Class CfnCertificate

java.lang.Object
software.amazon.jsii.JsiiObject
All Implemented Interfaces:
IConstruct, IDependable, IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct

@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:29:55.226Z") @Stability(Stable) public class CfnCertificate extends CfnResource implements IInspectable
A CloudFormation AWS::ACMPCA::Certificate.

The AWS::ACMPCA::Certificate resource is used to issue a certificate using your private certificate authority. For more information, see the IssueCertificate action.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.acmpca.*;
 CfnCertificate cfnCertificate = CfnCertificate.Builder.create(this, "MyCfnCertificate")
         .certificateAuthorityArn("certificateAuthorityArn")
         .certificateSigningRequest("certificateSigningRequest")
         .signingAlgorithm("signingAlgorithm")
         .validity(ValidityProperty.builder()
                 .type("type")
                 .value(123)
                 .build())
         // the properties below are optional
         .apiPassthrough(ApiPassthroughProperty.builder()
                 .extensions(ExtensionsProperty.builder()
                         .certificatePolicies(List.of(PolicyInformationProperty.builder()
                                 .certPolicyId("certPolicyId")
                                 // the properties below are optional
                                 .policyQualifiers(List.of(PolicyQualifierInfoProperty.builder()
                                         .policyQualifierId("policyQualifierId")
                                         .qualifier(QualifierProperty.builder()
                                                 .cpsUri("cpsUri")
                                                 .build())
                                         .build()))
                                 .build()))
                         .customExtensions(List.of(CustomExtensionProperty.builder()
                                 .objectIdentifier("objectIdentifier")
                                 .value("value")
                                 // the properties below are optional
                                 .critical(false)
                                 .build()))
                         .extendedKeyUsage(List.of(ExtendedKeyUsageProperty.builder()
                                 .extendedKeyUsageObjectIdentifier("extendedKeyUsageObjectIdentifier")
                                 .extendedKeyUsageType("extendedKeyUsageType")
                                 .build()))
                         .keyUsage(KeyUsageProperty.builder()
                                 .crlSign(false)
                                 .dataEncipherment(false)
                                 .decipherOnly(false)
                                 .digitalSignature(false)
                                 .encipherOnly(false)
                                 .keyAgreement(false)
                                 .keyCertSign(false)
                                 .keyEncipherment(false)
                                 .nonRepudiation(false)
                                 .build())
                         .subjectAlternativeNames(List.of(GeneralNameProperty.builder()
                                 .directoryName(SubjectProperty.builder()
                                         .commonName("commonName")
                                         .country("country")
                                         .customAttributes(List.of(CustomAttributeProperty.builder()
                                                 .objectIdentifier("objectIdentifier")
                                                 .value("value")
                                                 .build()))
                                         .distinguishedNameQualifier("distinguishedNameQualifier")
                                         .generationQualifier("generationQualifier")
                                         .givenName("givenName")
                                         .initials("initials")
                                         .locality("locality")
                                         .organization("organization")
                                         .organizationalUnit("organizationalUnit")
                                         .pseudonym("pseudonym")
                                         .serialNumber("serialNumber")
                                         .state("state")
                                         .surname("surname")
                                         .title("title")
                                         .build())
                                 .dnsName("dnsName")
                                 .ediPartyName(EdiPartyNameProperty.builder()
                                         .nameAssigner("nameAssigner")
                                         .partyName("partyName")
                                         .build())
                                 .ipAddress("ipAddress")
                                 .otherName(OtherNameProperty.builder()
                                         .typeId("typeId")
                                         .value("value")
                                         .build())
                                 .registeredId("registeredId")
                                 .rfc822Name("rfc822Name")
                                 .uniformResourceIdentifier("uniformResourceIdentifier")
                                 .build()))
                         .build())
                 .subject(SubjectProperty.builder()
                         .commonName("commonName")
                         .country("country")
                         .customAttributes(List.of(CustomAttributeProperty.builder()
                                 .objectIdentifier("objectIdentifier")
                                 .value("value")
                                 .build()))
                         .distinguishedNameQualifier("distinguishedNameQualifier")
                         .generationQualifier("generationQualifier")
                         .givenName("givenName")
                         .initials("initials")
                         .locality("locality")
                         .organization("organization")
                         .organizationalUnit("organizationalUnit")
                         .pseudonym("pseudonym")
                         .serialNumber("serialNumber")
                         .state("state")
                         .surname("surname")
                         .title("title")
                         .build())
                 .build())
         .templateArn("templateArn")
         .validityNotBefore(ValidityProperty.builder()
                 .type("type")
                 .value(123)
                 .build())
         .build();
 
  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.
  • Constructor Details

    • CfnCertificate

      protected CfnCertificate(software.amazon.jsii.JsiiObjectRef objRef)
    • CfnCertificate

      protected CfnCertificate(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
    • CfnCertificate

      @Stability(Stable) public CfnCertificate(@NotNull Construct scope, @NotNull String id, @NotNull CfnCertificateProps props)
      Create a new AWS::ACMPCA::Certificate.

      Parameters:
      scope -
      • scope in which this resource is defined.
      This parameter is required.
      id -
      • scoped id of the resource.
      This parameter is required.
      props -
      • resource properties.
      This parameter is required.
  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector -
      • tree inspector to collect and process attributes.
      This parameter is required.
    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.
    • getAttrArn

      @Stability(Stable) @NotNull public String getAttrArn()
      The Amazon Resource Name (ARN) of the issued certificate.
    • getAttrCertificate

      @Stability(Stable) @NotNull public String getAttrCertificate()
      The issued Base64 PEM-encoded certificate.
    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource
    • getCertificateAuthorityArn

      @Stability(Stable) @NotNull public String getCertificateAuthorityArn()
      The Amazon Resource Name (ARN) for the private CA issues the certificate.
    • setCertificateAuthorityArn

      @Stability(Stable) public void setCertificateAuthorityArn(@NotNull String value)
      The Amazon Resource Name (ARN) for the private CA issues the certificate.
    • getCertificateSigningRequest

      @Stability(Stable) @NotNull public String getCertificateSigningRequest()
      The certificate signing request (CSR) for the certificate.
    • setCertificateSigningRequest

      @Stability(Stable) public void setCertificateSigningRequest(@NotNull String value)
      The certificate signing request (CSR) for the certificate.
    • getSigningAlgorithm

      @Stability(Stable) @NotNull public String getSigningAlgorithm()
      The name of the algorithm that will be used to sign the certificate to be issued.

      This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action.

      The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.

    • setSigningAlgorithm

      @Stability(Stable) public void setSigningAlgorithm(@NotNull String value)
      The name of the algorithm that will be used to sign the certificate to be issued.

      This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action.

      The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.

    • getValidity

      @Stability(Stable) @NotNull public Object getValidity()
      The period of time during which the certificate will be valid.
    • setValidity

      @Stability(Stable) public void setValidity(@NotNull CfnCertificate.ValidityProperty value)
      The period of time during which the certificate will be valid.
    • setValidity

      @Stability(Stable) public void setValidity(@NotNull IResolvable value)
      The period of time during which the certificate will be valid.
    • getApiPassthrough

      @Stability(Stable) @Nullable public Object getApiPassthrough()
      Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
    • setApiPassthrough

      @Stability(Stable) public void setApiPassthrough(@Nullable IResolvable value)
      Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
    • setApiPassthrough

      @Stability(Stable) public void setApiPassthrough(@Nullable CfnCertificate.ApiPassthroughProperty value)
      Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
    • getTemplateArn

      @Stability(Stable) @Nullable public String getTemplateArn()
      Specifies a custom configuration template to use when issuing a certificate.

      If this parameter is not provided, AWS Private CA defaults to the EndEntityCertificate/V1 template. For more information about AWS Private CA templates, see Using Templates .

    • setTemplateArn

      @Stability(Stable) public void setTemplateArn(@Nullable String value)
      Specifies a custom configuration template to use when issuing a certificate.

      If this parameter is not provided, AWS Private CA defaults to the EndEntityCertificate/V1 template. For more information about AWS Private CA templates, see Using Templates .

    • getValidityNotBefore

      @Stability(Stable) @Nullable public Object getValidityNotBefore()
      Information describing the start of the validity period of the certificate.

      This parameter sets the “Not Before" date for the certificate.

      By default, when issuing a certificate, AWS Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the “Not Before” value.

      Unlike the Validity parameter, the ValidityNotBefore parameter is optional.

      The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE .

    • setValidityNotBefore

      @Stability(Stable) public void setValidityNotBefore(@Nullable CfnCertificate.ValidityProperty value)
      Information describing the start of the validity period of the certificate.

      This parameter sets the “Not Before" date for the certificate.

      By default, when issuing a certificate, AWS Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the “Not Before” value.

      Unlike the Validity parameter, the ValidityNotBefore parameter is optional.

      The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE .

    • setValidityNotBefore

      @Stability(Stable) public void setValidityNotBefore(@Nullable IResolvable value)
      Information describing the start of the validity period of the certificate.

      This parameter sets the “Not Before" date for the certificate.

      By default, when issuing a certificate, AWS Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the “Not Before” value.

      Unlike the Validity parameter, the ValidityNotBefore parameter is optional.

      The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE .