Package software.amazon.awssdk.services.acmpca.model

Class CertificateAuthority

java.lang.Object
software.amazon.awssdk.services.acmpca.model.CertificateAuthority
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<CertificateAuthority.Builder,CertificateAuthority>
@Generated("software.amazon.awssdk:codegen") public final class CertificateAuthority extends Object implements SdkPojo, Serializable, ToCopyableBuilder<CertificateAuthority.Builder,CertificateAuthority>

Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority action to create your private CA. You must then call the GetCertificateAuthorityCertificate action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises root or subordinate CA certificate. Call the ImportCertificateAuthorityCertificate action to import the signed certificate into Certificate Manager (ACM).

See Also:

  • Method Details

    • arn

      public final String arn()

      Amazon Resource Name (ARN) for your private certificate authority (CA). The format is 12345678-1234-1234-1234-123456789012 .

      Returns:
      Amazon Resource Name (ARN) for your private certificate authority (CA). The format is 12345678-1234-1234-1234-123456789012 .

    • ownerAccount

      public final String ownerAccount()

      The Amazon Web Services account ID that owns the certificate authority.

      Returns:
      The Amazon Web Services account ID that owns the certificate authority.

    • createdAt

      public final Instant createdAt()

      Date and time at which your private CA was created.

      Returns:
      Date and time at which your private CA was created.

    • lastStateChangeAt

      public final Instant lastStateChangeAt()

      Date and time at which your private CA was last updated.

      Returns:
      Date and time at which your private CA was last updated.

    • type

      public final CertificateAuthorityType type()

      Type of your private CA.

      If the service returns an enum value that is not available in the current SDK version, type will return CertificateAuthorityType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from typeAsString().

      Returns:
      Type of your private CA.
      See Also:

    • typeAsString

      public final String typeAsString()

      Type of your private CA.

      If the service returns an enum value that is not available in the current SDK version, type will return CertificateAuthorityType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from typeAsString().

      Returns:
      Type of your private CA.
      See Also:

    • serial

      public final String serial()

      Serial number of your private CA.

      Returns:
      Serial number of your private CA.

    • status

      public final CertificateAuthorityStatus status()

      Status of your private CA.

      If the service returns an enum value that is not available in the current SDK version, status will return CertificateAuthorityStatus.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from statusAsString().

      Returns:
      Status of your private CA.
      See Also:

    • statusAsString

      public final String statusAsString()

      Status of your private CA.

      If the service returns an enum value that is not available in the current SDK version, status will return CertificateAuthorityStatus.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from statusAsString().

      Returns:
      Status of your private CA.
      See Also:

    • notBefore

      public final Instant notBefore()

      Date and time before which your private CA certificate is not valid.

      Returns:
      Date and time before which your private CA certificate is not valid.

    • notAfter

      public final Instant notAfter()

      Date and time after which your private CA certificate is not valid.

      Returns:
      Date and time after which your private CA certificate is not valid.

    • failureReason

      public final FailureReason failureReason()

      Reason the request to create your private CA failed.

      If the service returns an enum value that is not available in the current SDK version, failureReason will return FailureReason.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from failureReasonAsString().

      Returns:
      Reason the request to create your private CA failed.
      See Also:

    • failureReasonAsString

      public final String failureReasonAsString()

      Reason the request to create your private CA failed.

      If the service returns an enum value that is not available in the current SDK version, failureReason will return FailureReason.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from failureReasonAsString().

      Returns:
      Reason the request to create your private CA failed.
      See Also:

    • certificateAuthorityConfiguration

      public final CertificateAuthorityConfiguration certificateAuthorityConfiguration()

      Your private CA configuration.

      Returns:
      Your private CA configuration.

    • revocationConfiguration

      public final RevocationConfiguration revocationConfiguration()

      Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.

      Returns:
      Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.

    • restorableUntil

      public final Instant restorableUntil()

      The period during which a deleted CA can be restored. For more information, see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest action.

      Returns:
      The period during which a deleted CA can be restored. For more information, see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest action.

    • keyStorageSecurityStandard

      public final KeyStorageSecurityStandard keyStorageSecurityStandard()

      Defines a cryptographic key management compliance standard used for handling CA keys.

      Default: FIPS_140_2_LEVEL_3_OR_HIGHER

      Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an InvalidArgsException with the message "A certificate authority cannot be created in this region with the specified security standard."

      If the service returns an enum value that is not available in the current SDK version, keyStorageSecurityStandard will return KeyStorageSecurityStandard.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyStorageSecurityStandardAsString().

      Returns:
      Defines a cryptographic key management compliance standard used for handling CA keys.

      Default: FIPS_140_2_LEVEL_3_OR_HIGHER

      Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an InvalidArgsException with the message "A certificate authority cannot be created in this region with the specified security standard."

      See Also:

    • keyStorageSecurityStandardAsString

      public final String keyStorageSecurityStandardAsString()

      Defines a cryptographic key management compliance standard used for handling CA keys.

      Default: FIPS_140_2_LEVEL_3_OR_HIGHER

      Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an InvalidArgsException with the message "A certificate authority cannot be created in this region with the specified security standard."

      If the service returns an enum value that is not available in the current SDK version, keyStorageSecurityStandard will return KeyStorageSecurityStandard.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyStorageSecurityStandardAsString().

      Returns:
      Defines a cryptographic key management compliance standard used for handling CA keys.

      Default: FIPS_140_2_LEVEL_3_OR_HIGHER

      Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an InvalidArgsException with the message "A certificate authority cannot be created in this region with the specified security standard."

      See Also:

    • usageMode

      public final CertificateAuthorityUsageMode usageMode()

      Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.

      The default value is GENERAL_PURPOSE.

      If the service returns an enum value that is not available in the current SDK version, usageMode will return CertificateAuthorityUsageMode.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from usageModeAsString().

      Returns:
      Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.

      The default value is GENERAL_PURPOSE.

      See Also:

    • usageModeAsString

      public final String usageModeAsString()

      Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.

      The default value is GENERAL_PURPOSE.

      If the service returns an enum value that is not available in the current SDK version, usageMode will return CertificateAuthorityUsageMode.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from usageModeAsString().

      Returns:
      Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.

      The default value is GENERAL_PURPOSE.

      See Also:

    • toBuilder

      public CertificateAuthority.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<CertificateAuthority.Builder,CertificateAuthority>
      Returns:
      a builder for type T

    • builder

      public static CertificateAuthority.Builder builder()

    • serializableBuilderClass

      public static Class<? extends CertificateAuthority.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.