software.amazon.awssdk.services.acmpca.model.CrlConfiguration Maven / Gradle / Ivy
Show all versions of acmpca Show documentation
/*
* Copyright 2014-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.acmpca.model;
import java.io.Serializable;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Function;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*
* Contains configuration information for a certificate revocation list (CRL). Your private certificate authority (CA)
* creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by
* setting the Enabled parameter to true
. Your private CA writes CRLs to an S3 bucket that you
* specify in the S3BucketName parameter. You can hide the name of your bucket by specifying a value for the
* CustomCname parameter. Your private CA copies the CNAME or the S3 bucket name to the CRL Distribution
* Points extension of each certificate it issues. Your S3 bucket policy must give write permission to ACM Private
* CA.
*
*
* Your private CA uses the value in the ExpirationInDays parameter to calculate the nextUpdate field in
* the CRL. The CRL is refreshed at 1/2 the age of next update or when a certificate is revoked. When a certificate is
* revoked, it is recorded in the next CRL that is generated and in the next audit report. Only time valid certificates
* are listed in the CRL. Expired certificates are not included.
*
*
* CRLs contain the following fields:
*
*
* -
*
* Version: The current version number defined in RFC 5280 is V2. The integer value is 0x1.
*
*
* -
*
* Signature Algorithm: The name of the algorithm used to sign the CRL.
*
*
* -
*
* Issuer: The X.500 distinguished name of your private CA that issued the CRL.
*
*
* -
*
* Last Update: The issue date and time of this CRL.
*
*
* -
*
* Next Update: The day and time by which the next CRL will be issued.
*
*
* -
*
* Revoked Certificates: List of revoked certificates. Each list item contains the following information.
*
*
* -
*
* Serial Number: The serial number, in hexadecimal format, of the revoked certificate.
*
*
* -
*
* Revocation Date: Date and time the certificate was revoked.
*
*
* -
*
* CRL Entry Extensions: Optional extensions for the CRL entry.
*
*
* -
*
* X509v3 CRL Reason Code: Reason the certificate was revoked.
*
*
*
*
*
*
* -
*
* CRL Extensions: Optional extensions for the CRL.
*
*
* -
*
* X509v3 Authority Key Identifier: Identifies the public key associated with the private key used to sign the
* certificate.
*
*
* -
*
* X509v3 CRL Number:: Decimal sequence number for the CRL.
*
*
*
*
* -
*
* Signature Algorithm: Algorithm used by your private CA to sign the CRL.
*
*
* -
*
* Signature Value: Signature computed over the CRL.
*
*
*
*
* Certificate revocation lists created by ACM Private CA are DER-encoded. You can use the following OpenSSL command to
* list a CRL.
*
*
* openssl crl -inform DER -text -in crl_path -noout
*
*/
@Generated("software.amazon.awssdk:codegen")
public final class CrlConfiguration implements SdkPojo, Serializable,
ToCopyableBuilder {
private static final SdkField ENABLED_FIELD = SdkField. builder(MarshallingType.BOOLEAN)
.getter(getter(CrlConfiguration::enabled)).setter(setter(Builder::enabled))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("Enabled").build()).build();
private static final SdkField EXPIRATION_IN_DAYS_FIELD = SdkField. builder(MarshallingType.INTEGER)
.getter(getter(CrlConfiguration::expirationInDays)).setter(setter(Builder::expirationInDays))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ExpirationInDays").build()).build();
private static final SdkField CUSTOM_CNAME_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(CrlConfiguration::customCname)).setter(setter(Builder::customCname))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("CustomCname").build()).build();
private static final SdkField S3_BUCKET_NAME_FIELD = SdkField. builder(MarshallingType.STRING)
.getter(getter(CrlConfiguration::s3BucketName)).setter(setter(Builder::s3BucketName))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("S3BucketName").build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(ENABLED_FIELD,
EXPIRATION_IN_DAYS_FIELD, CUSTOM_CNAME_FIELD, S3_BUCKET_NAME_FIELD));
private static final long serialVersionUID = 1L;
private final Boolean enabled;
private final Integer expirationInDays;
private final String customCname;
private final String s3BucketName;
private CrlConfiguration(BuilderImpl builder) {
this.enabled = builder.enabled;
this.expirationInDays = builder.expirationInDays;
this.customCname = builder.customCname;
this.s3BucketName = builder.s3BucketName;
}
/**
*
* Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to
* enable certificate revocation for a new CA when you call the CreateCertificateAuthority action or for an
* existing CA when you call the UpdateCertificateAuthority action.
*
*
* @return Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this
* value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority
* action or for an existing CA when you call the UpdateCertificateAuthority action.
*/
public Boolean enabled() {
return enabled;
}
/**
*
* Number of days until a certificate expires.
*
*
* @return Number of days until a certificate expires.
*/
public Integer expirationInDays() {
return expirationInDays;
}
/**
*
* Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for
* the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.
*
*
* @return Name inserted into the certificate CRL Distribution Points extension that enables the use of an
* alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be
* public.
*/
public String customCname() {
return customCname;
}
/**
*
* Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument,
* the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate.
* You can change the name of your bucket by calling the UpdateCertificateAuthority action. You must specify
* a bucket policy that allows ACM Private CA to write the CRL to your bucket.
*
*
* @return Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname
* argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the
* issued certificate. You can change the name of your bucket by calling the
* UpdateCertificateAuthority action. You must specify a bucket policy that allows ACM Private CA to
* write the CRL to your bucket.
*/
public String s3BucketName() {
return s3BucketName;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + Objects.hashCode(enabled());
hashCode = 31 * hashCode + Objects.hashCode(expirationInDays());
hashCode = 31 * hashCode + Objects.hashCode(customCname());
hashCode = 31 * hashCode + Objects.hashCode(s3BucketName());
return hashCode;
}
@Override
public boolean equals(Object obj) {
return equalsBySdkFields(obj);
}
@Override
public boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof CrlConfiguration)) {
return false;
}
CrlConfiguration other = (CrlConfiguration) obj;
return Objects.equals(enabled(), other.enabled()) && Objects.equals(expirationInDays(), other.expirationInDays())
&& Objects.equals(customCname(), other.customCname()) && Objects.equals(s3BucketName(), other.s3BucketName());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public String toString() {
return ToString.builder("CrlConfiguration").add("Enabled", enabled()).add("ExpirationInDays", expirationInDays())
.add("CustomCname", customCname()).add("S3BucketName", s3BucketName()).build();
}
public Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "Enabled":
return Optional.ofNullable(clazz.cast(enabled()));
case "ExpirationInDays":
return Optional.ofNullable(clazz.cast(expirationInDays()));
case "CustomCname":
return Optional.ofNullable(clazz.cast(customCname()));
case "S3BucketName":
return Optional.ofNullable(clazz.cast(s3BucketName()));
default:
return Optional.empty();
}
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
private static Function