feat(aws-android-sdk-kms): update models to latest (#2901)

Author: awsmobilesdk

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/AWSKMS.java

@@ -64,8 +64,8 @@
  * <p>
  * The <code>Decrypt</code> operation also decrypts ciphertext that was
  * encrypted outside of KMS by the public key in an KMS asymmetric KMS key.
- * However, it cannot decrypt symmetric ciphertext produced by other libraries,
- * such as the <a
+ * However, it cannot decrypt ciphertext produced by other libraries, such as
+ * the <a
  * href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/"
  * >Amazon Web Services Encryption SDK</a> or <a href=
  * "https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html"

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/AWSKMSClient.java

@@ -23,24 +23,44 @@
  * <p>
  * Disables <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html"
- * >automatic rotation of the key material</a> for the specified symmetric
+ * >automatic rotation of the key material</a> of the specified symmetric
  * encryption KMS key.
  * </p>
  * <p>
- * You cannot enable automatic rotation of <a href=
+ * Automatic key rotation is supported only on symmetric encryption KMS keys.
+ * You cannot enable or disable automatic rotation of <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html"
  * >asymmetric KMS keys</a>, <a
  * href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC
  * KMS keys</a>, KMS keys with <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html"
  * >imported key material</a>, or KMS keys in a <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html"
- * >custom key store</a>. To enable or disable automatic rotation of a set of
+ * >custom key store</a>. The key rotation status of these KMS keys is always
+ * <code>false</code>. To enable or disable automatic rotation of a set of
  * related <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate"
  * >multi-Region keys</a>, set the property on the primary key.
  * </p>
  * <p>
+ * You can enable (<a>EnableKeyRotation</a>) and disable automatic rotation of
+ * the key material in <a href=
+ * "https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk"
+ * >customer managed KMS keys</a>. Key material rotation of <a href=
+ * "https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk"
+ * >Amazon Web Services managed KMS keys</a> is not configurable. KMS always
+ * rotates the key material for every year. Rotation of <a href=
+ * "https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk"
+ * >Amazon Web Services owned KMS keys</a> varies.
+ * </p>
+ * <note>
+ * <p>
+ * In May 2022, KMS changed the rotation schedule for Amazon Web Services
+ * managed keys from every three years to every year. For details, see
+ * <a>EnableKeyRotation</a>.
+ * </p>
+ * </note>
+ * <p>
  * The KMS key that you use for this operation must be in a compatible key
  * state. For details, see <a
  * href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html"

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/model/CreateKeyRequest.java

@@ -23,24 +23,60 @@
  * <p>
  * Enables <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html"
- * >automatic rotation of the key material</a> for the specified symmetric
+ * >automatic rotation of the key material</a> of the specified symmetric
  * encryption KMS key.
  * </p>
  * <p>
- * You cannot enable automatic rotation of <a href=
+ * When you enable automatic rotation of a<a href=
+ * "https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk"
+ * >customer managed KMS key</a>, KMS rotates the key material of the KMS key
+ * one year (approximately 365 days) from the enable date and every year
+ * thereafter. You can monitor rotation of the key material for your KMS keys in
+ * CloudTrail and Amazon CloudWatch. To disable rotation of the key material in
+ * a customer managed KMS key, use the <a>DisableKeyRotation</a> operation.
+ * </p>
+ * <p>
+ * Automatic key rotation is supported only on <a href=
+ * "https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks"
+ * >symmetric encryption KMS keys</a>. You cannot enable or disable automatic
+ * rotation of <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html"
  * >asymmetric KMS keys</a>, <a
  * href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC
  * KMS keys</a>, KMS keys with <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html"
  * >imported key material</a>, or KMS keys in a <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html"
- * >custom key store</a>. To enable or disable automatic rotation of a set of
+ * >custom key store</a>. The key rotation status of these KMS keys is always
+ * <code>false</code>. To enable or disable automatic rotation of a set of
  * related <a href=
  * "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate"
  * >multi-Region keys</a>, set the property on the primary key.
  * </p>
  * <p>
+ * You cannot enable or disable automatic rotation <a href=
+ * "https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk"
+ * >Amazon Web Services managed KMS keys</a>. KMS always rotates the key
+ * material of Amazon Web Services managed keys every year. Rotation of <a href=
+ * "https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk"
+ * >Amazon Web Services owned KMS keys</a> varies.
+ * </p>
+ * <note>
+ * <p>
+ * In May 2022, KMS changed the rotation schedule for Amazon Web Services
+ * managed keys from every three years (approximately 1,095 days) to every year
+ * (approximately 365 days).
+ * </p>
+ * <p>
+ * New Amazon Web Services managed keys are automatically rotated one year after
+ * they are created, and approximately every year thereafter.
+ * </p>
+ * <p>
+ * Existing Amazon Web Services managed keys are automatically rotated one year
+ * after their most recent rotation, and every year thereafter.
+ * </p>
+ * </note>
+ * <p>
  * The KMS key that you use for this operation must be in a compatible key
  * state. For details, see <a
  * href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html"
@@ -75,17 +111,18 @@
 public class EnableKeyRotationRequest extends AmazonWebServiceRequest implements Serializable {
     /**
      * <p>
-     * Identifies a symmetric encryption KMS key. You cannot enable automatic
-     * rotation of <a href=
+     * Identifies a symmetric encryption KMS key. You cannot enable or disable
+     * automatic rotation of <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html"
      * >asymmetric KMS keys</a>, <a
      * href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html"
      * >HMAC KMS keys</a>, KMS keys with <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html"
      * >imported key material</a>, or KMS keys in a <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html"
-     * >custom key store</a>. To enable or disable automatic rotation of a set
-     * of related <a href=
+     * >custom key store</a>. The key rotation status of these KMS keys is
+     * always <code>false</code>. To enable or disable automatic rotation of a
+     * set of related <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate"
      * >multi-Region keys</a>, set the property on the primary key.
      * </p>
@@ -120,17 +157,18 @@ public class EnableKeyRotationRequest extends AmazonWebServiceRequest implements
 
     /**
      * <p>
-     * Identifies a symmetric encryption KMS key. You cannot enable automatic
-     * rotation of <a href=
+     * Identifies a symmetric encryption KMS key. You cannot enable or disable
+     * automatic rotation of <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html"
      * >asymmetric KMS keys</a>, <a
      * href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html"
      * >HMAC KMS keys</a>, KMS keys with <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html"
      * >imported key material</a>, or KMS keys in a <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html"
-     * >custom key store</a>. To enable or disable automatic rotation of a set
-     * of related <a href=
+     * >custom key store</a>. The key rotation status of these KMS keys is
+     * always <code>false</code>. To enable or disable automatic rotation of a
+     * set of related <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate"
      * >multi-Region keys</a>, set the property on the primary key.
      * </p>
@@ -162,17 +200,18 @@ public class EnableKeyRotationRequest extends AmazonWebServiceRequest implements
      * <b>Length: </b>1 - 2048<br/>
      *
      * @return <p>
-     *         Identifies a symmetric encryption KMS key. You cannot enable
-     *         automatic rotation of <a href=
+     *         Identifies a symmetric encryption KMS key. You cannot enable or
+     *         disable automatic rotation of <a href=
      *         "https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html"
      *         >asymmetric KMS keys</a>, <a href=
      *         "https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html"
      *         >HMAC KMS keys</a>, KMS keys with <a href=
      *         "https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html"
      *         >imported key material</a>, or KMS keys in a <a href=
      *         "https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html"
-     *         >custom key store</a>. To enable or disable automatic rotation of
-     *         a set of related <a href=
+     *         >custom key store</a>. The key rotation status of these KMS keys
+     *         is always <code>false</code>. To enable or disable automatic
+     *         rotation of a set of related <a href=
      *         "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate"
      *         >multi-Region keys</a>, set the property on the primary key.
      *         </p>
@@ -206,17 +245,18 @@ public String getKeyId() {
 
     /**
      * <p>
-     * Identifies a symmetric encryption KMS key. You cannot enable automatic
-     * rotation of <a href=
+     * Identifies a symmetric encryption KMS key. You cannot enable or disable
+     * automatic rotation of <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html"
      * >asymmetric KMS keys</a>, <a
      * href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html"
      * >HMAC KMS keys</a>, KMS keys with <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html"
      * >imported key material</a>, or KMS keys in a <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html"
-     * >custom key store</a>. To enable or disable automatic rotation of a set
-     * of related <a href=
+     * >custom key store</a>. The key rotation status of these KMS keys is
+     * always <code>false</code>. To enable or disable automatic rotation of a
+     * set of related <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate"
      * >multi-Region keys</a>, set the property on the primary key.
      * </p>
@@ -249,16 +289,17 @@ public String getKeyId() {
      *
      * @param keyId <p>
      *            Identifies a symmetric encryption KMS key. You cannot enable
-     *            automatic rotation of <a href=
+     *            or disable automatic rotation of <a href=
      *            "https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html"
      *            >asymmetric KMS keys</a>, <a href=
      *            "https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html"
      *            >HMAC KMS keys</a>, KMS keys with <a href=
      *            "https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html"
      *            >imported key material</a>, or KMS keys in a <a href=
      *            "https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html"
-     *            >custom key store</a>. To enable or disable automatic rotation
-     *            of a set of related <a href=
+     *            >custom key store</a>. The key rotation status of these KMS
+     *            keys is always <code>false</code>. To enable or disable
+     *            automatic rotation of a set of related <a href=
      *            "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate"
      *            >multi-Region keys</a>, set the property on the primary key.
      *            </p>
@@ -292,17 +333,18 @@ public void setKeyId(String keyId) {
 
     /**
      * <p>
-     * Identifies a symmetric encryption KMS key. You cannot enable automatic
-     * rotation of <a href=
+     * Identifies a symmetric encryption KMS key. You cannot enable or disable
+     * automatic rotation of <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html"
      * >asymmetric KMS keys</a>, <a
      * href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html"
      * >HMAC KMS keys</a>, KMS keys with <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html"
      * >imported key material</a>, or KMS keys in a <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html"
-     * >custom key store</a>. To enable or disable automatic rotation of a set
-     * of related <a href=
+     * >custom key store</a>. The key rotation status of these KMS keys is
+     * always <code>false</code>. To enable or disable automatic rotation of a
+     * set of related <a href=
      * "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate"
      * >multi-Region keys</a>, set the property on the primary key.
      * </p>
@@ -338,16 +380,17 @@ public void setKeyId(String keyId) {
      *
      * @param keyId <p>
      *            Identifies a symmetric encryption KMS key. You cannot enable
-     *            automatic rotation of <a href=
+     *            or disable automatic rotation of <a href=
      *            "https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html"
      *            >asymmetric KMS keys</a>, <a href=
      *            "https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html"
      *            >HMAC KMS keys</a>, KMS keys with <a href=
      *            "https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html"
      *            >imported key material</a>, or KMS keys in a <a href=
      *            "https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html"
-     *            >custom key store</a>. To enable or disable automatic rotation
-     *            of a set of related <a href=
+     *            >custom key store</a>. The key rotation status of these KMS
+     *            keys is always <code>false</code>. To enable or disable
+     *            automatic rotation of a set of related <a href=
      *            "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate"
      *            >multi-Region keys</a>, set the property on the primary key.
      *            </p>

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/model/DecryptRequest.java

@@ -34,15 +34,17 @@
  * <p>
  * This operation is useful for systems that need to encrypt data at some point,
  * but not immediately. When you need to encrypt the data, you call the
- * <a>Decrypt</a> operation on the encrypted copy of the key. It's also useful
- * in distributed systems with different levels of trust. For example, you might
- * store encrypted data in containers. One component of your system creates new
- * containers and stores an encrypted data key with each container. Then, a
- * different component puts the data into the containers. That component first
- * decrypts the data key, uses the plaintext data key to encrypt data, puts the
- * encrypted data into the container, and then destroys the plaintext data key.
- * In this system, the component that creates the containers never sees the
- * plaintext data key.
+ * <a>Decrypt</a> operation on the encrypted copy of the key.
+ * </p>
+ * <p>
+ * It's also useful in distributed systems with different levels of trust. For
+ * example, you might store encrypted data in containers. One component of your
+ * system creates new containers and stores an encrypted data key with each
+ * container. Then, a different component puts the data into the containers.
+ * That component first decrypts the data key, uses the plaintext data key to
+ * encrypt data, puts the encrypted data into the container, and then destroys
+ * the plaintext data key. In this system, the component that creates the
+ * containers never sees the plaintext data key.
  * </p>
  * <p>
  * To request an asymmetric data key pair, use the <a>GenerateDataKeyPair</a> or

aws-android-sdk-kms/src/main/java/com/amazonaws/services/kms/model/DisableKeyRotationRequest.java

@@ -36,6 +36,16 @@
  * keys in KMS</a> in the <i> <i>Key Management Service Developer Guide</i>
  * </i>.
  * </p>
+ * <note>
+ * <p>
+ * Best practices recommend that you limit the time during which any signing
+ * mechanism, including an HMAC, is effective. This deters an attack where the
+ * actor uses a signed message to establish validity repeatedly or long after
+ * the message is superseded. HMAC tags do not include a timestamp, but you can
+ * include a timestamp in the token or message to help you detect when its time
+ * to refresh the HMAC.
+ * </p>
+ * </note>
  * <p>
  * The KMS key that you use for this operation must be in a compatible key
  * state. For details, see <a