feat: add client integrity verification fields to the KMS protos

README.md

@@ -48,11 +48,11 @@ If you are using Maven without BOM, add this to your dependencies:
 
 If you are using Gradle, add this to your dependencies
 ```Groovy
-compile 'com.google.cloud:google-cloud-kms:1.39.1'
+compile 'com.google.cloud:google-cloud-kms:1.39.0'
 ```
 If you are using SBT, add this to your dependencies
 ```Scala
-libraryDependencies += "com.google.cloud" % "google-cloud-kms" % "1.39.1"
+libraryDependencies += "com.google.cloud" % "google-cloud-kms" % "1.39.0"
 ```
 [//]: # ({x-version-update-end})
 

google-cloud-kms/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceClient.java

@@ -529,7 +529,7 @@ public final UnaryCallable<CreateCryptoKeyRequest, CryptoKey> createCryptoKeyCal
   /**
    * Sets the access control policy on the specified resource. Replaces any existing policy.
    *
-   * <p>Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED
+   * <p>Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
    *
    * <p>Sample code:
    *
@@ -617,7 +617,7 @@ public final Policy setIamPolicy(String resource, Policy policy) {
   /**
    * Sets the access control policy on the specified resource. Replaces any existing policy.
    *
-   * <p>Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED
+   * <p>Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
    *
    * <p>Sample code:
    *
@@ -738,7 +738,7 @@ public final UnaryCallable<GetIamPolicyRequest, Policy> getIamPolicyCallable() {
   // AUTO-GENERATED DOCUMENTATION AND METHOD
   /**
    * Returns permissions that a caller has on the specified resource. If the resource does not
-   * exist, this will return an empty set of permissions, not a NOT_FOUND error.
+   * exist, this will return an empty set of permissions, not a `NOT_FOUND` error.
    *
    * <p>Note: This operation is designed to be used for building permission-aware UIs and
    * command-line tools, not for authorization checking. This operation may "fail open" without
@@ -840,7 +840,7 @@ public final TestIamPermissionsResponse testIamPermissions(
   // AUTO-GENERATED DOCUMENTATION AND METHOD
   /**
    * Returns permissions that a caller has on the specified resource. If the resource does not
-   * exist, this will return an empty set of permissions, not a NOT_FOUND error.
+   * exist, this will return an empty set of permissions, not a `NOT_FOUND` error.
    *
    * <p>Note: This operation is designed to be used for building permission-aware UIs and
    * command-line tools, not for authorization checking. This operation may "fail open" without

google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientTest.java

@@ -706,7 +706,11 @@ public void getCryptoKeyVersionExceptionTest() throws Exception {
   @SuppressWarnings("all")
   public void getPublicKeyTest() {
     String pem = "pem110872";
-    PublicKey expectedResponse = PublicKey.newBuilder().setPem(pem).build();
+    PublicKeyName name2 =
+        PublicKeyName.of(
+            "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]");
+    PublicKey expectedResponse =
+        PublicKey.newBuilder().setPem(pem).setName(name2.toString()).build();
     mockKeyManagementService.addResponse(expectedResponse);
 
     CryptoKeyVersionName name =
@@ -1054,8 +1058,15 @@ public void updateCryptoKeyVersionExceptionTest() throws Exception {
   public void encryptTest() {
     String name2 = "name2-1052831874";
     ByteString ciphertext = ByteString.copyFromUtf8("-72");
+    boolean verifiedPlaintextCrc32c = false;
+    boolean verifiedAdditionalAuthenticatedDataCrc32c = true;
     EncryptResponse expectedResponse =
-        EncryptResponse.newBuilder().setName(name2).setCiphertext(ciphertext).build();
+        EncryptResponse.newBuilder()
+            .setName(name2)
+            .setCiphertext(ciphertext)
+            .setVerifiedPlaintextCrc32C(verifiedPlaintextCrc32c)
+            .setVerifiedAdditionalAuthenticatedDataCrc32C(verifiedAdditionalAuthenticatedDataCrc32c)
+            .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
     ResourceName name = CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]");
@@ -1140,8 +1151,14 @@ public void decryptExceptionTest() throws Exception {
   @SuppressWarnings("all")
   public void asymmetricSignTest() {
     ByteString signature = ByteString.copyFromUtf8("106");
+    boolean verifiedDigestCrc32c = true;
+    String name2 = "name2-1052831874";
     AsymmetricSignResponse expectedResponse =
-        AsymmetricSignResponse.newBuilder().setSignature(signature).build();
+        AsymmetricSignResponse.newBuilder()
+            .setSignature(signature)
+            .setVerifiedDigestCrc32C(verifiedDigestCrc32c)
+            .setName(name2)
+            .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
     CryptoKeyVersionName name =
@@ -1187,8 +1204,12 @@ public void asymmetricSignExceptionTest() throws Exception {
   @SuppressWarnings("all")
   public void asymmetricDecryptTest() {
     ByteString plaintext = ByteString.copyFromUtf8("-9");
+    boolean verifiedCiphertextCrc32c = true;
     AsymmetricDecryptResponse expectedResponse =
-        AsymmetricDecryptResponse.newBuilder().setPlaintext(plaintext).build();
+        AsymmetricDecryptResponse.newBuilder()
+            .setPlaintext(plaintext)
+            .setVerifiedCiphertextCrc32C(verifiedCiphertextCrc32c)
+            .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
     CryptoKeyVersionName name =