/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include #include namespace Aws { namespace ACMPCA { namespace Model { /** */ class IssueCertificateRequest : public ACMPCARequest { public: AWS_ACMPCA_API IssueCertificateRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "IssueCertificate"; } AWS_ACMPCA_API Aws::String SerializePayload() const override; AWS_ACMPCA_API Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; /** *

Specifies X.509 certificate information to be included in the issued * certificate. An APIPassthrough or APICSRPassthrough * template variant must be selected, or else this parameter is ignored. For more * information about using these templates, see Understanding * Certificate Templates.

If conflicting or duplicate certificate * information is supplied during certificate issuance, Amazon Web Services Private * CA applies order * of operation rules to determine what information is used.

*/ inline const ApiPassthrough& GetApiPassthrough() const{ return m_apiPassthrough; } /** *

*/ inline bool ApiPassthroughHasBeenSet() const { return m_apiPassthroughHasBeenSet; } /** *

*/ inline void SetApiPassthrough(const ApiPassthrough& value) { m_apiPassthroughHasBeenSet = true; m_apiPassthrough = value; } /** *

*/ inline void SetApiPassthrough(ApiPassthrough&& value) { m_apiPassthroughHasBeenSet = true; m_apiPassthrough = std::move(value); } /** *

*/ inline IssueCertificateRequest& WithApiPassthrough(const ApiPassthrough& value) { SetApiPassthrough(value); return *this;} /** *

*/ inline IssueCertificateRequest& WithApiPassthrough(ApiPassthrough&& value) { SetApiPassthrough(std::move(value)); return *this;} /** *

The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. * This must be of the form:

* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 *

*/ inline const Aws::String& GetCertificateAuthorityArn() const{ return m_certificateAuthorityArn; } /** *

The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. * This must be of the form:

* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 *

*/ inline bool CertificateAuthorityArnHasBeenSet() const { return m_certificateAuthorityArnHasBeenSet; } /** *

The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. * This must be of the form:

* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 *

*/ inline void SetCertificateAuthorityArn(const Aws::String& value) { m_certificateAuthorityArnHasBeenSet = true; m_certificateAuthorityArn = value; } /** *

The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. * This must be of the form:

* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 *

*/ inline void SetCertificateAuthorityArn(Aws::String&& value) { m_certificateAuthorityArnHasBeenSet = true; m_certificateAuthorityArn = std::move(value); } /** *

The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. * This must be of the form:

* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 *

*/ inline void SetCertificateAuthorityArn(const char* value) { m_certificateAuthorityArnHasBeenSet = true; m_certificateAuthorityArn.assign(value); } /** *

The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. * This must be of the form:

* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 *

*/ inline IssueCertificateRequest& WithCertificateAuthorityArn(const Aws::String& value) { SetCertificateAuthorityArn(value); return *this;} /** *

The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. * This must be of the form:

* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 *

*/ inline IssueCertificateRequest& WithCertificateAuthorityArn(Aws::String&& value) { SetCertificateAuthorityArn(std::move(value)); return *this;} /** *

The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. * This must be of the form:

* arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 *

*/ inline IssueCertificateRequest& WithCertificateAuthorityArn(const char* value) { SetCertificateAuthorityArn(value); return *this;} /** *

The certificate signing request (CSR) for the certificate you want to issue. * As an example, you can use the following OpenSSL command to create the CSR and a * 2048 bit RSA private key.

openssl req -new -newkey rsa:2048 -days * 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr

If you have a configuration file, you can then use the following OpenSSL * command. The usr_cert block in the configuration file contains your * X509 version 3 extensions.

openssl req -new -config * openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout * private/test_cert_priv_key.pem -out csr/test_cert_.csr

Note: A * CSR must provide either a subject name or a subject alternative * name or the request will be rejected.

*/ inline const Aws::Utils::ByteBuffer& GetCsr() const{ return m_csr; } /** *

The certificate signing request (CSR) for the certificate you want to issue. * As an example, you can use the following OpenSSL command to create the CSR and a * 2048 bit RSA private key.

openssl req -new -newkey rsa:2048 -days * 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr

If you have a configuration file, you can then use the following OpenSSL * command. The usr_cert block in the configuration file contains your * X509 version 3 extensions.

openssl req -new -config * openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout * private/test_cert_priv_key.pem -out csr/test_cert_.csr

Note: A * CSR must provide either a subject name or a subject alternative * name or the request will be rejected.

*/ inline bool CsrHasBeenSet() const { return m_csrHasBeenSet; } /** *

The certificate signing request (CSR) for the certificate you want to issue. * As an example, you can use the following OpenSSL command to create the CSR and a * 2048 bit RSA private key.

openssl req -new -newkey rsa:2048 -days * 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr

If you have a configuration file, you can then use the following OpenSSL * command. The usr_cert block in the configuration file contains your * X509 version 3 extensions.

openssl req -new -config * openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout * private/test_cert_priv_key.pem -out csr/test_cert_.csr

Note: A * CSR must provide either a subject name or a subject alternative * name or the request will be rejected.

*/ inline void SetCsr(const Aws::Utils::ByteBuffer& value) { m_csrHasBeenSet = true; m_csr = value; } /** *

The certificate signing request (CSR) for the certificate you want to issue. * As an example, you can use the following OpenSSL command to create the CSR and a * 2048 bit RSA private key.

openssl req -new -newkey rsa:2048 -days * 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr

If you have a configuration file, you can then use the following OpenSSL * command. The usr_cert block in the configuration file contains your * X509 version 3 extensions.

openssl req -new -config * openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout * private/test_cert_priv_key.pem -out csr/test_cert_.csr

Note: A * CSR must provide either a subject name or a subject alternative * name or the request will be rejected.

*/ inline void SetCsr(Aws::Utils::ByteBuffer&& value) { m_csrHasBeenSet = true; m_csr = std::move(value); } /** *

The certificate signing request (CSR) for the certificate you want to issue. * As an example, you can use the following OpenSSL command to create the CSR and a * 2048 bit RSA private key.

openssl req -new -newkey rsa:2048 -days * 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr

If you have a configuration file, you can then use the following OpenSSL * command. The usr_cert block in the configuration file contains your * X509 version 3 extensions.

openssl req -new -config * openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout * private/test_cert_priv_key.pem -out csr/test_cert_.csr

Note: A * CSR must provide either a subject name or a subject alternative * name or the request will be rejected.

*/ inline IssueCertificateRequest& WithCsr(const Aws::Utils::ByteBuffer& value) { SetCsr(value); return *this;} /** *

The certificate signing request (CSR) for the certificate you want to issue. * As an example, you can use the following OpenSSL command to create the CSR and a * 2048 bit RSA private key.

openssl req -new -newkey rsa:2048 -days * 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr

If you have a configuration file, you can then use the following OpenSSL * command. The usr_cert block in the configuration file contains your * X509 version 3 extensions.

openssl req -new -config * openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout * private/test_cert_priv_key.pem -out csr/test_cert_.csr

Note: A * CSR must provide either a subject name or a subject alternative * name or the request will be rejected.

*/ inline IssueCertificateRequest& WithCsr(Aws::Utils::ByteBuffer&& value) { SetCsr(std::move(value)); return *this;} /** *

The name of the algorithm that will be used to sign the certificate to be * issued.

This parameter should not be confused with the * SigningAlgorithm parameter used to sign a CSR in the * CreateCertificateAuthority action.

The specified * signing algorithm family (RSA or ECDSA) must match the algorithm family of the * CA's secret key.

*/ inline const SigningAlgorithm& GetSigningAlgorithm() const{ return m_signingAlgorithm; } /** *

The name of the algorithm that will be used to sign the certificate to be * issued.

This parameter should not be confused with the * SigningAlgorithm parameter used to sign a CSR in the * CreateCertificateAuthority action.

The specified * signing algorithm family (RSA or ECDSA) must match the algorithm family of the * CA's secret key.

*/ inline bool SigningAlgorithmHasBeenSet() const { return m_signingAlgorithmHasBeenSet; } /** *

The name of the algorithm that will be used to sign the certificate to be * issued.

This parameter should not be confused with the * SigningAlgorithm parameter used to sign a CSR in the * CreateCertificateAuthority action.

The specified * signing algorithm family (RSA or ECDSA) must match the algorithm family of the * CA's secret key.

*/ inline void SetSigningAlgorithm(const SigningAlgorithm& value) { m_signingAlgorithmHasBeenSet = true; m_signingAlgorithm = value; } /** *

The name of the algorithm that will be used to sign the certificate to be * issued.

This parameter should not be confused with the * SigningAlgorithm parameter used to sign a CSR in the * CreateCertificateAuthority action.

The specified * signing algorithm family (RSA or ECDSA) must match the algorithm family of the * CA's secret key.

*/ inline void SetSigningAlgorithm(SigningAlgorithm&& value) { m_signingAlgorithmHasBeenSet = true; m_signingAlgorithm = std::move(value); } /** *

The name of the algorithm that will be used to sign the certificate to be * issued.

This parameter should not be confused with the * SigningAlgorithm parameter used to sign a CSR in the * CreateCertificateAuthority action.

The specified * signing algorithm family (RSA or ECDSA) must match the algorithm family of the * CA's secret key.

*/ inline IssueCertificateRequest& WithSigningAlgorithm(const SigningAlgorithm& value) { SetSigningAlgorithm(value); return *this;} /** *

The name of the algorithm that will be used to sign the certificate to be * issued.

This parameter should not be confused with the * SigningAlgorithm parameter used to sign a CSR in the * CreateCertificateAuthority action.

The specified * signing algorithm family (RSA or ECDSA) must match the algorithm family of the * CA's secret key.

*/ inline IssueCertificateRequest& WithSigningAlgorithm(SigningAlgorithm&& value) { SetSigningAlgorithm(std::move(value)); return *this;} /** *

Specifies a custom configuration template to use when issuing a certificate. * If this parameter is not provided, Amazon Web Services Private CA defaults to * the EndEntityCertificate/V1 template. For CA certificates, you * should choose the shortest path length that meets your needs. The path length is * indicated by the PathLenN portion of the ARN, where N is the CA * depth.

Note: The CA depth configured on a subordinate CA certificate * must not exceed the limit set by its parents in the CA hierarchy.