Add KmsClient::getPublicKey and KmsClient::verify (#1825)

* Add KMS getPublicKey and verify

* Fixed issued and adds tests

* Fixed cs

* Add changelog and fixed GetPublicKeyResponse

* Fixed psalm issues

* Fixed phpdoc

* suppress conflicting pipeline checks

* fixed psalm and changelog

* fixed branch-alias

Author: marcriemer

manifest.json

@@ -383,8 +383,10 @@
                 "Decrypt",
                 "Encrypt",
                 "GenerateDataKey",
+                "GetPublicKey",
                 "ListAliases",
-                "Sign"
+                "Sign",
+                "Verify"
             ]
         },
         "Lambda": {

psalm.baseline.xml

@@ -320,4 +320,16 @@
       <code><![CDATA[list<ChallengeNameType::*>]]></code>
     </MoreSpecificReturnType>
   </file>
+  <file src="src/Service/Kms/src/Result/GetPublicKeyResponse.php">
+    <LessSpecificReturnStatement>
+      <code><![CDATA[$items]]></code>
+      <code><![CDATA[$items]]></code>
+      <code><![CDATA[$items]]></code>
+    </LessSpecificReturnStatement>
+    <MoreSpecificReturnType>
+      <code><![CDATA[list<EncryptionAlgorithmSpec::*>]]></code>
+      <code><![CDATA[list<KeyAgreementAlgorithmSpec::*>]]></code>
+      <code><![CDATA[list<SigningAlgorithmSpec::*>]]></code>
+    </MoreSpecificReturnType>
+  </file>  
 </files>

src/Service/Kms/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## NOT RELEASED
 
+### Added
+
+- Added getPublicKey and verify operation
+
 ## 1.6.0
 
 ### Added

src/Service/Kms/composer.json

@@ -28,7 +28,7 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "1.6-dev"
+            "dev-master": "1.7-dev"
         }
     }
 }

src/Service/Kms/src/Exception/KMSInvalidSignatureException.php

@@ -0,0 +1,14 @@
+<?php
+
+namespace AsyncAws\Kms\Exception;
+
+use AsyncAws\Core\Exception\Http\ClientException;
+
+/**
+ * The request was rejected because the signature verification failed. Signature verification fails when it cannot
+ * confirm that signature was produced by signing the specified message with the specified KMS key and signing
+ * algorithm.
+ */
+final class KMSInvalidSignatureException extends ClientException
+{
+}

src/Service/Kms/src/Input/GetPublicKeyRequest.php

@@ -0,0 +1,148 @@
+<?php
+
+namespace AsyncAws\Kms\Input;
+
+use AsyncAws\Core\Exception\InvalidArgument;
+use AsyncAws\Core\Input;
+use AsyncAws\Core\Request;
+use AsyncAws\Core\Stream\StreamFactory;
+
+final class GetPublicKeyRequest extends Input
+{
+    /**
+     * Identifies the asymmetric KMS key that includes the public key.
+     *
+     * To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with
+     * `"alias/"`. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
+     *
+     * For example:
+     *
+     * - Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+     * - Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+     * - Alias name: `alias/ExampleAlias`
+     * - Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
+     *
+     * To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use
+     * ListAliases.
+     *
+     * @required
+     *
+     * @var string|null
+     */
+    private $keyId;
+
+    /**
+     * A list of grant tokens.
+     *
+     * Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved
+     * *eventual consistency*. For more information, see Grant token [^1] and Using a grant token [^2] in the *Key
+     * Management Service Developer Guide*.
+     *
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
+     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
+     *
+     * @var string[]|null
+     */
+    private $grantTokens;
+
+    /**
+     * @param array{
+     *   KeyId?: string,
+     *   GrantTokens?: null|string[],
+     *   '@region'?: string|null,
+     * } $input
+     */
+    public function __construct(array $input = [])
+    {
+        $this->keyId = $input['KeyId'] ?? null;
+        $this->grantTokens = $input['GrantTokens'] ?? null;
+        parent::__construct($input);
+    }
+
+    /**
+     * @param array{
+     *   KeyId?: string,
+     *   GrantTokens?: null|string[],
+     *   '@region'?: string|null,
+     * }|GetPublicKeyRequest $input
+     */
+    public static function create($input): self
+    {
+        return $input instanceof self ? $input : new self($input);
+    }
+
+    /**
+     * @return string[]
+     */
+    public function getGrantTokens(): array
+    {
+        return $this->grantTokens ?? [];
+    }
+
+    public function getKeyId(): ?string
+    {
+        return $this->keyId;
+    }
+
+    /**
+     * @internal
+     */
+    public function request(): Request
+    {
+        // Prepare headers
+        $headers = [
+            'Content-Type' => 'application/x-amz-json-1.1',
+            'X-Amz-Target' => 'TrentService.GetPublicKey',
+            'Accept' => 'application/json',
+        ];
+
+        // Prepare query
+        $query = [];
+
+        // Prepare URI
+        $uriString = '/';
+
+        // Prepare Body
+        $bodyPayload = $this->requestBody();
+        $body = empty($bodyPayload) ? '{}' : json_encode($bodyPayload, 4194304);
+
+        // Return the Request
+        return new Request('POST', $uriString, $query, $headers, StreamFactory::create($body));
+    }
+
+    /**
+     * @param string[] $value
+     */
+    public function setGrantTokens(array $value): self
+    {
+        $this->grantTokens = $value;
+
+        return $this;
+    }
+
+    public function setKeyId(?string $value): self
+    {
+        $this->keyId = $value;
+
+        return $this;
+    }
+
+    private function requestBody(): array
+    {
+        $payload = [];
+        if (null === $v = $this->keyId) {
+            throw new InvalidArgument(\sprintf('Missing parameter "KeyId" for "%s". The value cannot be null.', __CLASS__));
+        }
+        $payload['KeyId'] = $v;
+        if (null !== $v = $this->grantTokens) {
+            $index = -1;
+            $payload['GrantTokens'] = [];
+            foreach ($v as $listValue) {
+                ++$index;
+                $payload['GrantTokens'][$index] = $listValue;
+            }
+        }
+
+        return $payload;
+    }
+}