetVerify(v bool) *KeyModesOfUse {
	s.Verify = &v
	return s
}

// SetWrap sets the Wrap field's value.
func (s *KeyModesOfUse) SetWrap(v bool) *KeyModesOfUse {
	s.Wrap = &v
	return s
}

// Metadata about an Amazon Web Services Payment Cryptography key.
type KeySummary struct {
	_ struct{} `type:"structure"`

	// Specifies whether the key is enabled.
	//
	// Enabled is a required field
	Enabled *bool `type:"boolean" required:"true"`

	// Specifies whether the key is exportable. This data is immutable after the
	// key is created.
	//
	// Exportable is a required field
	Exportable *bool `type:"boolean" required:"true"`

	// The Amazon Resource Name (ARN) of the key.
	//
	// KeyArn is a required field
	KeyArn *string `min:"70" type:"string" required:"true"`

	// The role of the key, the algorithm it supports, and the cryptographic operations
	// allowed with the key. This data is immutable after the key is created.
	//
	// KeyAttributes is a required field
	KeyAttributes *KeyAttributes `type:"structure" required:"true"`

	// The key check value (KCV) is used to check if all parties holding a given
	// key have the same key or to detect that a key has changed.
	//
	// KeyCheckValue is a required field
	KeyCheckValue *string `min:"4" type:"string" required:"true"`

	// The state of an Amazon Web Services Payment Cryptography that is being created
	// or deleted.
	//
	// KeyState is a required field
	KeyState *string `type:"string" required:"true" enum:"KeyState"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeySummary) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeySummary) GoString() string {
	return s.String()
}

// SetEnabled sets the Enabled field's value.
func (s *KeySummary) SetEnabled(v bool) *KeySummary {
	s.Enabled = &v
	return s
}

// SetExportable sets the Exportable field's value.
func (s *KeySummary) SetExportable(v bool) *KeySummary {
	s.Exportable = &v
	return s
}

// SetKeyArn sets the KeyArn field's value.
func (s *KeySummary) SetKeyArn(v string) *KeySummary {
	s.KeyArn = &v
	return s
}

// SetKeyAttributes sets the KeyAttributes field's value.
func (s *KeySummary) SetKeyAttributes(v *KeyAttributes) *KeySummary {
	s.KeyAttributes = v
	return s
}

// SetKeyCheckValue sets the KeyCheckValue field's value.
func (s *KeySummary) SetKeyCheckValue(v string) *KeySummary {
	s.KeyCheckValue = &v
	return s
}

// SetKeyState sets the KeyState field's value.
func (s *KeySummary) SetKeyState(v string) *KeySummary {
	s.KeyState = &v
	return s
}

type ListAliasesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter to specify the maximum number of items to return. When
	// this value is present, Amazon Web Services Payment Cryptography does not
	// return more than the specified number of items, but it might return fewer.
	//
	// This value is optional. If you include a value, it must be between 1 and
	// 100, inclusive. If you do not include a value, it defaults to 50.
	MaxResults *int64 `min:"1" type:"integer"`

	// Use this parameter in a subsequent request after you receive a response with
	// truncated results. Set it to the value of NextToken from the truncated response
	// you just received.
	NextToken *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAliasesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAliasesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAliasesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAliasesInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMaxResults sets the MaxResults field's value.
func (s *ListAliasesInput) SetMaxResults(v int64) *ListAliasesInput {
	s.MaxResults = &v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListAliasesInput) SetNextToken(v string) *ListAliasesInput {
	s.NextToken = &v
	return s
}

type ListAliasesOutput struct {
	_ struct{} `type:"structure"`

	// The list of aliases. Each alias describes the KeyArn contained within.
	//
	// Aliases is a required field
	Aliases []*Alias `type:"list" required:"true"`

	// The token for the next set of results, or an empty or null value if there
	// are no more results.
	NextToken *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAliasesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAliasesOutput) GoString() string {
	return s.String()
}

// SetAliases sets the Aliases field's value.
func (s *ListAliasesOutput) SetAliases(v []*Alias) *ListAliasesOutput {
	s.Aliases = v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListAliasesOutput) SetNextToken(v string) *ListAliasesOutput {
	s.NextToken = &v
	return s
}

type ListKeysInput struct {
	_ struct{} `type:"structure"`

	// The key state of the keys you want to list.
	KeyState *string `type:"string" enum:"KeyState"`

	// Use this parameter to specify the maximum number of items to return. When
	// this value is present, Amazon Web Services Payment Cryptography does not
	// return more than the specified number of items, but it might return fewer.
	//
	// This value is optional. If you include a value, it must be between 1 and
	// 100, inclusive. If you do not include a value, it defaults to 50.
	MaxResults *int64 `min:"1" type:"integer"`

	// Use this parameter in a subsequent request after you receive a response with
	// truncated results. Set it to the value of NextToken from the truncated response
	// you just received.
	NextToken *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListKeysInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListKeysInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListKeysInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListKeysInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyState sets the KeyState field's value.
func (s *ListKeysInput) SetKeyState(v string) *ListKeysInput {
	s.KeyState = &v
	return s
}

// SetMaxResults sets the MaxResults field's value.
func (s *ListKeysInput) SetMaxResults(v int64) *ListKeysInput {
	s.MaxResults = &v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListKeysInput) SetNextToken(v string) *ListKeysInput {
	s.NextToken = &v
	return s
}

type ListKeysOutput struct {
	_ struct{} `type:"structure"`

	// The list of keys created within the caller's Amazon Web Services account
	// and Amazon Web Services Region.
	//
	// Keys is a required field
	Keys []*KeySummary `type:"list" required:"true"`

	// The token for the next set of results, or an empty or null value if there
	// are no more results.
	NextToken *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListKeysOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListKeysOutput) GoString() string {
	return s.String()
}

// SetKeys sets the Keys field's value.
func (s *ListKeysOutput) SetKeys(v []*KeySummary) *ListKeysOutput {
	s.Keys = v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListKeysOutput) SetNextToken(v string) *ListKeysOutput {
	s.NextToken = &v
	return s
}

type ListTagsForResourceInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter to specify the maximum number of items to return. When
	// this value is present, Amazon Web Services Payment Cryptography does not
	// return more than the specified number of items, but it might return fewer.
	//
	// This value is optional. If you include a value, it must be between 1 and
	// 100, inclusive. If you do not include a value, it defaults to 50.
	MaxResults *int64 `min:"1" type:"integer"`

	// Use this parameter in a subsequent request after you receive a response with
	// truncated results. Set it to the value of NextToken from the truncated response
	// you just received.
	NextToken *string `min:"1" type:"string"`

	// The KeyARN of the key whose tags you are getting.
	//
	// ResourceArn is a required field
	ResourceArn *string `min:"70" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListTagsForResourceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
	}
	if s.ResourceArn == nil {
		invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
	}
	if s.ResourceArn != nil && len(*s.ResourceArn) < 70 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 70))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMaxResults sets the MaxResults field's value.
func (s *ListTagsForResourceInput) SetMaxResults(v int64) *ListTagsForResourceInput {
	s.MaxResults = &v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput {
	s.NextToken = &v
	return s
}

// SetResourceArn sets the ResourceArn field's value.
func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput {
	s.ResourceArn = &v
	return s
}

type ListTagsForResourceOutput struct {
	_ struct{} `type:"structure"`

	// The token for the next set of results, or an empty or null value if there
	// are no more results.
	NextToken *string `min:"1" type:"string"`

	// The list of tags associated with a ResourceArn. Each tag will list the key-value
	// pair contained within that tag.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceOutput) GoString() string {
	return s.String()
}

// SetNextToken sets the NextToken field's value.
func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput {
	s.NextToken = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput {
	s.Tags = v
	return s
}

// The request was denied due to an invalid resource error.
type ResourceNotFoundException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"message" type:"string"`

	// The string for the exception.
	ResourceId *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceNotFoundException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceNotFoundException) GoString() string {
	return s.String()
}

func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
	return &ResourceNotFoundException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ResourceNotFoundException) Code() string {
	return "ResourceNotFoundException"
}

// Message returns the exception's message.
func (s *ResourceNotFoundException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ResourceNotFoundException) OrigErr() error {
	return nil
}

func (s *ResourceNotFoundException) Error() string {
	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ResourceNotFoundException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ResourceNotFoundException) RequestID() string {
	return s.RespMetadata.RequestID
}

type RestoreKeyInput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key to be restored within Amazon Web Services Payment Cryptography.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RestoreKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RestoreKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RestoreKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "RestoreKeyInput"}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *RestoreKeyInput) SetKeyIdentifier(v string) *RestoreKeyInput {
	s.KeyIdentifier = &v
	return s
}

type RestoreKeyOutput struct {
	_ struct{} `type:"structure"`

	// The key material of the restored key. The KeyState will change to CREATE_COMPLETE
	// and value for DeletePendingTimestamp gets removed.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RestoreKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RestoreKeyOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *RestoreKeyOutput) SetKey(v *Key) *RestoreKeyOutput {
	s.Key = v
	return s
}

// Parameter information for root public key certificate import.
type RootCertificatePublicKey struct {
	_ struct{} `type:"structure"`

	// The role of the key, the algorithm it supports, and the cryptographic operations
	// allowed with the key. This data is immutable after the root public key is
	// imported.
	//
	// KeyAttributes is a required field
	KeyAttributes *KeyAttributes `type:"structure" required:"true"`

	// Parameter information for root public key certificate import.
	//
	// PublicKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by RootCertificatePublicKey's
	// String and GoString methods.
	//
	// PublicKeyCertificate is a required field
	PublicKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RootCertificatePublicKey) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RootCertificatePublicKey) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RootCertificatePublicKey) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "RootCertificatePublicKey"}
	if s.KeyAttributes == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyAttributes"))
	}
	if s.PublicKeyCertificate == nil {
		invalidParams.Add(request.NewErrParamRequired("PublicKeyCertificate"))
	}
	if s.PublicKeyCertificate != nil && len(*s.PublicKeyCertificate) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PublicKeyCertificate", 1))
	}
	if s.KeyAttributes != nil {
		if err := s.KeyAttributes.Validate(); err != nil {
			invalidParams.AddNested("KeyAttributes", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyAttributes sets the KeyAttributes field's value.
func (s *RootCertificatePublicKey) SetKeyAttributes(v *KeyAttributes) *RootCertificatePublicKey {
	s.KeyAttributes = v
	return s
}

// SetPublicKeyCertificate sets the PublicKeyCertificate field's value.
func (s *RootCertificatePublicKey) SetPublicKeyCertificate(v string) *RootCertificatePublicKey {
	s.PublicKeyCertificate = &v
	return s
}

// This request would cause a service quota to be exceeded.
type ServiceQuotaExceededException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceQuotaExceededException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceQuotaExceededException) GoString() string {
	return s.String()
}

func newErrorServiceQuotaExceededException(v protocol.ResponseMetadata) error {
	return &ServiceQuotaExceededException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ServiceQuotaExceededException) Code() string {
	return "ServiceQuotaExceededException"
}

// Message returns the exception's message.
func (s *ServiceQuotaExceededException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ServiceQuotaExceededException) OrigErr() error {
	return nil
}

func (s *ServiceQuotaExceededException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ServiceQuotaExceededException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ServiceQuotaExceededException) RequestID() string {
	return s.RespMetadata.RequestID
}

// The service cannot complete the request.
type ServiceUnavailableException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceUnavailableException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceUnavailableException) GoString() string {
	return s.String()
}

func newErrorServiceUnavailableException(v protocol.ResponseMetadata) error {
	return &ServiceUnavailableException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ServiceUnavailableException) Code() string {
	return "ServiceUnavailableException"
}

// Message returns the exception's message.
func (s *ServiceUnavailableException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ServiceUnavailableException) OrigErr() error {
	return nil
}

func (s *ServiceUnavailableException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ServiceUnavailableException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ServiceUnavailableException) RequestID() string {
	return s.RespMetadata.RequestID
}

type StartKeyUsageInput struct {
	_ struct{} `type:"structure"`

	// The KeyArn of the key.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StartKeyUsageInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StartKeyUsageInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *StartKeyUsageInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "StartKeyUsageInput"}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *StartKeyUsageInput) SetKeyIdentifier(v string) *StartKeyUsageInput {
	s.KeyIdentifier = &v
	return s
}

type StartKeyUsageOutput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the Amazon Web Services Payment Cryptography key activated
	// for use.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StartKeyUsageOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StartKeyUsageOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *StartKeyUsageOutput) SetKey(v *Key) *StartKeyUsageOutput {
	s.Key = v
	return s
}

type StopKeyUsageInput struct {
	_ struct{} `type:"structure"`

	// The KeyArn of the key.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StopKeyUsageInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StopKeyUsageInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *StopKeyUsageInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "StopKeyUsageInput"}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *StopKeyUsageInput) SetKeyIdentifier(v string) *StopKeyUsageInput {
	s.KeyIdentifier = &v
	return s
}

type StopKeyUsageOutput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StopKeyUsageOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StopKeyUsageOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *StopKeyUsageOutput) SetKey(v *Key) *StopKeyUsageOutput {
	s.Key = v
	return s
}

// A structure that contains information about a tag.
type Tag struct {
	_ struct{} `type:"structure"`

	// The key of the tag.
	//
	// Key is a required field
	Key *string `min:"1" type:"string" required:"true"`

	// The value of the tag.
	Value *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Tag) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Tag) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *Tag) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "Tag"}
	if s.Key == nil {
		invalidParams.Add(request.NewErrParamRequired("Key"))
	}
	if s.Key != nil && len(*s.Key) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKey sets the Key field's value.
func (s *Tag) SetKey(v string) *Tag {
	s.Key = &v
	return s
}

// SetValue sets the Value field's value.
func (s *Tag) SetValue(v string) *Tag {
	s.Value = &v
	return s
}

type TagResourceInput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key whose tags are being updated.
	//
	// ResourceArn is a required field
	ResourceArn *string `min:"70" type:"string" required:"true"`

	// One or more tags. Each tag consists of a tag key and a tag value. The tag
	// value can be an empty (null) string. You can't have more than one tag on
	// an Amazon Web Services Payment Cryptography key with the same tag key. If
	// you specify an existing tag key with a different tag value, Amazon Web Services
	// Payment Cryptography replaces the current tag value with the new one.
	//
	// Don't include personal, confidential or sensitive information in this field.
	// This field may be displayed in plaintext in CloudTrail logs and other output.
	//
	// To use this parameter, you must have TagResource permission in an IAM policy.
	//
	// Don't include personal, confidential or sensitive information in this field.
	// This field may be displayed in plaintext in CloudTrail logs and other output.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TagResourceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
	if s.ResourceArn == nil {
		invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
	}
	if s.ResourceArn != nil && len(*s.ResourceArn) < 70 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 70))
	}
	if s.Tags == nil {
		invalidParams.Add(request.NewErrParamRequired("Tags"))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetResourceArn sets the ResourceArn field's value.
func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput {
	s.ResourceArn = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput {
	s.Tags = v
	return s
}

type TagResourceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceOutput) GoString() string {
	return s.String()
}

// The request was denied due to request throttling.
type ThrottlingException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ThrottlingException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ThrottlingException) GoString() string {
	return s.String()
}

func newErrorThrottlingException(v protocol.ResponseMetadata) error {
	return &ThrottlingException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ThrottlingException) Code() string {
	return "ThrottlingException"
}

// Message returns the exception's message.
func (s *ThrottlingException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ThrottlingException) OrigErr() error {
	return nil
}

func (s *ThrottlingException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ThrottlingException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ThrottlingException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Parameter information for trusted public key certificate import.
type TrustedCertificatePublicKey struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the root public key certificate or certificate chain that signs
	// the trusted public key certificate import.
	//
	// CertificateAuthorityPublicKeyIdentifier is a required field
	CertificateAuthorityPublicKeyIdentifier *string `min:"7" type:"string" required:"true"`

	// The role of the key, the algorithm it supports, and the cryptographic operations
	// allowed with the key. This data is immutable after a trusted public key is
	// imported.
	//
	// KeyAttributes is a required field
	KeyAttributes *KeyAttributes `type:"structure" required:"true"`

	// Parameter information for trusted public key certificate import.
	//
	// PublicKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by TrustedCertificatePublicKey's
	// String and GoString methods.
	//
	// PublicKeyCertificate is a required field
	PublicKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TrustedCertificatePublicKey) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TrustedCertificatePublicKey) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TrustedCertificatePublicKey) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TrustedCertificatePublicKey"}
	if s.CertificateAuthorityPublicKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityPublicKeyIdentifier"))
	}
	if s.CertificateAuthorityPublicKeyIdentifier != nil && len(*s.CertificateAuthorityPublicKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityPublicKeyIdentifier", 7))
	}
	if s.KeyAttributes == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyAttributes"))
	}
	if s.PublicKeyCertificate == nil {
		invalidParams.Add(request.NewErrParamRequired("PublicKeyCertificate"))
	}
	if s.PublicKeyCertificate != nil && len(*s.PublicKeyCertificate) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PublicKeyCertificate", 1))
	}
	if s.KeyAttributes != nil {
		if err := s.KeyAttributes.Validate(); err != nil {
			invalidParams.AddNested("KeyAttributes", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCertificateAuthorityPublicKeyIdentifier sets the CertificateAuthorityPublicKeyIdentifier field's value.
func (s *TrustedCertificatePublicKey) SetCertificateAuthorityPublicKeyIdentifier(v string) *TrustedCertificatePublicKey {
	s.CertificateAuthorityPublicKeyIdentifier = &v
	return s
}

// SetKeyAttributes sets the KeyAttributes field's value.
func (s *TrustedCertificatePublicKey) SetKeyAttributes(v *KeyAttributes) *TrustedCertificatePublicKey {
	s.KeyAttributes = v
	return s
}

// SetPublicKeyCertificate sets the PublicKeyCertificate field's value.
func (s *TrustedCertificatePublicKey) SetPublicKeyCertificate(v string) *TrustedCertificatePublicKey {
	s.PublicKeyCertificate = &v
	return s
}

type UntagResourceInput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key whose tags are being removed.
	//
	// ResourceArn is a required field
	ResourceArn *string `min:"70" type:"string" required:"true"`

	// One or more tag keys. Don't include the tag values.
	//
	// If the Amazon Web Services Payment Cryptography key doesn't have the specified
	// tag key, Amazon Web Services Payment Cryptography doesn't throw an exception
	// or return a response. To confirm that the operation succeeded, use the ListTagsForResource
	// operation.
	//
	// TagKeys is a required field
	TagKeys []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagResourceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
	if s.ResourceArn == nil {
		invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
	}
	if s.ResourceArn != nil && len(*s.ResourceArn) < 70 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 70))
	}
	if s.TagKeys == nil {
		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetResourceArn sets the ResourceArn field's value.
func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput {
	s.ResourceArn = &v
	return s
}

// SetTagKeys sets the TagKeys field's value.
func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
	s.TagKeys = v
	return s
}

type UntagResourceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceOutput) GoString() string {
	return s.String()
}

type UpdateAliasInput struct {
	_ struct{} `type:"structure"`

	// The alias whose associated key is changing.
	//
	// AliasName is a required field
	AliasName *string `min:"7" type:"string" required:"true"`

	// The KeyARN for the key that you are updating or removing from the alias.
	KeyArn *string `min:"70" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateAliasInput"}
	if s.AliasName == nil {
		invalidParams.Add(request.NewErrParamRequired("AliasName"))
	}
	if s.AliasName != nil && len(*s.AliasName) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("AliasName", 7))
	}
	if s.KeyArn != nil && len(*s.KeyArn) < 70 {
		invalidParams.Add(request.NewErrParamMinLen("KeyArn", 70))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAliasName sets the AliasName field's value.
func (s *UpdateAliasInput) SetAliasName(v string) *UpdateAliasInput {
	s.AliasName = &v
	return s
}

// SetKeyArn sets the KeyArn field's value.
func (s *UpdateAliasInput) SetKeyArn(v string) *UpdateAliasInput {
	s.KeyArn = &v
	return s
}

type UpdateAliasOutput struct {
	_ struct{} `type:"structure"`

	// The alias name.
	//
	// Alias is a required field
	Alias *Alias `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAliasOutput) GoString() string {
	return s.String()
}

// SetAlias sets the Alias field's value.
func (s *UpdateAliasOutput) SetAlias(v *Alias) *UpdateAliasOutput {
	s.Alias = v
	return s
}

// The request was denied due to an invalid request error.
type ValidationException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ValidationException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ValidationException) GoString() string {
	return s.String()
}

func newErrorValidationException(v protocol.ResponseMetadata) error {
	return &ValidationException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ValidationException) Code() string {
	return "ValidationException"
}

// Message returns the exception's message.
func (s *ValidationException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ValidationException) OrigErr() error {
	return nil
}

func (s *ValidationException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ValidationException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ValidationException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Parameter information for generating a WrappedKeyBlock for key exchange.
type WrappedKey struct {
	_ struct{} `type:"structure"`

	// The key check value (KCV) is used to check if all parties holding a given
	// key have the same key or to detect that a key has changed.
	KeyCheckValue *string `min:"4" type:"string"`

	// The algorithm that Amazon Web Services Payment Cryptography uses to calculate
	// the key check value (KCV). It is used to validate the key integrity.
	//
	// For TDES keys, the KCV is computed by encrypting 8 bytes, each with value
	// of zero, with the key to be checked and retaining the 3 highest order bytes
	// of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm
	// where the input data is 16 bytes of zero and retaining the 3 highest order
	// bytes of the encrypted result.
	KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"`

	// Parameter information for generating a wrapped key using TR-31 or TR-34 skey
	// exchange method.
	//
	// KeyMaterial is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by WrappedKey's
	// String and GoString methods.
	//
	// KeyMaterial is a required field
	KeyMaterial *string `min:"48" type:"string" required:"true" sensitive:"true"`

	// The key block format of a wrapped key.
	//
	// WrappedKeyMaterialFormat is a required field
	WrappedKeyMaterialFormat *string `type:"string" required:"true" enum:"WrappedKeyMaterialFormat"`

	// The KeyARN of the wrapped key.
	//
	// WrappingKeyArn is a required field
	WrappingKeyArn *string `min:"70" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s WrappedKey) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s WrappedKey) GoString() string {
	return s.String()
}

// SetKeyCheckValue sets the KeyCheckValue field's value.
func (s *WrappedKey) SetKeyCheckValue(v string) *WrappedKey {
	s.KeyCheckValue = &v
	return s
}

// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value.
func (s *WrappedKey) SetKeyCheckValueAlgorithm(v string) *WrappedKey {
	s.KeyCheckValueAlgorithm = &v
	return s
}

// SetKeyMaterial sets the KeyMaterial field's value.
func (s *WrappedKey) SetKeyMaterial(v string) *WrappedKey {
	s.KeyMaterial = &v
	return s
}

// SetWrappedKeyMaterialFormat sets the WrappedKeyMaterialFormat field's value.
func (s *WrappedKey) SetWrappedKeyMaterialFormat(v string) *WrappedKey {
	s.WrappedKeyMaterialFormat = &v
	return s
}

// SetWrappingKeyArn sets the WrappingKeyArn field's value.
func (s *WrappedKey) SetWrappingKeyArn(v string) *WrappedKey {
	s.WrappingKeyArn = &v
	return s
}

const (
	// KeyAlgorithmTdes2key is a KeyAlgorithm enum value
	KeyAlgorithmTdes2key = "TDES_2KEY"

	// KeyAlgorithmTdes3key is a KeyAlgorithm enum value
	KeyAlgorithmTdes3key = "TDES_3KEY"

	// KeyAlgorithmAes128 is a KeyAlgorithm enum value
	KeyAlgorithmAes128 = "AES_128"

	// KeyAlgorithmAes192 is a KeyAlgorithm enum value
	KeyAlgorithmAes192 = "AES_192"

	// KeyAlgorithmAes256 is a KeyAlgorithm enum value
	KeyAlgorithmAes256 = "AES_256"

	// KeyAlgorithmRsa2048 is a KeyAlgorithm enum value
	KeyAlgorithmRsa2048 = "RSA_2048"

	// KeyAlgorithmRsa3072 is a KeyAlgorithm enum value
	KeyAlgorithmRsa3072 = "RSA_3072"

	// KeyAlgorithmRsa4096 is a KeyAlgorithm enum value
	KeyAlgorithmRsa4096 = "RSA_4096"
)

// KeyAlgorithm_Values returns all elements of the KeyAlgorithm enum
func KeyAlgorithm_Values() []string {
	return []string{
		KeyAlgorithmTdes2key,
		KeyAlgorithmTdes3key,
		KeyAlgorithmAes128,
		KeyAlgorithmAes192,
		KeyAlgorithmAes256,
		KeyAlgorithmRsa2048,
		KeyAlgorithmRsa3072,
		KeyAlgorithmRsa4096,
	}
}

const (
	// KeyCheckValueAlgorithmCmac is a KeyCheckValueAlgorithm enum value
	KeyCheckValueAlgorithmCmac = "CMAC"

	// KeyCheckValueAlgorithmAnsiX924 is a KeyCheckValueAlgorithm enum value
	KeyCheckValueAlgorithmAnsiX924 = "ANSI_X9_24"
)

// KeyCheckValueAlgorithm_Values returns all elements of the KeyCheckValueAlgorithm enum
func KeyCheckValueAlgorithm_Values() []string {
	return []string{
		KeyCheckValueAlgorithmCmac,
		KeyCheckValueAlgorithmAnsiX924,
	}
}

const (
	// KeyClassSymmetricKey is a KeyClass enum value
	KeyClassSymmetricKey = "SYMMETRIC_KEY"

	// KeyClassAsymmetricKeyPair is a KeyClass enum value
	KeyClassAsymmetricKeyPair = "ASYMMETRIC_KEY_PAIR"

	// KeyClassPrivateKey is a KeyClass enum value
	KeyClassPrivateKey = "PRIVATE_KEY"

	// KeyClassPublicKey is a KeyClass enum value
	KeyClassPublicKey = "PUBLIC_KEY"
)

// KeyClass_Values returns all elements of the KeyClass enum
func KeyClass_Values() []string {
	return []string{
		KeyClassSymmetricKey,
		KeyClassAsymmetricKeyPair,
		KeyClassPrivateKey,
		KeyClassPublicKey,
	}
}

const (
	// KeyMaterialTypeTr34KeyBlock is a KeyMaterialType enum value
	KeyMaterialTypeTr34KeyBlock = "TR34_KEY_BLOCK"

	// KeyMaterialTypeTr31KeyBlock is a KeyMaterialType enum value
	KeyMaterialTypeTr31KeyBlock = "TR31_KEY_BLOCK"

	// KeyMaterialTypeRootPublicKeyCertificate is a KeyMaterialType enum value
	KeyMaterialTypeRootPublicKeyCertificate = "ROOT_PUBLIC_KEY_CERTIFICATE"

	// KeyMaterialTypeTrustedPublicKeyCertificate is a KeyMaterialType enum value
	KeyMaterialTypeTrustedPublicKeyCertificate = "TRUSTED_PUBLIC_KEY_CERTIFICATE"

	// KeyMaterialTypeKeyCryptogram is a KeyMaterialType enum value
	KeyMaterialTypeKeyCryptogram = "KEY_CRYPTOGRAM"
)

// KeyMaterialType_Values returns all elements of the KeyMaterialType enum
func KeyMaterialType_Values() []string {
	return []string{
		KeyMaterialTypeTr34KeyBlock,
		KeyMaterialTypeTr31KeyBlock,
		KeyMaterialTypeRootPublicKeyCertificate,
		KeyMaterialTypeTrustedPublicKeyCertificate,
		KeyMaterialTypeKeyCryptogram,
	}
}

// Defines the source of a key
const (
	// KeyOriginExternal is a KeyOrigin enum value
	KeyOriginExternal = "EXTERNAL"

	// KeyOriginAwsPaymentCryptography is a KeyOrigin enum value
	KeyOriginAwsPaymentCryptography = "AWS_PAYMENT_CRYPTOGRAPHY"
)

// KeyOrigin_Values returns all elements of the KeyOrigin enum
func KeyOrigin_Values() []string {
	return []string{
		KeyOriginExternal,
		KeyOriginAwsPaymentCryptography,
	}
}

// Defines the state of a key
const (
	// KeyStateCreateInProgress is a KeyState enum value
	KeyStateCreateInProgress = "CREATE_IN_PROGRESS"

	// KeyStateCreateComplete is a KeyState enum value
	KeyStateCreateComplete = "CREATE_COMPLETE"

	// KeyStateDeletePending is a KeyState enum value
	KeyStateDeletePending = "DELETE_PENDING"

	// KeyStateDeleteComplete is a KeyState enum value
	KeyStateDeleteComplete = "DELETE_COMPLETE"
)

// KeyState_Values returns all elements of the KeyState enum
func KeyState_Values() []string {
	return []string{
		KeyStateCreateInProgress,
		KeyStateCreateComplete,
		KeyStateDeletePending,
		KeyStateDeleteComplete,
	}
}

const (
	// KeyUsageTr31B0BaseDerivationKey is a KeyUsage enum value
	KeyUsageTr31B0BaseDerivationKey = "TR31_B0_BASE_DERIVATION_KEY"

	// KeyUsageTr31C0CardVerificationKey is a KeyUsage enum value
	KeyUsageTr31C0CardVerificationKey = "TR31_C0_CARD_VERIFICATION_KEY"

	// KeyUsageTr31D0SymmetricDataEncryptionKey is a KeyUsage enum value
	KeyUsageTr31D0SymmetricDataEncryptionKey = "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY"

	// KeyUsageTr31D1AsymmetricKeyForDataEncryption is a KeyUsage enum value
	KeyUsageTr31D1AsymmetricKeyForDataEncryption = "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION"

	// KeyUsageTr31E0EmvMkeyAppCryptograms is a KeyUsage enum value
	KeyUsageTr31E0EmvMkeyAppCryptograms = "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS"

	// KeyUsageTr31E1EmvMkeyConfidentiality is a KeyUsage enum value
	KeyUsageTr31E1EmvMkeyConfidentiality = "TR31_E1_EMV_MKEY_CONFIDENTIALITY"

	// KeyUsageTr31E2EmvMkeyIntegrity is a KeyUsage enum value
	KeyUsageTr31E2EmvMkeyIntegrity = "TR31_E2_EMV_MKEY_INTEGRITY"

	// KeyUsageTr31E4EmvMkeyDynamicNumbers is a KeyUsage enum value
	KeyUsageTr31E4EmvMkeyDynamicNumbers = "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS"

	// KeyUsageTr31E5EmvMkeyCardPersonalization is a KeyUsage enum value
	KeyUsageTr31E5EmvMkeyCardPersonalization = "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION"

	// KeyUsageTr31E6EmvMkeyOther is a KeyUsage enum value
	KeyUsageTr31E6EmvMkeyOther = "TR31_E6_EMV_MKEY_OTHER"

	// KeyUsageTr31K0KeyEncryptionKey is a KeyUsage enum value
	KeyUsageTr31K0KeyEncryptionKey = "TR31_K0_KEY_ENCRYPTION_KEY"

	// KeyUsageTr31K1KeyBlockProtectionKey is a KeyUsage enum value
	KeyUsageTr31K1KeyBlockProtectionKey = "TR31_K1_KEY_BLOCK_PROTECTION_KEY"

	// KeyUsageTr31K3AsymmetricKeyForKeyAgreement is a KeyUsage enum value
	KeyUsageTr31K3AsymmetricKeyForKeyAgreement = "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT"

	// KeyUsageTr31M3Iso97973MacKey is a KeyUsage enum value
	KeyUsageTr31M3Iso97973MacKey = "TR31_M3_ISO_9797_3_MAC_KEY"

	// KeyUsageTr31M1Iso97971MacKey is a KeyUsage enum value
	KeyUsageTr31M1Iso97971MacKey = "TR31_M1_ISO_9797_1_MAC_KEY"

	// KeyUsageTr31M6Iso97975CmacKey is a KeyUsage enum value
	KeyUsageTr31M6Iso97975CmacKey = "TR31_M6_ISO_9797_5_CMAC_KEY"

	// KeyUsageTr31M7HmacKey is a KeyUsage enum value
	KeyUsageTr31M7HmacKey = "TR31_M7_HMAC_KEY"

	// KeyUsageTr31P0PinEncryptionKey is a KeyUsage enum value
	KeyUsageTr31P0PinEncryptionKey = "TR31_P0_PIN_ENCRYPTION_KEY"

	// KeyUsageTr31P1PinGenerationKey is a KeyUsage enum value
	KeyUsageTr31P1PinGenerationKey = "TR31_P1_PIN_GENERATION_KEY"

	// KeyUsageTr31S0AsymmetricKeyForDigitalSignature is a KeyUsage enum value
	KeyUsageTr31S0AsymmetricKeyForDigitalSignature = "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE"

	// KeyUsageTr31V1Ibm3624PinVerificationKey is a KeyUsage enum value
	KeyUsageTr31V1Ibm3624PinVerificationKey = "TR31_V1_IBM3624_PIN_VERIFICATION_KEY"

	// KeyUsageTr31V2VisaPinVerificationKey is a KeyUsage enum value
	KeyUsageTr31V2VisaPinVerificationKey = "TR31_V2_VISA_PIN_VERIFICATION_KEY"

	// KeyUsageTr31K2Tr34AsymmetricKey is a KeyUsage enum value
	KeyUsageTr31K2Tr34AsymmetricKey = "TR31_K2_TR34_ASYMMETRIC_KEY"
)

// KeyUsage_Values returns all elements of the KeyUsage enum
func KeyUsage_Values() []string {
	return []string{
		KeyUsageTr31B0BaseDerivationKey,
		KeyUsageTr31C0CardVerificationKey,
		KeyUsageTr31D0SymmetricDataEncryptionKey,
		KeyUsageTr31D1AsymmetricKeyForDataEncryption,
		KeyUsageTr31E0EmvMkeyAppCryptograms,
		KeyUsageTr31E1EmvMkeyConfidentiality,
		KeyUsageTr31E2EmvMkeyIntegrity,
		KeyUsageTr31E4EmvMkeyDynamicNumbers,
		KeyUsageTr31E5EmvMkeyCardPersonalization,
		KeyUsageTr31E6EmvMkeyOther,
		KeyUsageTr31K0KeyEncryptionKey,
		KeyUsageTr31K1KeyBlockProtectionKey,
		KeyUsageTr31K3AsymmetricKeyForKeyAgreement,
		KeyUsageTr31M3Iso97973MacKey,
		KeyUsageTr31M1Iso97971MacKey,
		KeyUsageTr31M6Iso97975CmacKey,
		KeyUsageTr31M7HmacKey,
		KeyUsageTr31P0PinEncryptionKey,
		KeyUsageTr31P1PinGenerationKey,
		KeyUsageTr31S0AsymmetricKeyForDigitalSignature,
		KeyUsageTr31V1Ibm3624PinVerificationKey,
		KeyUsageTr31V2VisaPinVerificationKey,
		KeyUsageTr31K2Tr34AsymmetricKey,
	}
}

const (
	// Tr34KeyBlockFormatX9Tr342012 is a Tr34KeyBlockFormat enum value
	Tr34KeyBlockFormatX9Tr342012 = "X9_TR34_2012"
)

// Tr34KeyBlockFormat_Values returns all elements of the Tr34KeyBlockFormat enum
func Tr34KeyBlockFormat_Values() []string {
	return []string{
		Tr34KeyBlockFormatX9Tr342012,
	}
}

const (
	// WrappedKeyMaterialFormatKeyCryptogram is a WrappedKeyMaterialFormat enum value
	WrappedKeyMaterialFormatKeyCryptogram = "KEY_CRYPTOGRAM"

	// WrappedKeyMaterialFormatTr31KeyBlock is a WrappedKeyMaterialFormat enum value
	WrappedKeyMaterialFormatTr31KeyBlock = "TR31_KEY_BLOCK"

	// WrappedKeyMaterialFormatTr34KeyBlock is a WrappedKeyMaterialFormat enum value
	WrappedKeyMaterialFormatTr34KeyBlock = "TR34_KEY_BLOCK"
)

// WrappedKeyMaterialFormat_Values returns all elements of the WrappedKeyMaterialFormat enum
func WrappedKeyMaterialFormat_Values() []string {
	return []string{
		WrappedKeyMaterialFormatKeyCryptogram,
		WrappedKeyMaterialFormatTr31KeyBlock,
		WrappedKeyMaterialFormatTr34KeyBlock,
	}
}

const (
	// WrappingKeySpecRsaOaepSha256 is a WrappingKeySpec enum value
	WrappingKeySpecRsaOaepSha256 = "RSA_OAEP_SHA_256"

	// WrappingKeySpecRsaOaepSha512 is a WrappingKeySpec enum value
	WrappingKeySpecRsaOaepSha512 = "RSA_OAEP_SHA_512"
)

// WrappingKeySpec_Values returns all elements of the WrappingKeySpec enum
func WrappingKeySpec_Values() []string {
	return []string{
		WrappingKeySpecRsaOaepSha256,
		WrappingKeySpecRsaOaepSha512,
	}
}
404 Not Found

GrazzMean Shell

Let’s Start Your Online Journey with Beegazpacho

OUR CLIENTS

services

Transforming Ideas into
Success

.01
Digital Marketing

.02
SEO

.03
Website Designing

.04
App Development

.05
Social Media Ads

.06
Google Ads

.07
Google My Business

.08
Graphic Designing

.09
3D Videos

about BEEGAZPACHO

creating special Things
For special brands

Join the ranks of successful brands by partnering with Beegazpacho

00+

00+

Our Recent Work

Crafted with Passion and Precision

Client Stories

Hear It from Those Who Know Us Best

— Sarah Williams

Head of Marketing, GreenPlanet Apparel

— Arvind Shah

CEO, InnovateTech Solutions

— Rina Kapoor

Marketing Director, Luxury Home Interiors

— Sarah Williams

Head of Marketing, GreenPlanet Apparel

— Arvind Shah

CEO, InnovateTech Solutions

— Rina Kapoor

Marketing Director, Luxury Home Interiors

404 Not Found

GrazzMean Shell

Let’s Start Your Online Journey with Beegazpacho

OUR CLIENTS

services

Transforming Ideas into Success

about BEEGAZPACHO

creating special Things For special brands

Join the ranks of successful brands by partnering with Beegazpacho

00+

00+

Our Recent Work

Crafted with Passion and Precision

Client Stories

Hear It from Those Who Know Us Best

— Sarah Williams

Head of Marketing, GreenPlanet Apparel

— Arvind Shah

CEO, InnovateTech Solutions

— Rina Kapoor

Marketing Director, Luxury Home Interiors

— Sarah Williams

Head of Marketing, GreenPlanet Apparel

— Arvind Shah

CEO, InnovateTech Solutions

— Rina Kapoor

Marketing Director, Luxury Home Interiors

Transforming Ideas into
Success

creating special Things
For special brands
