com.amazonaws.services.acmpca.model.IssueCertificateRequest Maven / Gradle / Ivy
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.acmpca.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class IssueCertificateRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {
/**
*
* Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough
* or APICSRPassthrough template variant must be selected, or else this parameter is ignored. For more
* information about using these templates, see Understanding Certificate
* Templates.
*
*
* If conflicting or duplicate certificate information is supplied during certificate issuance, Amazon Web Services
* Private CA applies order of operation rules to determine what information is used.
*
*/
private ApiPassthrough apiPassthrough;
/**
*
* The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
*
*
* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
*
*/
private String certificateAuthorityArn;
/**
*
* The certificate signing request (CSR) for the certificate you want to issue. As an example, you can use the
* following OpenSSL command to create the CSR and a 2048 bit RSA private key.
*
*
* openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* If you have a configuration file, you can then use the following OpenSSL command. The usr_cert block
* in the configuration file contains your X509 version 3 extensions.
*
*
* openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* Note: A CSR must provide either a subject name or a subject alternative name or the request will be
* rejected.
*
*/
private java.nio.ByteBuffer csr;
/**
*
* The name of the algorithm that will be used to sign the certificate to be issued.
*
*
* This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the
* CreateCertificateAuthority action.
*
*
*
* The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
*
*
*/
private String signingAlgorithm;
/**
*
* Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided,
* Amazon Web Services Private CA defaults to the EndEntityCertificate/V1 template. For CA
* certificates, you should choose the shortest path length that meets your needs. The path length is indicated by
* the PathLenN portion of the ARN, where N is the CA depth.
*
*
* Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its parents in the
* CA hierarchy.
*
*
* For a list of TemplateArn values supported by Amazon Web Services Private CA, see Understanding Certificate
* Templates.
*
*/
private String templateArn;
/**
*
* Information describing the end of the validity period of the certificate. This parameter sets the “Not After”
* date for the certificate.
*
*
* Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an
* explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months,
* or years. For more information, see Validity in RFC 5280.
*
*
* This value is unaffected when ValidityNotBefore is also specified. For example, if
* Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time
* regardless of the ValidityNotBefore value.
*
*
* The end of the validity period configured on a certificate must not exceed the limit set on its parents in the CA
* hierarchy.
*
*/
private Validity validity;
/**
*
* Information describing the start of the validity period of the certificate. This parameter sets the “Not Before"
* date for the certificate.
*
*
* By default, when issuing a certificate, Amazon Web Services Private CA sets the "Not Before" date to the issuance
* time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
* ValidityNotBefore parameter can be used to customize the “Not Before” value.
*
*
* Unlike the Validity parameter, the ValidityNotBefore parameter is optional.
*
*
* The ValidityNotBefore value is expressed as an explicit date and time, using the
* Validity type value ABSOLUTE. For more information, see Validity in this API
* reference and Validity in RFC 5280.
*
*/
private Validity validityNotBefore;
/**
*
* Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action.
* Idempotency tokens for IssueCertificate time out after five minutes. Therefore, if you call
* IssueCertificate multiple times with the same idempotency token within five minutes, Amazon Web Services
* Private CA recognizes that you are requesting only one certificate and will issue only one. If you change the
* idempotency token for each call, Amazon Web Services Private CA recognizes that you are requesting multiple
* certificates.
*
*/
private String idempotencyToken;
/**
*
* Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough
* or APICSRPassthrough template variant must be selected, or else this parameter is ignored. For more
* information about using these templates, see Understanding Certificate
* Templates.
*
*
* If conflicting or duplicate certificate information is supplied during certificate issuance, Amazon Web Services
* Private CA applies order of operation rules to determine what information is used.
*
*
* @param apiPassthrough
* Specifies X.509 certificate information to be included in the issued certificate. An
* APIPassthrough or APICSRPassthrough template variant must be selected, or else
* this parameter is ignored. For more information about using these templates, see Understanding
* Certificate Templates.
*
* If conflicting or duplicate certificate information is supplied during certificate issuance, Amazon Web
* Services Private CA applies order of operation rules to determine what information is used.
*/
public void setApiPassthrough(ApiPassthrough apiPassthrough) {
this.apiPassthrough = apiPassthrough;
}
/**
*
* Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough
* or APICSRPassthrough template variant must be selected, or else this parameter is ignored. For more
* information about using these templates, see Understanding Certificate
* Templates.
*
*
* If conflicting or duplicate certificate information is supplied during certificate issuance, Amazon Web Services
* Private CA applies order of operation rules to determine what information is used.
*
*
* @return Specifies X.509 certificate information to be included in the issued certificate. An
* APIPassthrough or APICSRPassthrough template variant must be selected, or else
* this parameter is ignored. For more information about using these templates, see Understanding
* Certificate Templates.
*
* If conflicting or duplicate certificate information is supplied during certificate issuance, Amazon Web
* Services Private CA applies order of operation rules to determine what information is used.
*/
public ApiPassthrough getApiPassthrough() {
return this.apiPassthrough;
}
/**
*
* Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough
* or APICSRPassthrough template variant must be selected, or else this parameter is ignored. For more
* information about using these templates, see Understanding Certificate
* Templates.
*
*
* If conflicting or duplicate certificate information is supplied during certificate issuance, Amazon Web Services
* Private CA applies order of operation rules to determine what information is used.
*
*
* @param apiPassthrough
* Specifies X.509 certificate information to be included in the issued certificate. An
* APIPassthrough or APICSRPassthrough template variant must be selected, or else
* this parameter is ignored. For more information about using these templates, see Understanding
* Certificate Templates.
*
* If conflicting or duplicate certificate information is supplied during certificate issuance, Amazon Web
* Services Private CA applies order of operation rules to determine what information is used.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public IssueCertificateRequest withApiPassthrough(ApiPassthrough apiPassthrough) {
setApiPassthrough(apiPassthrough);
return this;
}
/**
*
* The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
*
*
* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
*
*
* @param certificateAuthorityArn
* The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
*
* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
*/
public void setCertificateAuthorityArn(String certificateAuthorityArn) {
this.certificateAuthorityArn = certificateAuthorityArn;
}
/**
*
* The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
*
*
* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
*
*
* @return The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
*
* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
*/
public String getCertificateAuthorityArn() {
return this.certificateAuthorityArn;
}
/**
*
* The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
*
*
* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
*
*
* @param certificateAuthorityArn
* The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
*
* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
* @return Returns a reference to this object so that method calls can be chained together.
*/
public IssueCertificateRequest withCertificateAuthorityArn(String certificateAuthorityArn) {
setCertificateAuthorityArn(certificateAuthorityArn);
return this;
}
/**
*
* The certificate signing request (CSR) for the certificate you want to issue. As an example, you can use the
* following OpenSSL command to create the CSR and a 2048 bit RSA private key.
*
*
* openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* If you have a configuration file, you can then use the following OpenSSL command. The usr_cert block
* in the configuration file contains your X509 version 3 extensions.
*
*
* openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* Note: A CSR must provide either a subject name or a subject alternative name or the request will be
* rejected.
*
*
* The AWS SDK for Java performs a Base64 encoding on this field before sending this request to the AWS service.
* Users of the SDK should not perform Base64 encoding on this field.
*
*
* Warning: ByteBuffers returned by the SDK are mutable. Changes to the content or position of the byte buffer will
* be seen by all objects that have a reference to this object. It is recommended to call ByteBuffer.duplicate() or
* ByteBuffer.asReadOnlyBuffer() before using or reading from the buffer. This behavior will be changed in a future
* major version of the SDK.
*
*
* @param csr
* The certificate signing request (CSR) for the certificate you want to issue. As an example, you can use
* the following OpenSSL command to create the CSR and a 2048 bit RSA private key.
*
* openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* If you have a configuration file, you can then use the following OpenSSL command. The
* usr_cert block in the configuration file contains your X509 version 3 extensions.
*
*
* openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* Note: A CSR must provide either a subject name or a subject alternative name or the request
* will be rejected.
*/
public void setCsr(java.nio.ByteBuffer csr) {
this.csr = csr;
}
/**
*
* The certificate signing request (CSR) for the certificate you want to issue. As an example, you can use the
* following OpenSSL command to create the CSR and a 2048 bit RSA private key.
*
*
* openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* If you have a configuration file, you can then use the following OpenSSL command. The usr_cert block
* in the configuration file contains your X509 version 3 extensions.
*
*
* openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* Note: A CSR must provide either a subject name or a subject alternative name or the request will be
* rejected.
*
*
* {@code ByteBuffer}s are stateful. Calling their {@code get} methods changes their {@code position}. We recommend
* using {@link java.nio.ByteBuffer#asReadOnlyBuffer()} to create a read-only view of the buffer with an independent
* {@code position}, and calling {@code get} methods on this rather than directly on the returned {@code ByteBuffer}.
* Doing so will ensure that anyone else using the {@code ByteBuffer} will not be affected by changes to the
* {@code position}.
*
*
* @return The certificate signing request (CSR) for the certificate you want to issue. As an example, you can use
* the following OpenSSL command to create the CSR and a 2048 bit RSA private key.
*
* openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* If you have a configuration file, you can then use the following OpenSSL command. The
* usr_cert block in the configuration file contains your X509 version 3 extensions.
*
*
* openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* Note: A CSR must provide either a subject name or a subject alternative name or the request
* will be rejected.
*/
public java.nio.ByteBuffer getCsr() {
return this.csr;
}
/**
*
* The certificate signing request (CSR) for the certificate you want to issue. As an example, you can use the
* following OpenSSL command to create the CSR and a 2048 bit RSA private key.
*
*
* openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* If you have a configuration file, you can then use the following OpenSSL command. The usr_cert block
* in the configuration file contains your X509 version 3 extensions.
*
*
* openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* Note: A CSR must provide either a subject name or a subject alternative name or the request will be
* rejected.
*
*
* The AWS SDK for Java performs a Base64 encoding on this field before sending this request to the AWS service.
* Users of the SDK should not perform Base64 encoding on this field.
*
*
* Warning: ByteBuffers returned by the SDK are mutable. Changes to the content or position of the byte buffer will
* be seen by all objects that have a reference to this object. It is recommended to call ByteBuffer.duplicate() or
* ByteBuffer.asReadOnlyBuffer() before using or reading from the buffer. This behavior will be changed in a future
* major version of the SDK.
*
*
* @param csr
* The certificate signing request (CSR) for the certificate you want to issue. As an example, you can use
* the following OpenSSL command to create the CSR and a 2048 bit RSA private key.
*
* openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* If you have a configuration file, you can then use the following OpenSSL command. The
* usr_cert block in the configuration file contains your X509 version 3 extensions.
*
*
* openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
*
*
* Note: A CSR must provide either a subject name or a subject alternative name or the request
* will be rejected.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public IssueCertificateRequest withCsr(java.nio.ByteBuffer csr) {
setCsr(csr);
return this;
}
/**
*
* The name of the algorithm that will be used to sign the certificate to be issued.
*
*
* This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the
* CreateCertificateAuthority action.
*
*
*
* The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
*
*
*
* @param signingAlgorithm
* The name of the algorithm that will be used to sign the certificate to be issued.
*
* This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR
* in the CreateCertificateAuthority action.
*
*
*
* The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret
* key.
*
* @see SigningAlgorithm
*/
public void setSigningAlgorithm(String signingAlgorithm) {
this.signingAlgorithm = signingAlgorithm;
}
/**
*
* The name of the algorithm that will be used to sign the certificate to be issued.
*
*
* This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the
* CreateCertificateAuthority action.
*
*
*
* The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
*
*
*
* @return The name of the algorithm that will be used to sign the certificate to be issued.
*
* This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR
* in the CreateCertificateAuthority action.
*
*
*
* The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret
* key.
*
* @see SigningAlgorithm
*/
public String getSigningAlgorithm() {
return this.signingAlgorithm;
}
/**
*
* The name of the algorithm that will be used to sign the certificate to be issued.
*
*
* This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the
* CreateCertificateAuthority action.
*
*
*
* The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
*
*
*
* @param signingAlgorithm
* The name of the algorithm that will be used to sign the certificate to be issued.
*
* This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR
* in the CreateCertificateAuthority action.
*
*
*
* The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret
* key.
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see SigningAlgorithm
*/
public IssueCertificateRequest withSigningAlgorithm(String signingAlgorithm) {
setSigningAlgorithm(signingAlgorithm);
return this;
}
/**
*
* The name of the algorithm that will be used to sign the certificate to be issued.
*
*
* This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the
* CreateCertificateAuthority action.
*
*
*
* The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
*
*
*
* @param signingAlgorithm
* The name of the algorithm that will be used to sign the certificate to be issued.
*
* This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR
* in the CreateCertificateAuthority action.
*
*
*
* The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret
* key.
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see SigningAlgorithm
*/
public IssueCertificateRequest withSigningAlgorithm(SigningAlgorithm signingAlgorithm) {
this.signingAlgorithm = signingAlgorithm.toString();
return this;
}
/**
*
* Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided,
* Amazon Web Services Private CA defaults to the EndEntityCertificate/V1 template. For CA
* certificates, you should choose the shortest path length that meets your needs. The path length is indicated by
* the PathLenN portion of the ARN, where N is the CA depth.
*
*
* Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its parents in the
* CA hierarchy.
*
*
* For a list of TemplateArn values supported by Amazon Web Services Private CA, see Understanding Certificate
* Templates.
*
*
* @param templateArn
* Specifies a custom configuration template to use when issuing a certificate. If this parameter is not
* provided, Amazon Web Services Private CA defaults to the EndEntityCertificate/V1 template.
* For CA certificates, you should choose the shortest path length that meets your needs. The path length is
* indicated by the PathLenN portion of the ARN, where N is the CA
* depth.
*
* Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its parents
* in the CA hierarchy.
*
*
* For a list of TemplateArn values supported by Amazon Web Services Private CA, see Understanding
* Certificate Templates.
*/
public void setTemplateArn(String templateArn) {
this.templateArn = templateArn;
}
/**
*
* Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided,
* Amazon Web Services Private CA defaults to the EndEntityCertificate/V1 template. For CA
* certificates, you should choose the shortest path length that meets your needs. The path length is indicated by
* the PathLenN portion of the ARN, where N is the CA depth.
*
*
* Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its parents in the
* CA hierarchy.
*
*
* For a list of TemplateArn values supported by Amazon Web Services Private CA, see Understanding Certificate
* Templates.
*
*
* @return Specifies a custom configuration template to use when issuing a certificate. If this parameter is not
* provided, Amazon Web Services Private CA defaults to the EndEntityCertificate/V1 template.
* For CA certificates, you should choose the shortest path length that meets your needs. The path length is
* indicated by the PathLenN portion of the ARN, where N is the CA
* depth.
*
* Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its
* parents in the CA hierarchy.
*
*
* For a list of TemplateArn values supported by Amazon Web Services Private CA, see Understanding
* Certificate Templates.
*/
public String getTemplateArn() {
return this.templateArn;
}
/**
*
* Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided,
* Amazon Web Services Private CA defaults to the EndEntityCertificate/V1 template. For CA
* certificates, you should choose the shortest path length that meets your needs. The path length is indicated by
* the PathLenN portion of the ARN, where N is the CA depth.
*
*
* Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its parents in the
* CA hierarchy.
*
*
* For a list of TemplateArn values supported by Amazon Web Services Private CA, see Understanding Certificate
* Templates.
*
*
* @param templateArn
* Specifies a custom configuration template to use when issuing a certificate. If this parameter is not
* provided, Amazon Web Services Private CA defaults to the EndEntityCertificate/V1 template.
* For CA certificates, you should choose the shortest path length that meets your needs. The path length is
* indicated by the PathLenN portion of the ARN, where N is the CA
* depth.
*
* Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its parents
* in the CA hierarchy.
*
*
* For a list of TemplateArn values supported by Amazon Web Services Private CA, see Understanding
* Certificate Templates.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public IssueCertificateRequest withTemplateArn(String templateArn) {
setTemplateArn(templateArn);
return this;
}
/**
*
* Information describing the end of the validity period of the certificate. This parameter sets the “Not After”
* date for the certificate.
*
*
* Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an
* explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months,
* or years. For more information, see Validity in RFC 5280.
*
*
* This value is unaffected when ValidityNotBefore is also specified. For example, if
* Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time
* regardless of the ValidityNotBefore value.
*
*
* The end of the validity period configured on a certificate must not exceed the limit set on its parents in the CA
* hierarchy.
*
*
* @param validity
* Information describing the end of the validity period of the certificate. This parameter sets the “Not
* After” date for the certificate.
*
* Certificate validity is the period of time during which a certificate is valid. Validity can be expressed
* as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in
* days, months, or years. For more information, see Validity in RFC 5280.
*
*
* This value is unaffected when ValidityNotBefore is also specified. For example, if
* Validity is set to 20 days in the future, the certificate will expire 20 days from issuance
* time regardless of the ValidityNotBefore value.
*
*
* The end of the validity period configured on a certificate must not exceed the limit set on its parents in
* the CA hierarchy.
*/
public void setValidity(Validity validity) {
this.validity = validity;
}
/**
*
* Information describing the end of the validity period of the certificate. This parameter sets the “Not After”
* date for the certificate.
*
*
* Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an
* explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months,
* or years. For more information, see Validity in RFC 5280.
*
*
* This value is unaffected when ValidityNotBefore is also specified. For example, if
* Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time
* regardless of the ValidityNotBefore value.
*
*
* The end of the validity period configured on a certificate must not exceed the limit set on its parents in the CA
* hierarchy.
*
*
* @return Information describing the end of the validity period of the certificate. This parameter sets the “Not
* After” date for the certificate.
*
* Certificate validity is the period of time during which a certificate is valid. Validity can be expressed
* as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in
* days, months, or years. For more information, see Validity in RFC 5280.
*
*
* This value is unaffected when ValidityNotBefore is also specified. For example, if
* Validity is set to 20 days in the future, the certificate will expire 20 days from issuance
* time regardless of the ValidityNotBefore value.
*
*
* The end of the validity period configured on a certificate must not exceed the limit set on its parents
* in the CA hierarchy.
*/
public Validity getValidity() {
return this.validity;
}
/**
*
* Information describing the end of the validity period of the certificate. This parameter sets the “Not After”
* date for the certificate.
*
*
* Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an
* explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months,
* or years. For more information, see Validity in RFC 5280.
*
*
* This value is unaffected when ValidityNotBefore is also specified. For example, if
* Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time
* regardless of the ValidityNotBefore value.
*
*
* The end of the validity period configured on a certificate must not exceed the limit set on its parents in the CA
* hierarchy.
*
*
* @param validity
* Information describing the end of the validity period of the certificate. This parameter sets the “Not
* After” date for the certificate.
*
* Certificate validity is the period of time during which a certificate is valid. Validity can be expressed
* as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in
* days, months, or years. For more information, see Validity in RFC 5280.
*
*
* This value is unaffected when ValidityNotBefore is also specified. For example, if
* Validity is set to 20 days in the future, the certificate will expire 20 days from issuance
* time regardless of the ValidityNotBefore value.
*
*
* The end of the validity period configured on a certificate must not exceed the limit set on its parents in
* the CA hierarchy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public IssueCertificateRequest withValidity(Validity validity) {
setValidity(validity);
return this;
}
/**
*
* Information describing the start of the validity period of the certificate. This parameter sets the “Not Before"
* date for the certificate.
*
*
* By default, when issuing a certificate, Amazon Web Services Private CA sets the "Not Before" date to the issuance
* time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
* ValidityNotBefore parameter can be used to customize the “Not Before” value.
*
*
* Unlike the Validity parameter, the ValidityNotBefore parameter is optional.
*
*
* The ValidityNotBefore value is expressed as an explicit date and time, using the
* Validity type value ABSOLUTE. For more information, see Validity in this API
* reference and Validity in RFC 5280.
*
*
* @param validityNotBefore
* Information describing the start of the validity period of the certificate. This parameter sets the “Not
* Before" date for the certificate.
*
* By default, when issuing a certificate, Amazon Web Services Private CA sets the "Not Before" date to the
* issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
* ValidityNotBefore parameter can be used to customize the “Not Before” value.
*
*
* Unlike the Validity parameter, the ValidityNotBefore parameter is optional.
*
*
* The ValidityNotBefore value is expressed as an explicit date and time, using the
* Validity type value ABSOLUTE. For more information, see Validity in this
* API reference and Validity in
* RFC 5280.
*/
public void setValidityNotBefore(Validity validityNotBefore) {
this.validityNotBefore = validityNotBefore;
}
/**
*
* Information describing the start of the validity period of the certificate. This parameter sets the “Not Before"
* date for the certificate.
*
*
* By default, when issuing a certificate, Amazon Web Services Private CA sets the "Not Before" date to the issuance
* time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
* ValidityNotBefore parameter can be used to customize the “Not Before” value.
*
*
* Unlike the Validity parameter, the ValidityNotBefore parameter is optional.
*
*
* The ValidityNotBefore value is expressed as an explicit date and time, using the
* Validity type value ABSOLUTE. For more information, see Validity in this API
* reference and Validity in RFC 5280.
*
*
* @return Information describing the start of the validity period of the certificate. This parameter sets the “Not
* Before" date for the certificate.
*
* By default, when issuing a certificate, Amazon Web Services Private CA sets the "Not Before" date to the
* issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
* ValidityNotBefore parameter can be used to customize the “Not Before” value.
*
*
* Unlike the Validity parameter, the ValidityNotBefore parameter is optional.
*
*
* The ValidityNotBefore value is expressed as an explicit date and time, using the
* Validity type value ABSOLUTE. For more information, see Validity in this
* API reference and Validity in
* RFC 5280.
*/
public Validity getValidityNotBefore() {
return this.validityNotBefore;
}
/**
*
* Information describing the start of the validity period of the certificate. This parameter sets the “Not Before"
* date for the certificate.
*
*
* By default, when issuing a certificate, Amazon Web Services Private CA sets the "Not Before" date to the issuance
* time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
* ValidityNotBefore parameter can be used to customize the “Not Before” value.
*
*
* Unlike the Validity parameter, the ValidityNotBefore parameter is optional.
*
*
* The ValidityNotBefore value is expressed as an explicit date and time, using the
* Validity type value ABSOLUTE. For more information, see Validity in this API
* reference and Validity in RFC 5280.
*
*
* @param validityNotBefore
* Information describing the start of the validity period of the certificate. This parameter sets the “Not
* Before" date for the certificate.
*
* By default, when issuing a certificate, Amazon Web Services Private CA sets the "Not Before" date to the
* issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
* ValidityNotBefore parameter can be used to customize the “Not Before” value.
*
*
* Unlike the Validity parameter, the ValidityNotBefore parameter is optional.
*
*
* The ValidityNotBefore value is expressed as an explicit date and time, using the
* Validity type value ABSOLUTE. For more information, see Validity in this
* API reference and Validity in
* RFC 5280.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public IssueCertificateRequest withValidityNotBefore(Validity validityNotBefore) {
setValidityNotBefore(validityNotBefore);
return this;
}
/**
*
* Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action.
* Idempotency tokens for IssueCertificate time out after five minutes. Therefore, if you call
* IssueCertificate multiple times with the same idempotency token within five minutes, Amazon Web Services
* Private CA recognizes that you are requesting only one certificate and will issue only one. If you change the
* idempotency token for each call, Amazon Web Services Private CA recognizes that you are requesting multiple
* certificates.
*
*
* @param idempotencyToken
* Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action.
* Idempotency tokens for IssueCertificate time out after five minutes. Therefore, if you call
* IssueCertificate multiple times with the same idempotency token within five minutes, Amazon Web
* Services Private CA recognizes that you are requesting only one certificate and will issue only one. If
* you change the idempotency token for each call, Amazon Web Services Private CA recognizes that you are
* requesting multiple certificates.
*/
public void setIdempotencyToken(String idempotencyToken) {
this.idempotencyToken = idempotencyToken;
}
/**
*
* Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action.
* Idempotency tokens for IssueCertificate time out after five minutes. Therefore, if you call
* IssueCertificate multiple times with the same idempotency token within five minutes, Amazon Web Services
* Private CA recognizes that you are requesting only one certificate and will issue only one. If you change the
* idempotency token for each call, Amazon Web Services Private CA recognizes that you are requesting multiple
* certificates.
*
*
* @return Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action.
* Idempotency tokens for IssueCertificate time out after five minutes. Therefore, if you call
* IssueCertificate multiple times with the same idempotency token within five minutes, Amazon Web
* Services Private CA recognizes that you are requesting only one certificate and will issue only one. If
* you change the idempotency token for each call, Amazon Web Services Private CA recognizes that you are
* requesting multiple certificates.
*/
public String getIdempotencyToken() {
return this.idempotencyToken;
}
/**
*
* Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action.
* Idempotency tokens for IssueCertificate time out after five minutes. Therefore, if you call
* IssueCertificate multiple times with the same idempotency token within five minutes, Amazon Web Services
* Private CA recognizes that you are requesting only one certificate and will issue only one. If you change the
* idempotency token for each call, Amazon Web Services Private CA recognizes that you are requesting multiple
* certificates.
*
*
* @param idempotencyToken
* Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action.
* Idempotency tokens for IssueCertificate time out after five minutes. Therefore, if you call
* IssueCertificate multiple times with the same idempotency token within five minutes, Amazon Web
* Services Private CA recognizes that you are requesting only one certificate and will issue only one. If
* you change the idempotency token for each call, Amazon Web Services Private CA recognizes that you are
* requesting multiple certificates.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public IssueCertificateRequest withIdempotencyToken(String idempotencyToken) {
setIdempotencyToken(idempotencyToken);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getApiPassthrough() != null)
sb.append("ApiPassthrough: ").append(getApiPassthrough()).append(",");
if (getCertificateAuthorityArn() != null)
sb.append("CertificateAuthorityArn: ").append(getCertificateAuthorityArn()).append(",");
if (getCsr() != null)
sb.append("Csr: ").append(getCsr()).append(",");
if (getSigningAlgorithm() != null)
sb.append("SigningAlgorithm: ").append(getSigningAlgorithm()).append(",");
if (getTemplateArn() != null)
sb.append("TemplateArn: ").append(getTemplateArn()).append(",");
if (getValidity() != null)
sb.append("Validity: ").append(getValidity()).append(",");
if (getValidityNotBefore() != null)
sb.append("ValidityNotBefore: ").append(getValidityNotBefore()).append(",");
if (getIdempotencyToken() != null)
sb.append("IdempotencyToken: ").append(getIdempotencyToken());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof IssueCertificateRequest == false)
return false;
IssueCertificateRequest other = (IssueCertificateRequest) obj;
if (other.getApiPassthrough() == null ^ this.getApiPassthrough() == null)
return false;
if (other.getApiPassthrough() != null && other.getApiPassthrough().equals(this.getApiPassthrough()) == false)
return false;
if (other.getCertificateAuthorityArn() == null ^ this.getCertificateAuthorityArn() == null)
return false;
if (other.getCertificateAuthorityArn() != null && other.getCertificateAuthorityArn().equals(this.getCertificateAuthorityArn()) == false)
return false;
if (other.getCsr() == null ^ this.getCsr() == null)
return false;
if (other.getCsr() != null && other.getCsr().equals(this.getCsr()) == false)
return false;
if (other.getSigningAlgorithm() == null ^ this.getSigningAlgorithm() == null)
return false;
if (other.getSigningAlgorithm() != null && other.getSigningAlgorithm().equals(this.getSigningAlgorithm()) == false)
return false;
if (other.getTemplateArn() == null ^ this.getTemplateArn() == null)
return false;
if (other.getTemplateArn() != null && other.getTemplateArn().equals(this.getTemplateArn()) == false)
return false;
if (other.getValidity() == null ^ this.getValidity() == null)
return false;
if (other.getValidity() != null && other.getValidity().equals(this.getValidity()) == false)
return false;
if (other.getValidityNotBefore() == null ^ this.getValidityNotBefore() == null)
return false;
if (other.getValidityNotBefore() != null && other.getValidityNotBefore().equals(this.getValidityNotBefore()) == false)
return false;
if (other.getIdempotencyToken() == null ^ this.getIdempotencyToken() == null)
return false;
if (other.getIdempotencyToken() != null && other.getIdempotencyToken().equals(this.getIdempotencyToken()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getApiPassthrough() == null) ? 0 : getApiPassthrough().hashCode());
hashCode = prime * hashCode + ((getCertificateAuthorityArn() == null) ? 0 : getCertificateAuthorityArn().hashCode());
hashCode = prime * hashCode + ((getCsr() == null) ? 0 : getCsr().hashCode());
hashCode = prime * hashCode + ((getSigningAlgorithm() == null) ? 0 : getSigningAlgorithm().hashCode());
hashCode = prime * hashCode + ((getTemplateArn() == null) ? 0 : getTemplateArn().hashCode());
hashCode = prime * hashCode + ((getValidity() == null) ? 0 : getValidity().hashCode());
hashCode = prime * hashCode + ((getValidityNotBefore() == null) ? 0 : getValidityNotBefore().hashCode());
hashCode = prime * hashCode + ((getIdempotencyToken() == null) ? 0 : getIdempotencyToken().hashCode());
return hashCode;
}
@Override
public IssueCertificateRequest clone() {
return (IssueCertificateRequest) super.clone();
}
}