packages feed

amazonka-elastictranscoder-2.0: gen/Amazonka/ElasticTranscoder/Types/Encryption.hs

{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.ElasticTranscoder.Types.Encryption
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.ElasticTranscoder.Types.Encryption where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude

-- | The encryption settings, if any, that are used for decrypting your input
-- files or encrypting your output files. If your input file is encrypted,
-- you must specify the mode that Elastic Transcoder uses to decrypt your
-- file, otherwise you must specify the mode you want Elastic Transcoder to
-- use to encrypt your output files.
--
-- /See:/ 'newEncryption' smart constructor.
data Encryption = Encryption'
  { -- | The series of random bits created by a random bit generator, unique for
    -- every encryption operation, that you used to encrypt your input files or
    -- that you want Elastic Transcoder to use to encrypt your output files.
    -- The initialization vector must be base64-encoded, and it must be exactly
    -- 16 bytes long before being base64-encoded.
    initializationVector :: Prelude.Maybe Prelude.Text,
    -- | The data encryption key that you want Elastic Transcoder to use to
    -- encrypt your output file, or that was used to encrypt your input file.
    -- The key must be base64-encoded and it must be one of the following bit
    -- lengths before being base64-encoded:
    --
    -- @128@, @192@, or @256@.
    --
    -- The key must also be encrypted by using the Amazon Key Management
    -- Service.
    key :: Prelude.Maybe Prelude.Text,
    -- | The MD5 digest of the key that you used to encrypt your input file, or
    -- that you want Elastic Transcoder to use to encrypt your output file.
    -- Elastic Transcoder uses the key digest as a checksum to make sure your
    -- key was not corrupted in transit. The key MD5 must be base64-encoded,
    -- and it must be exactly 16 bytes long before being base64-encoded.
    keyMd5 :: Prelude.Maybe Prelude.Text,
    -- | The specific server-side encryption mode that you want Elastic
    -- Transcoder to use when decrypting your input files or encrypting your
    -- output files. Elastic Transcoder supports the following options:
    --
    -- -   __s3:__ Amazon S3 creates and manages the keys used for encrypting
    --     your files.
    --
    -- -   __s3-aws-kms:__ Amazon S3 calls the Amazon Key Management Service,
    --     which creates and manages the keys that are used for encrypting your
    --     files. If you specify @s3-aws-kms@ and you don\'t want to use the
    --     default key, you must add the AWS-KMS key that you want to use to
    --     your pipeline.
    --
    -- -   __aes-cbc-pkcs7:__ A padded cipher-block mode of operation
    --     originally used for HLS files.
    --
    -- -   __aes-ctr:__ AES Counter Mode.
    --
    -- -   __aes-gcm:__ AES Galois Counter Mode, a mode of operation that is an
    --     authenticated encryption format, meaning that a file, key, or
    --     initialization vector that has been tampered with fails the
    --     decryption process.
    --
    -- For all three AES options, you must provide the following settings,
    -- which must be base64-encoded:
    --
    -- -   __Key__
    --
    -- -   __Key MD5__
    --
    -- -   __Initialization Vector__
    --
    -- For the AES modes, your private encryption keys and your unencrypted
    -- data are never stored by AWS; therefore, it is important that you safely
    -- manage your encryption keys. If you lose them, you won\'t be able to
    -- unencrypt your data.
    mode :: Prelude.Maybe Prelude.Text
  }
  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)

-- |
-- Create a value of 'Encryption' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'initializationVector', 'encryption_initializationVector' - The series of random bits created by a random bit generator, unique for
-- every encryption operation, that you used to encrypt your input files or
-- that you want Elastic Transcoder to use to encrypt your output files.
-- The initialization vector must be base64-encoded, and it must be exactly
-- 16 bytes long before being base64-encoded.
--
-- 'key', 'encryption_key' - The data encryption key that you want Elastic Transcoder to use to
-- encrypt your output file, or that was used to encrypt your input file.
-- The key must be base64-encoded and it must be one of the following bit
-- lengths before being base64-encoded:
--
-- @128@, @192@, or @256@.
--
-- The key must also be encrypted by using the Amazon Key Management
-- Service.
--
-- 'keyMd5', 'encryption_keyMd5' - The MD5 digest of the key that you used to encrypt your input file, or
-- that you want Elastic Transcoder to use to encrypt your output file.
-- Elastic Transcoder uses the key digest as a checksum to make sure your
-- key was not corrupted in transit. The key MD5 must be base64-encoded,
-- and it must be exactly 16 bytes long before being base64-encoded.
--
-- 'mode', 'encryption_mode' - The specific server-side encryption mode that you want Elastic
-- Transcoder to use when decrypting your input files or encrypting your
-- output files. Elastic Transcoder supports the following options:
--
-- -   __s3:__ Amazon S3 creates and manages the keys used for encrypting
--     your files.
--
-- -   __s3-aws-kms:__ Amazon S3 calls the Amazon Key Management Service,
--     which creates and manages the keys that are used for encrypting your
--     files. If you specify @s3-aws-kms@ and you don\'t want to use the
--     default key, you must add the AWS-KMS key that you want to use to
--     your pipeline.
--
-- -   __aes-cbc-pkcs7:__ A padded cipher-block mode of operation
--     originally used for HLS files.
--
-- -   __aes-ctr:__ AES Counter Mode.
--
-- -   __aes-gcm:__ AES Galois Counter Mode, a mode of operation that is an
--     authenticated encryption format, meaning that a file, key, or
--     initialization vector that has been tampered with fails the
--     decryption process.
--
-- For all three AES options, you must provide the following settings,
-- which must be base64-encoded:
--
-- -   __Key__
--
-- -   __Key MD5__
--
-- -   __Initialization Vector__
--
-- For the AES modes, your private encryption keys and your unencrypted
-- data are never stored by AWS; therefore, it is important that you safely
-- manage your encryption keys. If you lose them, you won\'t be able to
-- unencrypt your data.
newEncryption ::
  Encryption
newEncryption =
  Encryption'
    { initializationVector = Prelude.Nothing,
      key = Prelude.Nothing,
      keyMd5 = Prelude.Nothing,
      mode = Prelude.Nothing
    }

-- | The series of random bits created by a random bit generator, unique for
-- every encryption operation, that you used to encrypt your input files or
-- that you want Elastic Transcoder to use to encrypt your output files.
-- The initialization vector must be base64-encoded, and it must be exactly
-- 16 bytes long before being base64-encoded.
encryption_initializationVector :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_initializationVector = Lens.lens (\Encryption' {initializationVector} -> initializationVector) (\s@Encryption' {} a -> s {initializationVector = a} :: Encryption)

-- | The data encryption key that you want Elastic Transcoder to use to
-- encrypt your output file, or that was used to encrypt your input file.
-- The key must be base64-encoded and it must be one of the following bit
-- lengths before being base64-encoded:
--
-- @128@, @192@, or @256@.
--
-- The key must also be encrypted by using the Amazon Key Management
-- Service.
encryption_key :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_key = Lens.lens (\Encryption' {key} -> key) (\s@Encryption' {} a -> s {key = a} :: Encryption)

-- | The MD5 digest of the key that you used to encrypt your input file, or
-- that you want Elastic Transcoder to use to encrypt your output file.
-- Elastic Transcoder uses the key digest as a checksum to make sure your
-- key was not corrupted in transit. The key MD5 must be base64-encoded,
-- and it must be exactly 16 bytes long before being base64-encoded.
encryption_keyMd5 :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_keyMd5 = Lens.lens (\Encryption' {keyMd5} -> keyMd5) (\s@Encryption' {} a -> s {keyMd5 = a} :: Encryption)

-- | The specific server-side encryption mode that you want Elastic
-- Transcoder to use when decrypting your input files or encrypting your
-- output files. Elastic Transcoder supports the following options:
--
-- -   __s3:__ Amazon S3 creates and manages the keys used for encrypting
--     your files.
--
-- -   __s3-aws-kms:__ Amazon S3 calls the Amazon Key Management Service,
--     which creates and manages the keys that are used for encrypting your
--     files. If you specify @s3-aws-kms@ and you don\'t want to use the
--     default key, you must add the AWS-KMS key that you want to use to
--     your pipeline.
--
-- -   __aes-cbc-pkcs7:__ A padded cipher-block mode of operation
--     originally used for HLS files.
--
-- -   __aes-ctr:__ AES Counter Mode.
--
-- -   __aes-gcm:__ AES Galois Counter Mode, a mode of operation that is an
--     authenticated encryption format, meaning that a file, key, or
--     initialization vector that has been tampered with fails the
--     decryption process.
--
-- For all three AES options, you must provide the following settings,
-- which must be base64-encoded:
--
-- -   __Key__
--
-- -   __Key MD5__
--
-- -   __Initialization Vector__
--
-- For the AES modes, your private encryption keys and your unencrypted
-- data are never stored by AWS; therefore, it is important that you safely
-- manage your encryption keys. If you lose them, you won\'t be able to
-- unencrypt your data.
encryption_mode :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_mode = Lens.lens (\Encryption' {mode} -> mode) (\s@Encryption' {} a -> s {mode = a} :: Encryption)

instance Data.FromJSON Encryption where
  parseJSON =
    Data.withObject
      "Encryption"
      ( \x ->
          Encryption'
            Prelude.<$> (x Data..:? "InitializationVector")
            Prelude.<*> (x Data..:? "Key")
            Prelude.<*> (x Data..:? "KeyMd5")
            Prelude.<*> (x Data..:? "Mode")
      )

instance Prelude.Hashable Encryption where
  hashWithSalt _salt Encryption' {..} =
    _salt
      `Prelude.hashWithSalt` initializationVector
      `Prelude.hashWithSalt` key
      `Prelude.hashWithSalt` keyMd5
      `Prelude.hashWithSalt` mode

instance Prelude.NFData Encryption where
  rnf Encryption' {..} =
    Prelude.rnf initializationVector
      `Prelude.seq` Prelude.rnf key
      `Prelude.seq` Prelude.rnf keyMd5
      `Prelude.seq` Prelude.rnf mode

instance Data.ToJSON Encryption where
  toJSON Encryption' {..} =
    Data.object
      ( Prelude.catMaybes
          [ ("InitializationVector" Data..=)
              Prelude.<$> initializationVector,
            ("Key" Data..=) Prelude.<$> key,
            ("KeyMd5" Data..=) Prelude.<$> keyMd5,
            ("Mode" Data..=) Prelude.<$> mode
          ]
      )