{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CertificateManagerPCA.RevokeCertificate
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Revokes a certificate that was issued inside Amazon Web Services Private
-- CA. If you enable a certificate revocation list (CRL) when you create or
-- update your private CA, information about the revoked certificates will
-- be included in the CRL. Amazon Web Services Private CA writes the CRL to
-- an S3 bucket that you specify. A CRL is typically updated approximately
-- 30 minutes after a certificate is revoked. If for any reason the CRL
-- update fails, Amazon Web Services Private CA attempts makes further
-- attempts every 15 minutes. With Amazon CloudWatch, you can create alarms
-- for the metrics @CRLGenerated@ and @MisconfiguredCRLBucket@. For more
-- information, see
-- <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCloudWatch.html Supported CloudWatch Metrics>.
--
-- Both Amazon Web Services Private CA and the IAM principal must have
-- permission to write to the S3 bucket that you specify. If the IAM
-- principal making the call does not have permission to write to the
-- bucket, then an exception is thrown. For more information, see
-- <https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies Access policies for CRLs in Amazon S3>.
--
-- Amazon Web Services Private CA also writes revocation information to the
-- audit report. For more information, see
-- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html CreateCertificateAuthorityAuditReport>.
--
-- You cannot revoke a root CA self-signed certificate.
module Amazonka.CertificateManagerPCA.RevokeCertificate
  ( -- * Creating a Request
    RevokeCertificate (..),
    newRevokeCertificate,

    -- * Request Lenses
    revokeCertificate_certificateAuthorityArn,
    revokeCertificate_certificateSerial,
    revokeCertificate_revocationReason,

    -- * Destructuring the Response
    RevokeCertificateResponse (..),
    newRevokeCertificateResponse,
  )
where

import Amazonka.CertificateManagerPCA.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newRevokeCertificate' smart constructor.
data RevokeCertificate = RevokeCertificate'
  { -- | Amazon Resource Name (ARN) of the private CA that issued the certificate
    -- to be revoked. This must be of the form:
    --
    -- @arn:aws:acm-pca:@/@region@/@:@/@account@/@:certificate-authority\/@/@12345678-1234-1234-1234-123456789012@/@ @
    RevokeCertificate -> Text
certificateAuthorityArn :: Prelude.Text,
    -- | Serial number of the certificate to be revoked. This must be in
    -- hexadecimal format. You can retrieve the serial number by calling
    -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificate.html GetCertificate>
    -- with the Amazon Resource Name (ARN) of the certificate you want and the
    -- ARN of your private CA. The __GetCertificate__ action retrieves the
    -- certificate in the PEM format. You can use the following OpenSSL command
    -- to list the certificate in text format and copy the hexadecimal serial
    -- number.
    --
    -- @openssl x509 -in @/@file_path@/@ -text -noout@
    --
    -- You can also copy the serial number from the console or use the
    -- <https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html DescribeCertificate>
    -- action in the /Certificate Manager API Reference/.
    RevokeCertificate -> Text
certificateSerial :: Prelude.Text,
    -- | Specifies why you revoked the certificate.
    RevokeCertificate -> RevocationReason
revocationReason :: RevocationReason
  }
  deriving (RevokeCertificate -> RevokeCertificate -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: RevokeCertificate -> RevokeCertificate -> Bool
$c/= :: RevokeCertificate -> RevokeCertificate -> Bool
== :: RevokeCertificate -> RevokeCertificate -> Bool
$c== :: RevokeCertificate -> RevokeCertificate -> Bool
Prelude.Eq, ReadPrec [RevokeCertificate]
ReadPrec RevokeCertificate
Int -> ReadS RevokeCertificate
ReadS [RevokeCertificate]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [RevokeCertificate]
$creadListPrec :: ReadPrec [RevokeCertificate]
readPrec :: ReadPrec RevokeCertificate
$creadPrec :: ReadPrec RevokeCertificate
readList :: ReadS [RevokeCertificate]
$creadList :: ReadS [RevokeCertificate]
readsPrec :: Int -> ReadS RevokeCertificate
$creadsPrec :: Int -> ReadS RevokeCertificate
Prelude.Read, Int -> RevokeCertificate -> ShowS
[RevokeCertificate] -> ShowS
RevokeCertificate -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [RevokeCertificate] -> ShowS
$cshowList :: [RevokeCertificate] -> ShowS
show :: RevokeCertificate -> String
$cshow :: RevokeCertificate -> String
showsPrec :: Int -> RevokeCertificate -> ShowS
$cshowsPrec :: Int -> RevokeCertificate -> ShowS
Prelude.Show, forall x. Rep RevokeCertificate x -> RevokeCertificate
forall x. RevokeCertificate -> Rep RevokeCertificate x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep RevokeCertificate x -> RevokeCertificate
$cfrom :: forall x. RevokeCertificate -> Rep RevokeCertificate x
Prelude.Generic)

-- |
-- Create a value of 'RevokeCertificate' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'certificateAuthorityArn', 'revokeCertificate_certificateAuthorityArn' - Amazon Resource Name (ARN) of the private CA that issued the certificate
-- to be revoked. This must be of the form:
--
-- @arn:aws:acm-pca:@/@region@/@:@/@account@/@:certificate-authority\/@/@12345678-1234-1234-1234-123456789012@/@ @
--
-- 'certificateSerial', 'revokeCertificate_certificateSerial' - Serial number of the certificate to be revoked. This must be in
-- hexadecimal format. You can retrieve the serial number by calling
-- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificate.html GetCertificate>
-- with the Amazon Resource Name (ARN) of the certificate you want and the
-- ARN of your private CA. The __GetCertificate__ action retrieves the
-- certificate in the PEM format. You can use the following OpenSSL command
-- to list the certificate in text format and copy the hexadecimal serial
-- number.
--
-- @openssl x509 -in @/@file_path@/@ -text -noout@
--
-- You can also copy the serial number from the console or use the
-- <https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html DescribeCertificate>
-- action in the /Certificate Manager API Reference/.
--
-- 'revocationReason', 'revokeCertificate_revocationReason' - Specifies why you revoked the certificate.
newRevokeCertificate ::
  -- | 'certificateAuthorityArn'
  Prelude.Text ->
  -- | 'certificateSerial'
  Prelude.Text ->
  -- | 'revocationReason'
  RevocationReason ->
  RevokeCertificate
newRevokeCertificate :: Text -> Text -> RevocationReason -> RevokeCertificate
newRevokeCertificate
  Text
pCertificateAuthorityArn_
  Text
pCertificateSerial_
  RevocationReason
pRevocationReason_ =
    RevokeCertificate'
      { $sel:certificateAuthorityArn:RevokeCertificate' :: Text
certificateAuthorityArn =
          Text
pCertificateAuthorityArn_,
        $sel:certificateSerial:RevokeCertificate' :: Text
certificateSerial = Text
pCertificateSerial_,
        $sel:revocationReason:RevokeCertificate' :: RevocationReason
revocationReason = RevocationReason
pRevocationReason_
      }

-- | Amazon Resource Name (ARN) of the private CA that issued the certificate
-- to be revoked. This must be of the form:
--
-- @arn:aws:acm-pca:@/@region@/@:@/@account@/@:certificate-authority\/@/@12345678-1234-1234-1234-123456789012@/@ @
revokeCertificate_certificateAuthorityArn :: Lens.Lens' RevokeCertificate Prelude.Text
revokeCertificate_certificateAuthorityArn :: Lens' RevokeCertificate Text
revokeCertificate_certificateAuthorityArn = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RevokeCertificate' {Text
certificateAuthorityArn :: Text
$sel:certificateAuthorityArn:RevokeCertificate' :: RevokeCertificate -> Text
certificateAuthorityArn} -> Text
certificateAuthorityArn) (\s :: RevokeCertificate
s@RevokeCertificate' {} Text
a -> RevokeCertificate
s {$sel:certificateAuthorityArn:RevokeCertificate' :: Text
certificateAuthorityArn = Text
a} :: RevokeCertificate)

-- | Serial number of the certificate to be revoked. This must be in
-- hexadecimal format. You can retrieve the serial number by calling
-- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificate.html GetCertificate>
-- with the Amazon Resource Name (ARN) of the certificate you want and the
-- ARN of your private CA. The __GetCertificate__ action retrieves the
-- certificate in the PEM format. You can use the following OpenSSL command
-- to list the certificate in text format and copy the hexadecimal serial
-- number.
--
-- @openssl x509 -in @/@file_path@/@ -text -noout@
--
-- You can also copy the serial number from the console or use the
-- <https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html DescribeCertificate>
-- action in the /Certificate Manager API Reference/.
revokeCertificate_certificateSerial :: Lens.Lens' RevokeCertificate Prelude.Text
revokeCertificate_certificateSerial :: Lens' RevokeCertificate Text
revokeCertificate_certificateSerial = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RevokeCertificate' {Text
certificateSerial :: Text
$sel:certificateSerial:RevokeCertificate' :: RevokeCertificate -> Text
certificateSerial} -> Text
certificateSerial) (\s :: RevokeCertificate
s@RevokeCertificate' {} Text
a -> RevokeCertificate
s {$sel:certificateSerial:RevokeCertificate' :: Text
certificateSerial = Text
a} :: RevokeCertificate)

-- | Specifies why you revoked the certificate.
revokeCertificate_revocationReason :: Lens.Lens' RevokeCertificate RevocationReason
revokeCertificate_revocationReason :: Lens' RevokeCertificate RevocationReason
revokeCertificate_revocationReason = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RevokeCertificate' {RevocationReason
revocationReason :: RevocationReason
$sel:revocationReason:RevokeCertificate' :: RevokeCertificate -> RevocationReason
revocationReason} -> RevocationReason
revocationReason) (\s :: RevokeCertificate
s@RevokeCertificate' {} RevocationReason
a -> RevokeCertificate
s {$sel:revocationReason:RevokeCertificate' :: RevocationReason
revocationReason = RevocationReason
a} :: RevokeCertificate)

instance Core.AWSRequest RevokeCertificate where
  type
    AWSResponse RevokeCertificate =
      RevokeCertificateResponse
  request :: (Service -> Service)
-> RevokeCertificate -> Request RevokeCertificate
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy RevokeCertificate
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse RevokeCertificate)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
AWSResponse a
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveNull RevokeCertificateResponse
RevokeCertificateResponse'

instance Prelude.Hashable RevokeCertificate where
  hashWithSalt :: Int -> RevokeCertificate -> Int
hashWithSalt Int
_salt RevokeCertificate' {Text
RevocationReason
revocationReason :: RevocationReason
certificateSerial :: Text
certificateAuthorityArn :: Text
$sel:revocationReason:RevokeCertificate' :: RevokeCertificate -> RevocationReason
$sel:certificateSerial:RevokeCertificate' :: RevokeCertificate -> Text
$sel:certificateAuthorityArn:RevokeCertificate' :: RevokeCertificate -> Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
certificateAuthorityArn
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
certificateSerial
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` RevocationReason
revocationReason

instance Prelude.NFData RevokeCertificate where
  rnf :: RevokeCertificate -> ()
rnf RevokeCertificate' {Text
RevocationReason
revocationReason :: RevocationReason
certificateSerial :: Text
certificateAuthorityArn :: Text
$sel:revocationReason:RevokeCertificate' :: RevokeCertificate -> RevocationReason
$sel:certificateSerial:RevokeCertificate' :: RevokeCertificate -> Text
$sel:certificateAuthorityArn:RevokeCertificate' :: RevokeCertificate -> Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Text
certificateAuthorityArn
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
certificateSerial
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf RevocationReason
revocationReason

instance Data.ToHeaders RevokeCertificate where
  toHeaders :: RevokeCertificate -> [Header]
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              forall a. ToHeader a => HeaderName -> a -> [Header]
Data.=# ( ByteString
"ACMPrivateCA.RevokeCertificate" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> [Header]
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON RevokeCertificate where
  toJSON :: RevokeCertificate -> Value
toJSON RevokeCertificate' {Text
RevocationReason
revocationReason :: RevocationReason
certificateSerial :: Text
certificateAuthorityArn :: Text
$sel:revocationReason:RevokeCertificate' :: RevokeCertificate -> RevocationReason
$sel:certificateSerial:RevokeCertificate' :: RevokeCertificate -> Text
$sel:certificateAuthorityArn:RevokeCertificate' :: RevokeCertificate -> Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ forall a. a -> Maybe a
Prelude.Just
              ( Key
"CertificateAuthorityArn"
                  forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
certificateAuthorityArn
              ),
            forall a. a -> Maybe a
Prelude.Just
              (Key
"CertificateSerial" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
certificateSerial),
            forall a. a -> Maybe a
Prelude.Just
              (Key
"RevocationReason" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= RevocationReason
revocationReason)
          ]
      )

instance Data.ToPath RevokeCertificate where
  toPath :: RevokeCertificate -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery RevokeCertificate where
  toQuery :: RevokeCertificate -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newRevokeCertificateResponse' smart constructor.
data RevokeCertificateResponse = RevokeCertificateResponse'
  {
  }
  deriving (RevokeCertificateResponse -> RevokeCertificateResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: RevokeCertificateResponse -> RevokeCertificateResponse -> Bool
$c/= :: RevokeCertificateResponse -> RevokeCertificateResponse -> Bool
== :: RevokeCertificateResponse -> RevokeCertificateResponse -> Bool
$c== :: RevokeCertificateResponse -> RevokeCertificateResponse -> Bool
Prelude.Eq, ReadPrec [RevokeCertificateResponse]
ReadPrec RevokeCertificateResponse
Int -> ReadS RevokeCertificateResponse
ReadS [RevokeCertificateResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [RevokeCertificateResponse]
$creadListPrec :: ReadPrec [RevokeCertificateResponse]
readPrec :: ReadPrec RevokeCertificateResponse
$creadPrec :: ReadPrec RevokeCertificateResponse
readList :: ReadS [RevokeCertificateResponse]
$creadList :: ReadS [RevokeCertificateResponse]
readsPrec :: Int -> ReadS RevokeCertificateResponse
$creadsPrec :: Int -> ReadS RevokeCertificateResponse
Prelude.Read, Int -> RevokeCertificateResponse -> ShowS
[RevokeCertificateResponse] -> ShowS
RevokeCertificateResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [RevokeCertificateResponse] -> ShowS
$cshowList :: [RevokeCertificateResponse] -> ShowS
show :: RevokeCertificateResponse -> String
$cshow :: RevokeCertificateResponse -> String
showsPrec :: Int -> RevokeCertificateResponse -> ShowS
$cshowsPrec :: Int -> RevokeCertificateResponse -> ShowS
Prelude.Show, forall x.
Rep RevokeCertificateResponse x -> RevokeCertificateResponse
forall x.
RevokeCertificateResponse -> Rep RevokeCertificateResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep RevokeCertificateResponse x -> RevokeCertificateResponse
$cfrom :: forall x.
RevokeCertificateResponse -> Rep RevokeCertificateResponse x
Prelude.Generic)

-- |
-- Create a value of 'RevokeCertificateResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
newRevokeCertificateResponse ::
  RevokeCertificateResponse
newRevokeCertificateResponse :: RevokeCertificateResponse
newRevokeCertificateResponse =
  RevokeCertificateResponse
RevokeCertificateResponse'

instance Prelude.NFData RevokeCertificateResponse where
  rnf :: RevokeCertificateResponse -> ()
rnf RevokeCertificateResponse
_ = ()