feat: add RPC retry information for MacSign, MacVerify, and GenerateRandomBytes

README.md

@@ -50,7 +50,7 @@ If you are using Maven without BOM, add this to your dependencies:
 If you are using Gradle 5.x or later, add this to your dependencies
 
 ```Groovy
-implementation platform('com.google.cloud:libraries-bom:23.0.0')
+implementation platform('com.google.cloud:libraries-bom:23.1.0')
 
 implementation 'com.google.cloud:google-cloud-kms'
 ```

google-cloud-kms/src/main/java/com/google/cloud/kms/v1/stub/KeyManagementServiceStubSettings.java

@@ -761,7 +761,6 @@ public static class Builder
                   StatusCode.Code.UNAVAILABLE, StatusCode.Code.DEADLINE_EXCEEDED)));
       definitions.put(
           "no_retry_0_codes", ImmutableSet.copyOf(Lists.<StatusCode.Code>newArrayList()));
-      definitions.put("no_retry_codes", ImmutableSet.copyOf(Lists.<StatusCode.Code>newArrayList()));
       RETRYABLE_CODE_DEFINITIONS = definitions.build();
     }
 
@@ -789,8 +788,6 @@ public static class Builder
               .setTotalTimeout(Duration.ofMillis(60000L))
               .build();
       definitions.put("no_retry_0_params", settings);
-      settings = RetrySettings.newBuilder().setRpcTimeoutMultiplier(1.0).build();
-      definitions.put("no_retry_params", settings);
       RETRY_PARAM_DEFINITIONS = definitions.build();
     }
 
@@ -1064,18 +1061,18 @@ private static Builder initDefaults(Builder builder) {
 
       builder
           .macSignSettings()
-          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("no_retry_codes"))
-          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("no_retry_params"));
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_1_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_1_params"));
 
       builder
           .macVerifySettings()
-          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("no_retry_codes"))
-          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("no_retry_params"));
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_1_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_1_params"));
 
       builder
           .generateRandomBytesSettings()
-          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("no_retry_codes"))
-          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("no_retry_params"));
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_1_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_1_params"));
 
       builder
           .setIamPolicySettings()

proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CryptoKeyVersion.java

@@ -449,6 +449,36 @@ public enum CryptoKeyVersionAlgorithm implements com.google.protobuf.ProtocolMes
      * <code>RSA_DECRYPT_OAEP_4096_SHA512 = 17;</code>
      */
     RSA_DECRYPT_OAEP_4096_SHA512(17),
+    /**
+     *
+     *
+     * <pre>
+     * RSAES-OAEP 2048 bit key with a SHA1 digest.
+     * </pre>
+     *
+     * <code>RSA_DECRYPT_OAEP_2048_SHA1 = 37;</code>
+     */
+    RSA_DECRYPT_OAEP_2048_SHA1(37),
+    /**
+     *
+     *
+     * <pre>
+     * RSAES-OAEP 3072 bit key with a SHA1 digest.
+     * </pre>
+     *
+     * <code>RSA_DECRYPT_OAEP_3072_SHA1 = 38;</code>
+     */
+    RSA_DECRYPT_OAEP_3072_SHA1(38),
+    /**
+     *
+     *
+     * <pre>
+     * RSAES-OAEP 4096 bit key with a SHA1 digest.
+     * </pre>
+     *
+     * <code>RSA_DECRYPT_OAEP_4096_SHA1 = 39;</code>
+     */
+    RSA_DECRYPT_OAEP_4096_SHA1(39),
     /**
      *
      *
@@ -643,6 +673,36 @@ public enum CryptoKeyVersionAlgorithm implements com.google.protobuf.ProtocolMes
      * <code>RSA_DECRYPT_OAEP_4096_SHA512 = 17;</code>
      */
     public static final int RSA_DECRYPT_OAEP_4096_SHA512_VALUE = 17;
+    /**
+     *
+     *
+     * <pre>
+     * RSAES-OAEP 2048 bit key with a SHA1 digest.
+     * </pre>
+     *
+     * <code>RSA_DECRYPT_OAEP_2048_SHA1 = 37;</code>
+     */
+    public static final int RSA_DECRYPT_OAEP_2048_SHA1_VALUE = 37;
+    /**
+     *
+     *
+     * <pre>
+     * RSAES-OAEP 3072 bit key with a SHA1 digest.
+     * </pre>
+     *
+     * <code>RSA_DECRYPT_OAEP_3072_SHA1 = 38;</code>
+     */
+    public static final int RSA_DECRYPT_OAEP_3072_SHA1_VALUE = 38;
+    /**
+     *
+     *
+     * <pre>
+     * RSAES-OAEP 4096 bit key with a SHA1 digest.
+     * </pre>
+     *
+     * <code>RSA_DECRYPT_OAEP_4096_SHA1 = 39;</code>
+     */
+    public static final int RSA_DECRYPT_OAEP_4096_SHA1_VALUE = 39;
     /**
      *
      *
@@ -747,6 +807,12 @@ public static CryptoKeyVersionAlgorithm forNumber(int value) {
           return RSA_DECRYPT_OAEP_4096_SHA256;
         case 17:
           return RSA_DECRYPT_OAEP_4096_SHA512;
+        case 37:
+          return RSA_DECRYPT_OAEP_2048_SHA1;
+        case 38:
+          return RSA_DECRYPT_OAEP_3072_SHA1;
+        case 39:
+          return RSA_DECRYPT_OAEP_4096_SHA1;
         case 12:
           return EC_SIGN_P256_SHA256;
         case 13:

proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsResourcesProto.java

@@ -119,7 +119,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "B\003\340A\003\022\024\n\007content\030\005 \001(\014B\003\340A\003\"k\n\021Attestati"
           + "onFormat\022\"\n\036ATTESTATION_FORMAT_UNSPECIFI"
           + "ED\020\000\022\030\n\024CAVIUM_V1_COMPRESSED\020\003\022\030\n\024CAVIUM"
-          + "_V2_COMPRESSED\020\004\"\331\016\n\020CryptoKeyVersion\022\021\n"
+          + "_V2_COMPRESSED\020\004\"\271\017\n\020CryptoKeyVersion\022\021\n"
           + "\004name\030\001 \001(\tB\003\340A\003\022J\n\005state\030\003 \001(\0162;.google"
           + ".cloud.kms.v1.CryptoKeyVersion.CryptoKey"
           + "VersionState\022C\n\020protection_level\030\007 \001(\0162$"
@@ -139,7 +139,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "ilure_reason\030\020 \001(\tB\003\340A\003\022^\n!external_prot"
           + "ection_level_options\030\021 \001(\01323.google.clou"
           + "d.kms.v1.ExternalProtectionLevelOptions\022"
-          + "\036\n\021reimport_eligible\030\022 \001(\010B\003\340A\003\"\356\004\n\031Cryp"
+          + "\036\n\021reimport_eligible\030\022 \001(\010B\003\340A\003\"\316\005\n\031Cryp"
           + "toKeyVersionAlgorithm\022,\n(CRYPTO_KEY_VERS"
           + "ION_ALGORITHM_UNSPECIFIED\020\000\022\037\n\033GOOGLE_SY"
           + "MMETRIC_ENCRYPTION\020\001\022\034\n\030RSA_SIGN_PSS_204"
@@ -152,64 +152,66 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "YPT_OAEP_2048_SHA256\020\010\022 \n\034RSA_DECRYPT_OA"
           + "EP_3072_SHA256\020\t\022 \n\034RSA_DECRYPT_OAEP_409"
           + "6_SHA256\020\n\022 \n\034RSA_DECRYPT_OAEP_4096_SHA5"
-          + "12\020\021\022\027\n\023EC_SIGN_P256_SHA256\020\014\022\027\n\023EC_SIGN"
-          + "_P384_SHA384\020\r\022\034\n\030EC_SIGN_SECP256K1_SHA2"
-          + "56\020\037\022\017\n\013HMAC_SHA256\020 \022!\n\035EXTERNAL_SYMMET"
-          + "RIC_ENCRYPTION\020\022\"\301\001\n\025CryptoKeyVersionSta"
-          + "te\022(\n$CRYPTO_KEY_VERSION_STATE_UNSPECIFI"
-          + "ED\020\000\022\026\n\022PENDING_GENERATION\020\005\022\013\n\007ENABLED\020"
-          + "\001\022\014\n\010DISABLED\020\002\022\r\n\tDESTROYED\020\003\022\025\n\021DESTRO"
-          + "Y_SCHEDULED\020\004\022\022\n\016PENDING_IMPORT\020\006\022\021\n\rIMP"
-          + "ORT_FAILED\020\007\"I\n\024CryptoKeyVersionView\022\'\n#"
-          + "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED\020\000\022\010\n"
-          + "\004FULL\020\001:\252\001\352A\246\001\n(cloudkms.googleapis.com/"
-          + "CryptoKeyVersion\022zprojects/{project}/loc"
-          + "ations/{location}/keyRings/{key_ring}/cr"
-          + "yptoKeys/{crypto_key}/cryptoKeyVersions/"
-          + "{crypto_key_version}\"\234\003\n\tPublicKey\022\013\n\003pe"
-          + "m\030\001 \001(\t\022R\n\talgorithm\030\002 \001(\0162?.google.clou"
-          + "d.kms.v1.CryptoKeyVersion.CryptoKeyVersi"
-          + "onAlgorithm\022/\n\npem_crc32c\030\003 \001(\0132\033.google"
-          + ".protobuf.Int64Value\022\014\n\004name\030\004 \001(\t\022>\n\020pr"
-          + "otection_level\030\005 \001(\0162$.google.cloud.kms."
-          + "v1.ProtectionLevel:\256\001\352A\252\001\n!cloudkms.goog"
-          + "leapis.com/PublicKey\022\204\001projects/{project"
-          + "}/locations/{location}/keyRings/{key_rin"
-          + "g}/cryptoKeys/{crypto_key}/cryptoKeyVers"
-          + "ions/{crypto_key_version}/publicKey\"\333\007\n\t"
-          + "ImportJob\022\021\n\004name\030\001 \001(\tB\003\340A\003\022J\n\rimport_m"
-          + "ethod\030\002 \001(\0162+.google.cloud.kms.v1.Import"
-          + "Job.ImportMethodB\006\340A\002\340A\005\022F\n\020protection_l"
-          + "evel\030\t \001(\0162$.google.cloud.kms.v1.Protect"
-          + "ionLevelB\006\340A\002\340A\005\0224\n\013create_time\030\003 \001(\0132\032."
-          + "google.protobuf.TimestampB\003\340A\003\0226\n\rgenera"
-          + "te_time\030\004 \001(\0132\032.google.protobuf.Timestam"
-          + "pB\003\340A\003\0224\n\013expire_time\030\005 \001(\0132\032.google.pro"
-          + "tobuf.TimestampB\003\340A\003\022:\n\021expire_event_tim"
-          + "e\030\n \001(\0132\032.google.protobuf.TimestampB\003\340A\003"
-          + "\022A\n\005state\030\006 \001(\0162-.google.cloud.kms.v1.Im"
-          + "portJob.ImportJobStateB\003\340A\003\022I\n\npublic_ke"
-          + "y\030\007 \001(\01320.google.cloud.kms.v1.ImportJob."
-          + "WrappingPublicKeyB\003\340A\003\022F\n\013attestation\030\010 "
-          + "\001(\0132,.google.cloud.kms.v1.KeyOperationAt"
-          + "testationB\003\340A\003\032 \n\021WrappingPublicKey\022\013\n\003p"
-          + "em\030\001 \001(\t\"m\n\014ImportMethod\022\035\n\031IMPORT_METHO"
-          + "D_UNSPECIFIED\020\000\022\036\n\032RSA_OAEP_3072_SHA1_AE"
-          + "S_256\020\001\022\036\n\032RSA_OAEP_4096_SHA1_AES_256\020\002\""
-          + "c\n\016ImportJobState\022 \n\034IMPORT_JOB_STATE_UN"
-          + "SPECIFIED\020\000\022\026\n\022PENDING_GENERATION\020\001\022\n\n\006A"
-          + "CTIVE\020\002\022\013\n\007EXPIRED\020\003:{\352Ax\n!cloudkms.goog"
-          + "leapis.com/ImportJob\022Sprojects/{project}"
-          + "/locations/{location}/keyRings/{key_ring"
-          + "}/importJobs/{import_job}\":\n\036ExternalPro"
-          + "tectionLevelOptions\022\030\n\020external_key_uri\030"
-          + "\001 \001(\t*X\n\017ProtectionLevel\022 \n\034PROTECTION_L"
-          + "EVEL_UNSPECIFIED\020\000\022\014\n\010SOFTWARE\020\001\022\007\n\003HSM\020"
-          + "\002\022\014\n\010EXTERNAL\020\003B\225\001\n\027com.google.cloud.kms"
-          + ".v1B\021KmsResourcesProtoP\001Z6google.golang."
-          + "org/genproto/googleapis/cloud/kms/v1;kms"
-          + "\370\001\001\252\002\023Google.Cloud.Kms.V1\312\002\023Google\\Cloud"
-          + "\\Kms\\V1b\006proto3"
+          + "12\020\021\022\036\n\032RSA_DECRYPT_OAEP_2048_SHA1\020%\022\036\n\032"
+          + "RSA_DECRYPT_OAEP_3072_SHA1\020&\022\036\n\032RSA_DECR"
+          + "YPT_OAEP_4096_SHA1\020\'\022\027\n\023EC_SIGN_P256_SHA"
+          + "256\020\014\022\027\n\023EC_SIGN_P384_SHA384\020\r\022\034\n\030EC_SIG"
+          + "N_SECP256K1_SHA256\020\037\022\017\n\013HMAC_SHA256\020 \022!\n"
+          + "\035EXTERNAL_SYMMETRIC_ENCRYPTION\020\022\"\301\001\n\025Cry"
+          + "ptoKeyVersionState\022(\n$CRYPTO_KEY_VERSION"
+          + "_STATE_UNSPECIFIED\020\000\022\026\n\022PENDING_GENERATI"
+          + "ON\020\005\022\013\n\007ENABLED\020\001\022\014\n\010DISABLED\020\002\022\r\n\tDESTR"
+          + "OYED\020\003\022\025\n\021DESTROY_SCHEDULED\020\004\022\022\n\016PENDING"
+          + "_IMPORT\020\006\022\021\n\rIMPORT_FAILED\020\007\"I\n\024CryptoKe"
+          + "yVersionView\022\'\n#CRYPTO_KEY_VERSION_VIEW_"
+          + "UNSPECIFIED\020\000\022\010\n\004FULL\020\001:\252\001\352A\246\001\n(cloudkms"
+          + ".googleapis.com/CryptoKeyVersion\022zprojec"
+          + "ts/{project}/locations/{location}/keyRin"
+          + "gs/{key_ring}/cryptoKeys/{crypto_key}/cr"
+          + "yptoKeyVersions/{crypto_key_version}\"\234\003\n"
+          + "\tPublicKey\022\013\n\003pem\030\001 \001(\t\022R\n\talgorithm\030\002 \001"
+          + "(\0162?.google.cloud.kms.v1.CryptoKeyVersio"
+          + "n.CryptoKeyVersionAlgorithm\022/\n\npem_crc32"
+          + "c\030\003 \001(\0132\033.google.protobuf.Int64Value\022\014\n\004"
+          + "name\030\004 \001(\t\022>\n\020protection_level\030\005 \001(\0162$.g"
+          + "oogle.cloud.kms.v1.ProtectionLevel:\256\001\352A\252"
+          + "\001\n!cloudkms.googleapis.com/PublicKey\022\204\001p"
+          + "rojects/{project}/locations/{location}/k"
+          + "eyRings/{key_ring}/cryptoKeys/{crypto_ke"
+          + "y}/cryptoKeyVersions/{crypto_key_version"
+          + "}/publicKey\"\333\007\n\tImportJob\022\021\n\004name\030\001 \001(\tB"
+          + "\003\340A\003\022J\n\rimport_method\030\002 \001(\0162+.google.clo"
+          + "ud.kms.v1.ImportJob.ImportMethodB\006\340A\002\340A\005"
+          + "\022F\n\020protection_level\030\t \001(\0162$.google.clou"
+          + "d.kms.v1.ProtectionLevelB\006\340A\002\340A\005\0224\n\013crea"
+          + "te_time\030\003 \001(\0132\032.google.protobuf.Timestam"
+          + "pB\003\340A\003\0226\n\rgenerate_time\030\004 \001(\0132\032.google.p"
+          + "rotobuf.TimestampB\003\340A\003\0224\n\013expire_time\030\005 "
+          + "\001(\0132\032.google.protobuf.TimestampB\003\340A\003\022:\n\021"
+          + "expire_event_time\030\n \001(\0132\032.google.protobu"
+          + "f.TimestampB\003\340A\003\022A\n\005state\030\006 \001(\0162-.google"
+          + ".cloud.kms.v1.ImportJob.ImportJobStateB\003"
+          + "\340A\003\022I\n\npublic_key\030\007 \001(\01320.google.cloud.k"
+          + "ms.v1.ImportJob.WrappingPublicKeyB\003\340A\003\022F"
+          + "\n\013attestation\030\010 \001(\0132,.google.cloud.kms.v"
+          + "1.KeyOperationAttestationB\003\340A\003\032 \n\021Wrappi"
+          + "ngPublicKey\022\013\n\003pem\030\001 \001(\t\"m\n\014ImportMethod"
+          + "\022\035\n\031IMPORT_METHOD_UNSPECIFIED\020\000\022\036\n\032RSA_O"
+          + "AEP_3072_SHA1_AES_256\020\001\022\036\n\032RSA_OAEP_4096"
+          + "_SHA1_AES_256\020\002\"c\n\016ImportJobState\022 \n\034IMP"
+          + "ORT_JOB_STATE_UNSPECIFIED\020\000\022\026\n\022PENDING_G"
+          + "ENERATION\020\001\022\n\n\006ACTIVE\020\002\022\013\n\007EXPIRED\020\003:{\352A"
+          + "x\n!cloudkms.googleapis.com/ImportJob\022Spr"
+          + "ojects/{project}/locations/{location}/ke"
+          + "yRings/{key_ring}/importJobs/{import_job"
+          + "}\":\n\036ExternalProtectionLevelOptions\022\030\n\020e"
+          + "xternal_key_uri\030\001 \001(\t*X\n\017ProtectionLevel"
+          + "\022 \n\034PROTECTION_LEVEL_UNSPECIFIED\020\000\022\014\n\010SO"
+          + "FTWARE\020\001\022\007\n\003HSM\020\002\022\014\n\010EXTERNAL\020\003B\225\001\n\027com."
+          + "google.cloud.kms.v1B\021KmsResourcesProtoP\001"
+          + "Z6google.golang.org/genproto/googleapis/"
+          + "cloud/kms/v1;kms\370\001\001\252\002\023Google.Cloud.Kms.V"
+          + "1\312\002\023Google\\Cloud\\Kms\\V1b\006proto3"
     };
     descriptor =
         com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(

proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/resources.proto

@@ -300,6 +300,15 @@ message CryptoKeyVersion {
     // RSAES-OAEP 4096 bit key with a SHA512 digest.
     RSA_DECRYPT_OAEP_4096_SHA512 = 17;
 
+    // RSAES-OAEP 2048 bit key with a SHA1 digest.
+    RSA_DECRYPT_OAEP_2048_SHA1 = 37;
+
+    // RSAES-OAEP 3072 bit key with a SHA1 digest.
+    RSA_DECRYPT_OAEP_3072_SHA1 = 38;
+
+    // RSAES-OAEP 4096 bit key with a SHA1 digest.
+    RSA_DECRYPT_OAEP_4096_SHA1 = 39;
+
     // ECDSA on the NIST P-256 curve with a SHA256 digest.
     EC_SIGN_P256_SHA256 = 12;