{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CertificateManagerPCA.RevokeCertificate
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Revokes a certificate that was issued inside ACM Private CA. If you
-- enable a certificate revocation list (CRL) when you create or update
-- your private CA, information about the revoked certificates will be
-- included in the CRL. ACM Private CA writes the CRL to an S3 bucket that
-- you specify. A CRL is typically updated approximately 30 minutes after a
-- certificate is revoked. If for any reason the CRL update fails, ACM
-- Private CA attempts makes further attempts every 15 minutes. With Amazon
-- CloudWatch, you can create alarms for the metrics @CRLGenerated@ and
-- @MisconfiguredCRLBucket@. For more information, see
-- <https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html Supported CloudWatch Metrics>.
--
-- Both PCA and the IAM principal must have permission to write to the S3
-- bucket that you specify. If the IAM principal making the call does not
-- have permission to write to the bucket, then an exception is thrown. For
-- more information, see
-- <https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html Configure Access to ACM Private CA>.
--
-- ACM Private CA also writes revocation information to the audit report.
-- For more information, see
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html CreateCertificateAuthorityAuditReport>.
--
-- You cannot revoke a root CA self-signed certificate.
module Amazonka.CertificateManagerPCA.RevokeCertificate
  ( -- * Creating a Request
    RevokeCertificate (..),
    newRevokeCertificate,

    -- * Request Lenses
    revokeCertificate_certificateAuthorityArn,
    revokeCertificate_certificateSerial,
    revokeCertificate_revocationReason,

    -- * Destructuring the Response
    RevokeCertificateResponse (..),
    newRevokeCertificateResponse,
  )
where

import Amazonka.CertificateManagerPCA.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newRevokeCertificate' smart constructor.
data RevokeCertificate = RevokeCertificate'
  { -- | Amazon Resource Name (ARN) of the private CA that issued the certificate
    -- to be revoked. This must be of the form:
    --
    -- @arn:aws:acm-pca:region:account:certificate-authority\/12345678-1234-1234-1234-123456789012 @
    RevokeCertificate -> Text
certificateAuthorityArn :: Prelude.Text,
    -- | Serial number of the certificate to be revoked. This must be in
    -- hexadecimal format. You can retrieve the serial number by calling
    -- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html GetCertificate>
    -- with the Amazon Resource Name (ARN) of the certificate you want and the
    -- ARN of your private CA. The __GetCertificate__ action retrieves the
    -- certificate in the PEM format. You can use the following OpenSSL command
    -- to list the certificate in text format and copy the hexadecimal serial
    -- number.
    --
    -- @openssl x509 -in file_path -text -noout@
    --
    -- You can also copy the serial number from the console or use the
    -- <https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html DescribeCertificate>
    -- action in the /AWS Certificate Manager API Reference/.
    RevokeCertificate -> Text
certificateSerial :: Prelude.Text,
    -- | Specifies why you revoked the certificate.
    RevokeCertificate -> RevocationReason
revocationReason :: RevocationReason
  }
  deriving (RevokeCertificate -> RevokeCertificate -> Bool
(RevokeCertificate -> RevokeCertificate -> Bool)
-> (RevokeCertificate -> RevokeCertificate -> Bool)
-> Eq RevokeCertificate
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: RevokeCertificate -> RevokeCertificate -> Bool
$c/= :: RevokeCertificate -> RevokeCertificate -> Bool
== :: RevokeCertificate -> RevokeCertificate -> Bool
$c== :: RevokeCertificate -> RevokeCertificate -> Bool
Prelude.Eq, ReadPrec [RevokeCertificate]
ReadPrec RevokeCertificate
Int -> ReadS RevokeCertificate
ReadS [RevokeCertificate]
(Int -> ReadS RevokeCertificate)
-> ReadS [RevokeCertificate]
-> ReadPrec RevokeCertificate
-> ReadPrec [RevokeCertificate]
-> Read RevokeCertificate
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [RevokeCertificate]
$creadListPrec :: ReadPrec [RevokeCertificate]
readPrec :: ReadPrec RevokeCertificate
$creadPrec :: ReadPrec RevokeCertificate
readList :: ReadS [RevokeCertificate]
$creadList :: ReadS [RevokeCertificate]
readsPrec :: Int -> ReadS RevokeCertificate
$creadsPrec :: Int -> ReadS RevokeCertificate
Prelude.Read, Int -> RevokeCertificate -> ShowS
[RevokeCertificate] -> ShowS
RevokeCertificate -> String
(Int -> RevokeCertificate -> ShowS)
-> (RevokeCertificate -> String)
-> ([RevokeCertificate] -> ShowS)
-> Show RevokeCertificate
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [RevokeCertificate] -> ShowS
$cshowList :: [RevokeCertificate] -> ShowS
show :: RevokeCertificate -> String
$cshow :: RevokeCertificate -> String
showsPrec :: Int -> RevokeCertificate -> ShowS
$cshowsPrec :: Int -> RevokeCertificate -> ShowS
Prelude.Show, (forall x. RevokeCertificate -> Rep RevokeCertificate x)
-> (forall x. Rep RevokeCertificate x -> RevokeCertificate)
-> Generic RevokeCertificate
forall x. Rep RevokeCertificate x -> RevokeCertificate
forall x. RevokeCertificate -> Rep RevokeCertificate x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep RevokeCertificate x -> RevokeCertificate
$cfrom :: forall x. RevokeCertificate -> Rep RevokeCertificate x
Prelude.Generic)

-- |
-- Create a value of 'RevokeCertificate' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'certificateAuthorityArn', 'revokeCertificate_certificateAuthorityArn' - Amazon Resource Name (ARN) of the private CA that issued the certificate
-- to be revoked. This must be of the form:
--
-- @arn:aws:acm-pca:region:account:certificate-authority\/12345678-1234-1234-1234-123456789012 @
--
-- 'certificateSerial', 'revokeCertificate_certificateSerial' - Serial number of the certificate to be revoked. This must be in
-- hexadecimal format. You can retrieve the serial number by calling
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html GetCertificate>
-- with the Amazon Resource Name (ARN) of the certificate you want and the
-- ARN of your private CA. The __GetCertificate__ action retrieves the
-- certificate in the PEM format. You can use the following OpenSSL command
-- to list the certificate in text format and copy the hexadecimal serial
-- number.
--
-- @openssl x509 -in file_path -text -noout@
--
-- You can also copy the serial number from the console or use the
-- <https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html DescribeCertificate>
-- action in the /AWS Certificate Manager API Reference/.
--
-- 'revocationReason', 'revokeCertificate_revocationReason' - Specifies why you revoked the certificate.
newRevokeCertificate ::
  -- | 'certificateAuthorityArn'
  Prelude.Text ->
  -- | 'certificateSerial'
  Prelude.Text ->
  -- | 'revocationReason'
  RevocationReason ->
  RevokeCertificate
newRevokeCertificate :: Text -> Text -> RevocationReason -> RevokeCertificate
newRevokeCertificate
  Text
pCertificateAuthorityArn_
  Text
pCertificateSerial_
  RevocationReason
pRevocationReason_ =
    RevokeCertificate' :: Text -> Text -> RevocationReason -> RevokeCertificate
RevokeCertificate'
      { $sel:certificateAuthorityArn:RevokeCertificate' :: Text
certificateAuthorityArn =
          Text
pCertificateAuthorityArn_,
        $sel:certificateSerial:RevokeCertificate' :: Text
certificateSerial = Text
pCertificateSerial_,
        $sel:revocationReason:RevokeCertificate' :: RevocationReason
revocationReason = RevocationReason
pRevocationReason_
      }

-- | Amazon Resource Name (ARN) of the private CA that issued the certificate
-- to be revoked. This must be of the form:
--
-- @arn:aws:acm-pca:region:account:certificate-authority\/12345678-1234-1234-1234-123456789012 @
revokeCertificate_certificateAuthorityArn :: Lens.Lens' RevokeCertificate Prelude.Text
revokeCertificate_certificateAuthorityArn :: (Text -> f Text) -> RevokeCertificate -> f RevokeCertificate
revokeCertificate_certificateAuthorityArn = (RevokeCertificate -> Text)
-> (RevokeCertificate -> Text -> RevokeCertificate)
-> Lens RevokeCertificate RevokeCertificate Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RevokeCertificate' {Text
certificateAuthorityArn :: Text
$sel:certificateAuthorityArn:RevokeCertificate' :: RevokeCertificate -> Text
certificateAuthorityArn} -> Text
certificateAuthorityArn) (\s :: RevokeCertificate
s@RevokeCertificate' {} Text
a -> RevokeCertificate
s {$sel:certificateAuthorityArn:RevokeCertificate' :: Text
certificateAuthorityArn = Text
a} :: RevokeCertificate)

-- | Serial number of the certificate to be revoked. This must be in
-- hexadecimal format. You can retrieve the serial number by calling
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html GetCertificate>
-- with the Amazon Resource Name (ARN) of the certificate you want and the
-- ARN of your private CA. The __GetCertificate__ action retrieves the
-- certificate in the PEM format. You can use the following OpenSSL command
-- to list the certificate in text format and copy the hexadecimal serial
-- number.
--
-- @openssl x509 -in file_path -text -noout@
--
-- You can also copy the serial number from the console or use the
-- <https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html DescribeCertificate>
-- action in the /AWS Certificate Manager API Reference/.
revokeCertificate_certificateSerial :: Lens.Lens' RevokeCertificate Prelude.Text
revokeCertificate_certificateSerial :: (Text -> f Text) -> RevokeCertificate -> f RevokeCertificate
revokeCertificate_certificateSerial = (RevokeCertificate -> Text)
-> (RevokeCertificate -> Text -> RevokeCertificate)
-> Lens RevokeCertificate RevokeCertificate Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RevokeCertificate' {Text
certificateSerial :: Text
$sel:certificateSerial:RevokeCertificate' :: RevokeCertificate -> Text
certificateSerial} -> Text
certificateSerial) (\s :: RevokeCertificate
s@RevokeCertificate' {} Text
a -> RevokeCertificate
s {$sel:certificateSerial:RevokeCertificate' :: Text
certificateSerial = Text
a} :: RevokeCertificate)

-- | Specifies why you revoked the certificate.
revokeCertificate_revocationReason :: Lens.Lens' RevokeCertificate RevocationReason
revokeCertificate_revocationReason :: (RevocationReason -> f RevocationReason)
-> RevokeCertificate -> f RevokeCertificate
revokeCertificate_revocationReason = (RevokeCertificate -> RevocationReason)
-> (RevokeCertificate -> RevocationReason -> RevokeCertificate)
-> Lens
     RevokeCertificate
     RevokeCertificate
     RevocationReason
     RevocationReason
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RevokeCertificate' {RevocationReason
revocationReason :: RevocationReason
$sel:revocationReason:RevokeCertificate' :: RevokeCertificate -> RevocationReason
revocationReason} -> RevocationReason
revocationReason) (\s :: RevokeCertificate
s@RevokeCertificate' {} RevocationReason
a -> RevokeCertificate
s {$sel:revocationReason:RevokeCertificate' :: RevocationReason
revocationReason = RevocationReason
a} :: RevokeCertificate)

instance Core.AWSRequest RevokeCertificate where
  type
    AWSResponse RevokeCertificate =
      RevokeCertificateResponse
  request :: RevokeCertificate -> Request RevokeCertificate
request = Service -> RevokeCertificate -> Request RevokeCertificate
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy RevokeCertificate
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse RevokeCertificate)))
response =
    AWSResponse RevokeCertificate
-> Logger
-> Service
-> Proxy RevokeCertificate
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse RevokeCertificate)))
forall (m :: * -> *) a.
MonadResource m =>
AWSResponse a
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveNull AWSResponse RevokeCertificate
RevokeCertificateResponse
RevokeCertificateResponse'

instance Prelude.Hashable RevokeCertificate

instance Prelude.NFData RevokeCertificate

instance Core.ToHeaders RevokeCertificate where
  toHeaders :: RevokeCertificate -> [Header]
toHeaders =
    [Header] -> RevokeCertificate -> [Header]
forall a b. a -> b -> a
Prelude.const
      ( [[Header]] -> [Header]
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# ( ByteString
"ACMPrivateCA.RevokeCertificate" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON RevokeCertificate where
  toJSON :: RevokeCertificate -> Value
toJSON RevokeCertificate' {Text
RevocationReason
revocationReason :: RevocationReason
certificateSerial :: Text
certificateAuthorityArn :: Text
$sel:revocationReason:RevokeCertificate' :: RevokeCertificate -> RevocationReason
$sel:certificateSerial:RevokeCertificate' :: RevokeCertificate -> Text
$sel:certificateAuthorityArn:RevokeCertificate' :: RevokeCertificate -> Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              ( Text
"CertificateAuthorityArn"
                  Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
certificateAuthorityArn
              ),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Text
"CertificateSerial" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
certificateSerial),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Text
"RevocationReason" Text -> RevocationReason -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= RevocationReason
revocationReason)
          ]
      )

instance Core.ToPath RevokeCertificate where
  toPath :: RevokeCertificate -> ByteString
toPath = ByteString -> RevokeCertificate -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery RevokeCertificate where
  toQuery :: RevokeCertificate -> QueryString
toQuery = QueryString -> RevokeCertificate -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newRevokeCertificateResponse' smart constructor.
data RevokeCertificateResponse = RevokeCertificateResponse'
  {
  }
  deriving (RevokeCertificateResponse -> RevokeCertificateResponse -> Bool
(RevokeCertificateResponse -> RevokeCertificateResponse -> Bool)
-> (RevokeCertificateResponse -> RevokeCertificateResponse -> Bool)
-> Eq RevokeCertificateResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: RevokeCertificateResponse -> RevokeCertificateResponse -> Bool
$c/= :: RevokeCertificateResponse -> RevokeCertificateResponse -> Bool
== :: RevokeCertificateResponse -> RevokeCertificateResponse -> Bool
$c== :: RevokeCertificateResponse -> RevokeCertificateResponse -> Bool
Prelude.Eq, ReadPrec [RevokeCertificateResponse]
ReadPrec RevokeCertificateResponse
Int -> ReadS RevokeCertificateResponse
ReadS [RevokeCertificateResponse]
(Int -> ReadS RevokeCertificateResponse)
-> ReadS [RevokeCertificateResponse]
-> ReadPrec RevokeCertificateResponse
-> ReadPrec [RevokeCertificateResponse]
-> Read RevokeCertificateResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [RevokeCertificateResponse]
$creadListPrec :: ReadPrec [RevokeCertificateResponse]
readPrec :: ReadPrec RevokeCertificateResponse
$creadPrec :: ReadPrec RevokeCertificateResponse
readList :: ReadS [RevokeCertificateResponse]
$creadList :: ReadS [RevokeCertificateResponse]
readsPrec :: Int -> ReadS RevokeCertificateResponse
$creadsPrec :: Int -> ReadS RevokeCertificateResponse
Prelude.Read, Int -> RevokeCertificateResponse -> ShowS
[RevokeCertificateResponse] -> ShowS
RevokeCertificateResponse -> String
(Int -> RevokeCertificateResponse -> ShowS)
-> (RevokeCertificateResponse -> String)
-> ([RevokeCertificateResponse] -> ShowS)
-> Show RevokeCertificateResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [RevokeCertificateResponse] -> ShowS
$cshowList :: [RevokeCertificateResponse] -> ShowS
show :: RevokeCertificateResponse -> String
$cshow :: RevokeCertificateResponse -> String
showsPrec :: Int -> RevokeCertificateResponse -> ShowS
$cshowsPrec :: Int -> RevokeCertificateResponse -> ShowS
Prelude.Show, (forall x.
 RevokeCertificateResponse -> Rep RevokeCertificateResponse x)
-> (forall x.
    Rep RevokeCertificateResponse x -> RevokeCertificateResponse)
-> Generic RevokeCertificateResponse
forall x.
Rep RevokeCertificateResponse x -> RevokeCertificateResponse
forall x.
RevokeCertificateResponse -> Rep RevokeCertificateResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep RevokeCertificateResponse x -> RevokeCertificateResponse
$cfrom :: forall x.
RevokeCertificateResponse -> Rep RevokeCertificateResponse x
Prelude.Generic)

-- |
-- Create a value of 'RevokeCertificateResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
newRevokeCertificateResponse ::
  RevokeCertificateResponse
newRevokeCertificateResponse :: RevokeCertificateResponse
newRevokeCertificateResponse =
  RevokeCertificateResponse
RevokeCertificateResponse'

instance Prelude.NFData RevokeCertificateResponse