software.amazon.awssdk.services.acmpca.AcmPcaAsyncClient Maven / Gradle / Ivy
Show all versions of acmpca Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.acmpca;
import java.util.concurrent.CompletableFuture;
import java.util.function.Consumer;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.annotations.SdkPublicApi;
import software.amazon.awssdk.annotations.ThreadSafe;
import software.amazon.awssdk.awscore.AwsClient;
import software.amazon.awssdk.services.acmpca.model.CreateCertificateAuthorityAuditReportRequest;
import software.amazon.awssdk.services.acmpca.model.CreateCertificateAuthorityAuditReportResponse;
import software.amazon.awssdk.services.acmpca.model.CreateCertificateAuthorityRequest;
import software.amazon.awssdk.services.acmpca.model.CreateCertificateAuthorityResponse;
import software.amazon.awssdk.services.acmpca.model.CreatePermissionRequest;
import software.amazon.awssdk.services.acmpca.model.CreatePermissionResponse;
import software.amazon.awssdk.services.acmpca.model.DeleteCertificateAuthorityRequest;
import software.amazon.awssdk.services.acmpca.model.DeleteCertificateAuthorityResponse;
import software.amazon.awssdk.services.acmpca.model.DeletePermissionRequest;
import software.amazon.awssdk.services.acmpca.model.DeletePermissionResponse;
import software.amazon.awssdk.services.acmpca.model.DeletePolicyRequest;
import software.amazon.awssdk.services.acmpca.model.DeletePolicyResponse;
import software.amazon.awssdk.services.acmpca.model.DescribeCertificateAuthorityAuditReportRequest;
import software.amazon.awssdk.services.acmpca.model.DescribeCertificateAuthorityAuditReportResponse;
import software.amazon.awssdk.services.acmpca.model.DescribeCertificateAuthorityRequest;
import software.amazon.awssdk.services.acmpca.model.DescribeCertificateAuthorityResponse;
import software.amazon.awssdk.services.acmpca.model.GetCertificateAuthorityCertificateRequest;
import software.amazon.awssdk.services.acmpca.model.GetCertificateAuthorityCertificateResponse;
import software.amazon.awssdk.services.acmpca.model.GetCertificateAuthorityCsrRequest;
import software.amazon.awssdk.services.acmpca.model.GetCertificateAuthorityCsrResponse;
import software.amazon.awssdk.services.acmpca.model.GetCertificateRequest;
import software.amazon.awssdk.services.acmpca.model.GetCertificateResponse;
import software.amazon.awssdk.services.acmpca.model.GetPolicyRequest;
import software.amazon.awssdk.services.acmpca.model.GetPolicyResponse;
import software.amazon.awssdk.services.acmpca.model.ImportCertificateAuthorityCertificateRequest;
import software.amazon.awssdk.services.acmpca.model.ImportCertificateAuthorityCertificateResponse;
import software.amazon.awssdk.services.acmpca.model.IssueCertificateRequest;
import software.amazon.awssdk.services.acmpca.model.IssueCertificateResponse;
import software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesRequest;
import software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesResponse;
import software.amazon.awssdk.services.acmpca.model.ListPermissionsRequest;
import software.amazon.awssdk.services.acmpca.model.ListPermissionsResponse;
import software.amazon.awssdk.services.acmpca.model.ListTagsRequest;
import software.amazon.awssdk.services.acmpca.model.ListTagsResponse;
import software.amazon.awssdk.services.acmpca.model.PutPolicyRequest;
import software.amazon.awssdk.services.acmpca.model.PutPolicyResponse;
import software.amazon.awssdk.services.acmpca.model.RestoreCertificateAuthorityRequest;
import software.amazon.awssdk.services.acmpca.model.RestoreCertificateAuthorityResponse;
import software.amazon.awssdk.services.acmpca.model.RevokeCertificateRequest;
import software.amazon.awssdk.services.acmpca.model.RevokeCertificateResponse;
import software.amazon.awssdk.services.acmpca.model.TagCertificateAuthorityRequest;
import software.amazon.awssdk.services.acmpca.model.TagCertificateAuthorityResponse;
import software.amazon.awssdk.services.acmpca.model.UntagCertificateAuthorityRequest;
import software.amazon.awssdk.services.acmpca.model.UntagCertificateAuthorityResponse;
import software.amazon.awssdk.services.acmpca.model.UpdateCertificateAuthorityRequest;
import software.amazon.awssdk.services.acmpca.model.UpdateCertificateAuthorityResponse;
import software.amazon.awssdk.services.acmpca.paginators.ListCertificateAuthoritiesPublisher;
import software.amazon.awssdk.services.acmpca.paginators.ListPermissionsPublisher;
import software.amazon.awssdk.services.acmpca.paginators.ListTagsPublisher;
import software.amazon.awssdk.services.acmpca.waiters.AcmPcaAsyncWaiter;
/**
* Service client for accessing ACM-PCA asynchronously. This can be created using the static {@link #builder()} method.
*
*
* This is the Amazon Web Services Private Certificate Authority API Reference. It provides descriptions, syntax,
* and usage examples for each of the actions and data types involved in creating and managing a private certificate
* authority (CA) for your organization.
*
*
* The documentation for each action shows the API request parameters and the JSON response. Alternatively, you can use
* one of the Amazon Web Services SDKs to access an API that is tailored to the programming language or platform that
* you prefer. For more information, see Amazon Web Services SDKs.
*
*
* Each Amazon Web Services Private CA API operation has a quota that determines the number of times the operation can
* be called per second. Amazon Web Services Private CA throttles API requests at different rates depending on the
* operation. Throttling means that Amazon Web Services Private CA rejects an otherwise valid request because the
* request exceeds the operation's quota for the number of requests per second. When a request is throttled, Amazon Web
* Services Private CA returns a ThrottlingException error.
* Amazon Web Services Private CA does not guarantee a minimum request rate for APIs.
*
*
* To see an up-to-date list of your Amazon Web Services Private CA quotas, or to request a quota increase, log into
* your Amazon Web Services account and visit the Service
* Quotas console.
*
*/
@Generated("software.amazon.awssdk:codegen")
@SdkPublicApi
@ThreadSafe
public interface AcmPcaAsyncClient extends AwsClient {
String SERVICE_NAME = "acm-pca";
/**
* Value for looking up the service's metadata from the
* {@link software.amazon.awssdk.regions.ServiceMetadataProvider}.
*/
String SERVICE_METADATA_ID = "acm-pca";
/**
*
* Creates a root or subordinate private certificate authority (CA). You must specify the CA configuration, an
* optional configuration for Online Certificate Status Protocol (OCSP) and/or a certificate revocation list (CRL),
* the CA type, and an optional idempotency token to avoid accidental creation of multiple CAs. The CA configuration
* specifies the name of the algorithm and key size to be used to create the CA private key, the type of signing
* algorithm that the CA uses, and X.500 subject information. The OCSP configuration can optionally specify a custom
* URL for the OCSP responder. The CRL configuration specifies the CRL expiration period in days (the validity
* period of the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME alias for the S3 bucket that is
* included in certificates issued by the CA. If successful, this action returns the Amazon Resource Name (ARN) of
* the CA.
*
*
*
* Both Amazon Web Services Private CA and the IAM principal must have permission to write to the S3 bucket that you
* specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception
* is thrown. For more information, see Access policies for
* CRLs in Amazon S3.
*
*
*
* Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption. For more
* information, see Encrypting Your
* CRLs.
*
*
* @param createCertificateAuthorityRequest
* @return A Java Future containing the result of the CreateCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidArgsException One or more of the specified arguments was not valid.
* - InvalidPolicyException The resource policy is invalid or is missing a required statement. For general
* information about IAM policy and statement structure, see Overview of JSON Policies.
* - InvalidTagException The tag associated with the CA is not valid. The invalid argument is contained in
* the message field.
* - LimitExceededException An Amazon Web Services Private CA quota has been exceeded. See the exception
* message returned to determine the quota that was exceeded.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.CreateCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture createCertificateAuthority(
CreateCertificateAuthorityRequest createCertificateAuthorityRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Creates a root or subordinate private certificate authority (CA). You must specify the CA configuration, an
* optional configuration for Online Certificate Status Protocol (OCSP) and/or a certificate revocation list (CRL),
* the CA type, and an optional idempotency token to avoid accidental creation of multiple CAs. The CA configuration
* specifies the name of the algorithm and key size to be used to create the CA private key, the type of signing
* algorithm that the CA uses, and X.500 subject information. The OCSP configuration can optionally specify a custom
* URL for the OCSP responder. The CRL configuration specifies the CRL expiration period in days (the validity
* period of the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME alias for the S3 bucket that is
* included in certificates issued by the CA. If successful, this action returns the Amazon Resource Name (ARN) of
* the CA.
*
*
*
* Both Amazon Web Services Private CA and the IAM principal must have permission to write to the S3 bucket that you
* specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception
* is thrown. For more information, see Access policies for
* CRLs in Amazon S3.
*
*
*
* Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption. For more
* information, see Encrypting Your
* CRLs.
*
*
*
* This is a convenience which creates an instance of the {@link CreateCertificateAuthorityRequest.Builder} avoiding
* the need to create one manually via {@link CreateCertificateAuthorityRequest#builder()}
*
*
* @param createCertificateAuthorityRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.CreateCertificateAuthorityRequest.Builder} to create a
* request.
* @return A Java Future containing the result of the CreateCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidArgsException One or more of the specified arguments was not valid.
* - InvalidPolicyException The resource policy is invalid or is missing a required statement. For general
* information about IAM policy and statement structure, see Overview of JSON Policies.
* - InvalidTagException The tag associated with the CA is not valid. The invalid argument is contained in
* the message field.
* - LimitExceededException An Amazon Web Services Private CA quota has been exceeded. See the exception
* message returned to determine the quota that was exceeded.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.CreateCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture createCertificateAuthority(
Consumer createCertificateAuthorityRequest) {
return createCertificateAuthority(CreateCertificateAuthorityRequest.builder()
.applyMutation(createCertificateAuthorityRequest).build());
}
/**
*
* Creates an audit report that lists every time that your CA private key is used. The report is saved in the Amazon
* S3 bucket that you specify on input. The IssueCertificate
* and RevokeCertificate
* actions use the private key.
*
*
*
* Both Amazon Web Services Private CA and the IAM principal must have permission to write to the S3 bucket that you
* specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception
* is thrown. For more information, see Access policies for
* CRLs in Amazon S3.
*
*
*
* Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption. For more
* information, see Encrypting Your Audit Reports.
*
*
*
* You can generate a maximum of one report every 30 minutes.
*
*
*
* @param createCertificateAuthorityAuditReportRequest
* @return A Java Future containing the result of the CreateCertificateAuthorityAuditReport operation returned by
* the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - RequestInProgressException Your request is already in progress.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidArgsException One or more of the specified arguments was not valid.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.CreateCertificateAuthorityAuditReport
* @see AWS API Documentation
*/
default CompletableFuture createCertificateAuthorityAuditReport(
CreateCertificateAuthorityAuditReportRequest createCertificateAuthorityAuditReportRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Creates an audit report that lists every time that your CA private key is used. The report is saved in the Amazon
* S3 bucket that you specify on input. The IssueCertificate
* and RevokeCertificate
* actions use the private key.
*
*
*
* Both Amazon Web Services Private CA and the IAM principal must have permission to write to the S3 bucket that you
* specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception
* is thrown. For more information, see Access policies for
* CRLs in Amazon S3.
*
*
*
* Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption. For more
* information, see Encrypting Your Audit Reports.
*
*
*
* You can generate a maximum of one report every 30 minutes.
*
*
*
* This is a convenience which creates an instance of the
* {@link CreateCertificateAuthorityAuditReportRequest.Builder} avoiding the need to create one manually via
* {@link CreateCertificateAuthorityAuditReportRequest#builder()}
*
*
* @param createCertificateAuthorityAuditReportRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.CreateCertificateAuthorityAuditReportRequest.Builder}
* to create a request.
* @return A Java Future containing the result of the CreateCertificateAuthorityAuditReport operation returned by
* the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - RequestInProgressException Your request is already in progress.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidArgsException One or more of the specified arguments was not valid.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.CreateCertificateAuthorityAuditReport
* @see AWS API Documentation
*/
default CompletableFuture createCertificateAuthorityAuditReport(
Consumer createCertificateAuthorityAuditReportRequest) {
return createCertificateAuthorityAuditReport(CreateCertificateAuthorityAuditReportRequest.builder()
.applyMutation(createCertificateAuthorityAuditReportRequest).build());
}
/**
*
* Grants one or more permissions on a private CA to the Certificate Manager (ACM) service principal (
* acm.amazonaws.com). These permissions allow ACM to issue and renew ACM certificates that reside in
* the same Amazon Web Services account as the CA.
*
*
* You can list current permissions with the ListPermissions
* action and revoke them with the DeletePermission
* action.
*
*
* About Permissions
*
*
* -
*
* If the private CA and the certificates it issues reside in the same account, you can use
* CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.
*
*
* -
*
* For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve,
* and list certificates.
*
*
* -
*
* If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to
* enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable
* cross-account issuance and renewals. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
*
*
* @param createPermissionRequest
* @return A Java Future containing the result of the CreatePermission operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - PermissionAlreadyExistsException The designated permission has already been given to the user.
* - LimitExceededException An Amazon Web Services Private CA quota has been exceeded. See the exception
* message returned to determine the quota that was exceeded.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - RequestFailedException The request has failed for an unspecified reason.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.CreatePermission
* @see AWS API
* Documentation
*/
default CompletableFuture createPermission(CreatePermissionRequest createPermissionRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Grants one or more permissions on a private CA to the Certificate Manager (ACM) service principal (
* acm.amazonaws.com). These permissions allow ACM to issue and renew ACM certificates that reside in
* the same Amazon Web Services account as the CA.
*
*
* You can list current permissions with the ListPermissions
* action and revoke them with the DeletePermission
* action.
*
*
* About Permissions
*
*
* -
*
* If the private CA and the certificates it issues reside in the same account, you can use
* CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.
*
*
* -
*
* For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve,
* and list certificates.
*
*
* -
*
* If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to
* enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable
* cross-account issuance and renewals. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
*
*
*
* This is a convenience which creates an instance of the {@link CreatePermissionRequest.Builder} avoiding the need
* to create one manually via {@link CreatePermissionRequest#builder()}
*
*
* @param createPermissionRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.CreatePermissionRequest.Builder} to create a request.
* @return A Java Future containing the result of the CreatePermission operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - PermissionAlreadyExistsException The designated permission has already been given to the user.
* - LimitExceededException An Amazon Web Services Private CA quota has been exceeded. See the exception
* message returned to determine the quota that was exceeded.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - RequestFailedException The request has failed for an unspecified reason.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.CreatePermission
* @see AWS API
* Documentation
*/
default CompletableFuture createPermission(
Consumer createPermissionRequest) {
return createPermission(CreatePermissionRequest.builder().applyMutation(createPermissionRequest).build());
}
/**
*
* Deletes a private certificate authority (CA). You must provide the Amazon Resource Name (ARN) of the private CA
* that you want to delete. You can find the ARN by calling the ListCertificateAuthorities action.
*
*
*
* Deleting a CA will invalidate other CAs and certificates below it in your CA hierarchy.
*
*
*
* Before you can delete a CA that you have created and activated, you must disable it. To do this, call the
* UpdateCertificateAuthority action and set the CertificateAuthorityStatus parameter to
* DISABLED.
*
*
* Additionally, you can delete a CA if you are waiting for it to be created (that is, the status of the CA is
* CREATING). You can also delete it if the CA has been created but you haven't yet imported the signed
* certificate into Amazon Web Services Private CA (that is, the status of the CA is
* PENDING_CERTIFICATE).
*
*
* When you successfully call DeleteCertificateAuthority, the CA's status changes to DELETED. However, the CA won't be
* permanently deleted until the restoration period has passed. By default, if you do not set the
* PermanentDeletionTimeInDays parameter, the CA remains restorable for 30 days. You can set the
* parameter from 7 to 30 days. The DescribeCertificateAuthority action returns the time remaining in the restoration window of a private CA in
* the DELETED state. To restore an eligible CA, call the RestoreCertificateAuthority action.
*
*
* @param deleteCertificateAuthorityRequest
* @return A Java Future containing the result of the DeleteCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.DeleteCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture deleteCertificateAuthority(
DeleteCertificateAuthorityRequest deleteCertificateAuthorityRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Deletes a private certificate authority (CA). You must provide the Amazon Resource Name (ARN) of the private CA
* that you want to delete. You can find the ARN by calling the ListCertificateAuthorities action.
*
*
*
* Deleting a CA will invalidate other CAs and certificates below it in your CA hierarchy.
*
*
*
* Before you can delete a CA that you have created and activated, you must disable it. To do this, call the
* UpdateCertificateAuthority action and set the CertificateAuthorityStatus parameter to
* DISABLED.
*
*
* Additionally, you can delete a CA if you are waiting for it to be created (that is, the status of the CA is
* CREATING). You can also delete it if the CA has been created but you haven't yet imported the signed
* certificate into Amazon Web Services Private CA (that is, the status of the CA is
* PENDING_CERTIFICATE).
*
*
* When you successfully call DeleteCertificateAuthority, the CA's status changes to DELETED. However, the CA won't be
* permanently deleted until the restoration period has passed. By default, if you do not set the
* PermanentDeletionTimeInDays parameter, the CA remains restorable for 30 days. You can set the
* parameter from 7 to 30 days. The DescribeCertificateAuthority action returns the time remaining in the restoration window of a private CA in
* the DELETED state. To restore an eligible CA, call the RestoreCertificateAuthority action.
*
*
*
* This is a convenience which creates an instance of the {@link DeleteCertificateAuthorityRequest.Builder} avoiding
* the need to create one manually via {@link DeleteCertificateAuthorityRequest#builder()}
*
*
* @param deleteCertificateAuthorityRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.DeleteCertificateAuthorityRequest.Builder} to create a
* request.
* @return A Java Future containing the result of the DeleteCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.DeleteCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture deleteCertificateAuthority(
Consumer deleteCertificateAuthorityRequest) {
return deleteCertificateAuthority(DeleteCertificateAuthorityRequest.builder()
.applyMutation(deleteCertificateAuthorityRequest).build());
}
/**
*
* Revokes permissions on a private CA granted to the Certificate Manager (ACM) service principal
* (acm.amazonaws.com).
*
*
* These permissions allow ACM to issue and renew ACM certificates that reside in the same Amazon Web Services
* account as the CA. If you revoke these permissions, ACM will no longer renew the affected certificates
* automatically.
*
*
* Permissions can be granted with the CreatePermission
* action and listed with the ListPermissions
* action.
*
*
* About Permissions
*
*
* -
*
* If the private CA and the certificates it issues reside in the same account, you can use
* CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.
*
*
* -
*
* For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve,
* and list certificates.
*
*
* -
*
* If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to
* enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable
* cross-account issuance and renewals. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
*
*
* @param deletePermissionRequest
* @return A Java Future containing the result of the DeletePermission operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - RequestFailedException The request has failed for an unspecified reason.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.DeletePermission
* @see AWS API
* Documentation
*/
default CompletableFuture deletePermission(DeletePermissionRequest deletePermissionRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Revokes permissions on a private CA granted to the Certificate Manager (ACM) service principal
* (acm.amazonaws.com).
*
*
* These permissions allow ACM to issue and renew ACM certificates that reside in the same Amazon Web Services
* account as the CA. If you revoke these permissions, ACM will no longer renew the affected certificates
* automatically.
*
*
* Permissions can be granted with the CreatePermission
* action and listed with the ListPermissions
* action.
*
*
* About Permissions
*
*
* -
*
* If the private CA and the certificates it issues reside in the same account, you can use
* CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.
*
*
* -
*
* For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve,
* and list certificates.
*
*
* -
*
* If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to
* enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable
* cross-account issuance and renewals. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
*
*
*
* This is a convenience which creates an instance of the {@link DeletePermissionRequest.Builder} avoiding the need
* to create one manually via {@link DeletePermissionRequest#builder()}
*
*
* @param deletePermissionRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.DeletePermissionRequest.Builder} to create a request.
* @return A Java Future containing the result of the DeletePermission operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - RequestFailedException The request has failed for an unspecified reason.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.DeletePermission
* @see AWS API
* Documentation
*/
default CompletableFuture deletePermission(
Consumer deletePermissionRequest) {
return deletePermission(DeletePermissionRequest.builder().applyMutation(deletePermissionRequest).build());
}
/**
*
* Deletes the resource-based policy attached to a private CA. Deletion will remove any access that the policy has
* granted. If there is no policy attached to the private CA, this action will return successful.
*
*
* If you delete a policy that was applied through Amazon Web Services Resource Access Manager (RAM), the CA will be
* removed from all shares in which it was included.
*
*
* The Certificate Manager Service Linked Role that the policy supports is not affected when you delete the policy.
*
*
* The current policy can be shown with GetPolicy and updated
* with PutPolicy.
*
*
* About Policies
*
*
* -
*
* A policy grants access on a private CA to an Amazon Web Services customer account, to Amazon Web Services
* Organizations, or to an Amazon Web Services Organizations unit. Policies are under the control of a CA
* administrator. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
* -
*
* A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed by a CA in another account.
*
*
* -
*
* For ACM to manage automatic renewal of these certificates, the ACM user must configure a Service Linked Role
* (SLR). The SLR allows the ACM service to assume the identity of the user, subject to confirmation against the
* Amazon Web Services Private CA policy. For more information, see Using a Service Linked Role with ACM.
*
*
* -
*
* Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies. For more information, see
* Attach a Policy for Cross-Account
* Access.
*
*
*
*
* @param deletePolicyRequest
* @return A Java Future containing the result of the DeletePolicy operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - LockoutPreventedException The current action was prevented because it would lock the caller out from
* performing subsequent actions. Verify that the specified parameters would not result in the caller being
* denied access to the resource.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.DeletePolicy
* @see AWS API
* Documentation
*/
default CompletableFuture deletePolicy(DeletePolicyRequest deletePolicyRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Deletes the resource-based policy attached to a private CA. Deletion will remove any access that the policy has
* granted. If there is no policy attached to the private CA, this action will return successful.
*
*
* If you delete a policy that was applied through Amazon Web Services Resource Access Manager (RAM), the CA will be
* removed from all shares in which it was included.
*
*
* The Certificate Manager Service Linked Role that the policy supports is not affected when you delete the policy.
*
*
* The current policy can be shown with GetPolicy and updated
* with PutPolicy.
*
*
* About Policies
*
*
* -
*
* A policy grants access on a private CA to an Amazon Web Services customer account, to Amazon Web Services
* Organizations, or to an Amazon Web Services Organizations unit. Policies are under the control of a CA
* administrator. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
* -
*
* A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed by a CA in another account.
*
*
* -
*
* For ACM to manage automatic renewal of these certificates, the ACM user must configure a Service Linked Role
* (SLR). The SLR allows the ACM service to assume the identity of the user, subject to confirmation against the
* Amazon Web Services Private CA policy. For more information, see Using a Service Linked Role with ACM.
*
*
* -
*
* Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies. For more information, see
* Attach a Policy for Cross-Account
* Access.
*
*
*
*
*
* This is a convenience which creates an instance of the {@link DeletePolicyRequest.Builder} avoiding the need to
* create one manually via {@link DeletePolicyRequest#builder()}
*
*
* @param deletePolicyRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.DeletePolicyRequest.Builder} to create a request.
* @return A Java Future containing the result of the DeletePolicy operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - LockoutPreventedException The current action was prevented because it would lock the caller out from
* performing subsequent actions. Verify that the specified parameters would not result in the caller being
* denied access to the resource.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.DeletePolicy
* @see AWS API
* Documentation
*/
default CompletableFuture deletePolicy(Consumer deletePolicyRequest) {
return deletePolicy(DeletePolicyRequest.builder().applyMutation(deletePolicyRequest).build());
}
/**
*
* Lists information about your private certificate authority (CA) or one that has been shared with you. You specify
* the private CA on input by its ARN (Amazon Resource Name). The output contains the status of your CA. This can be
* any of the following:
*
*
* -
*
* CREATING - Amazon Web Services Private CA is creating your private certificate authority.
*
*
* -
*
* PENDING_CERTIFICATE - The certificate is pending. You must use your Amazon Web Services Private
* CA-hosted or on-premises root or subordinate CA to sign your private CA CSR and then import it into Amazon Web
* Services Private CA.
*
*
* -
*
* ACTIVE - Your private CA is active.
*
*
* -
*
* DISABLED - Your private CA has been disabled.
*
*
* -
*
* EXPIRED - Your private CA certificate has expired.
*
*
* -
*
* FAILED - Your private CA has failed. Your CA can fail because of problems such a network outage or
* back-end Amazon Web Services failure or other errors. A failed CA can never return to the pending state. You must
* create a new CA.
*
*
* -
*
* DELETED - Your private CA is within the restoration period, after which it is permanently deleted.
* The length of time remaining in the CA's restoration period is also included in this action's output.
*
*
*
*
* @param describeCertificateAuthorityRequest
* @return A Java Future containing the result of the DescribeCertificateAuthority operation returned by the
* service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.DescribeCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture describeCertificateAuthority(
DescribeCertificateAuthorityRequest describeCertificateAuthorityRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Lists information about your private certificate authority (CA) or one that has been shared with you. You specify
* the private CA on input by its ARN (Amazon Resource Name). The output contains the status of your CA. This can be
* any of the following:
*
*
* -
*
* CREATING - Amazon Web Services Private CA is creating your private certificate authority.
*
*
* -
*
* PENDING_CERTIFICATE - The certificate is pending. You must use your Amazon Web Services Private
* CA-hosted or on-premises root or subordinate CA to sign your private CA CSR and then import it into Amazon Web
* Services Private CA.
*
*
* -
*
* ACTIVE - Your private CA is active.
*
*
* -
*
* DISABLED - Your private CA has been disabled.
*
*
* -
*
* EXPIRED - Your private CA certificate has expired.
*
*
* -
*
* FAILED - Your private CA has failed. Your CA can fail because of problems such a network outage or
* back-end Amazon Web Services failure or other errors. A failed CA can never return to the pending state. You must
* create a new CA.
*
*
* -
*
* DELETED - Your private CA is within the restoration period, after which it is permanently deleted.
* The length of time remaining in the CA's restoration period is also included in this action's output.
*
*
*
*
*
* This is a convenience which creates an instance of the {@link DescribeCertificateAuthorityRequest.Builder}
* avoiding the need to create one manually via {@link DescribeCertificateAuthorityRequest#builder()}
*
*
* @param describeCertificateAuthorityRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.DescribeCertificateAuthorityRequest.Builder} to create
* a request.
* @return A Java Future containing the result of the DescribeCertificateAuthority operation returned by the
* service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.DescribeCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture describeCertificateAuthority(
Consumer describeCertificateAuthorityRequest) {
return describeCertificateAuthority(DescribeCertificateAuthorityRequest.builder()
.applyMutation(describeCertificateAuthorityRequest).build());
}
/**
*
* Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport action. Audit information is created every time the certificate
* authority (CA) private key is used. The private key is used when you call the IssueCertificate
* action or the RevokeCertificate
* action.
*
*
* @param describeCertificateAuthorityAuditReportRequest
* @return A Java Future containing the result of the DescribeCertificateAuthorityAuditReport operation returned by
* the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidArgsException One or more of the specified arguments was not valid.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.DescribeCertificateAuthorityAuditReport
* @see AWS API Documentation
*/
default CompletableFuture describeCertificateAuthorityAuditReport(
DescribeCertificateAuthorityAuditReportRequest describeCertificateAuthorityAuditReportRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport action. Audit information is created every time the certificate
* authority (CA) private key is used. The private key is used when you call the IssueCertificate
* action or the RevokeCertificate
* action.
*
*
*
* This is a convenience which creates an instance of the
* {@link DescribeCertificateAuthorityAuditReportRequest.Builder} avoiding the need to create one manually via
* {@link DescribeCertificateAuthorityAuditReportRequest#builder()}
*
*
* @param describeCertificateAuthorityAuditReportRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.DescribeCertificateAuthorityAuditReportRequest.Builder}
* to create a request.
* @return A Java Future containing the result of the DescribeCertificateAuthorityAuditReport operation returned by
* the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidArgsException One or more of the specified arguments was not valid.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.DescribeCertificateAuthorityAuditReport
* @see AWS API Documentation
*/
default CompletableFuture describeCertificateAuthorityAuditReport(
Consumer describeCertificateAuthorityAuditReportRequest) {
return describeCertificateAuthorityAuditReport(DescribeCertificateAuthorityAuditReportRequest.builder()
.applyMutation(describeCertificateAuthorityAuditReportRequest).build());
}
/**
*
* Retrieves a certificate from your private CA or one that has been shared with you. The ARN of the certificate is
* returned when you call the IssueCertificate
* action. You must specify both the ARN of your private CA and the ARN of the issued certificate when calling the
* GetCertificate action. You can retrieve the certificate if it is in the ISSUED state. You can call
* the CreateCertificateAuthorityAuditReport action to create a report that contains information about all of the
* certificates issued and revoked by your private CA.
*
*
* @param getCertificateRequest
* @return A Java Future containing the result of the GetCertificate operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - RequestInProgressException Your request is already in progress.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.GetCertificate
* @see AWS API
* Documentation
*/
default CompletableFuture getCertificate(GetCertificateRequest getCertificateRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves a certificate from your private CA or one that has been shared with you. The ARN of the certificate is
* returned when you call the IssueCertificate
* action. You must specify both the ARN of your private CA and the ARN of the issued certificate when calling the
* GetCertificate action. You can retrieve the certificate if it is in the ISSUED state. You can call
* the CreateCertificateAuthorityAuditReport action to create a report that contains information about all of the
* certificates issued and revoked by your private CA.
*
*
*
* This is a convenience which creates an instance of the {@link GetCertificateRequest.Builder} avoiding the need to
* create one manually via {@link GetCertificateRequest#builder()}
*
*
* @param getCertificateRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.GetCertificateRequest.Builder} to create a request.
* @return A Java Future containing the result of the GetCertificate operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - RequestInProgressException Your request is already in progress.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.GetCertificate
* @see AWS API
* Documentation
*/
default CompletableFuture getCertificate(Consumer getCertificateRequest) {
return getCertificate(GetCertificateRequest.builder().applyMutation(getCertificateRequest).build());
}
/**
*
* Retrieves the certificate and certificate chain for your private certificate authority (CA) or one that has been
* shared with you. Both the certificate and the chain are base64 PEM-encoded. The chain does not include the CA
* certificate. Each certificate in the chain signs the one before it.
*
*
* @param getCertificateAuthorityCertificateRequest
* @return A Java Future containing the result of the GetCertificateAuthorityCertificate operation returned by the
* service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.GetCertificateAuthorityCertificate
* @see AWS API Documentation
*/
default CompletableFuture getCertificateAuthorityCertificate(
GetCertificateAuthorityCertificateRequest getCertificateAuthorityCertificateRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves the certificate and certificate chain for your private certificate authority (CA) or one that has been
* shared with you. Both the certificate and the chain are base64 PEM-encoded. The chain does not include the CA
* certificate. Each certificate in the chain signs the one before it.
*
*
*
* This is a convenience which creates an instance of the {@link GetCertificateAuthorityCertificateRequest.Builder}
* avoiding the need to create one manually via {@link GetCertificateAuthorityCertificateRequest#builder()}
*
*
* @param getCertificateAuthorityCertificateRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.GetCertificateAuthorityCertificateRequest.Builder} to
* create a request.
* @return A Java Future containing the result of the GetCertificateAuthorityCertificate operation returned by the
* service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.GetCertificateAuthorityCertificate
* @see AWS API Documentation
*/
default CompletableFuture getCertificateAuthorityCertificate(
Consumer getCertificateAuthorityCertificateRequest) {
return getCertificateAuthorityCertificate(GetCertificateAuthorityCertificateRequest.builder()
.applyMutation(getCertificateAuthorityCertificateRequest).build());
}
/**
*
* Retrieves the certificate signing request (CSR) for your private certificate authority (CA). The CSR is created
* when you call the CreateCertificateAuthority action. Sign the CSR with your Amazon Web Services Private CA-hosted or
* on-premises root or subordinate CA. Then import the signed certificate back into Amazon Web Services Private CA
* by calling the ImportCertificateAuthorityCertificate action. The CSR is returned as a base64 PEM-encoded string.
*
*
* @param getCertificateAuthorityCsrRequest
* @return A Java Future containing the result of the GetCertificateAuthorityCsr operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - RequestInProgressException Your request is already in progress.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.GetCertificateAuthorityCsr
* @see AWS API Documentation
*/
default CompletableFuture getCertificateAuthorityCsr(
GetCertificateAuthorityCsrRequest getCertificateAuthorityCsrRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves the certificate signing request (CSR) for your private certificate authority (CA). The CSR is created
* when you call the CreateCertificateAuthority action. Sign the CSR with your Amazon Web Services Private CA-hosted or
* on-premises root or subordinate CA. Then import the signed certificate back into Amazon Web Services Private CA
* by calling the ImportCertificateAuthorityCertificate action. The CSR is returned as a base64 PEM-encoded string.
*
*
*
* This is a convenience which creates an instance of the {@link GetCertificateAuthorityCsrRequest.Builder} avoiding
* the need to create one manually via {@link GetCertificateAuthorityCsrRequest#builder()}
*
*
* @param getCertificateAuthorityCsrRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.GetCertificateAuthorityCsrRequest.Builder} to create a
* request.
* @return A Java Future containing the result of the GetCertificateAuthorityCsr operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - RequestInProgressException Your request is already in progress.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.GetCertificateAuthorityCsr
* @see AWS API Documentation
*/
default CompletableFuture getCertificateAuthorityCsr(
Consumer getCertificateAuthorityCsrRequest) {
return getCertificateAuthorityCsr(GetCertificateAuthorityCsrRequest.builder()
.applyMutation(getCertificateAuthorityCsrRequest).build());
}
/**
*
* Retrieves the resource-based policy attached to a private CA. If either the private CA resource or the policy
* cannot be found, this action returns a ResourceNotFoundException.
*
*
* The policy can be attached or updated with PutPolicy and removed
* with DeletePolicy.
*
*
* About Policies
*
*
* -
*
* A policy grants access on a private CA to an Amazon Web Services customer account, to Amazon Web Services
* Organizations, or to an Amazon Web Services Organizations unit. Policies are under the control of a CA
* administrator. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
* -
*
* A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed by a CA in another account.
*
*
* -
*
* For ACM to manage automatic renewal of these certificates, the ACM user must configure a Service Linked Role
* (SLR). The SLR allows the ACM service to assume the identity of the user, subject to confirmation against the
* Amazon Web Services Private CA policy. For more information, see Using a Service Linked Role with ACM.
*
*
* -
*
* Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies. For more information, see
* Attach a Policy for Cross-Account
* Access.
*
*
*
*
* @param getPolicyRequest
* @return A Java Future containing the result of the GetPolicy operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.GetPolicy
* @see AWS API
* Documentation
*/
default CompletableFuture getPolicy(GetPolicyRequest getPolicyRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Retrieves the resource-based policy attached to a private CA. If either the private CA resource or the policy
* cannot be found, this action returns a ResourceNotFoundException.
*
*
* The policy can be attached or updated with PutPolicy and removed
* with DeletePolicy.
*
*
* About Policies
*
*
* -
*
* A policy grants access on a private CA to an Amazon Web Services customer account, to Amazon Web Services
* Organizations, or to an Amazon Web Services Organizations unit. Policies are under the control of a CA
* administrator. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
* -
*
* A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed by a CA in another account.
*
*
* -
*
* For ACM to manage automatic renewal of these certificates, the ACM user must configure a Service Linked Role
* (SLR). The SLR allows the ACM service to assume the identity of the user, subject to confirmation against the
* Amazon Web Services Private CA policy. For more information, see Using a Service Linked Role with ACM.
*
*
* -
*
* Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies. For more information, see
* Attach a Policy for Cross-Account
* Access.
*
*
*
*
*
* This is a convenience which creates an instance of the {@link GetPolicyRequest.Builder} avoiding the need to
* create one manually via {@link GetPolicyRequest#builder()}
*
*
* @param getPolicyRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.GetPolicyRequest.Builder} to create a request.
* @return A Java Future containing the result of the GetPolicy operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.GetPolicy
* @see AWS API
* Documentation
*/
default CompletableFuture getPolicy(Consumer getPolicyRequest) {
return getPolicy(GetPolicyRequest.builder().applyMutation(getPolicyRequest).build());
}
/**
*
* Imports a signed private CA certificate into Amazon Web Services Private CA. This action is used when you are
* using a chain of trust whose root is located outside Amazon Web Services Private CA. Before you can call this
* action, the following preparations must in place:
*
*
* -
*
* In Amazon Web Services Private CA, call the CreateCertificateAuthority action to create the private CA that you plan to back with the imported
* certificate.
*
*
* -
*
* Call the
* GetCertificateAuthorityCsr action to generate a certificate signing request (CSR).
*
*
* -
*
* Sign the CSR using a root or intermediate CA hosted by either an on-premises PKI hierarchy or by a commercial CA.
*
*
* -
*
* Create a certificate chain and copy the signed certificate and the certificate chain to your working directory.
*
*
*
*
* Amazon Web Services Private CA supports three scenarios for installing a CA certificate:
*
*
* -
*
* Installing a certificate for a root CA hosted by Amazon Web Services Private CA.
*
*
* -
*
* Installing a subordinate CA certificate whose parent authority is hosted by Amazon Web Services Private CA.
*
*
* -
*
* Installing a subordinate CA certificate whose parent authority is externally hosted.
*
*
*
*
* The following additional requirements apply when you import a CA certificate.
*
*
* -
*
* Only a self-signed certificate can be imported as a root CA.
*
*
* -
*
* A self-signed certificate cannot be imported as a subordinate CA.
*
*
* -
*
* Your certificate chain must not include the private CA certificate that you are importing.
*
*
* -
*
* Your root CA must be the last certificate in your chain. The subordinate certificate, if any, that your root CA
* signed must be next to last. The subordinate certificate signed by the preceding subordinate CA must come next,
* and so on until your chain is built.
*
*
* -
*
* The chain must be PEM-encoded.
*
*
* -
*
* The maximum allowed size of a certificate is 32 KB.
*
*
* -
*
* The maximum allowed size of a certificate chain is 2 MB.
*
*
*
*
* Enforcement of Critical Constraints
*
*
* Amazon Web Services Private CA allows the following extensions to be marked critical in the imported CA
* certificate or chain.
*
*
* -
*
* Basic constraints (must be marked critical)
*
*
* -
*
* Subject alternative names
*
*
* -
*
* Key usage
*
*
* -
*
* Extended key usage
*
*
* -
*
* Authority key identifier
*
*
* -
*
* Subject key identifier
*
*
* -
*
* Issuer alternative name
*
*
* -
*
* Subject directory attributes
*
*
* -
*
* Subject information access
*
*
* -
*
* Certificate policies
*
*
* -
*
* Policy mappings
*
*
* -
*
* Inhibit anyPolicy
*
*
*
*
* Amazon Web Services Private CA rejects the following extensions when they are marked critical in an imported CA
* certificate or chain.
*
*
* -
*
* Name constraints
*
*
* -
*
* Policy constraints
*
*
* -
*
* CRL distribution points
*
*
* -
*
* Authority information access
*
*
* -
*
* Freshest CRL
*
*
* -
*
* Any other extension
*
*
*
*
* @param importCertificateAuthorityCertificateRequest
* @return A Java Future containing the result of the ImportCertificateAuthorityCertificate operation returned by
* the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - RequestInProgressException Your request is already in progress.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidRequestException The request action cannot be performed or is prohibited.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - MalformedCertificateException One or more fields in the certificate are invalid.
* - CertificateMismatchException The certificate authority certificate you are importing does not comply
* with conditions specified in the certificate that signed it.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ImportCertificateAuthorityCertificate
* @see AWS API Documentation
*/
default CompletableFuture importCertificateAuthorityCertificate(
ImportCertificateAuthorityCertificateRequest importCertificateAuthorityCertificateRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Imports a signed private CA certificate into Amazon Web Services Private CA. This action is used when you are
* using a chain of trust whose root is located outside Amazon Web Services Private CA. Before you can call this
* action, the following preparations must in place:
*
*
* -
*
* In Amazon Web Services Private CA, call the CreateCertificateAuthority action to create the private CA that you plan to back with the imported
* certificate.
*
*
* -
*
* Call the
* GetCertificateAuthorityCsr action to generate a certificate signing request (CSR).
*
*
* -
*
* Sign the CSR using a root or intermediate CA hosted by either an on-premises PKI hierarchy or by a commercial CA.
*
*
* -
*
* Create a certificate chain and copy the signed certificate and the certificate chain to your working directory.
*
*
*
*
* Amazon Web Services Private CA supports three scenarios for installing a CA certificate:
*
*
* -
*
* Installing a certificate for a root CA hosted by Amazon Web Services Private CA.
*
*
* -
*
* Installing a subordinate CA certificate whose parent authority is hosted by Amazon Web Services Private CA.
*
*
* -
*
* Installing a subordinate CA certificate whose parent authority is externally hosted.
*
*
*
*
* The following additional requirements apply when you import a CA certificate.
*
*
* -
*
* Only a self-signed certificate can be imported as a root CA.
*
*
* -
*
* A self-signed certificate cannot be imported as a subordinate CA.
*
*
* -
*
* Your certificate chain must not include the private CA certificate that you are importing.
*
*
* -
*
* Your root CA must be the last certificate in your chain. The subordinate certificate, if any, that your root CA
* signed must be next to last. The subordinate certificate signed by the preceding subordinate CA must come next,
* and so on until your chain is built.
*
*
* -
*
* The chain must be PEM-encoded.
*
*
* -
*
* The maximum allowed size of a certificate is 32 KB.
*
*
* -
*
* The maximum allowed size of a certificate chain is 2 MB.
*
*
*
*
* Enforcement of Critical Constraints
*
*
* Amazon Web Services Private CA allows the following extensions to be marked critical in the imported CA
* certificate or chain.
*
*
* -
*
* Basic constraints (must be marked critical)
*
*
* -
*
* Subject alternative names
*
*
* -
*
* Key usage
*
*
* -
*
* Extended key usage
*
*
* -
*
* Authority key identifier
*
*
* -
*
* Subject key identifier
*
*
* -
*
* Issuer alternative name
*
*
* -
*
* Subject directory attributes
*
*
* -
*
* Subject information access
*
*
* -
*
* Certificate policies
*
*
* -
*
* Policy mappings
*
*
* -
*
* Inhibit anyPolicy
*
*
*
*
* Amazon Web Services Private CA rejects the following extensions when they are marked critical in an imported CA
* certificate or chain.
*
*
* -
*
* Name constraints
*
*
* -
*
* Policy constraints
*
*
* -
*
* CRL distribution points
*
*
* -
*
* Authority information access
*
*
* -
*
* Freshest CRL
*
*
* -
*
* Any other extension
*
*
*
*
*
* This is a convenience which creates an instance of the
* {@link ImportCertificateAuthorityCertificateRequest.Builder} avoiding the need to create one manually via
* {@link ImportCertificateAuthorityCertificateRequest#builder()}
*
*
* @param importCertificateAuthorityCertificateRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.ImportCertificateAuthorityCertificateRequest.Builder}
* to create a request.
* @return A Java Future containing the result of the ImportCertificateAuthorityCertificate operation returned by
* the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - RequestInProgressException Your request is already in progress.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidRequestException The request action cannot be performed or is prohibited.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - MalformedCertificateException One or more fields in the certificate are invalid.
* - CertificateMismatchException The certificate authority certificate you are importing does not comply
* with conditions specified in the certificate that signed it.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ImportCertificateAuthorityCertificate
* @see AWS API Documentation
*/
default CompletableFuture importCertificateAuthorityCertificate(
Consumer importCertificateAuthorityCertificateRequest) {
return importCertificateAuthorityCertificate(ImportCertificateAuthorityCertificateRequest.builder()
.applyMutation(importCertificateAuthorityCertificateRequest).build());
}
/**
*
* Uses your private certificate authority (CA), or one that has been shared with you, to issue a client
* certificate. This action returns the Amazon Resource Name (ARN) of the certificate. You can retrieve the
* certificate by calling the GetCertificate
* action and specifying the ARN.
*
*
*
* You cannot use the ACM ListCertificateAuthorities action to retrieve the ARNs of the certificates that you
* issue by using Amazon Web Services Private CA.
*
*
*
* @param issueCertificateRequest
* @return A Java Future containing the result of the IssueCertificate operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - LimitExceededException An Amazon Web Services Private CA quota has been exceeded. See the exception
* message returned to determine the quota that was exceeded.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidArgsException One or more of the specified arguments was not valid.
* - MalformedCsrException The certificate signing request is invalid.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.IssueCertificate
* @see AWS API
* Documentation
*/
default CompletableFuture issueCertificate(IssueCertificateRequest issueCertificateRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Uses your private certificate authority (CA), or one that has been shared with you, to issue a client
* certificate. This action returns the Amazon Resource Name (ARN) of the certificate. You can retrieve the
* certificate by calling the GetCertificate
* action and specifying the ARN.
*
*
*
* You cannot use the ACM ListCertificateAuthorities action to retrieve the ARNs of the certificates that you
* issue by using Amazon Web Services Private CA.
*
*
*
* This is a convenience which creates an instance of the {@link IssueCertificateRequest.Builder} avoiding the need
* to create one manually via {@link IssueCertificateRequest#builder()}
*
*
* @param issueCertificateRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.IssueCertificateRequest.Builder} to create a request.
* @return A Java Future containing the result of the IssueCertificate operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - LimitExceededException An Amazon Web Services Private CA quota has been exceeded. See the exception
* message returned to determine the quota that was exceeded.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidArgsException One or more of the specified arguments was not valid.
* - MalformedCsrException The certificate signing request is invalid.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.IssueCertificate
* @see AWS API
* Documentation
*/
default CompletableFuture issueCertificate(
Consumer issueCertificateRequest) {
return issueCertificate(IssueCertificateRequest.builder().applyMutation(issueCertificateRequest).build());
}
/**
*
* Lists the private certificate authorities that you created by using the CreateCertificateAuthority action.
*
*
* @param listCertificateAuthoritiesRequest
* @return A Java Future containing the result of the ListCertificateAuthorities operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidNextTokenException The token specified in the
NextToken argument is not valid.
* Use the token returned from your previous call to ListCertificateAuthorities.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListCertificateAuthorities
* @see AWS API Documentation
*/
default CompletableFuture listCertificateAuthorities(
ListCertificateAuthoritiesRequest listCertificateAuthoritiesRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Lists the private certificate authorities that you created by using the CreateCertificateAuthority action.
*
*
*
* This is a convenience which creates an instance of the {@link ListCertificateAuthoritiesRequest.Builder} avoiding
* the need to create one manually via {@link ListCertificateAuthoritiesRequest#builder()}
*
*
* @param listCertificateAuthoritiesRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesRequest.Builder} to create a
* request.
* @return A Java Future containing the result of the ListCertificateAuthorities operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidNextTokenException The token specified in the
NextToken argument is not valid.
* Use the token returned from your previous call to ListCertificateAuthorities.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListCertificateAuthorities
* @see AWS API Documentation
*/
default CompletableFuture listCertificateAuthorities(
Consumer listCertificateAuthoritiesRequest) {
return listCertificateAuthorities(ListCertificateAuthoritiesRequest.builder()
.applyMutation(listCertificateAuthoritiesRequest).build());
}
/**
*
* Lists the private certificate authorities that you created by using the CreateCertificateAuthority action.
*
*
* @return A Java Future containing the result of the ListCertificateAuthorities operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidNextTokenException The token specified in the
NextToken argument is not valid.
* Use the token returned from your previous call to ListCertificateAuthorities.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListCertificateAuthorities
* @see AWS API Documentation
*/
default CompletableFuture listCertificateAuthorities() {
return listCertificateAuthorities(ListCertificateAuthoritiesRequest.builder().build());
}
/**
*
* Lists the private certificate authorities that you created by using the CreateCertificateAuthority action.
*
*
*
* This is a variant of
* {@link #listCertificateAuthorities(software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesRequest)}
* operation. The return type is a custom publisher that can be subscribed to request a stream of response pages.
* SDK will internally handle making service calls for you.
*
*
* When the operation is called, an instance of this class is returned. At this point, no service calls are made yet
* and so there is no guarantee that the request is valid. If there are errors in your request, you will see the
* failures only after you start streaming the data. The subscribe method should be called as a request to start
* streaming data. For more info, see
* {@link org.reactivestreams.Publisher#subscribe(org.reactivestreams.Subscriber)}. Each call to the subscribe
* method will result in a new {@link org.reactivestreams.Subscription} i.e., a new contract to stream data from the
* starting request.
*
*
*
* The following are few ways to use the response class:
*
* 1) Using the subscribe helper method
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListCertificateAuthoritiesPublisher publisher = client.listCertificateAuthoritiesPaginator(request);
* CompletableFuture future = publisher.subscribe(res -> { // Do something with the response });
* future.get();
* }
*
*
* 2) Using a custom subscriber
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListCertificateAuthoritiesPublisher publisher = client.listCertificateAuthoritiesPaginator(request);
* publisher.subscribe(new Subscriber() {
*
* public void onSubscribe(org.reactivestreams.Subscriber subscription) { //... };
*
*
* public void onNext(software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesResponse response) { //... };
* });}
*
*
* As the response is a publisher, it can work well with third party reactive streams implementations like RxJava2.
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listCertificateAuthorities(software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesRequest)}
* operation.
*
*
* @return A custom publisher that can be subscribed to request a stream of response pages.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidNextTokenException The token specified in the
NextToken argument is not valid.
* Use the token returned from your previous call to ListCertificateAuthorities.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListCertificateAuthorities
* @see AWS API Documentation
*/
default ListCertificateAuthoritiesPublisher listCertificateAuthoritiesPaginator() {
return listCertificateAuthoritiesPaginator(ListCertificateAuthoritiesRequest.builder().build());
}
/**
*
* Lists the private certificate authorities that you created by using the CreateCertificateAuthority action.
*
*
*
* This is a variant of
* {@link #listCertificateAuthorities(software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesRequest)}
* operation. The return type is a custom publisher that can be subscribed to request a stream of response pages.
* SDK will internally handle making service calls for you.
*
*
* When the operation is called, an instance of this class is returned. At this point, no service calls are made yet
* and so there is no guarantee that the request is valid. If there are errors in your request, you will see the
* failures only after you start streaming the data. The subscribe method should be called as a request to start
* streaming data. For more info, see
* {@link org.reactivestreams.Publisher#subscribe(org.reactivestreams.Subscriber)}. Each call to the subscribe
* method will result in a new {@link org.reactivestreams.Subscription} i.e., a new contract to stream data from the
* starting request.
*
*
*
* The following are few ways to use the response class:
*
* 1) Using the subscribe helper method
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListCertificateAuthoritiesPublisher publisher = client.listCertificateAuthoritiesPaginator(request);
* CompletableFuture future = publisher.subscribe(res -> { // Do something with the response });
* future.get();
* }
*
*
* 2) Using a custom subscriber
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListCertificateAuthoritiesPublisher publisher = client.listCertificateAuthoritiesPaginator(request);
* publisher.subscribe(new Subscriber() {
*
* public void onSubscribe(org.reactivestreams.Subscriber subscription) { //... };
*
*
* public void onNext(software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesResponse response) { //... };
* });}
*
*
* As the response is a publisher, it can work well with third party reactive streams implementations like RxJava2.
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listCertificateAuthorities(software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesRequest)}
* operation.
*
*
* @param listCertificateAuthoritiesRequest
* @return A custom publisher that can be subscribed to request a stream of response pages.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidNextTokenException The token specified in the
NextToken argument is not valid.
* Use the token returned from your previous call to ListCertificateAuthorities.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListCertificateAuthorities
* @see AWS API Documentation
*/
default ListCertificateAuthoritiesPublisher listCertificateAuthoritiesPaginator(
ListCertificateAuthoritiesRequest listCertificateAuthoritiesRequest) {
return new ListCertificateAuthoritiesPublisher(this, listCertificateAuthoritiesRequest);
}
/**
*
* Lists the private certificate authorities that you created by using the CreateCertificateAuthority action.
*
*
*
* This is a variant of
* {@link #listCertificateAuthorities(software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesRequest)}
* operation. The return type is a custom publisher that can be subscribed to request a stream of response pages.
* SDK will internally handle making service calls for you.
*
*
* When the operation is called, an instance of this class is returned. At this point, no service calls are made yet
* and so there is no guarantee that the request is valid. If there are errors in your request, you will see the
* failures only after you start streaming the data. The subscribe method should be called as a request to start
* streaming data. For more info, see
* {@link org.reactivestreams.Publisher#subscribe(org.reactivestreams.Subscriber)}. Each call to the subscribe
* method will result in a new {@link org.reactivestreams.Subscription} i.e., a new contract to stream data from the
* starting request.
*
*
*
* The following are few ways to use the response class:
*
* 1) Using the subscribe helper method
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListCertificateAuthoritiesPublisher publisher = client.listCertificateAuthoritiesPaginator(request);
* CompletableFuture future = publisher.subscribe(res -> { // Do something with the response });
* future.get();
* }
*
*
* 2) Using a custom subscriber
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListCertificateAuthoritiesPublisher publisher = client.listCertificateAuthoritiesPaginator(request);
* publisher.subscribe(new Subscriber() {
*
* public void onSubscribe(org.reactivestreams.Subscriber subscription) { //... };
*
*
* public void onNext(software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesResponse response) { //... };
* });}
*
*
* As the response is a publisher, it can work well with third party reactive streams implementations like RxJava2.
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listCertificateAuthorities(software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesRequest)}
* operation.
*
*
* This is a convenience which creates an instance of the {@link ListCertificateAuthoritiesRequest.Builder} avoiding
* the need to create one manually via {@link ListCertificateAuthoritiesRequest#builder()}
*
*
* @param listCertificateAuthoritiesRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.ListCertificateAuthoritiesRequest.Builder} to create a
* request.
* @return A custom publisher that can be subscribed to request a stream of response pages.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - InvalidNextTokenException The token specified in the
NextToken argument is not valid.
* Use the token returned from your previous call to ListCertificateAuthorities.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListCertificateAuthorities
* @see AWS API Documentation
*/
default ListCertificateAuthoritiesPublisher listCertificateAuthoritiesPaginator(
Consumer listCertificateAuthoritiesRequest) {
return listCertificateAuthoritiesPaginator(ListCertificateAuthoritiesRequest.builder()
.applyMutation(listCertificateAuthoritiesRequest).build());
}
/**
*
* List all permissions on a private CA, if any, granted to the Certificate Manager (ACM) service principal
* (acm.amazonaws.com).
*
*
* These permissions allow ACM to issue and renew ACM certificates that reside in the same Amazon Web Services
* account as the CA.
*
*
* Permissions can be granted with the CreatePermission
* action and revoked with the DeletePermission
* action.
*
*
* About Permissions
*
*
* -
*
* If the private CA and the certificates it issues reside in the same account, you can use
* CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.
*
*
* -
*
* For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve,
* and list certificates.
*
*
* -
*
* If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to
* enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable
* cross-account issuance and renewals. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
*
*
* @param listPermissionsRequest
* @return A Java Future containing the result of the ListPermissions operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidNextTokenException The token specified in the
NextToken argument is not valid.
* Use the token returned from your previous call to ListCertificateAuthorities.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - RequestFailedException The request has failed for an unspecified reason.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListPermissions
* @see AWS API
* Documentation
*/
default CompletableFuture listPermissions(ListPermissionsRequest listPermissionsRequest) {
throw new UnsupportedOperationException();
}
/**
*
* List all permissions on a private CA, if any, granted to the Certificate Manager (ACM) service principal
* (acm.amazonaws.com).
*
*
* These permissions allow ACM to issue and renew ACM certificates that reside in the same Amazon Web Services
* account as the CA.
*
*
* Permissions can be granted with the CreatePermission
* action and revoked with the DeletePermission
* action.
*
*
* About Permissions
*
*
* -
*
* If the private CA and the certificates it issues reside in the same account, you can use
* CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.
*
*
* -
*
* For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve,
* and list certificates.
*
*
* -
*
* If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to
* enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable
* cross-account issuance and renewals. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
*
*
*
* This is a convenience which creates an instance of the {@link ListPermissionsRequest.Builder} avoiding the need
* to create one manually via {@link ListPermissionsRequest#builder()}
*
*
* @param listPermissionsRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.ListPermissionsRequest.Builder} to create a request.
* @return A Java Future containing the result of the ListPermissions operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidNextTokenException The token specified in the
NextToken argument is not valid.
* Use the token returned from your previous call to ListCertificateAuthorities.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - RequestFailedException The request has failed for an unspecified reason.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListPermissions
* @see AWS API
* Documentation
*/
default CompletableFuture listPermissions(
Consumer listPermissionsRequest) {
return listPermissions(ListPermissionsRequest.builder().applyMutation(listPermissionsRequest).build());
}
/**
*
* List all permissions on a private CA, if any, granted to the Certificate Manager (ACM) service principal
* (acm.amazonaws.com).
*
*
* These permissions allow ACM to issue and renew ACM certificates that reside in the same Amazon Web Services
* account as the CA.
*
*
* Permissions can be granted with the CreatePermission
* action and revoked with the DeletePermission
* action.
*
*
* About Permissions
*
*
* -
*
* If the private CA and the certificates it issues reside in the same account, you can use
* CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.
*
*
* -
*
* For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve,
* and list certificates.
*
*
* -
*
* If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to
* enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable
* cross-account issuance and renewals. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
*
*
*
* This is a variant of
* {@link #listPermissions(software.amazon.awssdk.services.acmpca.model.ListPermissionsRequest)} operation. The
* return type is a custom publisher that can be subscribed to request a stream of response pages. SDK will
* internally handle making service calls for you.
*
*
* When the operation is called, an instance of this class is returned. At this point, no service calls are made yet
* and so there is no guarantee that the request is valid. If there are errors in your request, you will see the
* failures only after you start streaming the data. The subscribe method should be called as a request to start
* streaming data. For more info, see
* {@link org.reactivestreams.Publisher#subscribe(org.reactivestreams.Subscriber)}. Each call to the subscribe
* method will result in a new {@link org.reactivestreams.Subscription} i.e., a new contract to stream data from the
* starting request.
*
*
*
* The following are few ways to use the response class:
*
* 1) Using the subscribe helper method
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListPermissionsPublisher publisher = client.listPermissionsPaginator(request);
* CompletableFuture future = publisher.subscribe(res -> { // Do something with the response });
* future.get();
* }
*
*
* 2) Using a custom subscriber
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListPermissionsPublisher publisher = client.listPermissionsPaginator(request);
* publisher.subscribe(new Subscriber() {
*
* public void onSubscribe(org.reactivestreams.Subscriber subscription) { //... };
*
*
* public void onNext(software.amazon.awssdk.services.acmpca.model.ListPermissionsResponse response) { //... };
* });}
*
*
* As the response is a publisher, it can work well with third party reactive streams implementations like RxJava2.
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listPermissions(software.amazon.awssdk.services.acmpca.model.ListPermissionsRequest)} operation.
*
*
* @param listPermissionsRequest
* @return A custom publisher that can be subscribed to request a stream of response pages.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidNextTokenException The token specified in the
NextToken argument is not valid.
* Use the token returned from your previous call to ListCertificateAuthorities.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - RequestFailedException The request has failed for an unspecified reason.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListPermissions
* @see AWS API
* Documentation
*/
default ListPermissionsPublisher listPermissionsPaginator(ListPermissionsRequest listPermissionsRequest) {
return new ListPermissionsPublisher(this, listPermissionsRequest);
}
/**
*
* List all permissions on a private CA, if any, granted to the Certificate Manager (ACM) service principal
* (acm.amazonaws.com).
*
*
* These permissions allow ACM to issue and renew ACM certificates that reside in the same Amazon Web Services
* account as the CA.
*
*
* Permissions can be granted with the CreatePermission
* action and revoked with the DeletePermission
* action.
*
*
* About Permissions
*
*
* -
*
* If the private CA and the certificates it issues reside in the same account, you can use
* CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.
*
*
* -
*
* For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve,
* and list certificates.
*
*
* -
*
* If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to
* enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable
* cross-account issuance and renewals. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
*
*
*
* This is a variant of
* {@link #listPermissions(software.amazon.awssdk.services.acmpca.model.ListPermissionsRequest)} operation. The
* return type is a custom publisher that can be subscribed to request a stream of response pages. SDK will
* internally handle making service calls for you.
*
*
* When the operation is called, an instance of this class is returned. At this point, no service calls are made yet
* and so there is no guarantee that the request is valid. If there are errors in your request, you will see the
* failures only after you start streaming the data. The subscribe method should be called as a request to start
* streaming data. For more info, see
* {@link org.reactivestreams.Publisher#subscribe(org.reactivestreams.Subscriber)}. Each call to the subscribe
* method will result in a new {@link org.reactivestreams.Subscription} i.e., a new contract to stream data from the
* starting request.
*
*
*
* The following are few ways to use the response class:
*
* 1) Using the subscribe helper method
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListPermissionsPublisher publisher = client.listPermissionsPaginator(request);
* CompletableFuture future = publisher.subscribe(res -> { // Do something with the response });
* future.get();
* }
*
*
* 2) Using a custom subscriber
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListPermissionsPublisher publisher = client.listPermissionsPaginator(request);
* publisher.subscribe(new Subscriber() {
*
* public void onSubscribe(org.reactivestreams.Subscriber subscription) { //... };
*
*
* public void onNext(software.amazon.awssdk.services.acmpca.model.ListPermissionsResponse response) { //... };
* });}
*
*
* As the response is a publisher, it can work well with third party reactive streams implementations like RxJava2.
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listPermissions(software.amazon.awssdk.services.acmpca.model.ListPermissionsRequest)} operation.
*
*
* This is a convenience which creates an instance of the {@link ListPermissionsRequest.Builder} avoiding the need
* to create one manually via {@link ListPermissionsRequest#builder()}
*
*
* @param listPermissionsRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.ListPermissionsRequest.Builder} to create a request.
* @return A custom publisher that can be subscribed to request a stream of response pages.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidNextTokenException The token specified in the
NextToken argument is not valid.
* Use the token returned from your previous call to ListCertificateAuthorities.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - RequestFailedException The request has failed for an unspecified reason.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListPermissions
* @see AWS API
* Documentation
*/
default ListPermissionsPublisher listPermissionsPaginator(Consumer listPermissionsRequest) {
return listPermissionsPaginator(ListPermissionsRequest.builder().applyMutation(listPermissionsRequest).build());
}
/**
*
* Lists the tags, if any, that are associated with your private CA or one that has been shared with you. Tags are
* labels that you can use to identify and organize your CAs. Each tag consists of a key and an optional value. Call
* the
* TagCertificateAuthority action to add one or more tags to your CA. Call the UntagCertificateAuthority action to remove tags.
*
*
* @param listTagsRequest
* @return A Java Future containing the result of the ListTags operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListTags
* @see AWS API
* Documentation
*/
default CompletableFuture listTags(ListTagsRequest listTagsRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Lists the tags, if any, that are associated with your private CA or one that has been shared with you. Tags are
* labels that you can use to identify and organize your CAs. Each tag consists of a key and an optional value. Call
* the
* TagCertificateAuthority action to add one or more tags to your CA. Call the UntagCertificateAuthority action to remove tags.
*
*
*
* This is a convenience which creates an instance of the {@link ListTagsRequest.Builder} avoiding the need to
* create one manually via {@link ListTagsRequest#builder()}
*
*
* @param listTagsRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.ListTagsRequest.Builder} to create a request.
* @return A Java Future containing the result of the ListTags operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListTags
* @see AWS API
* Documentation
*/
default CompletableFuture listTags(Consumer listTagsRequest) {
return listTags(ListTagsRequest.builder().applyMutation(listTagsRequest).build());
}
/**
*
* Lists the tags, if any, that are associated with your private CA or one that has been shared with you. Tags are
* labels that you can use to identify and organize your CAs. Each tag consists of a key and an optional value. Call
* the
* TagCertificateAuthority action to add one or more tags to your CA. Call the UntagCertificateAuthority action to remove tags.
*
*
*
* This is a variant of {@link #listTags(software.amazon.awssdk.services.acmpca.model.ListTagsRequest)} operation.
* The return type is a custom publisher that can be subscribed to request a stream of response pages. SDK will
* internally handle making service calls for you.
*
*
* When the operation is called, an instance of this class is returned. At this point, no service calls are made yet
* and so there is no guarantee that the request is valid. If there are errors in your request, you will see the
* failures only after you start streaming the data. The subscribe method should be called as a request to start
* streaming data. For more info, see
* {@link org.reactivestreams.Publisher#subscribe(org.reactivestreams.Subscriber)}. Each call to the subscribe
* method will result in a new {@link org.reactivestreams.Subscription} i.e., a new contract to stream data from the
* starting request.
*
*
*
* The following are few ways to use the response class:
*
* 1) Using the subscribe helper method
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListTagsPublisher publisher = client.listTagsPaginator(request);
* CompletableFuture future = publisher.subscribe(res -> { // Do something with the response });
* future.get();
* }
*
*
* 2) Using a custom subscriber
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListTagsPublisher publisher = client.listTagsPaginator(request);
* publisher.subscribe(new Subscriber() {
*
* public void onSubscribe(org.reactivestreams.Subscriber subscription) { //... };
*
*
* public void onNext(software.amazon.awssdk.services.acmpca.model.ListTagsResponse response) { //... };
* });}
*
*
* As the response is a publisher, it can work well with third party reactive streams implementations like RxJava2.
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listTags(software.amazon.awssdk.services.acmpca.model.ListTagsRequest)} operation.
*
*
* @param listTagsRequest
* @return A custom publisher that can be subscribed to request a stream of response pages.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListTags
* @see AWS API
* Documentation
*/
default ListTagsPublisher listTagsPaginator(ListTagsRequest listTagsRequest) {
return new ListTagsPublisher(this, listTagsRequest);
}
/**
*
* Lists the tags, if any, that are associated with your private CA or one that has been shared with you. Tags are
* labels that you can use to identify and organize your CAs. Each tag consists of a key and an optional value. Call
* the
* TagCertificateAuthority action to add one or more tags to your CA. Call the UntagCertificateAuthority action to remove tags.
*
*
*
* This is a variant of {@link #listTags(software.amazon.awssdk.services.acmpca.model.ListTagsRequest)} operation.
* The return type is a custom publisher that can be subscribed to request a stream of response pages. SDK will
* internally handle making service calls for you.
*
*
* When the operation is called, an instance of this class is returned. At this point, no service calls are made yet
* and so there is no guarantee that the request is valid. If there are errors in your request, you will see the
* failures only after you start streaming the data. The subscribe method should be called as a request to start
* streaming data. For more info, see
* {@link org.reactivestreams.Publisher#subscribe(org.reactivestreams.Subscriber)}. Each call to the subscribe
* method will result in a new {@link org.reactivestreams.Subscription} i.e., a new contract to stream data from the
* starting request.
*
*
*
* The following are few ways to use the response class:
*
* 1) Using the subscribe helper method
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListTagsPublisher publisher = client.listTagsPaginator(request);
* CompletableFuture future = publisher.subscribe(res -> { // Do something with the response });
* future.get();
* }
*
*
* 2) Using a custom subscriber
*
*
* {@code
* software.amazon.awssdk.services.acmpca.paginators.ListTagsPublisher publisher = client.listTagsPaginator(request);
* publisher.subscribe(new Subscriber() {
*
* public void onSubscribe(org.reactivestreams.Subscriber subscription) { //... };
*
*
* public void onNext(software.amazon.awssdk.services.acmpca.model.ListTagsResponse response) { //... };
* });}
*
*
* As the response is a publisher, it can work well with third party reactive streams implementations like RxJava2.
*
* Please notice that the configuration of MaxResults won't limit the number of results you get with the
* paginator. It only limits the number of results in each page.
*
*
* Note: If you prefer to have control on service calls, use the
* {@link #listTags(software.amazon.awssdk.services.acmpca.model.ListTagsRequest)} operation.
*
*
* This is a convenience which creates an instance of the {@link ListTagsRequest.Builder} avoiding the need to
* create one manually via {@link ListTagsRequest#builder()}
*
*
* @param listTagsRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.ListTagsRequest.Builder} to create a request.
* @return A custom publisher that can be subscribed to request a stream of response pages.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.ListTags
* @see AWS API
* Documentation
*/
default ListTagsPublisher listTagsPaginator(Consumer listTagsRequest) {
return listTagsPaginator(ListTagsRequest.builder().applyMutation(listTagsRequest).build());
}
/**
*
* Attaches a resource-based policy to a private CA.
*
*
* A policy can also be applied by sharing a private CA through Amazon Web Services Resource Access Manager (RAM).
* For more information, see Attach a
* Policy for Cross-Account Access.
*
*
* The policy can be displayed with GetPolicy and removed
* with DeletePolicy.
*
*
* About Policies
*
*
* -
*
* A policy grants access on a private CA to an Amazon Web Services customer account, to Amazon Web Services
* Organizations, or to an Amazon Web Services Organizations unit. Policies are under the control of a CA
* administrator. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
* -
*
* A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed by a CA in another account.
*
*
* -
*
* For ACM to manage automatic renewal of these certificates, the ACM user must configure a Service Linked Role
* (SLR). The SLR allows the ACM service to assume the identity of the user, subject to confirmation against the
* Amazon Web Services Private CA policy. For more information, see Using a Service Linked Role with ACM.
*
*
* -
*
* Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies. For more information, see
* Attach a Policy for Cross-Account
* Access.
*
*
*
*
* @param putPolicyRequest
* @return A Java Future containing the result of the PutPolicy operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidPolicyException The resource policy is invalid or is missing a required statement. For general
* information about IAM policy and statement structure, see Overview of JSON Policies.
* - LockoutPreventedException The current action was prevented because it would lock the caller out from
* performing subsequent actions. Verify that the specified parameters would not result in the caller being
* denied access to the resource.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.PutPolicy
* @see AWS API
* Documentation
*/
default CompletableFuture putPolicy(PutPolicyRequest putPolicyRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Attaches a resource-based policy to a private CA.
*
*
* A policy can also be applied by sharing a private CA through Amazon Web Services Resource Access Manager (RAM).
* For more information, see Attach a
* Policy for Cross-Account Access.
*
*
* The policy can be displayed with GetPolicy and removed
* with DeletePolicy.
*
*
* About Policies
*
*
* -
*
* A policy grants access on a private CA to an Amazon Web Services customer account, to Amazon Web Services
* Organizations, or to an Amazon Web Services Organizations unit. Policies are under the control of a CA
* administrator. For more information, see Using a Resource Based Policy with
* Amazon Web Services Private CA.
*
*
* -
*
* A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed by a CA in another account.
*
*
* -
*
* For ACM to manage automatic renewal of these certificates, the ACM user must configure a Service Linked Role
* (SLR). The SLR allows the ACM service to assume the identity of the user, subject to confirmation against the
* Amazon Web Services Private CA policy. For more information, see Using a Service Linked Role with ACM.
*
*
* -
*
* Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies. For more information, see
* Attach a Policy for Cross-Account
* Access.
*
*
*
*
*
* This is a convenience which creates an instance of the {@link PutPolicyRequest.Builder} avoiding the need to
* create one manually via {@link PutPolicyRequest#builder()}
*
*
* @param putPolicyRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.PutPolicyRequest.Builder} to create a request.
* @return A Java Future containing the result of the PutPolicy operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidPolicyException The resource policy is invalid or is missing a required statement. For general
* information about IAM policy and statement structure, see Overview of JSON Policies.
* - LockoutPreventedException The current action was prevented because it would lock the caller out from
* performing subsequent actions. Verify that the specified parameters would not result in the caller being
* denied access to the resource.
* - RequestFailedException The request has failed for an unspecified reason.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.PutPolicy
* @see AWS API
* Documentation
*/
default CompletableFuture putPolicy(Consumer putPolicyRequest) {
return putPolicy(PutPolicyRequest.builder().applyMutation(putPolicyRequest).build());
}
/**
*
* Restores a certificate authority (CA) that is in the DELETED state. You can restore a CA during the
* period that you defined in the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthority action. Currently, you can specify 7 to 30 days. If you did not specify a
* PermanentDeletionTimeInDays value, by default you can restore the CA at any time in a 30 day period. You
* can check the time remaining in the restoration period of a private CA in the DELETED state by
* calling the DescribeCertificateAuthority or ListCertificateAuthorities actions. The status of a restored CA is set to its pre-deletion status when the
* RestoreCertificateAuthority action returns. To change its status to ACTIVE, call the UpdateCertificateAuthority action. If the private CA was in the PENDING_CERTIFICATE state at
* deletion, you must use the ImportCertificateAuthorityCertificate action to import a certificate authority into the private CA before it
* can be activated. You cannot restore a CA after the restoration period has ended.
*
*
* @param restoreCertificateAuthorityRequest
* @return A Java Future containing the result of the RestoreCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.RestoreCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture restoreCertificateAuthority(
RestoreCertificateAuthorityRequest restoreCertificateAuthorityRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Restores a certificate authority (CA) that is in the DELETED state. You can restore a CA during the
* period that you defined in the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthority action. Currently, you can specify 7 to 30 days. If you did not specify a
* PermanentDeletionTimeInDays value, by default you can restore the CA at any time in a 30 day period. You
* can check the time remaining in the restoration period of a private CA in the DELETED state by
* calling the DescribeCertificateAuthority or ListCertificateAuthorities actions. The status of a restored CA is set to its pre-deletion status when the
* RestoreCertificateAuthority action returns. To change its status to ACTIVE, call the UpdateCertificateAuthority action. If the private CA was in the PENDING_CERTIFICATE state at
* deletion, you must use the ImportCertificateAuthorityCertificate action to import a certificate authority into the private CA before it
* can be activated. You cannot restore a CA after the restoration period has ended.
*
*
*
* This is a convenience which creates an instance of the {@link RestoreCertificateAuthorityRequest.Builder}
* avoiding the need to create one manually via {@link RestoreCertificateAuthorityRequest#builder()}
*
*
* @param restoreCertificateAuthorityRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.RestoreCertificateAuthorityRequest.Builder} to create
* a request.
* @return A Java Future containing the result of the RestoreCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.RestoreCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture restoreCertificateAuthority(
Consumer restoreCertificateAuthorityRequest) {
return restoreCertificateAuthority(RestoreCertificateAuthorityRequest.builder()
.applyMutation(restoreCertificateAuthorityRequest).build());
}
/**
*
* Revokes a certificate that was issued inside Amazon Web Services Private CA. If you enable a certificate
* revocation list (CRL) when you create or update your private CA, information about the revoked certificates will
* be included in the CRL. Amazon Web Services Private CA writes the CRL to an S3 bucket that you specify. A CRL is
* typically updated approximately 30 minutes after a certificate is revoked. If for any reason the CRL update
* fails, Amazon Web Services Private CA attempts makes further attempts every 15 minutes. With Amazon CloudWatch,
* you can create alarms for the metrics CRLGenerated and MisconfiguredCRLBucket. For more
* information, see Supported
* CloudWatch Metrics.
*
*
*
* Both Amazon Web Services Private CA and the IAM principal must have permission to write to the S3 bucket that you
* specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception
* is thrown. For more information, see Access policies for
* CRLs in Amazon S3.
*
*
*
* Amazon Web Services Private CA also writes revocation information to the audit report. For more information, see
* CreateCertificateAuthorityAuditReport.
*
*
*
* You cannot revoke a root CA self-signed certificate.
*
*
*
* @param revokeCertificateRequest
* @return A Java Future containing the result of the RevokeCertificate operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidRequestException The request action cannot be performed or is prohibited.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - LimitExceededException An Amazon Web Services Private CA quota has been exceeded. See the exception
* message returned to determine the quota that was exceeded.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - RequestAlreadyProcessedException Your request has already been completed.
* - RequestInProgressException Your request is already in progress.
* - RequestFailedException The request has failed for an unspecified reason.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.RevokeCertificate
* @see AWS API
* Documentation
*/
default CompletableFuture revokeCertificate(RevokeCertificateRequest revokeCertificateRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Revokes a certificate that was issued inside Amazon Web Services Private CA. If you enable a certificate
* revocation list (CRL) when you create or update your private CA, information about the revoked certificates will
* be included in the CRL. Amazon Web Services Private CA writes the CRL to an S3 bucket that you specify. A CRL is
* typically updated approximately 30 minutes after a certificate is revoked. If for any reason the CRL update
* fails, Amazon Web Services Private CA attempts makes further attempts every 15 minutes. With Amazon CloudWatch,
* you can create alarms for the metrics CRLGenerated and MisconfiguredCRLBucket. For more
* information, see Supported
* CloudWatch Metrics.
*
*
*
* Both Amazon Web Services Private CA and the IAM principal must have permission to write to the S3 bucket that you
* specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception
* is thrown. For more information, see Access policies for
* CRLs in Amazon S3.
*
*
*
* Amazon Web Services Private CA also writes revocation information to the audit report. For more information, see
* CreateCertificateAuthorityAuditReport.
*
*
*
* You cannot revoke a root CA self-signed certificate.
*
*
*
* This is a convenience which creates an instance of the {@link RevokeCertificateRequest.Builder} avoiding the need
* to create one manually via {@link RevokeCertificateRequest#builder()}
*
*
* @param revokeCertificateRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.RevokeCertificateRequest.Builder} to create a request.
* @return A Java Future containing the result of the RevokeCertificate operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidRequestException The request action cannot be performed or is prohibited.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - LimitExceededException An Amazon Web Services Private CA quota has been exceeded. See the exception
* message returned to determine the quota that was exceeded.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - RequestAlreadyProcessedException Your request has already been completed.
* - RequestInProgressException Your request is already in progress.
* - RequestFailedException The request has failed for an unspecified reason.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.RevokeCertificate
* @see AWS API
* Documentation
*/
default CompletableFuture revokeCertificate(
Consumer revokeCertificateRequest) {
return revokeCertificate(RevokeCertificateRequest.builder().applyMutation(revokeCertificateRequest).build());
}
/**
*
* Adds one or more tags to your private CA. Tags are labels that you can use to identify and organize your Amazon
* Web Services resources. Each tag consists of a key and an optional value. You specify the private CA on input by
* its Amazon Resource Name (ARN). You specify the tag by using a key-value pair. You can apply a tag to just one
* private CA if you want to identify a specific characteristic of that CA, or you can apply the same tag to
* multiple private CAs if you want to filter for a common relationship among those CAs. To remove one or more tags,
* use the
* UntagCertificateAuthority action. Call the ListTags action to see
* what tags are associated with your CA.
*
*
*
* To attach tags to a private CA during the creation procedure, a CA administrator must first associate an inline
* IAM policy with the CreateCertificateAuthority action and explicitly allow tagging. For more
* information, see Attaching
* tags to a CA at the time of creation.
*
*
*
* @param tagCertificateAuthorityRequest
* @return A Java Future containing the result of the TagCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidTagException The tag associated with the CA is not valid. The invalid argument is contained in
* the message field.
* - TooManyTagsException You can associate up to 50 tags with a private CA. Exception information is
* contained in the exception message field.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.TagCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture tagCertificateAuthority(
TagCertificateAuthorityRequest tagCertificateAuthorityRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Adds one or more tags to your private CA. Tags are labels that you can use to identify and organize your Amazon
* Web Services resources. Each tag consists of a key and an optional value. You specify the private CA on input by
* its Amazon Resource Name (ARN). You specify the tag by using a key-value pair. You can apply a tag to just one
* private CA if you want to identify a specific characteristic of that CA, or you can apply the same tag to
* multiple private CAs if you want to filter for a common relationship among those CAs. To remove one or more tags,
* use the
* UntagCertificateAuthority action. Call the ListTags action to see
* what tags are associated with your CA.
*
*
*
* To attach tags to a private CA during the creation procedure, a CA administrator must first associate an inline
* IAM policy with the CreateCertificateAuthority action and explicitly allow tagging. For more
* information, see Attaching
* tags to a CA at the time of creation.
*
*
*
* This is a convenience which creates an instance of the {@link TagCertificateAuthorityRequest.Builder} avoiding
* the need to create one manually via {@link TagCertificateAuthorityRequest#builder()}
*
*
* @param tagCertificateAuthorityRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.TagCertificateAuthorityRequest.Builder} to create a
* request.
* @return A Java Future containing the result of the TagCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidTagException The tag associated with the CA is not valid. The invalid argument is contained in
* the message field.
* - TooManyTagsException You can associate up to 50 tags with a private CA. Exception information is
* contained in the exception message field.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.TagCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture tagCertificateAuthority(
Consumer tagCertificateAuthorityRequest) {
return tagCertificateAuthority(TagCertificateAuthorityRequest.builder().applyMutation(tagCertificateAuthorityRequest)
.build());
}
/**
*
* Remove one or more tags from your private CA. A tag consists of a key-value pair. If you do not specify the value
* portion of the tag when calling this action, the tag will be removed regardless of value. If you specify a value,
* the tag is removed only if it is associated with the specified value. To add tags to a private CA, use the
* TagCertificateAuthority. Call the ListTags action to see
* what tags are associated with your CA.
*
*
* @param untagCertificateAuthorityRequest
* @return A Java Future containing the result of the UntagCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidTagException The tag associated with the CA is not valid. The invalid argument is contained in
* the message field.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.UntagCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture untagCertificateAuthority(
UntagCertificateAuthorityRequest untagCertificateAuthorityRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Remove one or more tags from your private CA. A tag consists of a key-value pair. If you do not specify the value
* portion of the tag when calling this action, the tag will be removed regardless of value. If you specify a value,
* the tag is removed only if it is associated with the specified value. To add tags to a private CA, use the
* TagCertificateAuthority. Call the ListTags action to see
* what tags are associated with your CA.
*
*
*
* This is a convenience which creates an instance of the {@link UntagCertificateAuthorityRequest.Builder} avoiding
* the need to create one manually via {@link UntagCertificateAuthorityRequest#builder()}
*
*
* @param untagCertificateAuthorityRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.UntagCertificateAuthorityRequest.Builder} to create a
* request.
* @return A Java Future containing the result of the UntagCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidTagException The tag associated with the CA is not valid. The invalid argument is contained in
* the message field.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.UntagCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture untagCertificateAuthority(
Consumer untagCertificateAuthorityRequest) {
return untagCertificateAuthority(UntagCertificateAuthorityRequest.builder()
.applyMutation(untagCertificateAuthorityRequest).build());
}
/**
*
* Updates the status or configuration of a private certificate authority (CA). Your private CA must be in the
* ACTIVE or DISABLED state before you can update it. You can disable a private CA that is
* in the ACTIVE state or make a CA that is in the DISABLED state active again.
*
*
*
* Both Amazon Web Services Private CA and the IAM principal must have permission to write to the S3 bucket that you
* specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception
* is thrown. For more information, see Access policies for
* CRLs in Amazon S3.
*
*
*
* @param updateCertificateAuthorityRequest
* @return A Java Future containing the result of the UpdateCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArgsException One or more of the specified arguments was not valid.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidPolicyException The resource policy is invalid or is missing a required statement. For general
* information about IAM policy and statement structure, see Overview of JSON Policies.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.UpdateCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture updateCertificateAuthority(
UpdateCertificateAuthorityRequest updateCertificateAuthorityRequest) {
throw new UnsupportedOperationException();
}
/**
*
* Updates the status or configuration of a private certificate authority (CA). Your private CA must be in the
* ACTIVE or DISABLED state before you can update it. You can disable a private CA that is
* in the ACTIVE state or make a CA that is in the DISABLED state active again.
*
*
*
* Both Amazon Web Services Private CA and the IAM principal must have permission to write to the S3 bucket that you
* specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception
* is thrown. For more information, see Access policies for
* CRLs in Amazon S3.
*
*
*
* This is a convenience which creates an instance of the {@link UpdateCertificateAuthorityRequest.Builder} avoiding
* the need to create one manually via {@link UpdateCertificateAuthorityRequest#builder()}
*
*
* @param updateCertificateAuthorityRequest
* A {@link Consumer} that will call methods on
* {@link software.amazon.awssdk.services.acmpca.model.UpdateCertificateAuthorityRequest.Builder} to create a
* request.
* @return A Java Future containing the result of the UpdateCertificateAuthority operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following
* exceptions.
*
* - ConcurrentModificationException A previous update to your private CA is still ongoing.
* - ResourceNotFoundException A resource such as a private CA, S3 bucket, certificate, audit report, or
* policy cannot be found.
* - InvalidArgsException One or more of the specified arguments was not valid.
* - InvalidArnException The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* - InvalidStateException The state of the private CA does not allow this action to occur.
* - InvalidPolicyException The resource policy is invalid or is missing a required statement. For general
* information about IAM policy and statement structure, see Overview of JSON Policies.
* - SdkException Base class for all exceptions that can be thrown by the SDK (both service and client).
* Can be used for catch all scenarios.
* - SdkClientException If any client side error occurs such as an IO related failure, failure to get
* credentials, etc.
* - AcmPcaException Base class for all service exceptions. Unknown exceptions will be thrown as an
* instance of this type.
*
* @sample AcmPcaAsyncClient.UpdateCertificateAuthority
* @see AWS API Documentation
*/
default CompletableFuture updateCertificateAuthority(
Consumer updateCertificateAuthorityRequest) {
return updateCertificateAuthority(UpdateCertificateAuthorityRequest.builder()
.applyMutation(updateCertificateAuthorityRequest).build());
}
/**
* Create an instance of {@link AcmPcaAsyncWaiter} using this client.
*
* Waiters created via this method are managed by the SDK and resources will be released when the service client is
* closed.
*
* @return an instance of {@link AcmPcaAsyncWaiter}
*/
default AcmPcaAsyncWaiter waiter() {
throw new UnsupportedOperationException();
}
@Override
default AcmPcaServiceClientConfiguration serviceClientConfiguration() {
throw new UnsupportedOperationException();
}
/**
* Create a {@link AcmPcaAsyncClient} with the region loaded from the
* {@link software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain} and credentials loaded from the
* {@link software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider}.
*/
static AcmPcaAsyncClient create() {
return builder().build();
}
/**
* Create a builder that can be used to configure and create a {@link AcmPcaAsyncClient}.
*/
static AcmPcaAsyncClientBuilder builder() {
return new DefaultAcmPcaAsyncClientBuilder();
}
}