feat(client-payment-cryptography): Added further restrictions on logg…

…ing of potentially sensitive inputs and outputs.
aws · Jul 1, 2024 · 66a9332 · 66a9332
1 parent 62d34b8
commit 66a9332
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 14 deletions.
diff --git a/clients/client-payment-cryptography/src/models/models_0.ts b/clients/client-payment-cryptography/src/models/models_0.ts
@@ -1893,6 +1893,14 @@ export const RootCertificatePublicKeyFilterSensitiveLog = (obj: RootCertificateP
   ...(obj.PublicKeyCertificate && { PublicKeyCertificate: SENSITIVE_STRING }),
 });
 
+/**
+ * @internal
+ */
+export const ImportTr31KeyBlockFilterSensitiveLog = (obj: ImportTr31KeyBlock): any => ({
+  ...obj,
+  ...(obj.WrappedKeyBlock && { WrappedKeyBlock: SENSITIVE_STRING }),
+});
+
 /**
  * @internal
  */
@@ -1919,7 +1927,7 @@ export const ImportKeyMaterialFilterSensitiveLog = (obj: ImportKeyMaterial): any
     return {
       TrustedCertificatePublicKey: TrustedCertificatePublicKeyFilterSensitiveLog(obj.TrustedCertificatePublicKey),
     };
-  if (obj.Tr31KeyBlock !== undefined) return { Tr31KeyBlock: obj.Tr31KeyBlock };
+  if (obj.Tr31KeyBlock !== undefined) return { Tr31KeyBlock: ImportTr31KeyBlockFilterSensitiveLog(obj.Tr31KeyBlock) };
   if (obj.Tr34KeyBlock !== undefined) return { Tr34KeyBlock: ImportTr34KeyBlockFilterSensitiveLog(obj.Tr34KeyBlock) };
   if (obj.KeyCryptogram !== undefined) return { KeyCryptogram: obj.KeyCryptogram };
   if (obj.$unknown !== undefined) return { [obj.$unknown[0]]: "UNKNOWN" };

diff --git a/codegen/sdk-codegen/aws-models/payment-cryptography.json b/codegen/sdk-codegen/aws-models/payment-cryptography.json
@@ -432,6 +432,16 @@
         "smithy.api#output": {}
       }
     },
+    "com.amazonaws.paymentcryptography#EvenHexLengthBetween16And32": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 16,
+          "max": 32
+        },
+        "smithy.api#pattern": "^(?:[0-9a-fA-F][0-9a-fA-F])+$"
+      }
+    },
     "com.amazonaws.paymentcryptography#ExportAttributes": {
       "type": "structure",
       "members": {
@@ -658,7 +668,7 @@
           }
         },
         "RandomNonce": {
-          "target": "com.amazonaws.paymentcryptography#HexLength16",
+          "target": "com.amazonaws.paymentcryptography#EvenHexLengthBetween16And32",
           "traits": {
             "smithy.api#documentation": "<p>A random number value that is unique to the TR-34 key block generated using 2 pass. The operation will fail, if a random nonce value is not provided for a TR-34 key block generated using 2 pass.</p>"
           }
@@ -1085,16 +1095,6 @@
         "smithy.api#output": {}
       }
     },
-    "com.amazonaws.paymentcryptography#HexLength16": {
-      "type": "string",
-      "traits": {
-        "smithy.api#length": {
-          "min": 16,
-          "max": 16
-        },
-        "smithy.api#pattern": "^[0-9A-F]+$"
-      }
-    },
     "com.amazonaws.paymentcryptography#HexLength20Or24": {
       "type": "string",
       "traits": {
@@ -1338,7 +1338,7 @@
           }
         },
         "RandomNonce": {
-          "target": "com.amazonaws.paymentcryptography#HexLength16",
+          "target": "com.amazonaws.paymentcryptography#EvenHexLengthBetween16And32",
           "traits": {
             "smithy.api#documentation": "<p>A random number value that is unique to the TR-34 key block generated using 2 pass. The operation will fail, if a random nonce value is not provided for a TR-34 key block generated using 2 pass.</p>"
           }
@@ -3492,7 +3492,8 @@
           "min": 56,
           "max": 9984
         },
-        "smithy.api#pattern": "^[0-9A-Z]+$"
+        "smithy.api#pattern": "^[0-9A-Z]+$",
+        "smithy.api#sensitive": {}
       }
     },
     "com.amazonaws.paymentcryptography#Tr34KeyBlockFormat": {