Package software.amazon.awssdk.services.networkfirewall.model

Class ServerCertificateConfiguration

java.lang.Object

software.amazon.awssdk.services.networkfirewall.model.ServerCertificateConfiguration

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<ServerCertificateConfiguration.Builder,ServerCertificateConfiguration>

@Generated("software.amazon.awssdk:codegen")
public final class ServerCertificateConfiguration
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<ServerCertificateConfiguration.Builder,ServerCertificateConfiguration>

Configures the Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a TLSInspectionConfiguration. You can configure ServerCertificates for inbound SSL/TLS inspection, a CertificateAuthorityArn for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see Using SSL/TLS server certficiates with TLS inspection configurations in the Network Firewall Developer Guide.

If a server certificate that's associated with your TLSInspectionConfiguration is revoked, deleted, or expired it can result in client-side TLS errors.

See Also:

• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	ServerCertificateConfiguration.Builder

Method Summary

Modifier and Type	Method	Description
static ServerCertificateConfiguration.Builder	builder()
final String	certificateAuthorityArn()	The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
final CheckCertificateRevocationStatusActions	checkCertificateRevocationStatus()	When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status.
final boolean	equals(Object obj)
final boolean	equalsBySdkFields(Object obj)	Indicates whether some other object is "equal to" this one by SDK fields.
final <T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
final int	hashCode()
final boolean	hasScopes()	For responses, this returns true if the service returned a value for the Scopes property.
final boolean	hasServerCertificates()	For responses, this returns true if the service returned a value for the ServerCertificates property.
final List<ServerCertificateScope>	scopes()	A list of scopes.
final List<SdkField<?>>	sdkFields()
static Class<? extends ServerCertificateConfiguration.Builder>	serializableBuilderClass()
final List<ServerCertificate>	serverCertificates()	The list of server certificates to use for inbound SSL/TLS inspection.
ServerCertificateConfiguration.Builder	toBuilder()	Take this object and create a builder that contains all of the current property values of this object.
final String	toString()	Returns a string representation of this object.

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Details

hasServerCertificates

public final boolean hasServerCertificates()

For responses, this returns true if the service returned a value for the ServerCertificates property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

serverCertificates

public final List<ServerCertificate> serverCertificates()

The list of server certificates to use for inbound SSL/TLS inspection.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasServerCertificates() method.

Returns:

The list of server certificates to use for inbound SSL/TLS inspection.

hasScopes

public final boolean hasScopes()

For responses, this returns true if the service returned a value for the Scopes property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

scopes

public final List<ServerCertificateScope> scopes()

A list of scopes.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasScopes() method.

Returns:

A list of scopes.

certificateAuthorityArn

public final String certificateAuthorityArn()

The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

The following limitations apply:

• You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.

• You can't use certificates issued by Private Certificate Authority.

For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the Network Firewall Developer Guide.

For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.

Returns:

The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

The following limitations apply:

• You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.

• You can't use certificates issued by Private Certificate Authority.

For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the Network Firewall Developer Guide.

For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.

checkCertificateRevocationStatus

public final CheckCertificateRevocationStatusActions checkCertificateRevocationStatus()

When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration.

Returns:

When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration.

toBuilder

public ServerCertificateConfiguration.Builder toBuilder()

Description copied from interface: ToCopyableBuilder

Take this object and create a builder that contains all of the current property values of this object.

Specified by:

toBuilder in interface ToCopyableBuilder<ServerCertificateConfiguration.Builder,ServerCertificateConfiguration>

Returns:

a builder for type T

builder

public static ServerCertificateConfiguration.Builder builder()

serializableBuilderClass

public static Class<? extends ServerCertificateConfiguration.Builder> serializableBuilderClass()

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

equals

public final boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public final boolean equalsBySdkFields(Object obj)

Description copied from interface: SdkPojo

Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

Specified by:

equalsBySdkFields in interface SdkPojo

Parameters:

obj - the object to be compared with

Returns:

true if the other object equals to this object by sdk fields, false otherwise.

toString

public final String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public final <T> Optional<T> getValueForField(String fieldName,
 Class<T> clazz)

sdkFields

public final List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo

Returns:

List of SdkField in this POJO. May be empty list but should never be null.