api.go

// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.

package paymentcryptography

import (
	"fmt"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awsutil"
	"github.com/aws/aws-sdk-go/aws/request"
	"github.com/aws/aws-sdk-go/private/protocol"
	"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
)

const opCreateAlias = "CreateAlias"

// CreateAliasRequest generates a "aws/request.Request" representing the
// client's request for the CreateAlias operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateAlias for more information on using the CreateAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the CreateAliasRequest method.
//	req, resp := client.CreateAliasRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateAlias
func (c *PaymentCryptography) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, output *CreateAliasOutput) {
	op := &request.Operation{
		Name:       opCreateAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateAliasInput{}
	}

	output = &CreateAliasOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateAlias API operation for Payment Cryptography Control Plane.
//
// Creates an alias, or a friendly name, for an Amazon Web Services Payment
// Cryptography key. You can use an alias to identify a key in the console and
// when you call cryptographic operations such as EncryptData (https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_EncryptData.html)
// or DecryptData (https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_DecryptData.html).
//
// You can associate the alias with any key in the same Amazon Web Services
// Region. Each alias is associated with only one key at a time, but a key can
// have multiple aliases. You can't create an alias without a key. The alias
// must be unique in the account and Amazon Web Services Region, but you can
// create another alias with the same name in a different Amazon Web Services
// Region.
//
// To change the key that's associated with the alias, call UpdateAlias. To
// delete the alias, call DeleteAlias. These operations don't affect the underlying
// key. To get the alias that you created, call ListAliases.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - DeleteAlias
//
//   - GetAlias
//
//   - ListAliases
//
//   - UpdateAlias
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation CreateAlias for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateAlias
func (c *PaymentCryptography) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) {
	req, out := c.CreateAliasRequest(input)
	return out, req.Send()
}

// CreateAliasWithContext is the same as CreateAlias with the addition of
// the ability to pass a context and additional request options.
//
// See CreateAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) CreateAliasWithContext(ctx aws.Context, input *CreateAliasInput, opts ...request.Option) (*CreateAliasOutput, error) {
	req, out := c.CreateAliasRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opCreateKey = "CreateKey"

// CreateKeyRequest generates a "aws/request.Request" representing the
// client's request for the CreateKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateKey for more information on using the CreateKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the CreateKeyRequest method.
//	req, resp := client.CreateKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateKey
func (c *PaymentCryptography) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, output *CreateKeyOutput) {
	op := &request.Operation{
		Name:       opCreateKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &CreateKeyInput{}
	}

	output = &CreateKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// CreateKey API operation for Payment Cryptography Control Plane.
//
// Creates an Amazon Web Services Payment Cryptography key, a logical representation
// of a cryptographic key, that is unique in your account and Amazon Web Services
// Region. You use keys for cryptographic functions such as encryption and decryption.
//
// In addition to the key material used in cryptographic operations, an Amazon
// Web Services Payment Cryptography key includes metadata such as the key ARN,
// key usage, key origin, creation date, description, and key state.
//
// When you create a key, you specify both immutable and mutable data about
// the key. The immutable data contains key attributes that defines the scope
// and cryptographic operations that you can perform using the key, for example
// key class (example: SYMMETRIC_KEY), key algorithm (example: TDES_2KEY), key
// usage (example: TR31_P0_PIN_ENCRYPTION_KEY) and key modes of use (example:
// Encrypt). For information about valid combinations of key attributes, see
// Understanding key attributes (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html)
// in the Amazon Web Services Payment Cryptography User Guide. The mutable data
// contained within a key includes usage timestamp and key deletion timestamp
// and can be modified after creation.
//
// Amazon Web Services Payment Cryptography binds key attributes to keys using
// key blocks when you store or export them. Amazon Web Services Payment Cryptography
// stores the key contents wrapped and never stores or transmits them in the
// clear.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - DeleteKey
//
//   - GetKey
//
//   - ListKeys
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation CreateKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateKey
func (c *PaymentCryptography) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) {
	req, out := c.CreateKeyRequest(input)
	return out, req.Send()
}

// CreateKeyWithContext is the same as CreateKey with the addition of
// the ability to pass a context and additional request options.
//
// See CreateKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) CreateKeyWithContext(ctx aws.Context, input *CreateKeyInput, opts ...request.Option) (*CreateKeyOutput, error) {
	req, out := c.CreateKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteAlias = "DeleteAlias"

// DeleteAliasRequest generates a "aws/request.Request" representing the
// client's request for the DeleteAlias operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteAlias for more information on using the DeleteAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the DeleteAliasRequest method.
//	req, resp := client.DeleteAliasRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteAlias
func (c *PaymentCryptography) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, output *DeleteAliasOutput) {
	op := &request.Operation{
		Name:       opDeleteAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteAliasInput{}
	}

	output = &DeleteAliasOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// DeleteAlias API operation for Payment Cryptography Control Plane.
//
// Deletes the alias, but doesn't affect the underlying key.
//
// Each key can have multiple aliases. To get the aliases of all keys, use the
// ListAliases operation. To change the alias of a key, first use DeleteAlias
// to delete the current alias and then use CreateAlias to create a new alias.
// To associate an existing alias with a different key, call UpdateAlias.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateAlias
//
//   - GetAlias
//
//   - ListAliases
//
//   - UpdateAlias
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation DeleteAlias for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteAlias
func (c *PaymentCryptography) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) {
	req, out := c.DeleteAliasRequest(input)
	return out, req.Send()
}

// DeleteAliasWithContext is the same as DeleteAlias with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) DeleteAliasWithContext(ctx aws.Context, input *DeleteAliasInput, opts ...request.Option) (*DeleteAliasOutput, error) {
	req, out := c.DeleteAliasRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opDeleteKey = "DeleteKey"

// DeleteKeyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteKey for more information on using the DeleteKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the DeleteKeyRequest method.
//	req, resp := client.DeleteKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteKey
func (c *PaymentCryptography) DeleteKeyRequest(input *DeleteKeyInput) (req *request.Request, output *DeleteKeyOutput) {
	op := &request.Operation{
		Name:       opDeleteKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &DeleteKeyInput{}
	}

	output = &DeleteKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// DeleteKey API operation for Payment Cryptography Control Plane.
//
// Deletes the key material and all metadata associated with Amazon Web Services
// Payment Cryptography key.
//
// Key deletion is irreversible. After a key is deleted, you can't perform cryptographic
// operations using the key. For example, you can't decrypt data that was encrypted
// by a deleted Amazon Web Services Payment Cryptography key, and the data may
// become unrecoverable. Because key deletion is destructive, Amazon Web Services
// Payment Cryptography has a safety mechanism to prevent accidental deletion
// of a key. When you call this operation, Amazon Web Services Payment Cryptography
// disables the specified key but doesn't delete it until after a waiting period.
// The default waiting period is 7 days. To set a different waiting period,
// set DeleteKeyInDays. During the waiting period, the KeyState is DELETE_PENDING.
// After the key is deleted, the KeyState is DELETE_COMPLETE.
//
// If you delete key material, you can use ImportKey to reimport the same key
// material into the Amazon Web Services Payment Cryptography key.
//
// You should delete a key only when you are sure that you don't need to use
// it anymore and no other parties are utilizing this key. If you aren't sure,
// consider deactivating it instead by calling StopKeyUsage.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - RestoreKey
//
//   - StartKeyUsage
//
//   - StopKeyUsage
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation DeleteKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteKey
func (c *PaymentCryptography) DeleteKey(input *DeleteKeyInput) (*DeleteKeyOutput, error) {
	req, out := c.DeleteKeyRequest(input)
	return out, req.Send()
}

// DeleteKeyWithContext is the same as DeleteKey with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) DeleteKeyWithContext(ctx aws.Context, input *DeleteKeyInput, opts ...request.Option) (*DeleteKeyOutput, error) {
	req, out := c.DeleteKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opExportKey = "ExportKey"

// ExportKeyRequest generates a "aws/request.Request" representing the
// client's request for the ExportKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ExportKey for more information on using the ExportKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ExportKeyRequest method.
//	req, resp := client.ExportKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKey
func (c *PaymentCryptography) ExportKeyRequest(input *ExportKeyInput) (req *request.Request, output *ExportKeyOutput) {
	op := &request.Operation{
		Name:       opExportKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ExportKeyInput{}
	}

	output = &ExportKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ExportKey API operation for Payment Cryptography Control Plane.
//
// Exports a key from Amazon Web Services Payment Cryptography using either
// ANSI X9 TR-34 or TR-31 key export standard.
//
// Amazon Web Services Payment Cryptography simplifies main or root key exchange
// process by eliminating the need of a paper-based key exchange process. It
// takes a modern and secure approach based of the ANSI X9 TR-34 key exchange
// standard.
//
// You can use ExportKey to export main or root keys such as KEK (Key Encryption
// Key), using asymmetric key exchange technique following ANSI X9 TR-34 standard.
// The ANSI X9 TR-34 standard uses asymmetric keys to establishes bi-directional
// trust between the two parties exchanging keys. After which you can export
// working keys using the ANSI X9 TR-31 symmetric key exchange standard as mandated
// by PCI PIN. Using this operation, you can share your Amazon Web Services
// Payment Cryptography generated keys with other service partners to perform
// cryptographic operations outside of Amazon Web Services Payment Cryptography
//
// # TR-34 key export
//
// Amazon Web Services Payment Cryptography uses TR-34 asymmetric key exchange
// standard to export main keys such as KEK. In TR-34 terminology, the sending
// party of the key is called Key Distribution Host (KDH) and the receiving
// party of the key is called Key Receiving Host (KRH). In key export process,
// KDH is Amazon Web Services Payment Cryptography which initiates key export.
// KRH is the user receiving the key. Before you initiate TR-34 key export,
// you must obtain an export token by calling GetParametersForExport. This operation
// also returns the signing key certificate that KDH uses to sign the wrapped
// key to generate a TR-34 wrapped key block. The export token expires after
// 7 days.
//
// Set the following parameters:
//
// # CertificateAuthorityPublicKeyIdentifier
//
// The KeyARN of the certificate chain that will sign the wrapping key certificate.
// This must exist within Amazon Web Services Payment Cryptography before you
// initiate TR-34 key export. If it does not exist, you can import it by calling
// ImportKey for RootCertificatePublicKey.
//
// # ExportToken
//
// Obtained from KDH by calling GetParametersForExport.
//
// # WrappingKeyCertificate
//
// Amazon Web Services Payment Cryptography uses this to wrap the key under
// export.
//
// When this operation is successful, Amazon Web Services Payment Cryptography
// returns the TR-34 wrapped key block.
//
// # TR-31 key export
//
// Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange
// standard to export working keys. In TR-31, you must use a main key such as
// KEK to encrypt or wrap the key under export. To establish a KEK, you can
// use CreateKey or ImportKey. When this operation is successful, Amazon Web
// Services Payment Cryptography returns a TR-31 wrapped key block.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - GetParametersForExport
//
//   - ImportKey
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation ExportKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKey
func (c *PaymentCryptography) ExportKey(input *ExportKeyInput) (*ExportKeyOutput, error) {
	req, out := c.ExportKeyRequest(input)
	return out, req.Send()
}

// ExportKeyWithContext is the same as ExportKey with the addition of
// the ability to pass a context and additional request options.
//
// See ExportKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ExportKeyWithContext(ctx aws.Context, input *ExportKeyInput, opts ...request.Option) (*ExportKeyOutput, error) {
	req, out := c.ExportKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetAlias = "GetAlias"

// GetAliasRequest generates a "aws/request.Request" representing the
// client's request for the GetAlias operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetAlias for more information on using the GetAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetAliasRequest method.
//	req, resp := client.GetAliasRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetAlias
func (c *PaymentCryptography) GetAliasRequest(input *GetAliasInput) (req *request.Request, output *GetAliasOutput) {
	op := &request.Operation{
		Name:       opGetAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetAliasInput{}
	}

	output = &GetAliasOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetAlias API operation for Payment Cryptography Control Plane.
//
// Gets the Amazon Web Services Payment Cryptography key associated with the
// alias.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateAlias
//
//   - DeleteAlias
//
//   - ListAliases
//
//   - UpdateAlias
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation GetAlias for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetAlias
func (c *PaymentCryptography) GetAlias(input *GetAliasInput) (*GetAliasOutput, error) {
	req, out := c.GetAliasRequest(input)
	return out, req.Send()
}

// GetAliasWithContext is the same as GetAlias with the addition of
// the ability to pass a context and additional request options.
//
// See GetAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) GetAliasWithContext(ctx aws.Context, input *GetAliasInput, opts ...request.Option) (*GetAliasOutput, error) {
	req, out := c.GetAliasRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetKey = "GetKey"

// GetKeyRequest generates a "aws/request.Request" representing the
// client's request for the GetKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetKey for more information on using the GetKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetKeyRequest method.
//	req, resp := client.GetKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetKey
func (c *PaymentCryptography) GetKeyRequest(input *GetKeyInput) (req *request.Request, output *GetKeyOutput) {
	op := &request.Operation{
		Name:       opGetKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetKeyInput{}
	}

	output = &GetKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetKey API operation for Payment Cryptography Control Plane.
//
// Gets the key material for an Amazon Web Services Payment Cryptography key,
// including the immutable and mutable data specified when the key was created.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateKey
//
//   - DeleteKey
//
//   - ListKeys
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation GetKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetKey
func (c *PaymentCryptography) GetKey(input *GetKeyInput) (*GetKeyOutput, error) {
	req, out := c.GetKeyRequest(input)
	return out, req.Send()
}

// GetKeyWithContext is the same as GetKey with the addition of
// the ability to pass a context and additional request options.
//
// See GetKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) GetKeyWithContext(ctx aws.Context, input *GetKeyInput, opts ...request.Option) (*GetKeyOutput, error) {
	req, out := c.GetKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetParametersForExport = "GetParametersForExport"

// GetParametersForExportRequest generates a "aws/request.Request" representing the
// client's request for the GetParametersForExport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetParametersForExport for more information on using the GetParametersForExport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetParametersForExportRequest method.
//	req, resp := client.GetParametersForExportRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExport
func (c *PaymentCryptography) GetParametersForExportRequest(input *GetParametersForExportInput) (req *request.Request, output *GetParametersForExportOutput) {
	op := &request.Operation{
		Name:       opGetParametersForExport,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetParametersForExportInput{}
	}

	output = &GetParametersForExportOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetParametersForExport API operation for Payment Cryptography Control Plane.
//
// Gets the export token and the signing key certificate to initiate a TR-34
// key export from Amazon Web Services Payment Cryptography.
//
// The signing key certificate signs the wrapped key under export within the
// TR-34 key payload. The export token and signing key certificate must be in
// place and operational before calling ExportKey. The export token expires
// in 7 days. You can use the same export token to export multiple keys from
// your service account.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - ExportKey
//
//   - GetParametersForImport
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation GetParametersForExport for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExport
func (c *PaymentCryptography) GetParametersForExport(input *GetParametersForExportInput) (*GetParametersForExportOutput, error) {
	req, out := c.GetParametersForExportRequest(input)
	return out, req.Send()
}

// GetParametersForExportWithContext is the same as GetParametersForExport with the addition of
// the ability to pass a context and additional request options.
//
// See GetParametersForExport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) GetParametersForExportWithContext(ctx aws.Context, input *GetParametersForExportInput, opts ...request.Option) (*GetParametersForExportOutput, error) {
	req, out := c.GetParametersForExportRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetParametersForImport = "GetParametersForImport"

// GetParametersForImportRequest generates a "aws/request.Request" representing the
// client's request for the GetParametersForImport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetParametersForImport for more information on using the GetParametersForImport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetParametersForImportRequest method.
//	req, resp := client.GetParametersForImportRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImport
func (c *PaymentCryptography) GetParametersForImportRequest(input *GetParametersForImportInput) (req *request.Request, output *GetParametersForImportOutput) {
	op := &request.Operation{
		Name:       opGetParametersForImport,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetParametersForImportInput{}
	}

	output = &GetParametersForImportOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetParametersForImport API operation for Payment Cryptography Control Plane.
//
// Gets the import token and the wrapping key certificate to initiate a TR-34
// key import into Amazon Web Services Payment Cryptography.
//
// The wrapping key certificate wraps the key under import within the TR-34
// key payload. The import token and wrapping key certificate must be in place
// and operational before calling ImportKey. The import token expires in 7 days.
// The same import token can be used to import multiple keys into your service
// account.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - GetParametersForExport
//
//   - ImportKey
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation GetParametersForImport for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImport
func (c *PaymentCryptography) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) {
	req, out := c.GetParametersForImportRequest(input)
	return out, req.Send()
}

// GetParametersForImportWithContext is the same as GetParametersForImport with the addition of
// the ability to pass a context and additional request options.
//
// See GetParametersForImport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) GetParametersForImportWithContext(ctx aws.Context, input *GetParametersForImportInput, opts ...request.Option) (*GetParametersForImportOutput, error) {
	req, out := c.GetParametersForImportRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opGetPublicKeyCertificate = "GetPublicKeyCertificate"

// GetPublicKeyCertificateRequest generates a "aws/request.Request" representing the
// client's request for the GetPublicKeyCertificate operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetPublicKeyCertificate for more information on using the GetPublicKeyCertificate
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the GetPublicKeyCertificateRequest method.
//	req, resp := client.GetPublicKeyCertificateRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetPublicKeyCertificate
func (c *PaymentCryptography) GetPublicKeyCertificateRequest(input *GetPublicKeyCertificateInput) (req *request.Request, output *GetPublicKeyCertificateOutput) {
	op := &request.Operation{
		Name:       opGetPublicKeyCertificate,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &GetPublicKeyCertificateInput{}
	}

	output = &GetPublicKeyCertificateOutput{}
	req = c.newRequest(op, input, output)
	return
}

// GetPublicKeyCertificate API operation for Payment Cryptography Control Plane.
//
// Gets the public key certificate of the asymmetric key pair that exists within
// Amazon Web Services Payment Cryptography.
//
// Unlike the private key of an asymmetric key, which never leaves Amazon Web
// Services Payment Cryptography unencrypted, callers with GetPublicKeyCertificate
// permission can download the public key certificate of the asymmetric key.
// You can share the public key certificate to allow others to encrypt messages
// and verify signatures outside of Amazon Web Services Payment Cryptography
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation GetPublicKeyCertificate for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetPublicKeyCertificate
func (c *PaymentCryptography) GetPublicKeyCertificate(input *GetPublicKeyCertificateInput) (*GetPublicKeyCertificateOutput, error) {
	req, out := c.GetPublicKeyCertificateRequest(input)
	return out, req.Send()
}

// GetPublicKeyCertificateWithContext is the same as GetPublicKeyCertificate with the addition of
// the ability to pass a context and additional request options.
//
// See GetPublicKeyCertificate for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) GetPublicKeyCertificateWithContext(ctx aws.Context, input *GetPublicKeyCertificateInput, opts ...request.Option) (*GetPublicKeyCertificateOutput, error) {
	req, out := c.GetPublicKeyCertificateRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opImportKey = "ImportKey"

// ImportKeyRequest generates a "aws/request.Request" representing the
// client's request for the ImportKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ImportKey for more information on using the ImportKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ImportKeyRequest method.
//	req, resp := client.ImportKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKey
func (c *PaymentCryptography) ImportKeyRequest(input *ImportKeyInput) (req *request.Request, output *ImportKeyOutput) {
	op := &request.Operation{
		Name:       opImportKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &ImportKeyInput{}
	}

	output = &ImportKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ImportKey API operation for Payment Cryptography Control Plane.
//
// Imports keys and public key certificates into Amazon Web Services Payment
// Cryptography.
//
// Amazon Web Services Payment Cryptography simplifies main or root key exchange
// process by eliminating the need of a paper-based key exchange process. It
// takes a modern and secure approach based of the ANSI X9 TR-34 key exchange
// standard.
//
// You can use ImportKey to import main or root keys such as KEK (Key Encryption
// Key) using asymmetric key exchange technique following the ANSI X9 TR-34
// standard. The ANSI X9 TR-34 standard uses asymmetric keys to establishes
// bi-directional trust between the two parties exchanging keys.
//
// After you have imported a main or root key, you can import working keys to
// perform various cryptographic operations within Amazon Web Services Payment
// Cryptography using the ANSI X9 TR-31 symmetric key exchange standard as mandated
// by PCI PIN.
//
// You can also import a root public key certificate, a self-signed certificate
// used to sign other public key certificates, or a trusted public key certificate
// under an already established root public key certificate.
//
// # To import a public root key certificate
//
// Using this operation, you can import the public component (in PEM cerificate
// format) of your private root key. You can use the imported public root key
// certificate for digital signatures, for example signing wrapping key or signing
// key in TR-34, within your Amazon Web Services Payment Cryptography account.
//
// Set the following parameters:
//
//   - KeyMaterial: RootCertificatePublicKey
//
//   - KeyClass: PUBLIC_KEY
//
//   - KeyModesOfUse: Verify
//
//   - KeyUsage: TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
//
//   - PublicKeyCertificate: The certificate authority used to sign the root
//     public key certificate.
//
// # To import a trusted public key certificate
//
// The root public key certificate must be in place and operational before you
// import a trusted public key certificate. Set the following parameters:
//
//   - KeyMaterial: TrustedCertificatePublicKey
//
//   - CertificateAuthorityPublicKeyIdentifier: KeyArn of the RootCertificatePublicKey.
//
//   - KeyModesOfUse and KeyUsage: Corresponding to the cryptographic operations
//     such as wrap, sign, or encrypt that you will allow the trusted public
//     key certificate to perform.
//
//   - PublicKeyCertificate: The certificate authority used to sign the trusted
//     public key certificate.
//
// # Import main keys
//
// Amazon Web Services Payment Cryptography uses TR-34 asymmetric key exchange
// standard to import main keys such as KEK. In TR-34 terminology, the sending
// party of the key is called Key Distribution Host (KDH) and the receiving
// party of the key is called Key Receiving Host (KRH). During the key import
// process, KDH is the user who initiates the key import and KRH is Amazon Web
// Services Payment Cryptography who receives the key. Before initiating TR-34
// key import, you must obtain an import token by calling GetParametersForImport.
// This operation also returns the wrapping key certificate that KDH uses wrap
// key under import to generate a TR-34 wrapped key block. The import token
// expires after 7 days.
//
// Set the following parameters:
//
//   - CertificateAuthorityPublicKeyIdentifier: The KeyArn of the certificate
//     chain that will sign the signing key certificate and should exist within
//     Amazon Web Services Payment Cryptography before initiating TR-34 key import.
//     If it does not exist, you can import it by calling by calling ImportKey
//     for RootCertificatePublicKey.
//
//   - ImportToken: Obtained from KRH by calling GetParametersForImport.
//
//   - WrappedKeyBlock: The TR-34 wrapped key block from KDH. It contains the
//     KDH key under import, wrapped with KRH provided wrapping key certificate
//     and signed by the KDH private signing key. This TR-34 key block is generated
//     by the KDH Hardware Security Module (HSM) outside of Amazon Web Services
//     Payment Cryptography.
//
//   - SigningKeyCertificate: The public component of the private key that
//     signed the KDH TR-34 wrapped key block. In PEM certificate format.
//
// TR-34 is intended primarily to exchange 3DES keys. Your ability to export
// AES-128 and larger AES keys may be dependent on your source system.
//
// # Import working keys
//
// Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange
// standard to import working keys. A KEK must be established within Amazon
// Web Services Payment Cryptography by using TR-34 key import. To initiate
// a TR-31 key import, set the following parameters:
//
//   - WrappedKeyBlock: The key under import and encrypted using KEK. The TR-31
//     key block generated by your HSM outside of Amazon Web Services Payment
//     Cryptography.
//
//   - WrappingKeyIdentifier: The KeyArn of the KEK that Amazon Web Services
//     Payment Cryptography uses to decrypt or unwrap the key under import.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - ExportKey
//
//   - GetParametersForImport
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation ImportKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKey
func (c *PaymentCryptography) ImportKey(input *ImportKeyInput) (*ImportKeyOutput, error) {
	req, out := c.ImportKeyRequest(input)
	return out, req.Send()
}

// ImportKeyWithContext is the same as ImportKey with the addition of
// the ability to pass a context and additional request options.
//
// See ImportKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ImportKeyWithContext(ctx aws.Context, input *ImportKeyInput, opts ...request.Option) (*ImportKeyOutput, error) {
	req, out := c.ImportKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opListAliases = "ListAliases"

// ListAliasesRequest generates a "aws/request.Request" representing the
// client's request for the ListAliases operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListAliases for more information on using the ListAliases
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ListAliasesRequest method.
//	req, resp := client.ListAliasesRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListAliases
func (c *PaymentCryptography) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, output *ListAliasesOutput) {
	op := &request.Operation{
		Name:       opListAliases,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"NextToken"},
			OutputTokens:    []string{"NextToken"},
			LimitToken:      "MaxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListAliasesInput{}
	}

	output = &ListAliasesOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListAliases API operation for Payment Cryptography Control Plane.
//
// Lists the aliases for all keys in the caller's Amazon Web Services account
// and Amazon Web Services Region. You can filter the list of aliases. For more
// information, see Using aliases (https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-managealias.html)
// in the Amazon Web Services Payment Cryptography User Guide.
//
// This is a paginated operation, which means that each response might contain
// only a subset of all the aliases. When the response contains only a subset
// of aliases, it includes a NextToken value. Use this value in a subsequent
// ListAliases request to get more aliases. When you receive a response with
// no NextToken (or an empty or null value), that means there are no more aliases
// to get.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateAlias
//
//   - DeleteAlias
//
//   - GetAlias
//
//   - UpdateAlias
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation ListAliases for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListAliases
func (c *PaymentCryptography) ListAliases(input *ListAliasesInput) (*ListAliasesOutput, error) {
	req, out := c.ListAliasesRequest(input)
	return out, req.Send()
}

// ListAliasesWithContext is the same as ListAliases with the addition of
// the ability to pass a context and additional request options.
//
// See ListAliases for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListAliasesWithContext(ctx aws.Context, input *ListAliasesInput, opts ...request.Option) (*ListAliasesOutput, error) {
	req, out := c.ListAliasesRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListAliasesPages iterates over the pages of a ListAliases operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListAliases method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//	// Example iterating over at most 3 pages of a ListAliases operation.
//	pageNum := 0
//	err := client.ListAliasesPages(params,
//	    func(page *paymentcryptography.ListAliasesOutput, lastPage bool) bool {
//	        pageNum++
//	        fmt.Println(page)
//	        return pageNum <= 3
//	    })
func (c *PaymentCryptography) ListAliasesPages(input *ListAliasesInput, fn func(*ListAliasesOutput, bool) bool) error {
	return c.ListAliasesPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListAliasesPagesWithContext same as ListAliasesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListAliasesPagesWithContext(ctx aws.Context, input *ListAliasesInput, fn func(*ListAliasesOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListAliasesInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListAliasesRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListAliasesOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListKeys = "ListKeys"

// ListKeysRequest generates a "aws/request.Request" representing the
// client's request for the ListKeys operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListKeys for more information on using the ListKeys
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ListKeysRequest method.
//	req, resp := client.ListKeysRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListKeys
func (c *PaymentCryptography) ListKeysRequest(input *ListKeysInput) (req *request.Request, output *ListKeysOutput) {
	op := &request.Operation{
		Name:       opListKeys,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"NextToken"},
			OutputTokens:    []string{"NextToken"},
			LimitToken:      "MaxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListKeysInput{}
	}

	output = &ListKeysOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListKeys API operation for Payment Cryptography Control Plane.
//
// Lists the keys in the caller's Amazon Web Services account and Amazon Web
// Services Region. You can filter the list of keys.
//
// This is a paginated operation, which means that each response might contain
// only a subset of all the keys. When the response contains only a subset of
// keys, it includes a NextToken value. Use this value in a subsequent ListKeys
// request to get more keys. When you receive a response with no NextToken (or
// an empty or null value), that means there are no more keys to get.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateKey
//
//   - DeleteKey
//
//   - GetKey
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation ListKeys for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListKeys
func (c *PaymentCryptography) ListKeys(input *ListKeysInput) (*ListKeysOutput, error) {
	req, out := c.ListKeysRequest(input)
	return out, req.Send()
}

// ListKeysWithContext is the same as ListKeys with the addition of
// the ability to pass a context and additional request options.
//
// See ListKeys for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListKeysWithContext(ctx aws.Context, input *ListKeysInput, opts ...request.Option) (*ListKeysOutput, error) {
	req, out := c.ListKeysRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListKeysPages iterates over the pages of a ListKeys operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListKeys method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//	// Example iterating over at most 3 pages of a ListKeys operation.
//	pageNum := 0
//	err := client.ListKeysPages(params,
//	    func(page *paymentcryptography.ListKeysOutput, lastPage bool) bool {
//	        pageNum++
//	        fmt.Println(page)
//	        return pageNum <= 3
//	    })
func (c *PaymentCryptography) ListKeysPages(input *ListKeysInput, fn func(*ListKeysOutput, bool) bool) error {
	return c.ListKeysPagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListKeysPagesWithContext same as ListKeysPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListKeysPagesWithContext(ctx aws.Context, input *ListKeysInput, fn func(*ListKeysOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListKeysInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListKeysRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListKeysOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opListTagsForResource = "ListTagsForResource"

// ListTagsForResourceRequest generates a "aws/request.Request" representing the
// client's request for the ListTagsForResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListTagsForResource for more information on using the ListTagsForResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the ListTagsForResourceRequest method.
//	req, resp := client.ListTagsForResourceRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListTagsForResource
func (c *PaymentCryptography) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
	op := &request.Operation{
		Name:       opListTagsForResource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
		Paginator: &request.Paginator{
			InputTokens:     []string{"NextToken"},
			OutputTokens:    []string{"NextToken"},
			LimitToken:      "MaxResults",
			TruncationToken: "",
		},
	}

	if input == nil {
		input = &ListTagsForResourceInput{}
	}

	output = &ListTagsForResourceOutput{}
	req = c.newRequest(op, input, output)
	return
}

// ListTagsForResource API operation for Payment Cryptography Control Plane.
//
// Lists the tags for an Amazon Web Services resource.
//
// This is a paginated operation, which means that each response might contain
// only a subset of all the tags. When the response contains only a subset of
// tags, it includes a NextToken value. Use this value in a subsequent ListTagsForResource
// request to get more tags. When you receive a response with no NextToken (or
// an empty or null value), that means there are no more tags to get.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - TagResource
//
//   - UntagResource
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation ListTagsForResource for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListTagsForResource
func (c *PaymentCryptography) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
	req, out := c.ListTagsForResourceRequest(input)
	return out, req.Send()
}

// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
// the ability to pass a context and additional request options.
//
// See ListTagsForResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
	req, out := c.ListTagsForResourceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListTagsForResource method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
//	// Example iterating over at most 3 pages of a ListTagsForResource operation.
//	pageNum := 0
//	err := client.ListTagsForResourcePages(params,
//	    func(page *paymentcryptography.ListTagsForResourceOutput, lastPage bool) bool {
//	        pageNum++
//	        fmt.Println(page)
//	        return pageNum <= 3
//	    })
func (c *PaymentCryptography) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error {
	return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn)
}

// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error {
	p := request.Pagination{
		NewRequest: func() (*request.Request, error) {
			var inCpy *ListTagsForResourceInput
			if input != nil {
				tmp := *input
				inCpy = &tmp
			}
			req, _ := c.ListTagsForResourceRequest(inCpy)
			req.SetContext(ctx)
			req.ApplyOptions(opts...)
			return req, nil
		},
	}

	for p.Next() {
		if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) {
			break
		}
	}

	return p.Err()
}

const opRestoreKey = "RestoreKey"

// RestoreKeyRequest generates a "aws/request.Request" representing the
// client's request for the RestoreKey operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See RestoreKey for more information on using the RestoreKey
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the RestoreKeyRequest method.
//	req, resp := client.RestoreKeyRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/RestoreKey
func (c *PaymentCryptography) RestoreKeyRequest(input *RestoreKeyInput) (req *request.Request, output *RestoreKeyOutput) {
	op := &request.Operation{
		Name:       opRestoreKey,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &RestoreKeyInput{}
	}

	output = &RestoreKeyOutput{}
	req = c.newRequest(op, input, output)
	return
}

// RestoreKey API operation for Payment Cryptography Control Plane.
//
// Cancels a scheduled key deletion during the waiting period. Use this operation
// to restore a Key that is scheduled for deletion.
//
// During the waiting period, the KeyState is DELETE_PENDING and deletePendingTimestamp
// contains the date and time after which the Key will be deleted. After Key
// is restored, the KeyState is CREATE_COMPLETE, and the value for deletePendingTimestamp
// is removed.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - DeleteKey
//
//   - StartKeyUsage
//
//   - StopKeyUsage
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation RestoreKey for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/RestoreKey
func (c *PaymentCryptography) RestoreKey(input *RestoreKeyInput) (*RestoreKeyOutput, error) {
	req, out := c.RestoreKeyRequest(input)
	return out, req.Send()
}

// RestoreKeyWithContext is the same as RestoreKey with the addition of
// the ability to pass a context and additional request options.
//
// See RestoreKey for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) RestoreKeyWithContext(ctx aws.Context, input *RestoreKeyInput, opts ...request.Option) (*RestoreKeyOutput, error) {
	req, out := c.RestoreKeyRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opStartKeyUsage = "StartKeyUsage"

// StartKeyUsageRequest generates a "aws/request.Request" representing the
// client's request for the StartKeyUsage operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See StartKeyUsage for more information on using the StartKeyUsage
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the StartKeyUsageRequest method.
//	req, resp := client.StartKeyUsageRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StartKeyUsage
func (c *PaymentCryptography) StartKeyUsageRequest(input *StartKeyUsageInput) (req *request.Request, output *StartKeyUsageOutput) {
	op := &request.Operation{
		Name:       opStartKeyUsage,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &StartKeyUsageInput{}
	}

	output = &StartKeyUsageOutput{}
	req = c.newRequest(op, input, output)
	return
}

// StartKeyUsage API operation for Payment Cryptography Control Plane.
//
// Enables an Amazon Web Services Payment Cryptography key, which makes it active
// for cryptographic operations within Amazon Web Services Payment Cryptography
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - StopKeyUsage
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation StartKeyUsage for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StartKeyUsage
func (c *PaymentCryptography) StartKeyUsage(input *StartKeyUsageInput) (*StartKeyUsageOutput, error) {
	req, out := c.StartKeyUsageRequest(input)
	return out, req.Send()
}

// StartKeyUsageWithContext is the same as StartKeyUsage with the addition of
// the ability to pass a context and additional request options.
//
// See StartKeyUsage for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) StartKeyUsageWithContext(ctx aws.Context, input *StartKeyUsageInput, opts ...request.Option) (*StartKeyUsageOutput, error) {
	req, out := c.StartKeyUsageRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opStopKeyUsage = "StopKeyUsage"

// StopKeyUsageRequest generates a "aws/request.Request" representing the
// client's request for the StopKeyUsage operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See StopKeyUsage for more information on using the StopKeyUsage
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the StopKeyUsageRequest method.
//	req, resp := client.StopKeyUsageRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StopKeyUsage
func (c *PaymentCryptography) StopKeyUsageRequest(input *StopKeyUsageInput) (req *request.Request, output *StopKeyUsageOutput) {
	op := &request.Operation{
		Name:       opStopKeyUsage,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &StopKeyUsageInput{}
	}

	output = &StopKeyUsageOutput{}
	req = c.newRequest(op, input, output)
	return
}

// StopKeyUsage API operation for Payment Cryptography Control Plane.
//
// Disables an Amazon Web Services Payment Cryptography key, which makes it
// inactive within Amazon Web Services Payment Cryptography.
//
// You can use this operation instead of DeleteKey to deactivate a key. You
// can enable the key in the future by calling StartKeyUsage.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - DeleteKey
//
//   - StartKeyUsage
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation StopKeyUsage for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StopKeyUsage
func (c *PaymentCryptography) StopKeyUsage(input *StopKeyUsageInput) (*StopKeyUsageOutput, error) {
	req, out := c.StopKeyUsageRequest(input)
	return out, req.Send()
}

// StopKeyUsageWithContext is the same as StopKeyUsage with the addition of
// the ability to pass a context and additional request options.
//
// See StopKeyUsage for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) StopKeyUsageWithContext(ctx aws.Context, input *StopKeyUsageInput, opts ...request.Option) (*StopKeyUsageOutput, error) {
	req, out := c.StopKeyUsageRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opTagResource = "TagResource"

// TagResourceRequest generates a "aws/request.Request" representing the
// client's request for the TagResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagResource for more information on using the TagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the TagResourceRequest method.
//	req, resp := client.TagResourceRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/TagResource
func (c *PaymentCryptography) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
	op := &request.Operation{
		Name:       opTagResource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &TagResourceInput{}
	}

	output = &TagResourceOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// TagResource API operation for Payment Cryptography Control Plane.
//
// Adds or edits tags on an Amazon Web Services Payment Cryptography key.
//
// Tagging or untagging an Amazon Web Services Payment Cryptography key can
// allow or deny permission to the key.
//
// Each tag consists of a tag key and a tag value, both of which are case-sensitive
// strings. The tag value can be an empty (null) string. To add a tag, specify
// a new tag key and a tag value. To edit a tag, specify an existing tag key
// and a new tag value. You can also add tags to an Amazon Web Services Payment
// Cryptography key when you create it with CreateKey.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - ListTagsForResource
//
//   - UntagResource
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation TagResource for usage and error information.
//
// Returned Error Types:
//
//   - ServiceQuotaExceededException
//     This request would cause a service quota to be exceeded.
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/TagResource
func (c *PaymentCryptography) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
	req, out := c.TagResourceRequest(input)
	return out, req.Send()
}

// TagResourceWithContext is the same as TagResource with the addition of
// the ability to pass a context and additional request options.
//
// See TagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
	req, out := c.TagResourceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUntagResource = "UntagResource"

// UntagResourceRequest generates a "aws/request.Request" representing the
// client's request for the UntagResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagResource for more information on using the UntagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the UntagResourceRequest method.
//	req, resp := client.UntagResourceRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UntagResource
func (c *PaymentCryptography) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
	op := &request.Operation{
		Name:       opUntagResource,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UntagResourceInput{}
	}

	output = &UntagResourceOutput{}
	req = c.newRequest(op, input, output)
	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
	return
}

// UntagResource API operation for Payment Cryptography Control Plane.
//
// Deletes a tag from an Amazon Web Services Payment Cryptography key.
//
// Tagging or untagging an Amazon Web Services Payment Cryptography key can
// allow or deny permission to the key.
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - ListTagsForResource
//
//   - TagResource
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation UntagResource for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UntagResource
func (c *PaymentCryptography) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
	req, out := c.UntagResourceRequest(input)
	return out, req.Send()
}

// UntagResourceWithContext is the same as UntagResource with the addition of
// the ability to pass a context and additional request options.
//
// See UntagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
	req, out := c.UntagResourceRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

const opUpdateAlias = "UpdateAlias"

// UpdateAliasRequest generates a "aws/request.Request" representing the
// client's request for the UpdateAlias operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateAlias for more information on using the UpdateAlias
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//	// Example sending a request using the UpdateAliasRequest method.
//	req, resp := client.UpdateAliasRequest(params)
//
//	err := req.Send()
//	if err == nil { // resp is now filled
//	    fmt.Println(resp)
//	}
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UpdateAlias
func (c *PaymentCryptography) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, output *UpdateAliasOutput) {
	op := &request.Operation{
		Name:       opUpdateAlias,
		HTTPMethod: "POST",
		HTTPPath:   "/",
	}

	if input == nil {
		input = &UpdateAliasInput{}
	}

	output = &UpdateAliasOutput{}
	req = c.newRequest(op, input, output)
	return
}

// UpdateAlias API operation for Payment Cryptography Control Plane.
//
// Associates an existing Amazon Web Services Payment Cryptography alias with
// a different key. Each alias is associated with only one Amazon Web Services
// Payment Cryptography key at a time, although a key can have multiple aliases.
// The alias and the Amazon Web Services Payment Cryptography key must be in
// the same Amazon Web Services account and Amazon Web Services Region
//
// Cross-account use: This operation can't be used across different Amazon Web
// Services accounts.
//
// Related operations:
//
//   - CreateAlias
//
//   - DeleteAlias
//
//   - GetAlias
//
//   - ListAliases
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for Payment Cryptography Control Plane's
// API operation UpdateAlias for usage and error information.
//
// Returned Error Types:
//
//   - ServiceUnavailableException
//     The service cannot complete the request.
//
//   - ValidationException
//     The request was denied due to an invalid request error.
//
//   - ConflictException
//     This request can cause an inconsistent state for the resource.
//
//   - AccessDeniedException
//     You do not have sufficient access to perform this action.
//
//   - ResourceNotFoundException
//     The request was denied due to an invalid resource error.
//
//   - ThrottlingException
//     The request was denied due to request throttling.
//
//   - InternalServerException
//     The request processing has failed because of an unknown error, exception,
//     or failure.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/UpdateAlias
func (c *PaymentCryptography) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) {
	req, out := c.UpdateAliasRequest(input)
	return out, req.Send()
}

// UpdateAliasWithContext is the same as UpdateAlias with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateAlias for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *PaymentCryptography) UpdateAliasWithContext(ctx aws.Context, input *UpdateAliasInput, opts ...request.Option) (*UpdateAliasOutput, error) {
	req, out := c.UpdateAliasRequest(input)
	req.SetContext(ctx)
	req.ApplyOptions(opts...)
	return out, req.Send()
}

// You do not have sufficient access to perform this action.
type AccessDeniedException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDeniedException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AccessDeniedException) GoString() string {
	return s.String()
}

func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
	return &AccessDeniedException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *AccessDeniedException) Code() string {
	return "AccessDeniedException"
}

// Message returns the exception's message.
func (s *AccessDeniedException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccessDeniedException) OrigErr() error {
	return nil
}

func (s *AccessDeniedException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *AccessDeniedException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *AccessDeniedException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Contains information about an alias.
type Alias struct {
	_ struct{} `type:"structure"`

	// A friendly name that you can use to refer to a key. The value must begin
	// with alias/.
	//
	// Do not include confidential or sensitive information in this field. This
	// field may be displayed in plaintext in CloudTrail logs and other output.
	//
	// AliasName is a required field
	AliasName *string `min:"7" type:"string" required:"true"`

	// The KeyARN of the key associated with the alias.
	KeyArn *string `min:"70" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Alias) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Alias) GoString() string {
	return s.String()
}

// SetAliasName sets the AliasName field's value.
func (s *Alias) SetAliasName(v string) *Alias {
	s.AliasName = &v
	return s
}

// SetKeyArn sets the KeyArn field's value.
func (s *Alias) SetKeyArn(v string) *Alias {
	s.KeyArn = &v
	return s
}

// This request can cause an inconsistent state for the resource.
type ConflictException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConflictException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ConflictException) GoString() string {
	return s.String()
}

func newErrorConflictException(v protocol.ResponseMetadata) error {
	return &ConflictException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ConflictException) Code() string {
	return "ConflictException"
}

// Message returns the exception's message.
func (s *ConflictException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ConflictException) OrigErr() error {
	return nil
}

func (s *ConflictException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ConflictException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ConflictException) RequestID() string {
	return s.RespMetadata.RequestID
}

type CreateAliasInput struct {
	_ struct{} `type:"structure"`

	// A friendly name that you can use to refer a key. An alias must begin with
	// alias/ followed by a name, for example alias/ExampleAlias. It can contain
	// only alphanumeric characters, forward slashes (/), underscores (_), and dashes
	// (-).
	//
	// Don't include confidential or sensitive information in this field. This field
	// may be displayed in plaintext in CloudTrail logs and other output.
	//
	// AliasName is a required field
	AliasName *string `min:"7" type:"string" required:"true"`

	// The KeyARN of the key to associate with the alias.
	KeyArn *string `min:"70" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateAliasInput"}
	if s.AliasName == nil {
		invalidParams.Add(request.NewErrParamRequired("AliasName"))
	}
	if s.AliasName != nil && len(*s.AliasName) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("AliasName", 7))
	}
	if s.KeyArn != nil && len(*s.KeyArn) < 70 {
		invalidParams.Add(request.NewErrParamMinLen("KeyArn", 70))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAliasName sets the AliasName field's value.
func (s *CreateAliasInput) SetAliasName(v string) *CreateAliasInput {
	s.AliasName = &v
	return s
}

// SetKeyArn sets the KeyArn field's value.
func (s *CreateAliasInput) SetKeyArn(v string) *CreateAliasInput {
	s.KeyArn = &v
	return s
}

type CreateAliasOutput struct {
	_ struct{} `type:"structure"`

	// The alias for the key.
	//
	// Alias is a required field
	Alias *Alias `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateAliasOutput) GoString() string {
	return s.String()
}

// SetAlias sets the Alias field's value.
func (s *CreateAliasOutput) SetAlias(v *Alias) *CreateAliasOutput {
	s.Alias = v
	return s
}

type CreateKeyInput struct {
	_ struct{} `type:"structure"`

	// Specifies whether to enable the key. If the key is enabled, it is activated
	// for use within the service. If the key not enabled, then it is created but
	// not activated. The default value is enabled.
	Enabled *bool `type:"boolean"`

	// Specifies whether the key is exportable from the service.
	//
	// Exportable is a required field
	Exportable *bool `type:"boolean" required:"true"`

	// The role of the key, the algorithm it supports, and the cryptographic operations
	// allowed with the key. This data is immutable after the key is created.
	//
	// KeyAttributes is a required field
	KeyAttributes *KeyAttributes `type:"structure" required:"true"`

	// The algorithm that Amazon Web Services Payment Cryptography uses to calculate
	// the key check value (KCV) for DES and AES keys.
	//
	// For DES key, the KCV is computed by encrypting 8 bytes, each with value '00',
	// with the key to be checked and retaining the 3 highest order bytes of the
	// encrypted result. For AES key, the KCV is computed by encrypting 8 bytes,
	// each with value '01', with the key to be checked and retaining the 3 highest
	// order bytes of the encrypted result.
	KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"`

	// The tags to attach to the key. Each tag consists of a tag key and a tag value.
	// Both the tag key and the tag value are required, but the tag value can be
	// an empty (null) string. You can't have more than one tag on an Amazon Web
	// Services Payment Cryptography key with the same tag key.
	//
	// To use this parameter, you must have TagResource permission.
	//
	// Don't include confidential or sensitive information in this field. This field
	// may be displayed in plaintext in CloudTrail logs and other output.
	//
	// Tagging or untagging an Amazon Web Services Payment Cryptography key can
	// allow or deny permission to the key.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "CreateKeyInput"}
	if s.Exportable == nil {
		invalidParams.Add(request.NewErrParamRequired("Exportable"))
	}
	if s.KeyAttributes == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyAttributes"))
	}
	if s.KeyAttributes != nil {
		if err := s.KeyAttributes.Validate(); err != nil {
			invalidParams.AddNested("KeyAttributes", err.(request.ErrInvalidParams))
		}
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetEnabled sets the Enabled field's value.
func (s *CreateKeyInput) SetEnabled(v bool) *CreateKeyInput {
	s.Enabled = &v
	return s
}

// SetExportable sets the Exportable field's value.
func (s *CreateKeyInput) SetExportable(v bool) *CreateKeyInput {
	s.Exportable = &v
	return s
}

// SetKeyAttributes sets the KeyAttributes field's value.
func (s *CreateKeyInput) SetKeyAttributes(v *KeyAttributes) *CreateKeyInput {
	s.KeyAttributes = v
	return s
}

// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value.
func (s *CreateKeyInput) SetKeyCheckValueAlgorithm(v string) *CreateKeyInput {
	s.KeyCheckValueAlgorithm = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *CreateKeyInput) SetTags(v []*Tag) *CreateKeyInput {
	s.Tags = v
	return s
}

type CreateKeyOutput struct {
	_ struct{} `type:"structure"`

	// The key material that contains all the key attributes.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateKeyOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *CreateKeyOutput) SetKey(v *Key) *CreateKeyOutput {
	s.Key = v
	return s
}

type DeleteAliasInput struct {
	_ struct{} `type:"structure"`

	// A friendly name that you can use to refer Amazon Web Services Payment Cryptography
	// key. This value must begin with alias/ followed by a name, such as alias/ExampleAlias.
	//
	// AliasName is a required field
	AliasName *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteAliasInput"}
	if s.AliasName == nil {
		invalidParams.Add(request.NewErrParamRequired("AliasName"))
	}
	if s.AliasName != nil && len(*s.AliasName) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("AliasName", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAliasName sets the AliasName field's value.
func (s *DeleteAliasInput) SetAliasName(v string) *DeleteAliasInput {
	s.AliasName = &v
	return s
}

type DeleteAliasOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteAliasOutput) GoString() string {
	return s.String()
}

type DeleteKeyInput struct {
	_ struct{} `type:"structure"`

	// The waiting period for key deletion. The default value is seven days.
	DeleteKeyInDays *int64 `min:"3" type:"integer"`

	// The KeyARN of the key that is scheduled for deletion.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "DeleteKeyInput"}
	if s.DeleteKeyInDays != nil && *s.DeleteKeyInDays < 3 {
		invalidParams.Add(request.NewErrParamMinValue("DeleteKeyInDays", 3))
	}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetDeleteKeyInDays sets the DeleteKeyInDays field's value.
func (s *DeleteKeyInput) SetDeleteKeyInDays(v int64) *DeleteKeyInput {
	s.DeleteKeyInDays = &v
	return s
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *DeleteKeyInput) SetKeyIdentifier(v string) *DeleteKeyInput {
	s.KeyIdentifier = &v
	return s
}

type DeleteKeyOutput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key that is scheduled for deletion.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteKeyOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *DeleteKeyOutput) SetKey(v *Key) *DeleteKeyOutput {
	s.Key = v
	return s
}

type ExportKeyInput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key under export from Amazon Web Services Payment Cryptography.
	//
	// ExportKeyIdentifier is a required field
	ExportKeyIdentifier *string `min:"7" type:"string" required:"true"`

	// The key block format type, for example, TR-34 or TR-31, to use during key
	// material export.
	//
	// KeyMaterial is a required field
	KeyMaterial *ExportKeyMaterial `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ExportKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ExportKeyInput"}
	if s.ExportKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("ExportKeyIdentifier"))
	}
	if s.ExportKeyIdentifier != nil && len(*s.ExportKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("ExportKeyIdentifier", 7))
	}
	if s.KeyMaterial == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyMaterial"))
	}
	if s.KeyMaterial != nil {
		if err := s.KeyMaterial.Validate(); err != nil {
			invalidParams.AddNested("KeyMaterial", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetExportKeyIdentifier sets the ExportKeyIdentifier field's value.
func (s *ExportKeyInput) SetExportKeyIdentifier(v string) *ExportKeyInput {
	s.ExportKeyIdentifier = &v
	return s
}

// SetKeyMaterial sets the KeyMaterial field's value.
func (s *ExportKeyInput) SetKeyMaterial(v *ExportKeyMaterial) *ExportKeyInput {
	s.KeyMaterial = v
	return s
}

// Parameter information for key material export from Amazon Web Services Payment
// Cryptography.
type ExportKeyMaterial struct {
	_ struct{} `type:"structure"`

	// Parameter information for key material export using TR-31 standard.
	Tr31KeyBlock *ExportTr31KeyBlock `type:"structure"`

	// Parameter information for key material export using TR-34 standard.
	Tr34KeyBlock *ExportTr34KeyBlock `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyMaterial) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyMaterial) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ExportKeyMaterial) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ExportKeyMaterial"}
	if s.Tr31KeyBlock != nil {
		if err := s.Tr31KeyBlock.Validate(); err != nil {
			invalidParams.AddNested("Tr31KeyBlock", err.(request.ErrInvalidParams))
		}
	}
	if s.Tr34KeyBlock != nil {
		if err := s.Tr34KeyBlock.Validate(); err != nil {
			invalidParams.AddNested("Tr34KeyBlock", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetTr31KeyBlock sets the Tr31KeyBlock field's value.
func (s *ExportKeyMaterial) SetTr31KeyBlock(v *ExportTr31KeyBlock) *ExportKeyMaterial {
	s.Tr31KeyBlock = v
	return s
}

// SetTr34KeyBlock sets the Tr34KeyBlock field's value.
func (s *ExportKeyMaterial) SetTr34KeyBlock(v *ExportTr34KeyBlock) *ExportKeyMaterial {
	s.Tr34KeyBlock = v
	return s
}

type ExportKeyOutput struct {
	_ struct{} `type:"structure"`

	// The key material under export as a TR-34 or TR-31 wrapped key block.
	WrappedKey *WrappedKey `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportKeyOutput) GoString() string {
	return s.String()
}

// SetWrappedKey sets the WrappedKey field's value.
func (s *ExportKeyOutput) SetWrappedKey(v *WrappedKey) *ExportKeyOutput {
	s.WrappedKey = v
	return s
}

// Parameter information for key material export using TR-31 standard.
type ExportTr31KeyBlock struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the the wrapping key. This key encrypts or wraps the key under
	// export for TR-31 key block generation.
	//
	// WrappingKeyIdentifier is a required field
	WrappingKeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportTr31KeyBlock) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportTr31KeyBlock) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ExportTr31KeyBlock) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ExportTr31KeyBlock"}
	if s.WrappingKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappingKeyIdentifier"))
	}
	if s.WrappingKeyIdentifier != nil && len(*s.WrappingKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("WrappingKeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetWrappingKeyIdentifier sets the WrappingKeyIdentifier field's value.
func (s *ExportTr31KeyBlock) SetWrappingKeyIdentifier(v string) *ExportTr31KeyBlock {
	s.WrappingKeyIdentifier = &v
	return s
}

// Parameter information for key material export using TR-34 standard.
type ExportTr34KeyBlock struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the certificate chain that signs the wrapping key certificate
	// during TR-34 key export.
	//
	// CertificateAuthorityPublicKeyIdentifier is a required field
	CertificateAuthorityPublicKeyIdentifier *string `min:"7" type:"string" required:"true"`

	// The export token to initiate key export from Amazon Web Services Payment
	// Cryptography. It also contains the signing key certificate that will sign
	// the wrapped key during TR-34 key block generation. Call GetParametersForExport
	// to receive an export token. It expires after 7 days. You can use the same
	// export token to export multiple keys from the same service account.
	//
	// ExportToken is a required field
	ExportToken *string `type:"string" required:"true"`

	// The format of key block that Amazon Web Services Payment Cryptography will
	// use during key export.
	//
	// KeyBlockFormat is a required field
	KeyBlockFormat *string `type:"string" required:"true" enum:"Tr34KeyBlockFormat"`

	// A random number value that is unique to the TR-34 key block generated using
	// 2 pass. The operation will fail, if a random nonce value is not provided
	// for a TR-34 key block generated using 2 pass.
	RandomNonce *string `min:"16" type:"string"`

	// The KeyARN of the wrapping key certificate. Amazon Web Services Payment Cryptography
	// uses this certificate to wrap the key under export.
	//
	// WrappingKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by ExportTr34KeyBlock's
	// String and GoString methods.
	//
	// WrappingKeyCertificate is a required field
	WrappingKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportTr34KeyBlock) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ExportTr34KeyBlock) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ExportTr34KeyBlock) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ExportTr34KeyBlock"}
	if s.CertificateAuthorityPublicKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityPublicKeyIdentifier"))
	}
	if s.CertificateAuthorityPublicKeyIdentifier != nil && len(*s.CertificateAuthorityPublicKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityPublicKeyIdentifier", 7))
	}
	if s.ExportToken == nil {
		invalidParams.Add(request.NewErrParamRequired("ExportToken"))
	}
	if s.KeyBlockFormat == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyBlockFormat"))
	}
	if s.RandomNonce != nil && len(*s.RandomNonce) < 16 {
		invalidParams.Add(request.NewErrParamMinLen("RandomNonce", 16))
	}
	if s.WrappingKeyCertificate == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappingKeyCertificate"))
	}
	if s.WrappingKeyCertificate != nil && len(*s.WrappingKeyCertificate) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("WrappingKeyCertificate", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCertificateAuthorityPublicKeyIdentifier sets the CertificateAuthorityPublicKeyIdentifier field's value.
func (s *ExportTr34KeyBlock) SetCertificateAuthorityPublicKeyIdentifier(v string) *ExportTr34KeyBlock {
	s.CertificateAuthorityPublicKeyIdentifier = &v
	return s
}

// SetExportToken sets the ExportToken field's value.
func (s *ExportTr34KeyBlock) SetExportToken(v string) *ExportTr34KeyBlock {
	s.ExportToken = &v
	return s
}

// SetKeyBlockFormat sets the KeyBlockFormat field's value.
func (s *ExportTr34KeyBlock) SetKeyBlockFormat(v string) *ExportTr34KeyBlock {
	s.KeyBlockFormat = &v
	return s
}

// SetRandomNonce sets the RandomNonce field's value.
func (s *ExportTr34KeyBlock) SetRandomNonce(v string) *ExportTr34KeyBlock {
	s.RandomNonce = &v
	return s
}

// SetWrappingKeyCertificate sets the WrappingKeyCertificate field's value.
func (s *ExportTr34KeyBlock) SetWrappingKeyCertificate(v string) *ExportTr34KeyBlock {
	s.WrappingKeyCertificate = &v
	return s
}

type GetAliasInput struct {
	_ struct{} `type:"structure"`

	// The alias of the Amazon Web Services Payment Cryptography key.
	//
	// AliasName is a required field
	AliasName *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetAliasInput"}
	if s.AliasName == nil {
		invalidParams.Add(request.NewErrParamRequired("AliasName"))
	}
	if s.AliasName != nil && len(*s.AliasName) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("AliasName", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAliasName sets the AliasName field's value.
func (s *GetAliasInput) SetAliasName(v string) *GetAliasInput {
	s.AliasName = &v
	return s
}

type GetAliasOutput struct {
	_ struct{} `type:"structure"`

	// The alias of the Amazon Web Services Payment Cryptography key.
	//
	// Alias is a required field
	Alias *Alias `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetAliasOutput) GoString() string {
	return s.String()
}

// SetAlias sets the Alias field's value.
func (s *GetAliasOutput) SetAlias(v *Alias) *GetAliasOutput {
	s.Alias = v
	return s
}

type GetKeyInput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the Amazon Web Services Payment Cryptography key.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetKeyInput"}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *GetKeyInput) SetKeyIdentifier(v string) *GetKeyInput {
	s.KeyIdentifier = &v
	return s
}

type GetKeyOutput struct {
	_ struct{} `type:"structure"`

	// The key material, including the immutable and mutable data for the key.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetKeyOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *GetKeyOutput) SetKey(v *Key) *GetKeyOutput {
	s.Key = v
	return s
}

type GetParametersForExportInput struct {
	_ struct{} `type:"structure"`

	// The key block format type (for example, TR-34 or TR-31) to use during key
	// material export. Export token is only required for a TR-34 key export, TR34_KEY_BLOCK.
	// Export token is not required for TR-31 key export.
	//
	// KeyMaterialType is a required field
	KeyMaterialType *string `type:"string" required:"true" enum:"KeyMaterialType"`

	// The signing key algorithm to generate a signing key certificate. This certificate
	// signs the wrapped key under export within the TR-34 key block cryptogram.
	// RSA_2048 is the only signing key algorithm allowed.
	//
	// SigningKeyAlgorithm is a required field
	SigningKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForExportInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForExportInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetParametersForExportInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetParametersForExportInput"}
	if s.KeyMaterialType == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyMaterialType"))
	}
	if s.SigningKeyAlgorithm == nil {
		invalidParams.Add(request.NewErrParamRequired("SigningKeyAlgorithm"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyMaterialType sets the KeyMaterialType field's value.
func (s *GetParametersForExportInput) SetKeyMaterialType(v string) *GetParametersForExportInput {
	s.KeyMaterialType = &v
	return s
}

// SetSigningKeyAlgorithm sets the SigningKeyAlgorithm field's value.
func (s *GetParametersForExportInput) SetSigningKeyAlgorithm(v string) *GetParametersForExportInput {
	s.SigningKeyAlgorithm = &v
	return s
}

type GetParametersForExportOutput struct {
	_ struct{} `type:"structure"`

	// The export token to initiate key export from Amazon Web Services Payment
	// Cryptography. The export token expires after 7 days. You can use the same
	// export token to export multiple keys from the same service account.
	//
	// ExportToken is a required field
	ExportToken *string `type:"string" required:"true"`

	// The validity period of the export token.
	//
	// ParametersValidUntilTimestamp is a required field
	ParametersValidUntilTimestamp *time.Time `type:"timestamp" required:"true"`

	// The algorithm of the signing key certificate for use in TR-34 key block generation.
	// RSA_2048 is the only signing key algorithm allowed.
	//
	// SigningKeyAlgorithm is a required field
	SigningKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"`

	// The signing key certificate of the public key for signature within the TR-34
	// key block cryptogram. The certificate expires after 7 days.
	//
	// SigningKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetParametersForExportOutput's
	// String and GoString methods.
	//
	// SigningKeyCertificate is a required field
	SigningKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// The certificate chain that signed the signing key certificate. This is the
	// root certificate authority (CA) within your service account.
	//
	// SigningKeyCertificateChain is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetParametersForExportOutput's
	// String and GoString methods.
	//
	// SigningKeyCertificateChain is a required field
	SigningKeyCertificateChain *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForExportOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForExportOutput) GoString() string {
	return s.String()
}

// SetExportToken sets the ExportToken field's value.
func (s *GetParametersForExportOutput) SetExportToken(v string) *GetParametersForExportOutput {
	s.ExportToken = &v
	return s
}

// SetParametersValidUntilTimestamp sets the ParametersValidUntilTimestamp field's value.
func (s *GetParametersForExportOutput) SetParametersValidUntilTimestamp(v time.Time) *GetParametersForExportOutput {
	s.ParametersValidUntilTimestamp = &v
	return s
}

// SetSigningKeyAlgorithm sets the SigningKeyAlgorithm field's value.
func (s *GetParametersForExportOutput) SetSigningKeyAlgorithm(v string) *GetParametersForExportOutput {
	s.SigningKeyAlgorithm = &v
	return s
}

// SetSigningKeyCertificate sets the SigningKeyCertificate field's value.
func (s *GetParametersForExportOutput) SetSigningKeyCertificate(v string) *GetParametersForExportOutput {
	s.SigningKeyCertificate = &v
	return s
}

// SetSigningKeyCertificateChain sets the SigningKeyCertificateChain field's value.
func (s *GetParametersForExportOutput) SetSigningKeyCertificateChain(v string) *GetParametersForExportOutput {
	s.SigningKeyCertificateChain = &v
	return s
}

type GetParametersForImportInput struct {
	_ struct{} `type:"structure"`

	// The key block format type such as TR-34 or TR-31 to use during key material
	// import. Import token is only required for TR-34 key import TR34_KEY_BLOCK.
	// Import token is not required for TR-31 key import.
	//
	// KeyMaterialType is a required field
	KeyMaterialType *string `type:"string" required:"true" enum:"KeyMaterialType"`

	// The wrapping key algorithm to generate a wrapping key certificate. This certificate
	// wraps the key under import within the TR-34 key block cryptogram. RSA_2048
	// is the only wrapping key algorithm allowed.
	//
	// WrappingKeyAlgorithm is a required field
	WrappingKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForImportInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForImportInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetParametersForImportInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetParametersForImportInput"}
	if s.KeyMaterialType == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyMaterialType"))
	}
	if s.WrappingKeyAlgorithm == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappingKeyAlgorithm"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyMaterialType sets the KeyMaterialType field's value.
func (s *GetParametersForImportInput) SetKeyMaterialType(v string) *GetParametersForImportInput {
	s.KeyMaterialType = &v
	return s
}

// SetWrappingKeyAlgorithm sets the WrappingKeyAlgorithm field's value.
func (s *GetParametersForImportInput) SetWrappingKeyAlgorithm(v string) *GetParametersForImportInput {
	s.WrappingKeyAlgorithm = &v
	return s
}

type GetParametersForImportOutput struct {
	_ struct{} `type:"structure"`

	// The import token to initiate key import into Amazon Web Services Payment
	// Cryptography. The import token expires after 7 days. You can use the same
	// import token to import multiple keys to the same service account.
	//
	// ImportToken is a required field
	ImportToken *string `type:"string" required:"true"`

	// The validity period of the import token.
	//
	// ParametersValidUntilTimestamp is a required field
	ParametersValidUntilTimestamp *time.Time `type:"timestamp" required:"true"`

	// The algorithm of the wrapping key for use within TR-34 key block. RSA_2048
	// is the only wrapping key algorithm allowed.
	//
	// WrappingKeyAlgorithm is a required field
	WrappingKeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"`

	// The wrapping key certificate of the wrapping key for use within the TR-34
	// key block. The certificate expires in 7 days.
	//
	// WrappingKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetParametersForImportOutput's
	// String and GoString methods.
	//
	// WrappingKeyCertificate is a required field
	WrappingKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// The Amazon Web Services Payment Cryptography certificate chain that signed
	// the wrapping key certificate. This is the root certificate authority (CA)
	// within your service account.
	//
	// WrappingKeyCertificateChain is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetParametersForImportOutput's
	// String and GoString methods.
	//
	// WrappingKeyCertificateChain is a required field
	WrappingKeyCertificateChain *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForImportOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetParametersForImportOutput) GoString() string {
	return s.String()
}

// SetImportToken sets the ImportToken field's value.
func (s *GetParametersForImportOutput) SetImportToken(v string) *GetParametersForImportOutput {
	s.ImportToken = &v
	return s
}

// SetParametersValidUntilTimestamp sets the ParametersValidUntilTimestamp field's value.
func (s *GetParametersForImportOutput) SetParametersValidUntilTimestamp(v time.Time) *GetParametersForImportOutput {
	s.ParametersValidUntilTimestamp = &v
	return s
}

// SetWrappingKeyAlgorithm sets the WrappingKeyAlgorithm field's value.
func (s *GetParametersForImportOutput) SetWrappingKeyAlgorithm(v string) *GetParametersForImportOutput {
	s.WrappingKeyAlgorithm = &v
	return s
}

// SetWrappingKeyCertificate sets the WrappingKeyCertificate field's value.
func (s *GetParametersForImportOutput) SetWrappingKeyCertificate(v string) *GetParametersForImportOutput {
	s.WrappingKeyCertificate = &v
	return s
}

// SetWrappingKeyCertificateChain sets the WrappingKeyCertificateChain field's value.
func (s *GetParametersForImportOutput) SetWrappingKeyCertificateChain(v string) *GetParametersForImportOutput {
	s.WrappingKeyCertificateChain = &v
	return s
}

type GetPublicKeyCertificateInput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the asymmetric key pair.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPublicKeyCertificateInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPublicKeyCertificateInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *GetPublicKeyCertificateInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "GetPublicKeyCertificateInput"}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *GetPublicKeyCertificateInput) SetKeyIdentifier(v string) *GetPublicKeyCertificateInput {
	s.KeyIdentifier = &v
	return s
}

type GetPublicKeyCertificateOutput struct {
	_ struct{} `type:"structure"`

	// The public key component of the asymmetric key pair in a certificate (PEM)
	// format. It is signed by the root certificate authority (CA) within your service
	// account. The certificate expires in 90 days.
	//
	// KeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetPublicKeyCertificateOutput's
	// String and GoString methods.
	//
	// KeyCertificate is a required field
	KeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// The certificate chain that signed the public key certificate of the asymmetric
	// key pair. This is the root certificate authority (CA) within your service
	// account.
	//
	// KeyCertificateChain is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetPublicKeyCertificateOutput's
	// String and GoString methods.
	//
	// KeyCertificateChain is a required field
	KeyCertificateChain *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPublicKeyCertificateOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s GetPublicKeyCertificateOutput) GoString() string {
	return s.String()
}

// SetKeyCertificate sets the KeyCertificate field's value.
func (s *GetPublicKeyCertificateOutput) SetKeyCertificate(v string) *GetPublicKeyCertificateOutput {
	s.KeyCertificate = &v
	return s
}

// SetKeyCertificateChain sets the KeyCertificateChain field's value.
func (s *GetPublicKeyCertificateOutput) SetKeyCertificateChain(v string) *GetPublicKeyCertificateOutput {
	s.KeyCertificateChain = &v
	return s
}

type ImportKeyInput struct {
	_ struct{} `type:"structure"`

	// Specifies whether import key is enabled.
	Enabled *bool `type:"boolean"`

	// The algorithm that Amazon Web Services Payment Cryptography uses to calculate
	// the key check value (KCV) for DES and AES keys.
	//
	// For DES key, the KCV is computed by encrypting 8 bytes, each with value '00',
	// with the key to be checked and retaining the 3 highest order bytes of the
	// encrypted result. For AES key, the KCV is computed by encrypting 8 bytes,
	// each with value '01', with the key to be checked and retaining the 3 highest
	// order bytes of the encrypted result.
	KeyCheckValueAlgorithm *string `type:"string" enum:"KeyCheckValueAlgorithm"`

	// The key or public key certificate type to use during key material import,
	// for example TR-34 or RootCertificatePublicKey.
	//
	// KeyMaterial is a required field
	KeyMaterial *ImportKeyMaterial `type:"structure" required:"true"`

	// The tags to attach to the key. Each tag consists of a tag key and a tag value.
	// Both the tag key and the tag value are required, but the tag value can be
	// an empty (null) string. You can't have more than one tag on an Amazon Web
	// Services Payment Cryptography key with the same tag key.
	//
	// You can't have more than one tag on an Amazon Web Services Payment Cryptography
	// key with the same tag key. If you specify an existing tag key with a different
	// tag value, Amazon Web Services Payment Cryptography replaces the current
	// tag value with the specified one.
	//
	// To use this parameter, you must have TagResource permission.
	//
	// Don't include confidential or sensitive information in this field. This field
	// may be displayed in plaintext in CloudTrail logs and other output.
	//
	// Tagging or untagging an Amazon Web Services Payment Cryptography key can
	// allow or deny permission to the key.
	Tags []*Tag `type:"list"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ImportKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ImportKeyInput"}
	if s.KeyMaterial == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyMaterial"))
	}
	if s.KeyMaterial != nil {
		if err := s.KeyMaterial.Validate(); err != nil {
			invalidParams.AddNested("KeyMaterial", err.(request.ErrInvalidParams))
		}
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetEnabled sets the Enabled field's value.
func (s *ImportKeyInput) SetEnabled(v bool) *ImportKeyInput {
	s.Enabled = &v
	return s
}

// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value.
func (s *ImportKeyInput) SetKeyCheckValueAlgorithm(v string) *ImportKeyInput {
	s.KeyCheckValueAlgorithm = &v
	return s
}

// SetKeyMaterial sets the KeyMaterial field's value.
func (s *ImportKeyInput) SetKeyMaterial(v *ImportKeyMaterial) *ImportKeyInput {
	s.KeyMaterial = v
	return s
}

// SetTags sets the Tags field's value.
func (s *ImportKeyInput) SetTags(v []*Tag) *ImportKeyInput {
	s.Tags = v
	return s
}

// Parameter information for key material import.
type ImportKeyMaterial struct {
	_ struct{} `type:"structure"`

	// Parameter information for root public key certificate import.
	RootCertificatePublicKey *RootCertificatePublicKey `type:"structure"`

	// Parameter information for key material import using TR-31 standard.
	Tr31KeyBlock *ImportTr31KeyBlock `type:"structure"`

	// Parameter information for key material import using TR-34 standard.
	Tr34KeyBlock *ImportTr34KeyBlock `type:"structure"`

	// Parameter information for trusted public key certificate import.
	TrustedCertificatePublicKey *TrustedCertificatePublicKey `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyMaterial) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyMaterial) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ImportKeyMaterial) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ImportKeyMaterial"}
	if s.RootCertificatePublicKey != nil {
		if err := s.RootCertificatePublicKey.Validate(); err != nil {
			invalidParams.AddNested("RootCertificatePublicKey", err.(request.ErrInvalidParams))
		}
	}
	if s.Tr31KeyBlock != nil {
		if err := s.Tr31KeyBlock.Validate(); err != nil {
			invalidParams.AddNested("Tr31KeyBlock", err.(request.ErrInvalidParams))
		}
	}
	if s.Tr34KeyBlock != nil {
		if err := s.Tr34KeyBlock.Validate(); err != nil {
			invalidParams.AddNested("Tr34KeyBlock", err.(request.ErrInvalidParams))
		}
	}
	if s.TrustedCertificatePublicKey != nil {
		if err := s.TrustedCertificatePublicKey.Validate(); err != nil {
			invalidParams.AddNested("TrustedCertificatePublicKey", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetRootCertificatePublicKey sets the RootCertificatePublicKey field's value.
func (s *ImportKeyMaterial) SetRootCertificatePublicKey(v *RootCertificatePublicKey) *ImportKeyMaterial {
	s.RootCertificatePublicKey = v
	return s
}

// SetTr31KeyBlock sets the Tr31KeyBlock field's value.
func (s *ImportKeyMaterial) SetTr31KeyBlock(v *ImportTr31KeyBlock) *ImportKeyMaterial {
	s.Tr31KeyBlock = v
	return s
}

// SetTr34KeyBlock sets the Tr34KeyBlock field's value.
func (s *ImportKeyMaterial) SetTr34KeyBlock(v *ImportTr34KeyBlock) *ImportKeyMaterial {
	s.Tr34KeyBlock = v
	return s
}

// SetTrustedCertificatePublicKey sets the TrustedCertificatePublicKey field's value.
func (s *ImportKeyMaterial) SetTrustedCertificatePublicKey(v *TrustedCertificatePublicKey) *ImportKeyMaterial {
	s.TrustedCertificatePublicKey = v
	return s
}

type ImportKeyOutput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key material imported within Amazon Web Services Payment
	// Cryptography.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportKeyOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *ImportKeyOutput) SetKey(v *Key) *ImportKeyOutput {
	s.Key = v
	return s
}

// Parameter information for key material import using TR-31 standard.
type ImportTr31KeyBlock struct {
	_ struct{} `type:"structure"`

	// The TR-34 wrapped key block to import.
	//
	// WrappedKeyBlock is a required field
	WrappedKeyBlock *string `min:"56" type:"string" required:"true"`

	// The KeyARN of the key that will decrypt or unwrap a TR-31 key block during
	// import.
	//
	// WrappingKeyIdentifier is a required field
	WrappingKeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportTr31KeyBlock) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportTr31KeyBlock) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ImportTr31KeyBlock) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ImportTr31KeyBlock"}
	if s.WrappedKeyBlock == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappedKeyBlock"))
	}
	if s.WrappedKeyBlock != nil && len(*s.WrappedKeyBlock) < 56 {
		invalidParams.Add(request.NewErrParamMinLen("WrappedKeyBlock", 56))
	}
	if s.WrappingKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappingKeyIdentifier"))
	}
	if s.WrappingKeyIdentifier != nil && len(*s.WrappingKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("WrappingKeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetWrappedKeyBlock sets the WrappedKeyBlock field's value.
func (s *ImportTr31KeyBlock) SetWrappedKeyBlock(v string) *ImportTr31KeyBlock {
	s.WrappedKeyBlock = &v
	return s
}

// SetWrappingKeyIdentifier sets the WrappingKeyIdentifier field's value.
func (s *ImportTr31KeyBlock) SetWrappingKeyIdentifier(v string) *ImportTr31KeyBlock {
	s.WrappingKeyIdentifier = &v
	return s
}

// Parameter information for key material import using TR-34 standard.
type ImportTr34KeyBlock struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the certificate chain that signs the signing key certificate
	// during TR-34 key import.
	//
	// CertificateAuthorityPublicKeyIdentifier is a required field
	CertificateAuthorityPublicKeyIdentifier *string `min:"7" type:"string" required:"true"`

	// The import token that initiates key import into Amazon Web Services Payment
	// Cryptography. It expires after 7 days. You can use the same import token
	// to import multiple keys to the same service account.
	//
	// ImportToken is a required field
	ImportToken *string `type:"string" required:"true"`

	// The key block format to use during key import. The only value allowed is
	// X9_TR34_2012.
	//
	// KeyBlockFormat is a required field
	KeyBlockFormat *string `type:"string" required:"true" enum:"Tr34KeyBlockFormat"`

	// A random number value that is unique to the TR-34 key block generated using
	// 2 pass. The operation will fail, if a random nonce value is not provided
	// for a TR-34 key block generated using 2 pass.
	RandomNonce *string `min:"16" type:"string"`

	// The public key component in PEM certificate format of the private key that
	// signs the KDH TR-34 wrapped key block.
	//
	// SigningKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by ImportTr34KeyBlock's
	// String and GoString methods.
	//
	// SigningKeyCertificate is a required field
	SigningKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`

	// The TR-34 wrapped key block to import.
	//
	// WrappedKeyBlock is a required field
	WrappedKeyBlock *string `min:"2" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportTr34KeyBlock) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ImportTr34KeyBlock) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ImportTr34KeyBlock) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ImportTr34KeyBlock"}
	if s.CertificateAuthorityPublicKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityPublicKeyIdentifier"))
	}
	if s.CertificateAuthorityPublicKeyIdentifier != nil && len(*s.CertificateAuthorityPublicKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityPublicKeyIdentifier", 7))
	}
	if s.ImportToken == nil {
		invalidParams.Add(request.NewErrParamRequired("ImportToken"))
	}
	if s.KeyBlockFormat == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyBlockFormat"))
	}
	if s.RandomNonce != nil && len(*s.RandomNonce) < 16 {
		invalidParams.Add(request.NewErrParamMinLen("RandomNonce", 16))
	}
	if s.SigningKeyCertificate == nil {
		invalidParams.Add(request.NewErrParamRequired("SigningKeyCertificate"))
	}
	if s.SigningKeyCertificate != nil && len(*s.SigningKeyCertificate) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("SigningKeyCertificate", 1))
	}
	if s.WrappedKeyBlock == nil {
		invalidParams.Add(request.NewErrParamRequired("WrappedKeyBlock"))
	}
	if s.WrappedKeyBlock != nil && len(*s.WrappedKeyBlock) < 2 {
		invalidParams.Add(request.NewErrParamMinLen("WrappedKeyBlock", 2))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCertificateAuthorityPublicKeyIdentifier sets the CertificateAuthorityPublicKeyIdentifier field's value.
func (s *ImportTr34KeyBlock) SetCertificateAuthorityPublicKeyIdentifier(v string) *ImportTr34KeyBlock {
	s.CertificateAuthorityPublicKeyIdentifier = &v
	return s
}

// SetImportToken sets the ImportToken field's value.
func (s *ImportTr34KeyBlock) SetImportToken(v string) *ImportTr34KeyBlock {
	s.ImportToken = &v
	return s
}

// SetKeyBlockFormat sets the KeyBlockFormat field's value.
func (s *ImportTr34KeyBlock) SetKeyBlockFormat(v string) *ImportTr34KeyBlock {
	s.KeyBlockFormat = &v
	return s
}

// SetRandomNonce sets the RandomNonce field's value.
func (s *ImportTr34KeyBlock) SetRandomNonce(v string) *ImportTr34KeyBlock {
	s.RandomNonce = &v
	return s
}

// SetSigningKeyCertificate sets the SigningKeyCertificate field's value.
func (s *ImportTr34KeyBlock) SetSigningKeyCertificate(v string) *ImportTr34KeyBlock {
	s.SigningKeyCertificate = &v
	return s
}

// SetWrappedKeyBlock sets the WrappedKeyBlock field's value.
func (s *ImportTr34KeyBlock) SetWrappedKeyBlock(v string) *ImportTr34KeyBlock {
	s.WrappedKeyBlock = &v
	return s
}

// The request processing has failed because of an unknown error, exception,
// or failure.
type InternalServerException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InternalServerException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InternalServerException) GoString() string {
	return s.String()
}

func newErrorInternalServerException(v protocol.ResponseMetadata) error {
	return &InternalServerException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *InternalServerException) Code() string {
	return "InternalServerException"
}

// Message returns the exception's message.
func (s *InternalServerException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InternalServerException) OrigErr() error {
	return nil
}

func (s *InternalServerException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *InternalServerException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *InternalServerException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Metadata about an Amazon Web Services Payment Cryptography key.
type Key struct {
	_ struct{} `type:"structure"`

	// The date and time when the key was created.
	//
	// CreateTimestamp is a required field
	CreateTimestamp *time.Time `type:"timestamp" required:"true"`

	// The date and time after which Amazon Web Services Payment Cryptography will
	// delete the key. This value is present only when KeyState is DELETE_PENDING
	// and the key is scheduled for deletion.
	DeletePendingTimestamp *time.Time `type:"timestamp"`

	// The date and time after which Amazon Web Services Payment Cryptography will
	// delete the key. This value is present only when when the KeyState is DELETE_COMPLETE
	// and the Amazon Web Services Payment Cryptography key is deleted.
	DeleteTimestamp *time.Time `type:"timestamp"`

	// Specifies whether the key is enabled.
	//
	// Enabled is a required field
	Enabled *bool `type:"boolean" required:"true"`

	// Specifies whether the key is exportable. This data is immutable after the
	// key is created.
	//
	// Exportable is a required field
	Exportable *bool `type:"boolean" required:"true"`

	// The Amazon Resource Name (ARN) of the key.
	//
	// KeyArn is a required field
	KeyArn *string `min:"70" type:"string" required:"true"`

	// The role of the key, the algorithm it supports, and the cryptographic operations
	// allowed with the key. This data is immutable after the key is created.
	//
	// KeyAttributes is a required field
	KeyAttributes *KeyAttributes `type:"structure" required:"true"`

	// The key check value (KCV) is used to check if all parties holding a given
	// key have the same key or to detect that a key has changed. Amazon Web Services
	// Payment Cryptography calculates the KCV by using standard algorithms, typically
	// by encrypting 8 or 16 bytes or "00" or "01" and then truncating the result
	// to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
	//
	// KeyCheckValue is a required field
	KeyCheckValue *string `min:"4" type:"string" required:"true"`

	// The algorithm used for calculating key check value (KCV) for DES and AES
	// keys. For a DES key, Amazon Web Services Payment Cryptography computes the
	// KCV by encrypting 8 bytes, each with value '00', with the key to be checked
	// and retaining the 3 highest order bytes of the encrypted result. For an AES
	// key, Amazon Web Services Payment Cryptography computes the KCV by encrypting
	// 8 bytes, each with value '01', with the key to be checked and retaining the
	// 3 highest order bytes of the encrypted result.
	//
	// KeyCheckValueAlgorithm is a required field
	KeyCheckValueAlgorithm *string `type:"string" required:"true" enum:"KeyCheckValueAlgorithm"`

	// The source of the key material. For keys created within Amazon Web Services
	// Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY. For keys imported
	// into Amazon Web Services Payment Cryptography, the value is EXTERNAL.
	//
	// KeyOrigin is a required field
	KeyOrigin *string `type:"string" required:"true" enum:"KeyOrigin"`

	// The state of key that is being created or deleted.
	//
	// KeyState is a required field
	KeyState *string `type:"string" required:"true" enum:"KeyState"`

	// The date and time after which Amazon Web Services Payment Cryptography will
	// start using the key material for cryptographic operations.
	UsageStartTimestamp *time.Time `type:"timestamp"`

	// The date and time after which Amazon Web Services Payment Cryptography will
	// stop using the key material for cryptographic operations.
	UsageStopTimestamp *time.Time `type:"timestamp"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Key) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Key) GoString() string {
	return s.String()
}

// SetCreateTimestamp sets the CreateTimestamp field's value.
func (s *Key) SetCreateTimestamp(v time.Time) *Key {
	s.CreateTimestamp = &v
	return s
}

// SetDeletePendingTimestamp sets the DeletePendingTimestamp field's value.
func (s *Key) SetDeletePendingTimestamp(v time.Time) *Key {
	s.DeletePendingTimestamp = &v
	return s
}

// SetDeleteTimestamp sets the DeleteTimestamp field's value.
func (s *Key) SetDeleteTimestamp(v time.Time) *Key {
	s.DeleteTimestamp = &v
	return s
}

// SetEnabled sets the Enabled field's value.
func (s *Key) SetEnabled(v bool) *Key {
	s.Enabled = &v
	return s
}

// SetExportable sets the Exportable field's value.
func (s *Key) SetExportable(v bool) *Key {
	s.Exportable = &v
	return s
}

// SetKeyArn sets the KeyArn field's value.
func (s *Key) SetKeyArn(v string) *Key {
	s.KeyArn = &v
	return s
}

// SetKeyAttributes sets the KeyAttributes field's value.
func (s *Key) SetKeyAttributes(v *KeyAttributes) *Key {
	s.KeyAttributes = v
	return s
}

// SetKeyCheckValue sets the KeyCheckValue field's value.
func (s *Key) SetKeyCheckValue(v string) *Key {
	s.KeyCheckValue = &v
	return s
}

// SetKeyCheckValueAlgorithm sets the KeyCheckValueAlgorithm field's value.
func (s *Key) SetKeyCheckValueAlgorithm(v string) *Key {
	s.KeyCheckValueAlgorithm = &v
	return s
}

// SetKeyOrigin sets the KeyOrigin field's value.
func (s *Key) SetKeyOrigin(v string) *Key {
	s.KeyOrigin = &v
	return s
}

// SetKeyState sets the KeyState field's value.
func (s *Key) SetKeyState(v string) *Key {
	s.KeyState = &v
	return s
}

// SetUsageStartTimestamp sets the UsageStartTimestamp field's value.
func (s *Key) SetUsageStartTimestamp(v time.Time) *Key {
	s.UsageStartTimestamp = &v
	return s
}

// SetUsageStopTimestamp sets the UsageStopTimestamp field's value.
func (s *Key) SetUsageStopTimestamp(v time.Time) *Key {
	s.UsageStopTimestamp = &v
	return s
}

// The role of the key, the algorithm it supports, and the cryptographic operations
// allowed with the key. This data is immutable after the key is created.
type KeyAttributes struct {
	_ struct{} `type:"structure"`

	// The key algorithm to be use during creation of an Amazon Web Services Payment
	// Cryptography key.
	//
	// For symmetric keys, Amazon Web Services Payment Cryptography supports AES
	// and TDES algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography
	// supports RSA and ECC_NIST algorithms.
	//
	// KeyAlgorithm is a required field
	KeyAlgorithm *string `type:"string" required:"true" enum:"KeyAlgorithm"`

	// The type of Amazon Web Services Payment Cryptography key to create, which
	// determines the classification of the cryptographic method and whether Amazon
	// Web Services Payment Cryptography key contains a symmetric key or an asymmetric
	// key pair.
	//
	// KeyClass is a required field
	KeyClass *string `type:"string" required:"true" enum:"KeyClass"`

	// The list of cryptographic operations that you can perform using the key.
	//
	// KeyModesOfUse is a required field
	KeyModesOfUse *KeyModesOfUse `type:"structure" required:"true"`

	// The cryptographic usage of an Amazon Web Services Payment Cryptography key
	// as defined in section A.5.2 of the TR-31 spec.
	//
	// KeyUsage is a required field
	KeyUsage *string `type:"string" required:"true" enum:"KeyUsage"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeyAttributes) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeyAttributes) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *KeyAttributes) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "KeyAttributes"}
	if s.KeyAlgorithm == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyAlgorithm"))
	}
	if s.KeyClass == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyClass"))
	}
	if s.KeyModesOfUse == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyModesOfUse"))
	}
	if s.KeyUsage == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyUsage"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyAlgorithm sets the KeyAlgorithm field's value.
func (s *KeyAttributes) SetKeyAlgorithm(v string) *KeyAttributes {
	s.KeyAlgorithm = &v
	return s
}

// SetKeyClass sets the KeyClass field's value.
func (s *KeyAttributes) SetKeyClass(v string) *KeyAttributes {
	s.KeyClass = &v
	return s
}

// SetKeyModesOfUse sets the KeyModesOfUse field's value.
func (s *KeyAttributes) SetKeyModesOfUse(v *KeyModesOfUse) *KeyAttributes {
	s.KeyModesOfUse = v
	return s
}

// SetKeyUsage sets the KeyUsage field's value.
func (s *KeyAttributes) SetKeyUsage(v string) *KeyAttributes {
	s.KeyUsage = &v
	return s
}

// The list of cryptographic operations that you can perform using the key.
// The modes of use are defined in section A.5.3 of the TR-31 spec.
type KeyModesOfUse struct {
	_ struct{} `type:"structure"`

	// Specifies whether an Amazon Web Services Payment Cryptography key can be
	// used to decrypt data.
	Decrypt *bool `type:"boolean"`

	// Specifies whether an Amazon Web Services Payment Cryptography key can be
	// used to derive new keys.
	DeriveKey *bool `type:"boolean"`

	// Specifies whether an Amazon Web Services Payment Cryptography key can be
	// used to encrypt data.
	Encrypt *bool `type:"boolean"`

	// Specifies whether an Amazon Web Services Payment Cryptography key can be
	// used to generate and verify other card and PIN verification keys.
	Generate *bool `type:"boolean"`

	// Specifies whether an Amazon Web Services Payment Cryptography key has no
	// special restrictions other than the restrictions implied by KeyUsage.
	NoRestrictions *bool `type:"boolean"`

	// Specifies whether an Amazon Web Services Payment Cryptography key can be
	// used for signing.
	Sign *bool `type:"boolean"`

	// Specifies whether an Amazon Web Services Payment Cryptography key can be
	// used to unwrap other keys.
	Unwrap *bool `type:"boolean"`

	// Specifies whether an Amazon Web Services Payment Cryptography key can be
	// used to verify signatures.
	Verify *bool `type:"boolean"`

	// Specifies whether an Amazon Web Services Payment Cryptography key can be
	// used to wrap other keys.
	Wrap *bool `type:"boolean"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeyModesOfUse) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeyModesOfUse) GoString() string {
	return s.String()
}

// SetDecrypt sets the Decrypt field's value.
func (s *KeyModesOfUse) SetDecrypt(v bool) *KeyModesOfUse {
	s.Decrypt = &v
	return s
}

// SetDeriveKey sets the DeriveKey field's value.
func (s *KeyModesOfUse) SetDeriveKey(v bool) *KeyModesOfUse {
	s.DeriveKey = &v
	return s
}

// SetEncrypt sets the Encrypt field's value.
func (s *KeyModesOfUse) SetEncrypt(v bool) *KeyModesOfUse {
	s.Encrypt = &v
	return s
}

// SetGenerate sets the Generate field's value.
func (s *KeyModesOfUse) SetGenerate(v bool) *KeyModesOfUse {
	s.Generate = &v
	return s
}

// SetNoRestrictions sets the NoRestrictions field's value.
func (s *KeyModesOfUse) SetNoRestrictions(v bool) *KeyModesOfUse {
	s.NoRestrictions = &v
	return s
}

// SetSign sets the Sign field's value.
func (s *KeyModesOfUse) SetSign(v bool) *KeyModesOfUse {
	s.Sign = &v
	return s
}

// SetUnwrap sets the Unwrap field's value.
func (s *KeyModesOfUse) SetUnwrap(v bool) *KeyModesOfUse {
	s.Unwrap = &v
	return s
}

// SetVerify sets the Verify field's value.
func (s *KeyModesOfUse) SetVerify(v bool) *KeyModesOfUse {
	s.Verify = &v
	return s
}

// SetWrap sets the Wrap field's value.
func (s *KeyModesOfUse) SetWrap(v bool) *KeyModesOfUse {
	s.Wrap = &v
	return s
}

// Metadata about an Amazon Web Services Payment Cryptography key.
type KeySummary struct {
	_ struct{} `type:"structure"`

	// Specifies whether the key is enabled.
	//
	// Enabled is a required field
	Enabled *bool `type:"boolean" required:"true"`

	// Specifies whether the key is exportable. This data is immutable after the
	// key is created.
	//
	// Exportable is a required field
	Exportable *bool `type:"boolean" required:"true"`

	// The Amazon Resource Name (ARN) of the key.
	//
	// KeyArn is a required field
	KeyArn *string `min:"70" type:"string" required:"true"`

	// The role of the key, the algorithm it supports, and the cryptographic operations
	// allowed with the key. This data is immutable after the key is created.
	//
	// KeyAttributes is a required field
	KeyAttributes *KeyAttributes `type:"structure" required:"true"`

	// The key check value (KCV) is used to check if all parties holding a given
	// key have the same key or to detect that a key has changed. Amazon Web Services
	// Payment Cryptography calculates the KCV by using standard algorithms, typically
	// by encrypting 8 or 16 bytes or "00" or "01" and then truncating the result
	// to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
	//
	// KeyCheckValue is a required field
	KeyCheckValue *string `min:"4" type:"string" required:"true"`

	// The state of an Amazon Web Services Payment Cryptography that is being created
	// or deleted.
	//
	// KeyState is a required field
	KeyState *string `type:"string" required:"true" enum:"KeyState"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeySummary) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s KeySummary) GoString() string {
	return s.String()
}

// SetEnabled sets the Enabled field's value.
func (s *KeySummary) SetEnabled(v bool) *KeySummary {
	s.Enabled = &v
	return s
}

// SetExportable sets the Exportable field's value.
func (s *KeySummary) SetExportable(v bool) *KeySummary {
	s.Exportable = &v
	return s
}

// SetKeyArn sets the KeyArn field's value.
func (s *KeySummary) SetKeyArn(v string) *KeySummary {
	s.KeyArn = &v
	return s
}

// SetKeyAttributes sets the KeyAttributes field's value.
func (s *KeySummary) SetKeyAttributes(v *KeyAttributes) *KeySummary {
	s.KeyAttributes = v
	return s
}

// SetKeyCheckValue sets the KeyCheckValue field's value.
func (s *KeySummary) SetKeyCheckValue(v string) *KeySummary {
	s.KeyCheckValue = &v
	return s
}

// SetKeyState sets the KeyState field's value.
func (s *KeySummary) SetKeyState(v string) *KeySummary {
	s.KeyState = &v
	return s
}

type ListAliasesInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter to specify the maximum number of items to return. When
	// this value is present, Amazon Web Services Payment Cryptography does not
	// return more than the specified number of items, but it might return fewer.
	//
	// This value is optional. If you include a value, it must be between 1 and
	// 100, inclusive. If you do not include a value, it defaults to 50.
	MaxResults *int64 `min:"1" type:"integer"`

	// Use this parameter in a subsequent request after you receive a response with
	// truncated results. Set it to the value of NextToken from the truncated response
	// you just received.
	NextToken *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAliasesInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAliasesInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListAliasesInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListAliasesInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMaxResults sets the MaxResults field's value.
func (s *ListAliasesInput) SetMaxResults(v int64) *ListAliasesInput {
	s.MaxResults = &v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListAliasesInput) SetNextToken(v string) *ListAliasesInput {
	s.NextToken = &v
	return s
}

type ListAliasesOutput struct {
	_ struct{} `type:"structure"`

	// The list of aliases. Each alias describes the KeyArn contained within.
	//
	// Aliases is a required field
	Aliases []*Alias `type:"list" required:"true"`

	// The token for the next set of results, or an empty or null value if there
	// are no more results.
	NextToken *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAliasesOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListAliasesOutput) GoString() string {
	return s.String()
}

// SetAliases sets the Aliases field's value.
func (s *ListAliasesOutput) SetAliases(v []*Alias) *ListAliasesOutput {
	s.Aliases = v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListAliasesOutput) SetNextToken(v string) *ListAliasesOutput {
	s.NextToken = &v
	return s
}

type ListKeysInput struct {
	_ struct{} `type:"structure"`

	// The key state of the keys you want to list.
	KeyState *string `type:"string" enum:"KeyState"`

	// Use this parameter to specify the maximum number of items to return. When
	// this value is present, Amazon Web Services Payment Cryptography does not
	// return more than the specified number of items, but it might return fewer.
	MaxResults *int64 `min:"1" type:"integer"`

	// Use this parameter in a subsequent request after you receive a response with
	// truncated results. Set it to the value of NextToken from the truncated response
	// you just received.
	NextToken *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListKeysInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListKeysInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListKeysInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListKeysInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyState sets the KeyState field's value.
func (s *ListKeysInput) SetKeyState(v string) *ListKeysInput {
	s.KeyState = &v
	return s
}

// SetMaxResults sets the MaxResults field's value.
func (s *ListKeysInput) SetMaxResults(v int64) *ListKeysInput {
	s.MaxResults = &v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListKeysInput) SetNextToken(v string) *ListKeysInput {
	s.NextToken = &v
	return s
}

type ListKeysOutput struct {
	_ struct{} `type:"structure"`

	// The list of keys created within the caller's Amazon Web Services account
	// and Amazon Web Services Region.
	//
	// Keys is a required field
	Keys []*KeySummary `type:"list" required:"true"`

	// The token for the next set of results, or an empty or null value if there
	// are no more results.
	NextToken *string `min:"1" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListKeysOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListKeysOutput) GoString() string {
	return s.String()
}

// SetKeys sets the Keys field's value.
func (s *ListKeysOutput) SetKeys(v []*KeySummary) *ListKeysOutput {
	s.Keys = v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListKeysOutput) SetNextToken(v string) *ListKeysOutput {
	s.NextToken = &v
	return s
}

type ListTagsForResourceInput struct {
	_ struct{} `type:"structure"`

	// Use this parameter to specify the maximum number of items to return. When
	// this value is present, Amazon Web Services Payment Cryptography does not
	// return more than the specified number of items, but it might return fewer.
	MaxResults *int64 `min:"1" type:"integer"`

	// Use this parameter in a subsequent request after you receive a response with
	// truncated results. Set it to the value of NextToken from the truncated response
	// you just received.
	NextToken *string `min:"1" type:"string"`

	// The KeyARN of the key whose tags you are getting.
	//
	// ResourceArn is a required field
	ResourceArn *string `min:"70" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *ListTagsForResourceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
	if s.MaxResults != nil && *s.MaxResults < 1 {
		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
	}
	if s.NextToken != nil && len(*s.NextToken) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
	}
	if s.ResourceArn == nil {
		invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
	}
	if s.ResourceArn != nil && len(*s.ResourceArn) < 70 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 70))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetMaxResults sets the MaxResults field's value.
func (s *ListTagsForResourceInput) SetMaxResults(v int64) *ListTagsForResourceInput {
	s.MaxResults = &v
	return s
}

// SetNextToken sets the NextToken field's value.
func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput {
	s.NextToken = &v
	return s
}

// SetResourceArn sets the ResourceArn field's value.
func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput {
	s.ResourceArn = &v
	return s
}

type ListTagsForResourceOutput struct {
	_ struct{} `type:"structure"`

	// The token for the next set of results, or an empty or null value if there
	// are no more results.
	NextToken *string `min:"1" type:"string"`

	// The list of tags associated with a ResourceArn. Each tag will list the key-value
	// pair contained within that tag.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceOutput) GoString() string {
	return s.String()
}

// SetNextToken sets the NextToken field's value.
func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput {
	s.NextToken = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput {
	s.Tags = v
	return s
}

// The request was denied due to an invalid resource error.
type ResourceNotFoundException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"message" type:"string"`

	// The string for the exception.
	ResourceId *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceNotFoundException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceNotFoundException) GoString() string {
	return s.String()
}

func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
	return &ResourceNotFoundException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ResourceNotFoundException) Code() string {
	return "ResourceNotFoundException"
}

// Message returns the exception's message.
func (s *ResourceNotFoundException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ResourceNotFoundException) OrigErr() error {
	return nil
}

func (s *ResourceNotFoundException) Error() string {
	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ResourceNotFoundException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ResourceNotFoundException) RequestID() string {
	return s.RespMetadata.RequestID
}

type RestoreKeyInput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key to be restored within Amazon Web Services Payment Cryptography.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RestoreKeyInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RestoreKeyInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RestoreKeyInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "RestoreKeyInput"}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *RestoreKeyInput) SetKeyIdentifier(v string) *RestoreKeyInput {
	s.KeyIdentifier = &v
	return s
}

type RestoreKeyOutput struct {
	_ struct{} `type:"structure"`

	// The key material of the restored key. The KeyState will change to CREATE_COMPLETE
	// and value for DeletePendingTimestamp gets removed.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RestoreKeyOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RestoreKeyOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *RestoreKeyOutput) SetKey(v *Key) *RestoreKeyOutput {
	s.Key = v
	return s
}

// Parameter information for root public key certificate import.
type RootCertificatePublicKey struct {
	_ struct{} `type:"structure"`

	// The role of the key, the algorithm it supports, and the cryptographic operations
	// allowed with the key. This data is immutable after the root public key is
	// imported.
	//
	// KeyAttributes is a required field
	KeyAttributes *KeyAttributes `type:"structure" required:"true"`

	// Parameter information for root public key certificate import.
	//
	// PublicKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by RootCertificatePublicKey's
	// String and GoString methods.
	//
	// PublicKeyCertificate is a required field
	PublicKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RootCertificatePublicKey) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RootCertificatePublicKey) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *RootCertificatePublicKey) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "RootCertificatePublicKey"}
	if s.KeyAttributes == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyAttributes"))
	}
	if s.PublicKeyCertificate == nil {
		invalidParams.Add(request.NewErrParamRequired("PublicKeyCertificate"))
	}
	if s.PublicKeyCertificate != nil && len(*s.PublicKeyCertificate) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PublicKeyCertificate", 1))
	}
	if s.KeyAttributes != nil {
		if err := s.KeyAttributes.Validate(); err != nil {
			invalidParams.AddNested("KeyAttributes", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyAttributes sets the KeyAttributes field's value.
func (s *RootCertificatePublicKey) SetKeyAttributes(v *KeyAttributes) *RootCertificatePublicKey {
	s.KeyAttributes = v
	return s
}

// SetPublicKeyCertificate sets the PublicKeyCertificate field's value.
func (s *RootCertificatePublicKey) SetPublicKeyCertificate(v string) *RootCertificatePublicKey {
	s.PublicKeyCertificate = &v
	return s
}

// This request would cause a service quota to be exceeded.
type ServiceQuotaExceededException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceQuotaExceededException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceQuotaExceededException) GoString() string {
	return s.String()
}

func newErrorServiceQuotaExceededException(v protocol.ResponseMetadata) error {
	return &ServiceQuotaExceededException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ServiceQuotaExceededException) Code() string {
	return "ServiceQuotaExceededException"
}

// Message returns the exception's message.
func (s *ServiceQuotaExceededException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ServiceQuotaExceededException) OrigErr() error {
	return nil
}

func (s *ServiceQuotaExceededException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ServiceQuotaExceededException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ServiceQuotaExceededException) RequestID() string {
	return s.RespMetadata.RequestID
}

// The service cannot complete the request.
type ServiceUnavailableException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceUnavailableException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServiceUnavailableException) GoString() string {
	return s.String()
}

func newErrorServiceUnavailableException(v protocol.ResponseMetadata) error {
	return &ServiceUnavailableException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ServiceUnavailableException) Code() string {
	return "ServiceUnavailableException"
}

// Message returns the exception's message.
func (s *ServiceUnavailableException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ServiceUnavailableException) OrigErr() error {
	return nil
}

func (s *ServiceUnavailableException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ServiceUnavailableException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ServiceUnavailableException) RequestID() string {
	return s.RespMetadata.RequestID
}

type StartKeyUsageInput struct {
	_ struct{} `type:"structure"`

	// The KeyArn of the key.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StartKeyUsageInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StartKeyUsageInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *StartKeyUsageInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "StartKeyUsageInput"}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *StartKeyUsageInput) SetKeyIdentifier(v string) *StartKeyUsageInput {
	s.KeyIdentifier = &v
	return s
}

type StartKeyUsageOutput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the Amazon Web Services Payment Cryptography key activated
	// for use.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StartKeyUsageOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StartKeyUsageOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *StartKeyUsageOutput) SetKey(v *Key) *StartKeyUsageOutput {
	s.Key = v
	return s
}

type StopKeyUsageInput struct {
	_ struct{} `type:"structure"`

	// The KeyArn of the key.
	//
	// KeyIdentifier is a required field
	KeyIdentifier *string `min:"7" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StopKeyUsageInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StopKeyUsageInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *StopKeyUsageInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "StopKeyUsageInput"}
	if s.KeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyIdentifier"))
	}
	if s.KeyIdentifier != nil && len(*s.KeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("KeyIdentifier", 7))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKeyIdentifier sets the KeyIdentifier field's value.
func (s *StopKeyUsageInput) SetKeyIdentifier(v string) *StopKeyUsageInput {
	s.KeyIdentifier = &v
	return s
}

type StopKeyUsageOutput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key.
	//
	// Key is a required field
	Key *Key `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StopKeyUsageOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StopKeyUsageOutput) GoString() string {
	return s.String()
}

// SetKey sets the Key field's value.
func (s *StopKeyUsageOutput) SetKey(v *Key) *StopKeyUsageOutput {
	s.Key = v
	return s
}

// A structure that contains information about a tag.
type Tag struct {
	_ struct{} `type:"structure"`

	// The key of the tag.
	//
	// Key is a required field
	Key *string `min:"1" type:"string" required:"true"`

	// The value of the tag.
	Value *string `type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Tag) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Tag) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *Tag) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "Tag"}
	if s.Key == nil {
		invalidParams.Add(request.NewErrParamRequired("Key"))
	}
	if s.Key != nil && len(*s.Key) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetKey sets the Key field's value.
func (s *Tag) SetKey(v string) *Tag {
	s.Key = &v
	return s
}

// SetValue sets the Value field's value.
func (s *Tag) SetValue(v string) *Tag {
	s.Value = &v
	return s
}

type TagResourceInput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key whose tags are being updated.
	//
	// ResourceArn is a required field
	ResourceArn *string `min:"70" type:"string" required:"true"`

	// One or more tags. Each tag consists of a tag key and a tag value. The tag
	// value can be an empty (null) string. You can't have more than one tag on
	// an Amazon Web Services Payment Cryptography key with the same tag key. If
	// you specify an existing tag key with a different tag value, Amazon Web Services
	// Payment Cryptography replaces the current tag value with the new one.
	//
	// Don't include confidential or sensitive information in this field. This field
	// may be displayed in plaintext in CloudTrail logs and other output.
	//
	// To use this parameter, you must have TagResource permission in an IAM policy.
	//
	// Don't include confidential or sensitive information in this field. This field
	// may be displayed in plaintext in CloudTrail logs and other output.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TagResourceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
	if s.ResourceArn == nil {
		invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
	}
	if s.ResourceArn != nil && len(*s.ResourceArn) < 70 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 70))
	}
	if s.Tags == nil {
		invalidParams.Add(request.NewErrParamRequired("Tags"))
	}
	if s.Tags != nil {
		for i, v := range s.Tags {
			if v == nil {
				continue
			}
			if err := v.Validate(); err != nil {
				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
			}
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetResourceArn sets the ResourceArn field's value.
func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput {
	s.ResourceArn = &v
	return s
}

// SetTags sets the Tags field's value.
func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput {
	s.Tags = v
	return s
}

type TagResourceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceOutput) GoString() string {
	return s.String()
}

// The request was denied due to request throttling.
type ThrottlingException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ThrottlingException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ThrottlingException) GoString() string {
	return s.String()
}

func newErrorThrottlingException(v protocol.ResponseMetadata) error {
	return &ThrottlingException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ThrottlingException) Code() string {
	return "ThrottlingException"
}

// Message returns the exception's message.
func (s *ThrottlingException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ThrottlingException) OrigErr() error {
	return nil
}

func (s *ThrottlingException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ThrottlingException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ThrottlingException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Parameter information for trusted public key certificate import.
type TrustedCertificatePublicKey struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the root public key certificate or certificate chain that signs
	// the trusted public key certificate import.
	//
	// CertificateAuthorityPublicKeyIdentifier is a required field
	CertificateAuthorityPublicKeyIdentifier *string `min:"7" type:"string" required:"true"`

	// The role of the key, the algorithm it supports, and the cryptographic operations
	// allowed with the key. This data is immutable after a trusted public key is
	// imported.
	//
	// KeyAttributes is a required field
	KeyAttributes *KeyAttributes `type:"structure" required:"true"`

	// Parameter information for trusted public key certificate import.
	//
	// PublicKeyCertificate is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by TrustedCertificatePublicKey's
	// String and GoString methods.
	//
	// PublicKeyCertificate is a required field
	PublicKeyCertificate *string `min:"1" type:"string" required:"true" sensitive:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TrustedCertificatePublicKey) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TrustedCertificatePublicKey) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *TrustedCertificatePublicKey) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "TrustedCertificatePublicKey"}
	if s.CertificateAuthorityPublicKeyIdentifier == nil {
		invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityPublicKeyIdentifier"))
	}
	if s.CertificateAuthorityPublicKeyIdentifier != nil && len(*s.CertificateAuthorityPublicKeyIdentifier) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityPublicKeyIdentifier", 7))
	}
	if s.KeyAttributes == nil {
		invalidParams.Add(request.NewErrParamRequired("KeyAttributes"))
	}
	if s.PublicKeyCertificate == nil {
		invalidParams.Add(request.NewErrParamRequired("PublicKeyCertificate"))
	}
	if s.PublicKeyCertificate != nil && len(*s.PublicKeyCertificate) < 1 {
		invalidParams.Add(request.NewErrParamMinLen("PublicKeyCertificate", 1))
	}
	if s.KeyAttributes != nil {
		if err := s.KeyAttributes.Validate(); err != nil {
			invalidParams.AddNested("KeyAttributes", err.(request.ErrInvalidParams))
		}
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetCertificateAuthorityPublicKeyIdentifier sets the CertificateAuthorityPublicKeyIdentifier field's value.
func (s *TrustedCertificatePublicKey) SetCertificateAuthorityPublicKeyIdentifier(v string) *TrustedCertificatePublicKey {
	s.CertificateAuthorityPublicKeyIdentifier = &v
	return s
}

// SetKeyAttributes sets the KeyAttributes field's value.
func (s *TrustedCertificatePublicKey) SetKeyAttributes(v *KeyAttributes) *TrustedCertificatePublicKey {
	s.KeyAttributes = v
	return s
}

// SetPublicKeyCertificate sets the PublicKeyCertificate field's value.
func (s *TrustedCertificatePublicKey) SetPublicKeyCertificate(v string) *TrustedCertificatePublicKey {
	s.PublicKeyCertificate = &v
	return s
}

type UntagResourceInput struct {
	_ struct{} `type:"structure"`

	// The KeyARN of the key whose tags are being removed.
	//
	// ResourceArn is a required field
	ResourceArn *string `min:"70" type:"string" required:"true"`

	// One or more tag keys. Don't include the tag values.
	//
	// If the Amazon Web Services Payment Cryptography key doesn't have the specified
	// tag key, Amazon Web Services Payment Cryptography doesn't throw an exception
	// or return a response. To confirm that the operation succeeded, use the ListTagsForResource
	// operation.
	//
	// TagKeys is a required field
	TagKeys []*string `type:"list" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagResourceInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
	if s.ResourceArn == nil {
		invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
	}
	if s.ResourceArn != nil && len(*s.ResourceArn) < 70 {
		invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 70))
	}
	if s.TagKeys == nil {
		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetResourceArn sets the ResourceArn field's value.
func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput {
	s.ResourceArn = &v
	return s
}

// SetTagKeys sets the TagKeys field's value.
func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
	s.TagKeys = v
	return s
}

type UntagResourceOutput struct {
	_ struct{} `type:"structure"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceOutput) GoString() string {
	return s.String()
}

type UpdateAliasInput struct {
	_ struct{} `type:"structure"`

	// The alias whose associated key is changing.
	//
	// AliasName is a required field
	AliasName *string `min:"7" type:"string" required:"true"`

	// The KeyARN for the key that you are updating or removing from the alias.
	KeyArn *string `min:"70" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAliasInput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAliasInput) GoString() string {
	return s.String()
}

// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateAliasInput) Validate() error {
	invalidParams := request.ErrInvalidParams{Context: "UpdateAliasInput"}
	if s.AliasName == nil {
		invalidParams.Add(request.NewErrParamRequired("AliasName"))
	}
	if s.AliasName != nil && len(*s.AliasName) < 7 {
		invalidParams.Add(request.NewErrParamMinLen("AliasName", 7))
	}
	if s.KeyArn != nil && len(*s.KeyArn) < 70 {
		invalidParams.Add(request.NewErrParamMinLen("KeyArn", 70))
	}

	if invalidParams.Len() > 0 {
		return invalidParams
	}
	return nil
}

// SetAliasName sets the AliasName field's value.
func (s *UpdateAliasInput) SetAliasName(v string) *UpdateAliasInput {
	s.AliasName = &v
	return s
}

// SetKeyArn sets the KeyArn field's value.
func (s *UpdateAliasInput) SetKeyArn(v string) *UpdateAliasInput {
	s.KeyArn = &v
	return s
}

type UpdateAliasOutput struct {
	_ struct{} `type:"structure"`

	// The alias name.
	//
	// Alias is a required field
	Alias *Alias `type:"structure" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAliasOutput) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateAliasOutput) GoString() string {
	return s.String()
}

// SetAlias sets the Alias field's value.
func (s *UpdateAliasOutput) SetAlias(v *Alias) *UpdateAliasOutput {
	s.Alias = v
	return s
}

// The request was denied due to an invalid request error.
type ValidationException struct {
	_            struct{}                  `type:"structure"`
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ValidationException) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ValidationException) GoString() string {
	return s.String()
}

func newErrorValidationException(v protocol.ResponseMetadata) error {
	return &ValidationException{
		RespMetadata: v,
	}
}

// Code returns the exception type name.
func (s *ValidationException) Code() string {
	return "ValidationException"
}

// Message returns the exception's message.
func (s *ValidationException) Message() string {
	if s.Message_ != nil {
		return *s.Message_
	}
	return ""
}

// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ValidationException) OrigErr() error {
	return nil
}

func (s *ValidationException) Error() string {
	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}

// Status code returns the HTTP status code for the request's response error.
func (s *ValidationException) StatusCode() int {
	return s.RespMetadata.StatusCode
}

// RequestID returns the service's response RequestID for request.
func (s *ValidationException) RequestID() string {
	return s.RespMetadata.RequestID
}

// Parameter information for generating a wrapped key using TR-31 or TR-34 standard.
type WrappedKey struct {
	_ struct{} `type:"structure"`

	// Parameter information for generating a wrapped key using TR-31 or TR-34 standard.
	//
	// KeyMaterial is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by WrappedKey's
	// String and GoString methods.
	//
	// KeyMaterial is a required field
	KeyMaterial *string `min:"48" type:"string" required:"true" sensitive:"true"`

	// The key block format of a wrapped key.
	//
	// WrappedKeyMaterialFormat is a required field
	WrappedKeyMaterialFormat *string `type:"string" required:"true" enum:"WrappedKeyMaterialFormat"`

	// The KeyARN of the wrapped key.
	//
	// WrappingKeyArn is a required field
	WrappingKeyArn *string `min:"70" type:"string" required:"true"`
}

// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s WrappedKey) String() string {
	return awsutil.Prettify(s)
}

// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s WrappedKey) GoString() string {
	return s.String()
}

// SetKeyMaterial sets the KeyMaterial field's value.
func (s *WrappedKey) SetKeyMaterial(v string) *WrappedKey {
	s.KeyMaterial = &v
	return s
}

// SetWrappedKeyMaterialFormat sets the WrappedKeyMaterialFormat field's value.
func (s *WrappedKey) SetWrappedKeyMaterialFormat(v string) *WrappedKey {
	s.WrappedKeyMaterialFormat = &v
	return s
}

// SetWrappingKeyArn sets the WrappingKeyArn field's value.
func (s *WrappedKey) SetWrappingKeyArn(v string) *WrappedKey {
	s.WrappingKeyArn = &v
	return s
}

const (
	// KeyAlgorithmTdes2key is a KeyAlgorithm enum value
	KeyAlgorithmTdes2key = "TDES_2KEY"

	// KeyAlgorithmTdes3key is a KeyAlgorithm enum value
	KeyAlgorithmTdes3key = "TDES_3KEY"

	// KeyAlgorithmAes128 is a KeyAlgorithm enum value
	KeyAlgorithmAes128 = "AES_128"

	// KeyAlgorithmAes192 is a KeyAlgorithm enum value
	KeyAlgorithmAes192 = "AES_192"

	// KeyAlgorithmAes256 is a KeyAlgorithm enum value
	KeyAlgorithmAes256 = "AES_256"

	// KeyAlgorithmRsa2048 is a KeyAlgorithm enum value
	KeyAlgorithmRsa2048 = "RSA_2048"

	// KeyAlgorithmRsa3072 is a KeyAlgorithm enum value
	KeyAlgorithmRsa3072 = "RSA_3072"

	// KeyAlgorithmRsa4096 is a KeyAlgorithm enum value
	KeyAlgorithmRsa4096 = "RSA_4096"
)

// KeyAlgorithm_Values returns all elements of the KeyAlgorithm enum
func KeyAlgorithm_Values() []string {
	return []string{
		KeyAlgorithmTdes2key,
		KeyAlgorithmTdes3key,
		KeyAlgorithmAes128,
		KeyAlgorithmAes192,
		KeyAlgorithmAes256,
		KeyAlgorithmRsa2048,
		KeyAlgorithmRsa3072,
		KeyAlgorithmRsa4096,
	}
}

const (
	// KeyCheckValueAlgorithmCmac is a KeyCheckValueAlgorithm enum value
	KeyCheckValueAlgorithmCmac = "CMAC"

	// KeyCheckValueAlgorithmAnsiX924 is a KeyCheckValueAlgorithm enum value
	KeyCheckValueAlgorithmAnsiX924 = "ANSI_X9_24"
)

// KeyCheckValueAlgorithm_Values returns all elements of the KeyCheckValueAlgorithm enum
func KeyCheckValueAlgorithm_Values() []string {
	return []string{
		KeyCheckValueAlgorithmCmac,
		KeyCheckValueAlgorithmAnsiX924,
	}
}

const (
	// KeyClassSymmetricKey is a KeyClass enum value
	KeyClassSymmetricKey = "SYMMETRIC_KEY"

	// KeyClassAsymmetricKeyPair is a KeyClass enum value
	KeyClassAsymmetricKeyPair = "ASYMMETRIC_KEY_PAIR"

	// KeyClassPrivateKey is a KeyClass enum value
	KeyClassPrivateKey = "PRIVATE_KEY"

	// KeyClassPublicKey is a KeyClass enum value
	KeyClassPublicKey = "PUBLIC_KEY"
)

// KeyClass_Values returns all elements of the KeyClass enum
func KeyClass_Values() []string {
	return []string{
		KeyClassSymmetricKey,
		KeyClassAsymmetricKeyPair,
		KeyClassPrivateKey,
		KeyClassPublicKey,
	}
}

const (
	// KeyMaterialTypeTr34KeyBlock is a KeyMaterialType enum value
	KeyMaterialTypeTr34KeyBlock = "TR34_KEY_BLOCK"

	// KeyMaterialTypeTr31KeyBlock is a KeyMaterialType enum value
	KeyMaterialTypeTr31KeyBlock = "TR31_KEY_BLOCK"

	// KeyMaterialTypeRootPublicKeyCertificate is a KeyMaterialType enum value
	KeyMaterialTypeRootPublicKeyCertificate = "ROOT_PUBLIC_KEY_CERTIFICATE"

	// KeyMaterialTypeTrustedPublicKeyCertificate is a KeyMaterialType enum value
	KeyMaterialTypeTrustedPublicKeyCertificate = "TRUSTED_PUBLIC_KEY_CERTIFICATE"
)

// KeyMaterialType_Values returns all elements of the KeyMaterialType enum
func KeyMaterialType_Values() []string {
	return []string{
		KeyMaterialTypeTr34KeyBlock,
		KeyMaterialTypeTr31KeyBlock,
		KeyMaterialTypeRootPublicKeyCertificate,
		KeyMaterialTypeTrustedPublicKeyCertificate,
	}
}

// Defines the source of a key
const (
	// KeyOriginExternal is a KeyOrigin enum value
	KeyOriginExternal = "EXTERNAL"

	// KeyOriginAwsPaymentCryptography is a KeyOrigin enum value
	KeyOriginAwsPaymentCryptography = "AWS_PAYMENT_CRYPTOGRAPHY"
)

// KeyOrigin_Values returns all elements of the KeyOrigin enum
func KeyOrigin_Values() []string {
	return []string{
		KeyOriginExternal,
		KeyOriginAwsPaymentCryptography,
	}
}

// Defines the state of a key
const (
	// KeyStateCreateInProgress is a KeyState enum value
	KeyStateCreateInProgress = "CREATE_IN_PROGRESS"

	// KeyStateCreateComplete is a KeyState enum value
	KeyStateCreateComplete = "CREATE_COMPLETE"

	// KeyStateDeletePending is a KeyState enum value
	KeyStateDeletePending = "DELETE_PENDING"

	// KeyStateDeleteComplete is a KeyState enum value
	KeyStateDeleteComplete = "DELETE_COMPLETE"
)

// KeyState_Values returns all elements of the KeyState enum
func KeyState_Values() []string {
	return []string{
		KeyStateCreateInProgress,
		KeyStateCreateComplete,
		KeyStateDeletePending,
		KeyStateDeleteComplete,
	}
}

const (
	// KeyUsageTr31B0BaseDerivationKey is a KeyUsage enum value
	KeyUsageTr31B0BaseDerivationKey = "TR31_B0_BASE_DERIVATION_KEY"

	// KeyUsageTr31C0CardVerificationKey is a KeyUsage enum value
	KeyUsageTr31C0CardVerificationKey = "TR31_C0_CARD_VERIFICATION_KEY"

	// KeyUsageTr31D0SymmetricDataEncryptionKey is a KeyUsage enum value
	KeyUsageTr31D0SymmetricDataEncryptionKey = "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY"

	// KeyUsageTr31D1AsymmetricKeyForDataEncryption is a KeyUsage enum value
	KeyUsageTr31D1AsymmetricKeyForDataEncryption = "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION"

	// KeyUsageTr31E0EmvMkeyAppCryptograms is a KeyUsage enum value
	KeyUsageTr31E0EmvMkeyAppCryptograms = "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS"

	// KeyUsageTr31E1EmvMkeyConfidentiality is a KeyUsage enum value
	KeyUsageTr31E1EmvMkeyConfidentiality = "TR31_E1_EMV_MKEY_CONFIDENTIALITY"

	// KeyUsageTr31E2EmvMkeyIntegrity is a KeyUsage enum value
	KeyUsageTr31E2EmvMkeyIntegrity = "TR31_E2_EMV_MKEY_INTEGRITY"

	// KeyUsageTr31E4EmvMkeyDynamicNumbers is a KeyUsage enum value
	KeyUsageTr31E4EmvMkeyDynamicNumbers = "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS"

	// KeyUsageTr31E5EmvMkeyCardPersonalization is a KeyUsage enum value
	KeyUsageTr31E5EmvMkeyCardPersonalization = "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION"

	// KeyUsageTr31E6EmvMkeyOther is a KeyUsage enum value
	KeyUsageTr31E6EmvMkeyOther = "TR31_E6_EMV_MKEY_OTHER"

	// KeyUsageTr31K0KeyEncryptionKey is a KeyUsage enum value
	KeyUsageTr31K0KeyEncryptionKey = "TR31_K0_KEY_ENCRYPTION_KEY"

	// KeyUsageTr31K1KeyBlockProtectionKey is a KeyUsage enum value
	KeyUsageTr31K1KeyBlockProtectionKey = "TR31_K1_KEY_BLOCK_PROTECTION_KEY"

	// KeyUsageTr31K3AsymmetricKeyForKeyAgreement is a KeyUsage enum value
	KeyUsageTr31K3AsymmetricKeyForKeyAgreement = "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT"

	// KeyUsageTr31M3Iso97973MacKey is a KeyUsage enum value
	KeyUsageTr31M3Iso97973MacKey = "TR31_M3_ISO_9797_3_MAC_KEY"

	// KeyUsageTr31M6Iso97975CmacKey is a KeyUsage enum value
	KeyUsageTr31M6Iso97975CmacKey = "TR31_M6_ISO_9797_5_CMAC_KEY"

	// KeyUsageTr31M7HmacKey is a KeyUsage enum value
	KeyUsageTr31M7HmacKey = "TR31_M7_HMAC_KEY"

	// KeyUsageTr31P0PinEncryptionKey is a KeyUsage enum value
	KeyUsageTr31P0PinEncryptionKey = "TR31_P0_PIN_ENCRYPTION_KEY"

	// KeyUsageTr31P1PinGenerationKey is a KeyUsage enum value
	KeyUsageTr31P1PinGenerationKey = "TR31_P1_PIN_GENERATION_KEY"

	// KeyUsageTr31S0AsymmetricKeyForDigitalSignature is a KeyUsage enum value
	KeyUsageTr31S0AsymmetricKeyForDigitalSignature = "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE"

	// KeyUsageTr31V1Ibm3624PinVerificationKey is a KeyUsage enum value
	KeyUsageTr31V1Ibm3624PinVerificationKey = "TR31_V1_IBM3624_PIN_VERIFICATION_KEY"

	// KeyUsageTr31V2VisaPinVerificationKey is a KeyUsage enum value
	KeyUsageTr31V2VisaPinVerificationKey = "TR31_V2_VISA_PIN_VERIFICATION_KEY"

	// KeyUsageTr31K2Tr34AsymmetricKey is a KeyUsage enum value
	KeyUsageTr31K2Tr34AsymmetricKey = "TR31_K2_TR34_ASYMMETRIC_KEY"
)

// KeyUsage_Values returns all elements of the KeyUsage enum
func KeyUsage_Values() []string {
	return []string{
		KeyUsageTr31B0BaseDerivationKey,
		KeyUsageTr31C0CardVerificationKey,
		KeyUsageTr31D0SymmetricDataEncryptionKey,
		KeyUsageTr31D1AsymmetricKeyForDataEncryption,
		KeyUsageTr31E0EmvMkeyAppCryptograms,
		KeyUsageTr31E1EmvMkeyConfidentiality,
		KeyUsageTr31E2EmvMkeyIntegrity,
		KeyUsageTr31E4EmvMkeyDynamicNumbers,
		KeyUsageTr31E5EmvMkeyCardPersonalization,
		KeyUsageTr31E6EmvMkeyOther,
		KeyUsageTr31K0KeyEncryptionKey,
		KeyUsageTr31K1KeyBlockProtectionKey,
		KeyUsageTr31K3AsymmetricKeyForKeyAgreement,
		KeyUsageTr31M3Iso97973MacKey,
		KeyUsageTr31M6Iso97975CmacKey,
		KeyUsageTr31M7HmacKey,
		KeyUsageTr31P0PinEncryptionKey,
		KeyUsageTr31P1PinGenerationKey,
		KeyUsageTr31S0AsymmetricKeyForDigitalSignature,
		KeyUsageTr31V1Ibm3624PinVerificationKey,
		KeyUsageTr31V2VisaPinVerificationKey,
		KeyUsageTr31K2Tr34AsymmetricKey,
	}
}

const (
	// Tr34KeyBlockFormatX9Tr342012 is a Tr34KeyBlockFormat enum value
	Tr34KeyBlockFormatX9Tr342012 = "X9_TR34_2012"
)

// Tr34KeyBlockFormat_Values returns all elements of the Tr34KeyBlockFormat enum
func Tr34KeyBlockFormat_Values() []string {
	return []string{
		Tr34KeyBlockFormatX9Tr342012,
	}
}

const (
	// WrappedKeyMaterialFormatKeyCryptogram is a WrappedKeyMaterialFormat enum value
	WrappedKeyMaterialFormatKeyCryptogram = "KEY_CRYPTOGRAM"

	// WrappedKeyMaterialFormatTr31KeyBlock is a WrappedKeyMaterialFormat enum value
	WrappedKeyMaterialFormatTr31KeyBlock = "TR31_KEY_BLOCK"

	// WrappedKeyMaterialFormatTr34KeyBlock is a WrappedKeyMaterialFormat enum value
	WrappedKeyMaterialFormatTr34KeyBlock = "TR34_KEY_BLOCK"
)

// WrappedKeyMaterialFormat_Values returns all elements of the WrappedKeyMaterialFormat enum
func WrappedKeyMaterialFormat_Values() []string {
	return []string{
		WrappedKeyMaterialFormatKeyCryptogram,
		WrappedKeyMaterialFormatTr31KeyBlock,
		WrappedKeyMaterialFormatTr34KeyBlock,
	}
}