github.com/aldelo/common@v1.5.1/wrapper/apc/keycontrol.go (about) 1 package apc 2 3 /* 4 * Copyright 2020-2023 Aldelo, LP 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 19 // ================================================================================================================= 20 // AWS CREDENTIAL: 21 // use $> aws configure (to set aws access key and secret to target machine) 22 // Store AWS Access ID and Secret Key into Default Profile Using '$ aws configure' cli 23 // 24 // To Install & Setup AWS CLI on Host: 25 // 1) https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html 26 // On Ubuntu, if host does not have zip and unzip: 27 // $> sudo apt install zip 28 // $> sudo apt install unzip 29 // On Ubuntu, to install AWS CLI v2: 30 // $> curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" 31 // $> unzip awscliv2.zip 32 // $> sudo ./aws/install 33 // 2) $> aws configure set region awsRegionName --profile default 34 // 3) $> aws configure 35 // follow prompts to enter Access ID and Secret Key 36 // 37 // AWS Region Name Reference: 38 // us-west-2, us-east-1, ap-northeast-1, etc 39 // See: https://docs.aws.amazon.com/general/latest/gr/rande.html 40 // ================================================================================================================= 41 42 import ( 43 "context" 44 "errors" 45 awshttp2 "github.com/aldelo/common/wrapper/aws" 46 "github.com/aldelo/common/wrapper/aws/awsregion" 47 "github.com/aldelo/common/wrapper/xray" 48 "github.com/aws/aws-sdk-go/aws" 49 "github.com/aws/aws-sdk-go/aws/session" 50 pycrypto "github.com/aws/aws-sdk-go/service/paymentcryptography" 51 awsxray "github.com/aws/aws-xray-sdk-go/xray" 52 "net/http" 53 ) 54 55 // ================================================================================================================ 56 // STRUCTS 57 // ================================================================================================================ 58 59 // PaymentCryptography struct encapsulates the AWS PaymentCryptography access functionality 60 type PaymentCryptography struct { 61 // define the AWS region that PaymentCryptography is located at 62 AwsRegion awsregion.AWSRegion 63 64 // custom http2 client options 65 HttpOptions *awshttp2.HttpClientSettings 66 67 // store aws session object 68 sess *session.Session 69 70 // store PaymentCryptography client object 71 pycClient *pycrypto.PaymentCryptography 72 73 _parentSegment *xray.XRayParentSegment 74 } 75 76 // ================================================================================================================ 77 // STRUCTS FUNCTIONS 78 // ================================================================================================================ 79 80 // ---------------------------------------------------------------------------------------------------------------- 81 // utility functions 82 // ---------------------------------------------------------------------------------------------------------------- 83 84 // Connect will establish a connection to the PaymentCryptography service 85 func (k *PaymentCryptography) Connect(parentSegment ...*xray.XRayParentSegment) (err error) { 86 if xray.XRayServiceOn() { 87 if len(parentSegment) > 0 { 88 k._parentSegment = parentSegment[0] 89 } 90 91 seg := xray.NewSegment("PaymentCryptography-Connect", k._parentSegment) 92 defer seg.Close() 93 defer func() { 94 _ = seg.Seg.AddMetadata("KDS-AWS-Region", k.AwsRegion) 95 96 if err != nil { 97 _ = seg.Seg.AddError(err) 98 } 99 }() 100 101 err = k.connectInternal() 102 103 if err == nil { 104 awsxray.AWS(k.pycClient.Client) 105 } 106 107 return err 108 } else { 109 return k.connectInternal() 110 } 111 } 112 113 // Connect will establish a connection to the PaymentCryptography service 114 func (k *PaymentCryptography) connectInternal() error { 115 // clean up prior session reference 116 k.sess = nil 117 118 if !k.AwsRegion.Valid() || k.AwsRegion == awsregion.UNKNOWN { 119 return errors.New("Connect To PaymentCryptography Failed: (AWS Session Error) " + "Region is Required") 120 } 121 122 // create custom http2 client if needed 123 var httpCli *http.Client 124 var httpErr error 125 126 if k.HttpOptions == nil { 127 k.HttpOptions = new(awshttp2.HttpClientSettings) 128 } 129 130 // use custom http2 client 131 h2 := &awshttp2.AwsHttp2Client{ 132 Options: k.HttpOptions, 133 } 134 135 if httpCli, httpErr = h2.NewHttp2Client(); httpErr != nil { 136 return errors.New("Connect to PaymentCryptography Failed: (AWS Session Error) " + "Create Custom Http2 Client Errored = " + httpErr.Error()) 137 } 138 139 // establish aws session connection and keep session object in struct 140 if sess, err := session.NewSession( 141 &aws.Config{ 142 Region: aws.String(k.AwsRegion.Key()), 143 HTTPClient: httpCli, 144 }); err != nil { 145 // aws session error 146 return errors.New("Connect To PaymentCryptography Failed: (AWS Session Error) " + err.Error()) 147 } else { 148 // aws session obtained 149 k.sess = sess 150 151 // create cached objects for shared use 152 k.pycClient = pycrypto.New(k.sess) 153 154 if k.pycClient == nil { 155 return errors.New("Connect To PaymentCryptography Client Failed: (New PaymentCryptography Client Connection) " + "Connection Object Nil") 156 } 157 158 // session stored to struct 159 return nil 160 } 161 } 162 163 // Disconnect will disjoin from aws session by clearing it 164 func (k *PaymentCryptography) Disconnect() { 165 k.pycClient = nil 166 k.sess = nil 167 } 168 169 // UpdateParentSegment updates this struct's xray parent segment, if no parent segment, set nil 170 func (k *PaymentCryptography) UpdateParentSegment(parentSegment *xray.XRayParentSegment) { 171 k._parentSegment = parentSegment 172 } 173 174 // ---------------------------------------------------------------------------------------------------------------- 175 // PaymentCryptography Generate Key, support AES_256, RSA_2048, RSA_4096 176 // ---------------------------------------------------------------------------------------------------------------- 177 178 // GenerateRSA2048 generates an RSA key of 2048 bits 179 func (k *PaymentCryptography) GenerateRSA2048() (keyArn string, err error) { 180 return k.generateRSAKey(pycrypto.KeyAlgorithmRsa2048) 181 } 182 183 // GenerateRSA4096 generates an RSA key of 4096 bits 184 func (k *PaymentCryptography) GenerateRSA4096() (keyArn string, err error) { 185 return k.generateRSAKey(pycrypto.KeyAlgorithmRsa4096) 186 } 187 188 // generateRSAKey KeyAlgorithm: AES_256, RSA_2048, RSA_4096 189 func (k *PaymentCryptography) generateRSAKey(KeyAlgorithm string) (keyArn string, err error) { 190 var segCtx context.Context 191 segCtx = nil 192 193 seg := xray.NewSegmentNullable("PaymentCryptography-generateRSAKey", k._parentSegment) 194 if seg != nil { 195 segCtx = seg.Ctx 196 197 defer seg.Close() 198 defer func() { 199 200 if err != nil { 201 _ = seg.Seg.AddError(err) 202 } 203 }() 204 } 205 206 // validate 207 if k.pycClient == nil { 208 err = errors.New("generateRSAKey with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 209 return "", err 210 } 211 // prepare key info 212 dataKeyInput := pycrypto.CreateKeyInput{ 213 Enabled: aws.Bool(true), 214 Exportable: aws.Bool(false), 215 KeyAttributes: &pycrypto.KeyAttributes{ 216 KeyAlgorithm: aws.String(KeyAlgorithm), 217 KeyClass: aws.String(pycrypto.KeyClassAsymmetricKeyPair), 218 KeyModesOfUse: &pycrypto.KeyModesOfUse{ 219 Decrypt: aws.Bool(true), 220 DeriveKey: nil, 221 Encrypt: aws.Bool(true), 222 Generate: nil, 223 NoRestrictions: nil, 224 Sign: nil, 225 Unwrap: aws.Bool(true), 226 Verify: nil, 227 Wrap: aws.Bool(true), 228 }, 229 KeyUsage: aws.String(pycrypto.KeyUsageTr31D1AsymmetricKeyForDataEncryption), 230 }, 231 KeyCheckValueAlgorithm: nil, 232 Tags: nil, 233 } 234 235 // generate data key 236 var dataKeyOutput *pycrypto.CreateKeyOutput 237 var e error 238 239 if segCtx == nil { 240 dataKeyOutput, e = k.pycClient.CreateKey(&dataKeyInput) 241 } else { 242 dataKeyOutput, e = k.pycClient.CreateKeyWithContext(segCtx, &dataKeyInput) 243 } 244 245 if e != nil { 246 err = errors.New("generateRSAKey with PaymentCryptography Failed: (Gen Data Key) " + e.Error()) 247 return "", err 248 } 249 250 if dataKeyOutput.Key != nil { 251 keyArn = aws.StringValue(dataKeyOutput.Key.KeyArn) 252 } 253 254 return keyArn, nil 255 } 256 257 // GenerateAES256Key generates an AES key of 256 bits 258 func (k *PaymentCryptography) GenerateAES256Key() (keyArn string, err error) { 259 var segCtx context.Context 260 segCtx = nil 261 262 seg := xray.NewSegmentNullable("PaymentCryptography-GenerateAES256Key", k._parentSegment) 263 if seg != nil { 264 segCtx = seg.Ctx 265 266 defer seg.Close() 267 defer func() { 268 269 if err != nil { 270 _ = seg.Seg.AddError(err) 271 } 272 }() 273 } 274 275 // validate 276 if k.pycClient == nil { 277 err = errors.New("GenerateAES256Key with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 278 return "", err 279 } 280 281 // prepare key info 282 dataKeyInput := pycrypto.CreateKeyInput{ 283 Enabled: aws.Bool(true), 284 Exportable: aws.Bool(false), 285 KeyAttributes: &pycrypto.KeyAttributes{ 286 KeyAlgorithm: aws.String(pycrypto.KeyAlgorithmAes256), 287 KeyClass: aws.String(pycrypto.KeyClassSymmetricKey), 288 KeyModesOfUse: &pycrypto.KeyModesOfUse{ 289 Decrypt: aws.Bool(true), 290 DeriveKey: nil, 291 Encrypt: aws.Bool(true), 292 Generate: nil, 293 NoRestrictions: nil, 294 Sign: nil, 295 Unwrap: aws.Bool(true), 296 Verify: nil, 297 Wrap: aws.Bool(true), 298 }, 299 KeyUsage: aws.String(pycrypto.KeyUsageTr31D0SymmetricDataEncryptionKey), 300 }, 301 KeyCheckValueAlgorithm: nil, 302 Tags: nil, 303 } 304 305 // generate data key 306 var dataKeyOutput *pycrypto.CreateKeyOutput 307 var e error 308 309 if segCtx == nil { 310 dataKeyOutput, e = k.pycClient.CreateKey(&dataKeyInput) 311 } else { 312 dataKeyOutput, e = k.pycClient.CreateKeyWithContext(segCtx, &dataKeyInput) 313 } 314 315 if e != nil { 316 err = errors.New("GenerateAES256Key with PaymentCryptography Failed: (Gen Data Key) " + e.Error()) 317 return "", err 318 } 319 320 if dataKeyOutput.Key != nil { 321 keyArn = aws.StringValue(dataKeyOutput.Key.KeyArn) 322 } 323 324 return keyArn, nil 325 } 326 327 // GetRSAPublicKey retrieves the RSA public key by using the keyArn, cert & certChain is a base64 string 328 func (k *PaymentCryptography) GetRSAPublicKey(keyArn string) (cert, certChain string, err error) { 329 330 var segCtx context.Context 331 segCtx = nil 332 333 seg := xray.NewSegmentNullable("PaymentCryptography-GetRSAPublicKey", k._parentSegment) 334 if seg != nil { 335 segCtx = seg.Ctx 336 337 defer seg.Close() 338 defer func() { 339 340 if err != nil { 341 _ = seg.Seg.AddError(err) 342 } 343 }() 344 } 345 346 // validate 347 if k.pycClient == nil { 348 err = errors.New("GetRSAPublicKey with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 349 return "", "", err 350 } 351 352 if keyArn == "" { 353 err = errors.New("GetRSAPublicKey with PaymentCryptography Failed: (Validate keyArn error) ") 354 return "", "", err 355 } 356 357 var publicKeyOutput *pycrypto.GetPublicKeyCertificateOutput 358 var e error 359 pbKeyInput := &pycrypto.GetPublicKeyCertificateInput{ 360 KeyIdentifier: aws.String(keyArn), 361 } 362 363 if segCtx == nil { 364 publicKeyOutput, e = k.pycClient.GetPublicKeyCertificate(pbKeyInput) 365 } else { 366 publicKeyOutput, e = k.pycClient.GetPublicKeyCertificateWithContext(segCtx, pbKeyInput) 367 } 368 369 if e != nil { 370 err = errors.New("GetRSAPublicKey with PaymentCryptography Failed: (Get Data Key) " + e.Error()) 371 return "", "", err 372 } 373 return aws.StringValue(publicKeyOutput.KeyCertificate), aws.StringValue(publicKeyOutput.KeyCertificateChain), nil 374 } 375 376 // SetKeyAlias KeyAliasName is used as an alias for keyArn 377 func (k *PaymentCryptography) SetKeyAlias(keyArn, KeyAliasName string) (respAliasName string, err error) { 378 379 var segCtx context.Context 380 segCtx = nil 381 382 seg := xray.NewSegmentNullable("PaymentCryptography-SetKeyAlias", k._parentSegment) 383 if seg != nil { 384 segCtx = seg.Ctx 385 386 defer seg.Close() 387 defer func() { 388 389 if err != nil { 390 _ = seg.Seg.AddError(err) 391 } 392 }() 393 } 394 395 // validate 396 if k.pycClient == nil { 397 err = errors.New("SetKeyAlias with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 398 return "", err 399 } 400 401 if keyArn == "" { 402 err = errors.New("SetKeyAlias with PaymentCryptography Failed: (keyArn is empty) ") 403 return 404 } 405 if KeyAliasName == "" { 406 err = errors.New("SetKeyAlias with PaymentCryptography Failed: (KeyAliasName is empty) ") 407 return 408 } 409 410 keyId := "alias/" + KeyAliasName 411 aliasInput := pycrypto.CreateAliasInput{ 412 AliasName: aws.String(keyId), 413 KeyArn: aws.String(keyArn), 414 } 415 416 // generate alias 417 var aliasKeyOutput *pycrypto.CreateAliasOutput 418 var e error 419 420 if segCtx == nil { 421 aliasKeyOutput, e = k.pycClient.CreateAlias(&aliasInput) 422 } else { 423 aliasKeyOutput, e = k.pycClient.CreateAliasWithContext(segCtx, &aliasInput) 424 } 425 if e != nil { 426 err = errors.New("SetKeyAlias with PaymentCryptography Failed: (CreateAlias) " + e.Error()) 427 return 428 } 429 if aliasKeyOutput != nil { 430 if aliasKeyOutput.Alias != nil { 431 respAliasName = aws.StringValue(aliasKeyOutput.Alias.AliasName) 432 } 433 } 434 435 return respAliasName, nil 436 } 437 438 func (k *PaymentCryptography) ImportRootCAPublicKey(publicKey string) (keyArn string, err error) { 439 440 var segCtx context.Context 441 segCtx = nil 442 443 seg := xray.NewSegmentNullable("PaymentCryptography-ImportRootCAPublicKey", k._parentSegment) 444 if seg != nil { 445 segCtx = seg.Ctx 446 447 defer seg.Close() 448 defer func() { 449 450 if err != nil { 451 _ = seg.Seg.AddError(err) 452 } 453 }() 454 } 455 456 // validate 457 if k.pycClient == nil { 458 err = errors.New("ImportRootCAPublicKey with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 459 return "", err 460 } 461 462 if publicKey == "" { 463 err = errors.New("ImportRootCAPublicKey with PaymentCryptography Failed: (publicKey is empty) ") 464 return 465 } 466 467 imInput := &pycrypto.ImportKeyInput{ 468 Enabled: aws.Bool(true), 469 KeyCheckValueAlgorithm: nil, 470 KeyMaterial: &pycrypto.ImportKeyMaterial{ 471 RootCertificatePublicKey: &pycrypto.RootCertificatePublicKey{ 472 KeyAttributes: &pycrypto.KeyAttributes{ 473 KeyAlgorithm: aws.String(pycrypto.KeyAlgorithmRsa2048), 474 KeyClass: aws.String(pycrypto.KeyClassPublicKey), 475 KeyModesOfUse: &pycrypto.KeyModesOfUse{ 476 Verify: aws.Bool(true), 477 }, 478 KeyUsage: aws.String(pycrypto.KeyUsageTr31S0AsymmetricKeyForDigitalSignature), 479 }, 480 PublicKeyCertificate: aws.String(publicKey), 481 }, 482 }, 483 Tags: nil, 484 } 485 var imOutput *pycrypto.ImportKeyOutput 486 var e error 487 if segCtx == nil { 488 imOutput, e = k.pycClient.ImportKey(imInput) 489 } else { 490 imOutput, e = k.pycClient.ImportKeyWithContext(segCtx, imInput) 491 } 492 493 if e != nil { 494 return "", e 495 } 496 if imOutput != nil { 497 if imOutput.Key != nil { 498 keyArn = aws.StringValue(imOutput.Key.KeyArn) 499 } 500 } 501 502 return 503 } 504 505 func (k *PaymentCryptography) ImportKEKey(capkArn, imToken, signCA, keyBlock, nonce string) (keyArn string, err error) { 506 var segCtx context.Context 507 segCtx = nil 508 509 seg := xray.NewSegmentNullable("PaymentCryptography-ImportKEKey", k._parentSegment) 510 if seg != nil { 511 segCtx = seg.Ctx 512 513 defer seg.Close() 514 defer func() { 515 516 if err != nil { 517 _ = seg.Seg.AddError(err) 518 } 519 }() 520 } 521 522 // validate 523 if k.pycClient == nil { 524 err = errors.New("ImportKEKey with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 525 return "", err 526 } 527 if capkArn == "" || imToken == "" || signCA == "" || keyBlock == "" || nonce == "" { 528 err = errors.New("ImportKEKey with PaymentCryptography Failed: (one of capkArn, imToken, signCA, keyBlock, nonce is empty) ") 529 return 530 } 531 532 imInput := &pycrypto.ImportKeyInput{ 533 Enabled: aws.Bool(true), 534 KeyCheckValueAlgorithm: nil, 535 KeyMaterial: &pycrypto.ImportKeyMaterial{ 536 RootCertificatePublicKey: nil, 537 Tr31KeyBlock: nil, 538 Tr34KeyBlock: &pycrypto.ImportTr34KeyBlock{ 539 CertificateAuthorityPublicKeyIdentifier: aws.String(capkArn), //import root ca 540 ImportToken: aws.String(imToken), 541 KeyBlockFormat: aws.String(pycrypto.Tr34KeyBlockFormatX9Tr342012), 542 RandomNonce: aws.String(signCA), 543 SigningKeyCertificate: aws.String(keyBlock), //public key ca for sign 544 WrappedKeyBlock: aws.String(nonce), //TR-34.2012 non-CMS two pass format 545 }, 546 TrustedCertificatePublicKey: nil, 547 }, 548 Tags: nil, 549 } 550 551 var imOutput *pycrypto.ImportKeyOutput 552 var e error 553 if segCtx == nil { 554 imOutput, err = k.pycClient.ImportKey(imInput) 555 } else { 556 imOutput, err = k.pycClient.ImportKeyWithContext(segCtx, imInput) 557 } 558 559 if e != nil { 560 return "", e 561 } 562 563 if imOutput != nil { 564 if imOutput.Key != nil { 565 keyArn = aws.StringValue(imOutput.Key.KeyArn) 566 } 567 } 568 569 return 570 } 571 572 func (k *PaymentCryptography) ImportTR31Key(keyBlock, warpKeyArn string) (keyArn string, err error) { 573 574 var segCtx context.Context 575 segCtx = nil 576 577 seg := xray.NewSegmentNullable("PaymentCryptography-ImportTR31Key", k._parentSegment) 578 if seg != nil { 579 segCtx = seg.Ctx 580 581 defer seg.Close() 582 defer func() { 583 584 if err != nil { 585 _ = seg.Seg.AddError(err) 586 } 587 }() 588 } 589 590 // validate 591 if k.pycClient == nil { 592 err = errors.New("ImportTR31Key with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 593 return "", err 594 } 595 if keyBlock == "" { 596 err = errors.New("ImportTR31Key with PaymentCryptography Failed: (keyBlock is empty) ") 597 return 598 } 599 if warpKeyArn == "" { 600 err = errors.New("ImportTR31Key with PaymentCryptography Failed: (warpKeyArn is empty) ") 601 return 602 } 603 604 imInput := &pycrypto.ImportKeyInput{ 605 Enabled: aws.Bool(true), 606 KeyCheckValueAlgorithm: nil, 607 KeyMaterial: &pycrypto.ImportKeyMaterial{ 608 RootCertificatePublicKey: nil, 609 Tr31KeyBlock: &pycrypto.ImportTr31KeyBlock{ 610 WrappedKeyBlock: aws.String(keyBlock), 611 WrappingKeyIdentifier: aws.String(warpKeyArn), 612 }, 613 }, 614 Tags: nil, 615 } 616 617 var imOutput *pycrypto.ImportKeyOutput 618 var e error 619 if segCtx == nil { 620 imOutput, err = k.pycClient.ImportKey(imInput) 621 } else { 622 imOutput, err = k.pycClient.ImportKeyWithContext(segCtx, imInput) 623 } 624 if e != nil { 625 return "", e 626 } 627 628 if imOutput != nil { 629 if imOutput.Key != nil { 630 keyArn = aws.StringValue(imOutput.Key.KeyArn) 631 } 632 } 633 634 return 635 } 636 637 func (k *PaymentCryptography) GetParamsForImportKEKey() (cert, certChain, token string, err error) { 638 639 var segCtx context.Context 640 segCtx = nil 641 642 seg := xray.NewSegmentNullable("PaymentCryptography-GetParamsForImportKEKey", k._parentSegment) 643 if seg != nil { 644 segCtx = seg.Ctx 645 646 defer seg.Close() 647 defer func() { 648 649 if err != nil { 650 _ = seg.Seg.AddError(err) 651 } 652 }() 653 } 654 655 // validate 656 if k.pycClient == nil { 657 err = errors.New("GetParamsForImportKEKey with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 658 return "", "", "", err 659 } 660 661 pmsInput := &pycrypto.GetParametersForImportInput{ 662 KeyMaterialType: aws.String(pycrypto.KeyMaterialTypeTr34KeyBlock), 663 WrappingKeyAlgorithm: aws.String(pycrypto.KeyAlgorithmRsa2048), 664 } 665 666 var pmsOutput *pycrypto.GetParametersForImportOutput 667 var e error 668 if segCtx == nil { 669 pmsOutput, e = k.pycClient.GetParametersForImport(pmsInput) 670 } else { 671 pmsOutput, e = k.pycClient.GetParametersForImportWithContext(segCtx, pmsInput) 672 } 673 if e != nil { 674 return "", "", "", e 675 } 676 677 if pmsOutput != nil { 678 token = aws.StringValue(pmsOutput.ImportToken) 679 cert = aws.StringValue(pmsOutput.WrappingKeyCertificate) 680 certChain = aws.StringValue(pmsOutput.WrappingKeyCertificateChain) 681 } 682 return 683 } 684 685 func (k *PaymentCryptography) ListAlias() (output *pycrypto.ListAliasesOutput, err error) { 686 // validate 687 if k.pycClient == nil { 688 err = errors.New("ListAlias with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 689 return nil, err 690 } 691 692 // generate alias 693 var aliasInput *pycrypto.ListAliasesInput 694 var aliasOutput *pycrypto.ListAliasesOutput 695 var e error 696 697 aliasOutput, e = k.pycClient.ListAliases(aliasInput) 698 699 if e != nil { 700 err = errors.New("ListAlias with PaymentCryptography Failed: (ListAlias) " + e.Error()) 701 return 702 } 703 return aliasOutput, nil 704 } 705 706 func (k *PaymentCryptography) ListKeys() (output *pycrypto.ListKeysOutput, err error) { 707 // validate 708 if k.pycClient == nil { 709 err = errors.New("ListKeys with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 710 return nil, err 711 } 712 713 // generate alias 714 var aliasInput *pycrypto.ListKeysInput 715 var aliasOutput *pycrypto.ListKeysOutput 716 var e error 717 718 aliasOutput, e = k.pycClient.ListKeys(aliasInput) 719 720 if e != nil { 721 err = errors.New("ListKeys with PaymentCryptography Failed: (ListKeys) " + e.Error()) 722 return 723 } 724 return aliasOutput, nil 725 } 726 727 func (k *PaymentCryptography) StopKeyUsage(keyArn string) (err error) { 728 // validate 729 if k.pycClient == nil { 730 err = errors.New("DisableKey with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 731 return err 732 } 733 734 if keyArn == "" { 735 err = errors.New("DisableKey with PaymentCryptography Failed: " + "keyArn is Required") 736 return err 737 } 738 739 // generate alias 740 var reqInput = &pycrypto.StopKeyUsageInput{ 741 KeyIdentifier: aws.String(keyArn), 742 } 743 //var respOutput *pycrypto.StopKeyUsageOutput 744 var e error 745 746 _, e = k.pycClient.StopKeyUsage(reqInput) 747 748 if e != nil { 749 err = errors.New("DisableKey with PaymentCryptography Failed: (DisableKey) " + e.Error()) 750 return 751 } 752 //if respOutput != nil { 753 // fmt.Println(respOutput.String()) 754 //} 755 return nil 756 } 757 758 func (k *PaymentCryptography) StartKeyUsage(keyArn string) (err error) { 759 // validate 760 if k.pycClient == nil { 761 err = errors.New("EnableKey with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 762 return err 763 } 764 765 if keyArn == "" { 766 err = errors.New("EnableKey with PaymentCryptography Failed: " + "keyArn is Required") 767 return err 768 } 769 770 // generate alias 771 var reqInput = &pycrypto.StartKeyUsageInput{ 772 KeyIdentifier: aws.String(keyArn), 773 } 774 //var respOutput *pycrypto.StartKeyUsageOutput 775 var e error 776 777 _, e = k.pycClient.StartKeyUsage(reqInput) 778 779 if e != nil { 780 err = errors.New("EnableKey with PaymentCryptography Failed: (StartKeyUsage) " + e.Error()) 781 return 782 } 783 //if respOutput != nil { 784 // fmt.Println(respOutput.String()) 785 //} 786 return nil 787 } 788 789 func (k *PaymentCryptography) DeleteKey(keyArn string) (err error) { 790 // validate 791 if k.pycClient == nil { 792 err = errors.New("DeleteKey with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 793 return err 794 } 795 796 if keyArn == "" { 797 err = errors.New("DeleteKey with PaymentCryptography Failed: " + "keyArn is Required") 798 return err 799 } 800 801 // generate alias 802 var reqInput = &pycrypto.DeleteKeyInput{ 803 KeyIdentifier: aws.String(keyArn), 804 } 805 //var respOutput *pycrypto.DeleteKeyOutput 806 var e error 807 808 _, e = k.pycClient.DeleteKey(reqInput) 809 810 if e != nil { 811 err = errors.New("DeleteKey with PaymentCryptography Failed: (DeleteKey) " + e.Error()) 812 return 813 } 814 815 return nil 816 } 817 818 func (k *PaymentCryptography) DeleteAlias(aliasName string) (err error) { 819 // validate 820 if k.pycClient == nil { 821 err = errors.New("DeleteAlias with PaymentCryptography Failed: " + "PaymentCryptography Client is Required") 822 return err 823 } 824 825 if aliasName == "" { 826 err = errors.New("DeleteAlias with PaymentCryptography Failed: " + "aliasName is Required") 827 return err 828 } 829 830 // generate alias 831 var reqInput = &pycrypto.DeleteAliasInput{ 832 AliasName: aws.String(aliasName), 833 } 834 835 var e error 836 837 _, e = k.pycClient.DeleteAlias(reqInput) 838 839 if e != nil { 840 err = errors.New("DeleteAlias with PaymentCryptography Failed: (DeleteAlias) " + e.Error()) 841 return 842 } 843 return nil 844 }