{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.S3.Types.Encryption
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.S3.Types.Encryption where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import Amazonka.S3.Internal
import Amazonka.S3.Types.ServerSideEncryption

-- | Contains the type of server-side encryption used.
--
-- /See:/ 'newEncryption' smart constructor.
data Encryption = Encryption'
  { -- | If the encryption type is @aws:kms@, this optional value can be used to
    -- specify the encryption context for the restore results.
    Encryption -> Maybe Text
kmsContext :: Prelude.Maybe Prelude.Text,
    -- | If the encryption type is @aws:kms@, this optional value specifies the
    -- ID of the symmetric customer managed key to use for encryption of job
    -- results. Amazon S3 only supports symmetric keys. For more information,
    -- see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
    -- in the /Amazon Web Services Key Management Service Developer Guide/.
    Encryption -> Maybe (Sensitive Text)
kmsKeyId :: Prelude.Maybe (Data.Sensitive Prelude.Text),
    -- | The server-side encryption algorithm used when storing job results in
    -- Amazon S3 (for example, AES256, aws:kms).
    Encryption -> ServerSideEncryption
encryptionType :: ServerSideEncryption
  }
  deriving (Encryption -> Encryption -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: Encryption -> Encryption -> Bool
$c/= :: Encryption -> Encryption -> Bool
== :: Encryption -> Encryption -> Bool
$c== :: Encryption -> Encryption -> Bool
Prelude.Eq, Int -> Encryption -> ShowS
[Encryption] -> ShowS
Encryption -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [Encryption] -> ShowS
$cshowList :: [Encryption] -> ShowS
show :: Encryption -> String
$cshow :: Encryption -> String
showsPrec :: Int -> Encryption -> ShowS
$cshowsPrec :: Int -> Encryption -> ShowS
Prelude.Show, forall x. Rep Encryption x -> Encryption
forall x. Encryption -> Rep Encryption x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep Encryption x -> Encryption
$cfrom :: forall x. Encryption -> Rep Encryption x
Prelude.Generic)

-- |
-- Create a value of 'Encryption' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'kmsContext', 'encryption_kmsContext' - If the encryption type is @aws:kms@, this optional value can be used to
-- specify the encryption context for the restore results.
--
-- 'kmsKeyId', 'encryption_kmsKeyId' - If the encryption type is @aws:kms@, this optional value specifies the
-- ID of the symmetric customer managed key to use for encryption of job
-- results. Amazon S3 only supports symmetric keys. For more information,
-- see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
-- in the /Amazon Web Services Key Management Service Developer Guide/.
--
-- 'encryptionType', 'encryption_encryptionType' - The server-side encryption algorithm used when storing job results in
-- Amazon S3 (for example, AES256, aws:kms).
newEncryption ::
  -- | 'encryptionType'
  ServerSideEncryption ->
  Encryption
newEncryption :: ServerSideEncryption -> Encryption
newEncryption ServerSideEncryption
pEncryptionType_ =
  Encryption'
    { $sel:kmsContext:Encryption' :: Maybe Text
kmsContext = forall a. Maybe a
Prelude.Nothing,
      $sel:kmsKeyId:Encryption' :: Maybe (Sensitive Text)
kmsKeyId = forall a. Maybe a
Prelude.Nothing,
      $sel:encryptionType:Encryption' :: ServerSideEncryption
encryptionType = ServerSideEncryption
pEncryptionType_
    }

-- | If the encryption type is @aws:kms@, this optional value can be used to
-- specify the encryption context for the restore results.
encryption_kmsContext :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_kmsContext :: Lens' Encryption (Maybe Text)
encryption_kmsContext = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Encryption' {Maybe Text
kmsContext :: Maybe Text
$sel:kmsContext:Encryption' :: Encryption -> Maybe Text
kmsContext} -> Maybe Text
kmsContext) (\s :: Encryption
s@Encryption' {} Maybe Text
a -> Encryption
s {$sel:kmsContext:Encryption' :: Maybe Text
kmsContext = Maybe Text
a} :: Encryption)

-- | If the encryption type is @aws:kms@, this optional value specifies the
-- ID of the symmetric customer managed key to use for encryption of job
-- results. Amazon S3 only supports symmetric keys. For more information,
-- see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
-- in the /Amazon Web Services Key Management Service Developer Guide/.
encryption_kmsKeyId :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_kmsKeyId :: Lens' Encryption (Maybe Text)
encryption_kmsKeyId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Encryption' {Maybe (Sensitive Text)
kmsKeyId :: Maybe (Sensitive Text)
$sel:kmsKeyId:Encryption' :: Encryption -> Maybe (Sensitive Text)
kmsKeyId} -> Maybe (Sensitive Text)
kmsKeyId) (\s :: Encryption
s@Encryption' {} Maybe (Sensitive Text)
a -> Encryption
s {$sel:kmsKeyId:Encryption' :: Maybe (Sensitive Text)
kmsKeyId = Maybe (Sensitive Text)
a} :: Encryption) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall a. Iso' (Sensitive a) a
Data._Sensitive

-- | The server-side encryption algorithm used when storing job results in
-- Amazon S3 (for example, AES256, aws:kms).
encryption_encryptionType :: Lens.Lens' Encryption ServerSideEncryption
encryption_encryptionType :: Lens' Encryption ServerSideEncryption
encryption_encryptionType = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Encryption' {ServerSideEncryption
encryptionType :: ServerSideEncryption
$sel:encryptionType:Encryption' :: Encryption -> ServerSideEncryption
encryptionType} -> ServerSideEncryption
encryptionType) (\s :: Encryption
s@Encryption' {} ServerSideEncryption
a -> Encryption
s {$sel:encryptionType:Encryption' :: ServerSideEncryption
encryptionType = ServerSideEncryption
a} :: Encryption)

instance Prelude.Hashable Encryption where
  hashWithSalt :: Int -> Encryption -> Int
hashWithSalt Int
_salt Encryption' {Maybe Text
Maybe (Sensitive Text)
ServerSideEncryption
encryptionType :: ServerSideEncryption
kmsKeyId :: Maybe (Sensitive Text)
kmsContext :: Maybe Text
$sel:encryptionType:Encryption' :: Encryption -> ServerSideEncryption
$sel:kmsKeyId:Encryption' :: Encryption -> Maybe (Sensitive Text)
$sel:kmsContext:Encryption' :: Encryption -> Maybe Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
kmsContext
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe (Sensitive Text)
kmsKeyId
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` ServerSideEncryption
encryptionType

instance Prelude.NFData Encryption where
  rnf :: Encryption -> ()
rnf Encryption' {Maybe Text
Maybe (Sensitive Text)
ServerSideEncryption
encryptionType :: ServerSideEncryption
kmsKeyId :: Maybe (Sensitive Text)
kmsContext :: Maybe Text
$sel:encryptionType:Encryption' :: Encryption -> ServerSideEncryption
$sel:kmsKeyId:Encryption' :: Encryption -> Maybe (Sensitive Text)
$sel:kmsContext:Encryption' :: Encryption -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
kmsContext
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe (Sensitive Text)
kmsKeyId
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf ServerSideEncryption
encryptionType

instance Data.ToXML Encryption where
  toXML :: Encryption -> XML
toXML Encryption' {Maybe Text
Maybe (Sensitive Text)
ServerSideEncryption
encryptionType :: ServerSideEncryption
kmsKeyId :: Maybe (Sensitive Text)
kmsContext :: Maybe Text
$sel:encryptionType:Encryption' :: Encryption -> ServerSideEncryption
$sel:kmsKeyId:Encryption' :: Encryption -> Maybe (Sensitive Text)
$sel:kmsContext:Encryption' :: Encryption -> Maybe Text
..} =
    forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ Name
"KMSContext" forall a. ToXML a => Name -> a -> XML
Data.@= Maybe Text
kmsContext,
        Name
"KMSKeyId" forall a. ToXML a => Name -> a -> XML
Data.@= Maybe (Sensitive Text)
kmsKeyId,
        Name
"EncryptionType" forall a. ToXML a => Name -> a -> XML
Data.@= ServerSideEncryption
encryptionType
      ]