1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package acmpca 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/aws-sdk-go-v2/service/acmpca/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12) 13 14// Revokes a certificate that was issued inside ACM Private CA. If you enable a 15// certificate revocation list (CRL) when you create or update your private CA, 16// information about the revoked certificates will be included in the CRL. ACM 17// Private CA writes the CRL to an S3 bucket that you specify. A CRL is typically 18// updated approximately 30 minutes after a certificate is revoked. If for any 19// reason the CRL update fails, ACM Private CA attempts makes further attempts 20// every 15 minutes. With Amazon CloudWatch, you can create alarms for the metrics 21// CRLGenerated and MisconfiguredCRLBucket. For more information, see Supported 22// CloudWatch Metrics 23// (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html). Both 24// PCA and the IAM principal must have permission to write to the S3 bucket that 25// you specify. If the IAM principal making the call does not have permission to 26// write to the bucket, then an exception is thrown. For more information, see 27// Configure Access to ACM Private CA 28// (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). ACM 29// Private CA also writes revocation information to the audit report. For more 30// information, see CreateCertificateAuthorityAuditReport 31// (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html). 32// You cannot revoke a root CA self-signed certificate. 33func (c *Client) RevokeCertificate(ctx context.Context, params *RevokeCertificateInput, optFns ...func(*Options)) (*RevokeCertificateOutput, error) { 34 if params == nil { 35 params = &RevokeCertificateInput{} 36 } 37 38 result, metadata, err := c.invokeOperation(ctx, "RevokeCertificate", params, optFns, addOperationRevokeCertificateMiddlewares) 39 if err != nil { 40 return nil, err 41 } 42 43 out := result.(*RevokeCertificateOutput) 44 out.ResultMetadata = metadata 45 return out, nil 46} 47 48type RevokeCertificateInput struct { 49 50 // Amazon Resource Name (ARN) of the private CA that issued the certificate to be 51 // revoked. This must be of the form: 52 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 53 // 54 // This member is required. 55 CertificateAuthorityArn *string 56 57 // Serial number of the certificate to be revoked. This must be in hexadecimal 58 // format. You can retrieve the serial number by calling GetCertificate 59 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html) 60 // with the Amazon Resource Name (ARN) of the certificate you want and the ARN of 61 // your private CA. The GetCertificate action retrieves the certificate in the PEM 62 // format. You can use the following OpenSSL command to list the certificate in 63 // text format and copy the hexadecimal serial number. openssl x509 -in file_path 64 // -text -noout You can also copy the serial number from the console or use the 65 // DescribeCertificate 66 // (https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html) 67 // action in the AWS Certificate Manager API Reference. 68 // 69 // This member is required. 70 CertificateSerial *string 71 72 // Specifies why you revoked the certificate. 73 // 74 // This member is required. 75 RevocationReason types.RevocationReason 76} 77 78type RevokeCertificateOutput struct { 79 // Metadata pertaining to the operation's result. 80 ResultMetadata middleware.Metadata 81} 82 83func addOperationRevokeCertificateMiddlewares(stack *middleware.Stack, options Options) (err error) { 84 err = stack.Serialize.Add(&awsAwsjson11_serializeOpRevokeCertificate{}, middleware.After) 85 if err != nil { 86 return err 87 } 88 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpRevokeCertificate{}, middleware.After) 89 if err != nil { 90 return err 91 } 92 if err = addSetLoggerMiddleware(stack, options); err != nil { 93 return err 94 } 95 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 96 return err 97 } 98 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 99 return err 100 } 101 if err = addResolveEndpointMiddleware(stack, options); err != nil { 102 return err 103 } 104 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 105 return err 106 } 107 if err = addRetryMiddlewares(stack, options); err != nil { 108 return err 109 } 110 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 111 return err 112 } 113 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 114 return err 115 } 116 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 117 return err 118 } 119 if err = addClientUserAgent(stack); err != nil { 120 return err 121 } 122 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 123 return err 124 } 125 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 126 return err 127 } 128 if err = addOpRevokeCertificateValidationMiddleware(stack); err != nil { 129 return err 130 } 131 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opRevokeCertificate(options.Region), middleware.Before); err != nil { 132 return err 133 } 134 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 135 return err 136 } 137 if err = addResponseErrorMiddleware(stack); err != nil { 138 return err 139 } 140 if err = addRequestResponseLogging(stack, options); err != nil { 141 return err 142 } 143 return nil 144} 145 146func newServiceMetadataMiddleware_opRevokeCertificate(region string) *awsmiddleware.RegisterServiceMetadata { 147 return &awsmiddleware.RegisterServiceMetadata{ 148 Region: region, 149 ServiceID: ServiceID, 150 SigningName: "acm-pca", 151 OperationName: "RevokeCertificate", 152 } 153} 154