DeleteCertificateAuthority

AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint)

.withCredentials(new AWSStaticCredentialsProvider(credentials)) .build();

// Create a request object.

CreatePermissionRequest req = new CreatePermissionRequest();

// Set the certificate authority ARN.

req.setCertificateAuthorityArn("arn:aws:acm-pca:region:account:certificate-authority/CA_ID");

// Set the permissions to give the user.

ArrayList<String> permissions = new ArrayList<>();

permissions.add("IssueCertificate");

permissions.add("GetCertificate");

permissions.add("ListPermissions");

req.setActions(permissions);

// Set the AWS principal.

req.setPrincipal("acm.amazonaws.com");

// Create a result object.

CreatePermissionResult result = null;

try {

result = client.createPermission(req);

} catch (InvalidArnException ex) { throw ex;

} catch (InvalidStateException ex) { throw ex;

} catch (LimitExceededException ex) { throw ex;

} catch (PermissionAlreadyExistsException ex) { throw ex;

} catch (RequestFailedException ex) { throw ex;

} catch (ResourceNotFoundException ex) { throw ex;

} }}

DeleteCertificateAuthority

The following Java sample shows how to use the DeleteCertificateAuthority operation.

This operation deletes the private certificate authority (CA) that you created using the CreateCertificateAuthority operation. The DeleteCertificateAuthority operation requires that you provide an ARN for the CA to be deleted. You can find the ARN by calling the

ListCertificateAuthorities operation. You can delete the private CA immediately if its status is CREATING or PENDING_CERTIFICATE. If you have already imported the certificate, however, you cannot delete it immediately. You must first disable the CA by calling the UpdateCertificateAuthority operation and set the Status parameter to DISABLED. You can then use the PermanentDeletionTimeInDays parameter in the DeleteCertificateAuthority operation to specify the number of days, from 7 to 30. During that period the private CA can be restored to disabled status. By default, if you do not set the PermanentDeletionTimeInDays parameter, the restoration period is 30 days. After this period expires, the private CA is permanently deleted and cannot be restored. For more information, see Restoring (p. 100).

DeleteCertificateAuthority

For a Java example that shows you how to use the RestoreCertificateAuthority operation, see RestoreCertificateAuthority (p. 186).

package com.amazonaws.samples;

import com.amazonaws.auth.AWSCredentials;

import com.amazonaws.auth.profile.ProfileCredentialsProvider;

import com.amazonaws.client.builder.AwsClientBuilder;

import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration;

import com.amazonaws.auth.AWSStaticCredentialsProvider;

import com.amazonaws.services.acmpca.AWSACMPCA;

import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder;

import com.amazonaws.services.acmpca.model.DeleteCertificateAuthorityRequest;

import com.amazonaws.AmazonClientException;

import com.amazonaws.services.acmpca.model.ResourceNotFoundException;

import com.amazonaws.services.acmpca.model.InvalidArnException;

import com.amazonaws.services.acmpca.model.InvalidStateException;

import com.amazonaws.services.acmpca.model.RequestFailedException;

public class DeleteCertificateAuthority {

public static void main(String[] args) throws Exception{

// Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux.

AWSCredentials credentials = null;

try {

credentials = new ProfileCredentialsProvider("default").getCredentials();

} catch (Exception e) {

throw new AmazonClientException("Cannot load your credentials from disk", e);

}

// Define the endpoint for your sample.

String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2"

String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/";

EndpointConfiguration endpoint =

new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion);

// Create a client that you can use to make requests.

AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint)

.withCredentials(new AWSStaticCredentialsProvider(credentials)) .build();

// Create a requrest object and set the ARN of the private CA to delete.

DeleteCertificateAuthorityRequest req = new DeleteCertificateAuthorityRequest();

// Set the certificate authority ARN.

req.withCertificateAuthorityArn("arn:aws:acm-pca:region:account:certificate-authority/CA_ID");

// Set the recovery period.

req.withPermanentDeletionTimeInDays(12);

// Delete the CA.

try {

client.deleteCertificateAuthority(req);

} catch (ResourceNotFoundException ex) { throw ex;

} catch (InvalidArnException ex) { throw ex;

} catch (InvalidStateException ex) {

DeletePermission throw ex;

} catch (RequestFailedException ex) { throw ex;

} }}

DeletePermission

The following Java sample shows how to use the DeletePermission operation.

The operation deletes permissions that a private CA delegated to an AWS service principal using the CreatePermissions operation. You can find a CA's ARN by calling the ListCertificateAuthorities function.

You can inspect the permissions that a CA granted by calling the ListPermissions function.

package com.amazonaws.samples;

import com.amazonaws.auth.AWSCredentials;

import com.amazonaws.auth.profile.ProfileCredentialsProvider;

import com.amazonaws.client.builder.AwsClientBuilder;

import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration;

import com.amazonaws.AmazonClientException;

import com.amazonaws.auth.AWSStaticCredentialsProvider;

import com.amazonaws.services.acmpca.AWSACMPCA;

import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder;

import com.amazonaws.services.acmpca.model.DeletePermissionRequest;

import com.amazonaws.services.acmpca.model.DeletePermissionResult;

import com.amazonaws.services.acmpca.model.InvalidArnException;

import com.amazonaws.services.acmpca.model.InvalidStateException;

import com.amazonaws.services.acmpca.model.RequestFailedException;

import com.amazonaws.services.acmpca.model.ResourceNotFoundException;

public class DeletePermission {

public static void main(String[] args) throws Exception {

// Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux.

AWSCredentials credentials = null;

try {

credentials = new ProfileCredentialsProvider("default").getCredentials();

} catch (Exception e) {

throw new AmazonClientException("Cannot load your credentials from file.", e);

}

// Define the endpoint for your sample.

String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2"

String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/";

EndpointConfiguration endpoint =

new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion);

// Create a client that you can use to make requests.

AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint)

.withCredentials(new AWSStaticCredentialsProvider(credentials)) .build();

// Create a request object.

DeletePermissionRequest req =

DeletePolicy new DeletePermissionRequest();

// Set the certificate authority ARN.

req.setCertificateAuthorityArn("arn:aws:acm-pca:region:account:certificate-authority/CA_ID");

// Set the AWS service principal.

req.setPrincipal("acm.amazonaws.com");

// Create a result object.

DeletePermissionResult result = null;

try {

result = client.deletePermission(req);

} catch (InvalidArnException ex) { throw ex;

} catch (InvalidStateException ex) { throw ex;

} catch (RequestFailedException ex) { throw ex;

} catch (ResourceNotFoundException ex) { throw ex;

} }}

DeletePolicy

The following Java sample shows how to use the DeletePolicy operation.

The operation delete the resource-based policy attached to a private CA. A resource-based policy is used to enable cross-account CA sharing. You can find the ARN of a private CA by calling the ListCertificateAuthorities action.

Related API actions include PutPolicy and GetPolicy.

package com.amazonaws.samples;

import com.amazonaws.auth.AWSCredentials;

import com.amazonaws.auth.profile.ProfileCredentialsProvider;

import com.amazonaws.client.builder.AwsClientBuilder;

import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration;

import com.amazonaws.AmazonClientException;

import com.amazonaws.auth.AWSStaticCredentialsProvider;

import com.amazonaws.services.acmpca.AWSACMPCA;

import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder;

import com.amazonaws.services.acmpca.model.CreatePermissionRequest;

import com.amazonaws.services.acmpca.model.CreatePermissionResult;

import com.amazonaws.services.acmpca.model.InvalidArnException;

import com.amazonaws.services.acmpca.model.InvalidStateException;

import com.amazonaws.services.acmpca.model.LimitExceededException;

import com.amazonaws.services.acmpca.model.PermissionAlreadyExistsException;

import com.amazonaws.services.acmpca.model.RequestFailedException;

import com.amazonaws.services.acmpca.model.ResourceNotFoundException;

import java.util.ArrayList;

public class CreatePermission {

public static void main(String[] args) throws Exception {

DeletePolicy

// Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux.

AWSCredentials credentials = null;

try {

credentials = new ProfileCredentialsProvider("default").getCredentials();

} catch (Exception e) {

throw new AmazonClientException("Cannot load your credentials from file.", e);

}

// Define the endpoint for your sample.

String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2"

String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/";

EndpointConfiguration endpoint =

new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion);

// Create a client that you can use to make requests.

AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint)

.withCredentials(new AWSStaticCredentialsProvider(credentials)) .build();

req.setCertificateAuthorityArn("arn:aws:acm-pca:region:account:certificate-authority/CA_ID");

// Set the permissions to give the user.

ArrayList<String> permissions = new ArrayList<>();

permissions.add("IssueCertificate");

permissions.add("GetCertificate");

permissions.add("ListPermissions");

req.setActions(permissions);

// Set the AWS principal.

req.setPrincipal("acm.amazonaws.com");

// Create a result object.

CreatePermissionResult result = null;

try {

} catch (PermissionAlreadyExistsException ex) { throw ex;

在文檔中 AWS Certificate Manager Private Certificate Authority User Guide Version latest (頁 166-171)