{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CertificateManagerPCA.Types.CertificateAuthorityConfiguration
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.CertificateManagerPCA.Types.CertificateAuthorityConfiguration where

import Amazonka.CertificateManagerPCA.Types.ASN1Subject
import Amazonka.CertificateManagerPCA.Types.CsrExtensions
import Amazonka.CertificateManagerPCA.Types.KeyAlgorithm
import Amazonka.CertificateManagerPCA.Types.SigningAlgorithm
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | Contains configuration information for your private certificate
-- authority (CA). This includes information about the class of public key
-- algorithm and the key pair that your private CA creates when it issues a
-- certificate. It also includes the signature algorithm that it uses when
-- issuing certificates, and its X.500 distinguished name. You must specify
-- this information when you call the
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html CreateCertificateAuthority>
-- action.
--
-- /See:/ 'newCertificateAuthorityConfiguration' smart constructor.
data CertificateAuthorityConfiguration = CertificateAuthorityConfiguration'
  { -- | Specifies information to be added to the extension section of the
    -- certificate signing request (CSR).
    CertificateAuthorityConfiguration -> Maybe CsrExtensions
csrExtensions :: Prelude.Maybe CsrExtensions,
    -- | Type of the public key algorithm and size, in bits, of the key pair that
    -- your CA creates when it issues a certificate. When you create a
    -- subordinate CA, you must use a key algorithm supported by the parent CA.
    CertificateAuthorityConfiguration -> KeyAlgorithm
keyAlgorithm :: KeyAlgorithm,
    -- | Name of the algorithm your private CA uses to sign certificate requests.
    --
    -- This parameter should not be confused with the @SigningAlgorithm@
    -- parameter used to sign certificates when they are issued.
    CertificateAuthorityConfiguration -> SigningAlgorithm
signingAlgorithm :: SigningAlgorithm,
    -- | Structure that contains X.500 distinguished name information for your
    -- private CA.
    CertificateAuthorityConfiguration -> ASN1Subject
subject :: ASN1Subject
  }
  deriving (CertificateAuthorityConfiguration
-> CertificateAuthorityConfiguration -> Bool
(CertificateAuthorityConfiguration
 -> CertificateAuthorityConfiguration -> Bool)
-> (CertificateAuthorityConfiguration
    -> CertificateAuthorityConfiguration -> Bool)
-> Eq CertificateAuthorityConfiguration
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CertificateAuthorityConfiguration
-> CertificateAuthorityConfiguration -> Bool
$c/= :: CertificateAuthorityConfiguration
-> CertificateAuthorityConfiguration -> Bool
== :: CertificateAuthorityConfiguration
-> CertificateAuthorityConfiguration -> Bool
$c== :: CertificateAuthorityConfiguration
-> CertificateAuthorityConfiguration -> Bool
Prelude.Eq, ReadPrec [CertificateAuthorityConfiguration]
ReadPrec CertificateAuthorityConfiguration
Int -> ReadS CertificateAuthorityConfiguration
ReadS [CertificateAuthorityConfiguration]
(Int -> ReadS CertificateAuthorityConfiguration)
-> ReadS [CertificateAuthorityConfiguration]
-> ReadPrec CertificateAuthorityConfiguration
-> ReadPrec [CertificateAuthorityConfiguration]
-> Read CertificateAuthorityConfiguration
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CertificateAuthorityConfiguration]
$creadListPrec :: ReadPrec [CertificateAuthorityConfiguration]
readPrec :: ReadPrec CertificateAuthorityConfiguration
$creadPrec :: ReadPrec CertificateAuthorityConfiguration
readList :: ReadS [CertificateAuthorityConfiguration]
$creadList :: ReadS [CertificateAuthorityConfiguration]
readsPrec :: Int -> ReadS CertificateAuthorityConfiguration
$creadsPrec :: Int -> ReadS CertificateAuthorityConfiguration
Prelude.Read, Int -> CertificateAuthorityConfiguration -> ShowS
[CertificateAuthorityConfiguration] -> ShowS
CertificateAuthorityConfiguration -> String
(Int -> CertificateAuthorityConfiguration -> ShowS)
-> (CertificateAuthorityConfiguration -> String)
-> ([CertificateAuthorityConfiguration] -> ShowS)
-> Show CertificateAuthorityConfiguration
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CertificateAuthorityConfiguration] -> ShowS
$cshowList :: [CertificateAuthorityConfiguration] -> ShowS
show :: CertificateAuthorityConfiguration -> String
$cshow :: CertificateAuthorityConfiguration -> String
showsPrec :: Int -> CertificateAuthorityConfiguration -> ShowS
$cshowsPrec :: Int -> CertificateAuthorityConfiguration -> ShowS
Prelude.Show, (forall x.
 CertificateAuthorityConfiguration
 -> Rep CertificateAuthorityConfiguration x)
-> (forall x.
    Rep CertificateAuthorityConfiguration x
    -> CertificateAuthorityConfiguration)
-> Generic CertificateAuthorityConfiguration
forall x.
Rep CertificateAuthorityConfiguration x
-> CertificateAuthorityConfiguration
forall x.
CertificateAuthorityConfiguration
-> Rep CertificateAuthorityConfiguration x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep CertificateAuthorityConfiguration x
-> CertificateAuthorityConfiguration
$cfrom :: forall x.
CertificateAuthorityConfiguration
-> Rep CertificateAuthorityConfiguration x
Prelude.Generic)

-- |
-- Create a value of 'CertificateAuthorityConfiguration' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'csrExtensions', 'certificateAuthorityConfiguration_csrExtensions' - Specifies information to be added to the extension section of the
-- certificate signing request (CSR).
--
-- 'keyAlgorithm', 'certificateAuthorityConfiguration_keyAlgorithm' - Type of the public key algorithm and size, in bits, of the key pair that
-- your CA creates when it issues a certificate. When you create a
-- subordinate CA, you must use a key algorithm supported by the parent CA.
--
-- 'signingAlgorithm', 'certificateAuthorityConfiguration_signingAlgorithm' - Name of the algorithm your private CA uses to sign certificate requests.
--
-- This parameter should not be confused with the @SigningAlgorithm@
-- parameter used to sign certificates when they are issued.
--
-- 'subject', 'certificateAuthorityConfiguration_subject' - Structure that contains X.500 distinguished name information for your
-- private CA.
newCertificateAuthorityConfiguration ::
  -- | 'keyAlgorithm'
  KeyAlgorithm ->
  -- | 'signingAlgorithm'
  SigningAlgorithm ->
  -- | 'subject'
  ASN1Subject ->
  CertificateAuthorityConfiguration
newCertificateAuthorityConfiguration :: KeyAlgorithm
-> SigningAlgorithm
-> ASN1Subject
-> CertificateAuthorityConfiguration
newCertificateAuthorityConfiguration
  KeyAlgorithm
pKeyAlgorithm_
  SigningAlgorithm
pSigningAlgorithm_
  ASN1Subject
pSubject_ =
    CertificateAuthorityConfiguration' :: Maybe CsrExtensions
-> KeyAlgorithm
-> SigningAlgorithm
-> ASN1Subject
-> CertificateAuthorityConfiguration
CertificateAuthorityConfiguration'
      { $sel:csrExtensions:CertificateAuthorityConfiguration' :: Maybe CsrExtensions
csrExtensions =
          Maybe CsrExtensions
forall a. Maybe a
Prelude.Nothing,
        $sel:keyAlgorithm:CertificateAuthorityConfiguration' :: KeyAlgorithm
keyAlgorithm = KeyAlgorithm
pKeyAlgorithm_,
        $sel:signingAlgorithm:CertificateAuthorityConfiguration' :: SigningAlgorithm
signingAlgorithm = SigningAlgorithm
pSigningAlgorithm_,
        $sel:subject:CertificateAuthorityConfiguration' :: ASN1Subject
subject = ASN1Subject
pSubject_
      }

-- | Specifies information to be added to the extension section of the
-- certificate signing request (CSR).
certificateAuthorityConfiguration_csrExtensions :: Lens.Lens' CertificateAuthorityConfiguration (Prelude.Maybe CsrExtensions)
certificateAuthorityConfiguration_csrExtensions :: (Maybe CsrExtensions -> f (Maybe CsrExtensions))
-> CertificateAuthorityConfiguration
-> f CertificateAuthorityConfiguration
certificateAuthorityConfiguration_csrExtensions = (CertificateAuthorityConfiguration -> Maybe CsrExtensions)
-> (CertificateAuthorityConfiguration
    -> Maybe CsrExtensions -> CertificateAuthorityConfiguration)
-> Lens
     CertificateAuthorityConfiguration
     CertificateAuthorityConfiguration
     (Maybe CsrExtensions)
     (Maybe CsrExtensions)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CertificateAuthorityConfiguration' {Maybe CsrExtensions
csrExtensions :: Maybe CsrExtensions
$sel:csrExtensions:CertificateAuthorityConfiguration' :: CertificateAuthorityConfiguration -> Maybe CsrExtensions
csrExtensions} -> Maybe CsrExtensions
csrExtensions) (\s :: CertificateAuthorityConfiguration
s@CertificateAuthorityConfiguration' {} Maybe CsrExtensions
a -> CertificateAuthorityConfiguration
s {$sel:csrExtensions:CertificateAuthorityConfiguration' :: Maybe CsrExtensions
csrExtensions = Maybe CsrExtensions
a} :: CertificateAuthorityConfiguration)

-- | Type of the public key algorithm and size, in bits, of the key pair that
-- your CA creates when it issues a certificate. When you create a
-- subordinate CA, you must use a key algorithm supported by the parent CA.
certificateAuthorityConfiguration_keyAlgorithm :: Lens.Lens' CertificateAuthorityConfiguration KeyAlgorithm
certificateAuthorityConfiguration_keyAlgorithm :: (KeyAlgorithm -> f KeyAlgorithm)
-> CertificateAuthorityConfiguration
-> f CertificateAuthorityConfiguration
certificateAuthorityConfiguration_keyAlgorithm = (CertificateAuthorityConfiguration -> KeyAlgorithm)
-> (CertificateAuthorityConfiguration
    -> KeyAlgorithm -> CertificateAuthorityConfiguration)
-> Lens
     CertificateAuthorityConfiguration
     CertificateAuthorityConfiguration
     KeyAlgorithm
     KeyAlgorithm
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CertificateAuthorityConfiguration' {KeyAlgorithm
keyAlgorithm :: KeyAlgorithm
$sel:keyAlgorithm:CertificateAuthorityConfiguration' :: CertificateAuthorityConfiguration -> KeyAlgorithm
keyAlgorithm} -> KeyAlgorithm
keyAlgorithm) (\s :: CertificateAuthorityConfiguration
s@CertificateAuthorityConfiguration' {} KeyAlgorithm
a -> CertificateAuthorityConfiguration
s {$sel:keyAlgorithm:CertificateAuthorityConfiguration' :: KeyAlgorithm
keyAlgorithm = KeyAlgorithm
a} :: CertificateAuthorityConfiguration)

-- | Name of the algorithm your private CA uses to sign certificate requests.
--
-- This parameter should not be confused with the @SigningAlgorithm@
-- parameter used to sign certificates when they are issued.
certificateAuthorityConfiguration_signingAlgorithm :: Lens.Lens' CertificateAuthorityConfiguration SigningAlgorithm
certificateAuthorityConfiguration_signingAlgorithm :: (SigningAlgorithm -> f SigningAlgorithm)
-> CertificateAuthorityConfiguration
-> f CertificateAuthorityConfiguration
certificateAuthorityConfiguration_signingAlgorithm = (CertificateAuthorityConfiguration -> SigningAlgorithm)
-> (CertificateAuthorityConfiguration
    -> SigningAlgorithm -> CertificateAuthorityConfiguration)
-> Lens
     CertificateAuthorityConfiguration
     CertificateAuthorityConfiguration
     SigningAlgorithm
     SigningAlgorithm
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CertificateAuthorityConfiguration' {SigningAlgorithm
signingAlgorithm :: SigningAlgorithm
$sel:signingAlgorithm:CertificateAuthorityConfiguration' :: CertificateAuthorityConfiguration -> SigningAlgorithm
signingAlgorithm} -> SigningAlgorithm
signingAlgorithm) (\s :: CertificateAuthorityConfiguration
s@CertificateAuthorityConfiguration' {} SigningAlgorithm
a -> CertificateAuthorityConfiguration
s {$sel:signingAlgorithm:CertificateAuthorityConfiguration' :: SigningAlgorithm
signingAlgorithm = SigningAlgorithm
a} :: CertificateAuthorityConfiguration)

-- | Structure that contains X.500 distinguished name information for your
-- private CA.
certificateAuthorityConfiguration_subject :: Lens.Lens' CertificateAuthorityConfiguration ASN1Subject
certificateAuthorityConfiguration_subject :: (ASN1Subject -> f ASN1Subject)
-> CertificateAuthorityConfiguration
-> f CertificateAuthorityConfiguration
certificateAuthorityConfiguration_subject = (CertificateAuthorityConfiguration -> ASN1Subject)
-> (CertificateAuthorityConfiguration
    -> ASN1Subject -> CertificateAuthorityConfiguration)
-> Lens
     CertificateAuthorityConfiguration
     CertificateAuthorityConfiguration
     ASN1Subject
     ASN1Subject
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CertificateAuthorityConfiguration' {ASN1Subject
subject :: ASN1Subject
$sel:subject:CertificateAuthorityConfiguration' :: CertificateAuthorityConfiguration -> ASN1Subject
subject} -> ASN1Subject
subject) (\s :: CertificateAuthorityConfiguration
s@CertificateAuthorityConfiguration' {} ASN1Subject
a -> CertificateAuthorityConfiguration
s {$sel:subject:CertificateAuthorityConfiguration' :: ASN1Subject
subject = ASN1Subject
a} :: CertificateAuthorityConfiguration)

instance
  Core.FromJSON
    CertificateAuthorityConfiguration
  where
  parseJSON :: Value -> Parser CertificateAuthorityConfiguration
parseJSON =
    String
-> (Object -> Parser CertificateAuthorityConfiguration)
-> Value
-> Parser CertificateAuthorityConfiguration
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"CertificateAuthorityConfiguration"
      ( \Object
x ->
          Maybe CsrExtensions
-> KeyAlgorithm
-> SigningAlgorithm
-> ASN1Subject
-> CertificateAuthorityConfiguration
CertificateAuthorityConfiguration'
            (Maybe CsrExtensions
 -> KeyAlgorithm
 -> SigningAlgorithm
 -> ASN1Subject
 -> CertificateAuthorityConfiguration)
-> Parser (Maybe CsrExtensions)
-> Parser
     (KeyAlgorithm
      -> SigningAlgorithm
      -> ASN1Subject
      -> CertificateAuthorityConfiguration)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe CsrExtensions)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"CsrExtensions")
            Parser
  (KeyAlgorithm
   -> SigningAlgorithm
   -> ASN1Subject
   -> CertificateAuthorityConfiguration)
-> Parser KeyAlgorithm
-> Parser
     (SigningAlgorithm
      -> ASN1Subject -> CertificateAuthorityConfiguration)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser KeyAlgorithm
forall a. FromJSON a => Object -> Text -> Parser a
Core..: Text
"KeyAlgorithm")
            Parser
  (SigningAlgorithm
   -> ASN1Subject -> CertificateAuthorityConfiguration)
-> Parser SigningAlgorithm
-> Parser (ASN1Subject -> CertificateAuthorityConfiguration)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser SigningAlgorithm
forall a. FromJSON a => Object -> Text -> Parser a
Core..: Text
"SigningAlgorithm")
            Parser (ASN1Subject -> CertificateAuthorityConfiguration)
-> Parser ASN1Subject -> Parser CertificateAuthorityConfiguration
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser ASN1Subject
forall a. FromJSON a => Object -> Text -> Parser a
Core..: Text
"Subject")
      )

instance
  Prelude.Hashable
    CertificateAuthorityConfiguration

instance
  Prelude.NFData
    CertificateAuthorityConfiguration

instance
  Core.ToJSON
    CertificateAuthorityConfiguration
  where
  toJSON :: CertificateAuthorityConfiguration -> Value
toJSON CertificateAuthorityConfiguration' {Maybe CsrExtensions
ASN1Subject
KeyAlgorithm
SigningAlgorithm
subject :: ASN1Subject
signingAlgorithm :: SigningAlgorithm
keyAlgorithm :: KeyAlgorithm
csrExtensions :: Maybe CsrExtensions
$sel:subject:CertificateAuthorityConfiguration' :: CertificateAuthorityConfiguration -> ASN1Subject
$sel:signingAlgorithm:CertificateAuthorityConfiguration' :: CertificateAuthorityConfiguration -> SigningAlgorithm
$sel:keyAlgorithm:CertificateAuthorityConfiguration' :: CertificateAuthorityConfiguration -> KeyAlgorithm
$sel:csrExtensions:CertificateAuthorityConfiguration' :: CertificateAuthorityConfiguration -> Maybe CsrExtensions
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"CsrExtensions" Text -> CsrExtensions -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (CsrExtensions -> Pair) -> Maybe CsrExtensions -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe CsrExtensions
csrExtensions,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"KeyAlgorithm" Text -> KeyAlgorithm -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= KeyAlgorithm
keyAlgorithm),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Text
"SigningAlgorithm" Text -> SigningAlgorithm -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= SigningAlgorithm
signingAlgorithm),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"Subject" Text -> ASN1Subject -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= ASN1Subject
subject)
          ]
      )