software.amazon.awssdk.services.acmpca.model

Class CertificateAuthority

java.lang.Object

software.amazon.awssdk.services.acmpca.model.CertificateAuthority

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<CertificateAuthority.Builder,CertificateAuthority>

@Generated(value="software.amazon.awssdk:codegen")
public final class CertificateAuthority
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<CertificateAuthority.Builder,CertificateAuthority>

Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority action to create your private CA. You must then call the GetCertificateAuthorityCertificate action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises root or subordinate CA certificate. Call the ImportCertificateAuthorityCertificate action to import the signed certificate into Certificate Manager (ACM).

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	CertificateAuthority.Builder

Method Summary

Modifier and Type	Method and Description
String	arn() Amazon Resource Name (ARN) for your private certificate authority (CA).
static CertificateAuthority.Builder	builder()
CertificateAuthorityConfiguration	certificateAuthorityConfiguration() Your private CA configuration.
Instant	createdAt() Date and time at which your private CA was created.
boolean	equals(Object obj)
boolean	equalsBySdkFields(Object obj)
FailureReason	failureReason() Reason the request to create your private CA failed.
String	failureReasonAsString() Reason the request to create your private CA failed.
<T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
int	hashCode()
KeyStorageSecurityStandard	keyStorageSecurityStandard() Defines a cryptographic key management compliance standard used for handling CA keys.
String	keyStorageSecurityStandardAsString() Defines a cryptographic key management compliance standard used for handling CA keys.
Instant	lastStateChangeAt() Date and time at which your private CA was last updated.
Instant	notAfter() Date and time after which your private CA certificate is not valid.
Instant	notBefore() Date and time before which your private CA certificate is not valid.
String	ownerAccount() The Amazon Web Services account ID that owns the certificate authority.
Instant	restorableUntil() The period during which a deleted CA can be restored.
RevocationConfiguration	revocationConfiguration() Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.
List<SdkField<?>>	sdkFields()
String	serial() Serial number of your private CA.
static Class<? extends CertificateAuthority.Builder>	serializableBuilderClass()
CertificateAuthorityStatus	status() Status of your private CA.
String	statusAsString() Status of your private CA.
CertificateAuthority.Builder	toBuilder()
String	toString() Returns a string representation of this object.
CertificateAuthorityType	type() Type of your private CA.
String	typeAsString() Type of your private CA.
CertificateAuthorityUsageMode	usageMode() Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
String	usageModeAsString() Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Detail

arn

public final String arn()

Amazon Resource Name (ARN) for your private certificate authority (CA). The format is 12345678-1234-1234-1234-123456789012 .

Returns:

Amazon Resource Name (ARN) for your private certificate authority (CA). The format is 12345678-1234-1234-1234-123456789012 .

ownerAccount

public final String ownerAccount()

The Amazon Web Services account ID that owns the certificate authority.

Returns:

The Amazon Web Services account ID that owns the certificate authority.

createdAt

public final Instant createdAt()

Date and time at which your private CA was created.

Returns:

Date and time at which your private CA was created.

lastStateChangeAt

public final Instant lastStateChangeAt()

Date and time at which your private CA was last updated.

Returns:

Date and time at which your private CA was last updated.

type

public final CertificateAuthorityType type()

Type of your private CA.

If the service returns an enum value that is not available in the current SDK version, type will return CertificateAuthorityType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from typeAsString().

Returns:

Type of your private CA.

See Also:

CertificateAuthorityType

typeAsString

public final String typeAsString()

Type of your private CA.

If the service returns an enum value that is not available in the current SDK version, type will return CertificateAuthorityType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from typeAsString().

Returns:

Type of your private CA.

See Also:

CertificateAuthorityType

serial

public final String serial()

Serial number of your private CA.

Returns:

Serial number of your private CA.

status

public final CertificateAuthorityStatus status()

Status of your private CA.

If the service returns an enum value that is not available in the current SDK version, status will return CertificateAuthorityStatus.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from statusAsString().

Returns:

Status of your private CA.

See Also:

CertificateAuthorityStatus

statusAsString

public final String statusAsString()

Status of your private CA.

If the service returns an enum value that is not available in the current SDK version, status will return CertificateAuthorityStatus.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from statusAsString().

Returns:

Status of your private CA.

See Also:

CertificateAuthorityStatus

notBefore

public final Instant notBefore()

Date and time before which your private CA certificate is not valid.

Returns:

Date and time before which your private CA certificate is not valid.

notAfter

public final Instant notAfter()

Date and time after which your private CA certificate is not valid.

Returns:

Date and time after which your private CA certificate is not valid.

failureReason

public final FailureReason failureReason()

Reason the request to create your private CA failed.

If the service returns an enum value that is not available in the current SDK version, failureReason will return FailureReason.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from failureReasonAsString().

Returns:

Reason the request to create your private CA failed.

See Also:

FailureReason

failureReasonAsString

public final String failureReasonAsString()

Reason the request to create your private CA failed.

If the service returns an enum value that is not available in the current SDK version, failureReason will return FailureReason.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from failureReasonAsString().

Returns:

Reason the request to create your private CA failed.

See Also:

FailureReason

certificateAuthorityConfiguration

public final CertificateAuthorityConfiguration certificateAuthorityConfiguration()

Your private CA configuration.

Returns:

Your private CA configuration.

revocationConfiguration

public final RevocationConfiguration revocationConfiguration()

Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.

Returns:

Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.

restorableUntil

public final Instant restorableUntil()

The period during which a deleted CA can be restored. For more information, see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest action.

Returns:

The period during which a deleted CA can be restored. For more information, see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest action.

keyStorageSecurityStandard

public final KeyStorageSecurityStandard keyStorageSecurityStandard()

Defines a cryptographic key management compliance standard used for handling CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an InvalidArgsException with the message "A certificate authority cannot be created in this region with the specified security standard."

If the service returns an enum value that is not available in the current SDK version, keyStorageSecurityStandard will return KeyStorageSecurityStandard.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyStorageSecurityStandardAsString().

Returns:

Defines a cryptographic key management compliance standard used for handling CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an InvalidArgsException with the message "A certificate authority cannot be created in this region with the specified security standard."

See Also:

KeyStorageSecurityStandard

keyStorageSecurityStandardAsString

public final String keyStorageSecurityStandardAsString()

Defines a cryptographic key management compliance standard used for handling CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an InvalidArgsException with the message "A certificate authority cannot be created in this region with the specified security standard."

If the service returns an enum value that is not available in the current SDK version, keyStorageSecurityStandard will return KeyStorageSecurityStandard.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyStorageSecurityStandardAsString().

Returns:

Defines a cryptographic key management compliance standard used for handling CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an InvalidArgsException with the message "A certificate authority cannot be created in this region with the specified security standard."

See Also:

KeyStorageSecurityStandard

usageMode

public final CertificateAuthorityUsageMode usageMode()

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.

The default value is GENERAL_PURPOSE.

If the service returns an enum value that is not available in the current SDK version, usageMode will return CertificateAuthorityUsageMode.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from usageModeAsString().

Returns:

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.

The default value is GENERAL_PURPOSE.

See Also:

CertificateAuthorityUsageMode

usageModeAsString

public final String usageModeAsString()

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.

The default value is GENERAL_PURPOSE.

If the service returns an enum value that is not available in the current SDK version, usageMode will return CertificateAuthorityUsageMode.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from usageModeAsString().

Returns:

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.

The default value is GENERAL_PURPOSE.

See Also:

CertificateAuthorityUsageMode

toBuilder

public CertificateAuthority.Builder toBuilder()

Specified by:

toBuilder in interface ToCopyableBuilder<CertificateAuthority.Builder,CertificateAuthority>

builder

public static CertificateAuthority.Builder builder()

serializableBuilderClass

public static Class<? extends CertificateAuthority.Builder> serializableBuilderClass()

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

equals

public final boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public final boolean equalsBySdkFields(Object obj)

Specified by:

equalsBySdkFields in interface SdkPojo

toString

public final String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public final <T> Optional<T> getValueForField(String fieldName,
                                              Class<T> clazz)

sdkFields

public final List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo