import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
 * Private certificate authority.
 *
 * ## Example Usage
 * ### Example
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws_native from "@pulumi/aws-native";
 *
 * const rootCA = new aws_native.acmpca.CertificateAuthority("rootCA", {
 *     type: "ROOT",
 *     keyAlgorithm: "RSA_2048",
 *     signingAlgorithm: "SHA256WITHRSA",
 *     subject: {
 *         country: "US",
 *         organization: "string",
 *         organizationalUnit: "string",
 *         distinguishedNameQualifier: "string",
 *         state: "string",
 *         commonName: "123",
 *         serialNumber: "string",
 *         locality: "string",
 *         title: "string",
 *         surname: "string",
 *         givenName: "string",
 *         initials: "DG",
 *         pseudonym: "string",
 *         generationQualifier: "DBG",
 *     },
 *     revocationConfiguration: {
 *         crlConfiguration: {
 *             enabled: false,
 *         },
 *     },
 * });
 * const rootCACertificate = new aws_native.acmpca.Certificate("rootCACertificate", {
 *     certificateAuthorityArn: rootCA.id,
 *     certificateSigningRequest: rootCA.certificateSigningRequest,
 *     signingAlgorithm: "SHA256WITHRSA",
 *     templateArn: "arn:aws:acm-pca:::template/RootCACertificate/V1",
 *     validity: {
 *         type: "DAYS",
 *         value: 100,
 *     },
 * });
 * const rootCAActivation = new aws_native.acmpca.CertificateAuthorityActivation("rootCAActivation", {
 *     certificateAuthorityArn: rootCA.id,
 *     certificate: rootCACertificate.certificate,
 *     status: "ACTIVE",
 * });
 * const rootCAPermission = new aws_native.acmpca.Permission("rootCAPermission", {
 *     actions: [
 *         "IssueCertificate",
 *         "GetCertificate",
 *         "ListPermissions",
 *     ],
 *     certificateAuthorityArn: rootCA.id,
 *     principal: "acm.amazonaws.com",
 * });
 * const subordinateCAOne = new aws_native.acmpca.CertificateAuthority("subordinateCAOne", {
 *     type: "SUBORDINATE",
 *     keyAlgorithm: "RSA_2048",
 *     signingAlgorithm: "SHA256WITHRSA",
 *     subject: {
 *         country: "US",
 *         organization: "string",
 *         organizationalUnit: "string",
 *         distinguishedNameQualifier: "string",
 *         state: "string",
 *         commonName: "Sub1",
 *         serialNumber: "string",
 *         locality: "string",
 *         title: "string",
 *         surname: "string",
 *         givenName: "string",
 *         initials: "DG",
 *         pseudonym: "string",
 *         generationQualifier: "DBG",
 *     },
 *     revocationConfiguration: {},
 *     tags: [],
 * });
 * const subordinateCAOneCACertificate = new aws_native.acmpca.Certificate("subordinateCAOneCACertificate", {
 *     certificateAuthorityArn: rootCA.id,
 *     certificateSigningRequest: subordinateCAOne.certificateSigningRequest,
 *     signingAlgorithm: "SHA256WITHRSA",
 *     templateArn: "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1",
 *     validity: {
 *         type: "DAYS",
 *         value: 90,
 *     },
 * }, {
 *     dependsOn: [rootCAActivation],
 * });
 * const subordinateCAOneActivation = new aws_native.acmpca.CertificateAuthorityActivation("subordinateCAOneActivation", {
 *     certificateAuthorityArn: subordinateCAOne.id,
 *     certificate: subordinateCAOneCACertificate.certificate,
 *     certificateChain: rootCAActivation.completeCertificateChain,
 *     status: "ACTIVE",
 * });
 * const subordinateCAOnePermission = new aws_native.acmpca.Permission("subordinateCAOnePermission", {
 *     actions: [
 *         "IssueCertificate",
 *         "GetCertificate",
 *         "ListPermissions",
 *     ],
 *     certificateAuthorityArn: subordinateCAOne.id,
 *     principal: "acm.amazonaws.com",
 * });
 * const subordinateCATwo = new aws_native.acmpca.CertificateAuthority("subordinateCATwo", {
 *     type: "SUBORDINATE",
 *     keyAlgorithm: "RSA_2048",
 *     signingAlgorithm: "SHA256WITHRSA",
 *     subject: {
 *         country: "US",
 *         organization: "string",
 *         organizationalUnit: "string",
 *         distinguishedNameQualifier: "string",
 *         state: "string",
 *         serialNumber: "string",
 *         locality: "string",
 *         title: "string",
 *         surname: "string",
 *         givenName: "string",
 *         initials: "DG",
 *         pseudonym: "string",
 *         generationQualifier: "DBG",
 *     },
 *     tags: [
 *         {
 *             key: "Key1",
 *             value: "Value1",
 *         },
 *         {
 *             key: "Key2",
 *             value: "Value2",
 *         },
 *     ],
 * });
 * const subordinateCATwoCACertificate = new aws_native.acmpca.Certificate("subordinateCATwoCACertificate", {
 *     certificateAuthorityArn: subordinateCAOne.id,
 *     certificateSigningRequest: subordinateCATwo.certificateSigningRequest,
 *     signingAlgorithm: "SHA256WITHRSA",
 *     templateArn: "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1",
 *     validity: {
 *         type: "DAYS",
 *         value: 80,
 *     },
 * }, {
 *     dependsOn: [subordinateCAOneActivation],
 * });
 * const subordinateCATwoActivation = new aws_native.acmpca.CertificateAuthorityActivation("subordinateCATwoActivation", {
 *     certificateAuthorityArn: subordinateCATwo.id,
 *     certificate: subordinateCATwoCACertificate.certificate,
 *     certificateChain: subordinateCAOneActivation.completeCertificateChain,
 * });
 * const subordinateCATwoPermission = new aws_native.acmpca.Permission("subordinateCATwoPermission", {
 *     actions: [
 *         "IssueCertificate",
 *         "GetCertificate",
 *         "ListPermissions",
 *     ],
 *     certificateAuthorityArn: subordinateCATwo.id,
 *     principal: "acm.amazonaws.com",
 * });
 * const endEntityCertificate = new aws_native.acmpca.Certificate("endEntityCertificate", {
 *     certificateAuthorityArn: subordinateCATwo.id,
 *     certificateSigningRequest: `-----BEGIN CERTIFICATE REQUEST-----
 * MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
 * BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
 * aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
 * 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
 * wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
 * 1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
 * WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
 * wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
 * BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
 * KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
 * hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
 * Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
 * ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
 * 29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
 * 97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
 * -----END CERTIFICATE REQUEST-----`,
 *     signingAlgorithm: "SHA256WITHRSA",
 *     validity: {
 *         type: "DAYS",
 *         value: 70,
 *     },
 * }, {
 *     dependsOn: [subordinateCATwoActivation],
 * });
 * export const completeCertificateChain = subordinateCATwoActivation.completeCertificateChain;
 * export const certificateArn = endEntityCertificate.arn;
 *
 * ```
 */
export declare class CertificateAuthority extends pulumi.CustomResource {
    /**
     * Get an existing CertificateAuthority resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): CertificateAuthority;
    /**
     * Returns true if the given object is an instance of CertificateAuthority.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is CertificateAuthority;
    /**
     * The Amazon Resource Name (ARN) of the certificate authority.
     */
    readonly arn: pulumi.Output<string>;
    /**
     * The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
     */
    readonly certificateSigningRequest: pulumi.Output<string>;
    /**
     * Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
     */
    readonly csrExtensions: pulumi.Output<outputs.acmpca.CertificateAuthorityCsrExtensions | undefined>;
    /**
     * Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
     */
    readonly keyAlgorithm: pulumi.Output<string>;
    /**
     * KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
     */
    readonly keyStorageSecurityStandard: pulumi.Output<string | undefined>;
    /**
     * Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
     */
    readonly revocationConfiguration: pulumi.Output<outputs.acmpca.CertificateAuthorityRevocationConfiguration | undefined>;
    /**
     * Algorithm your CA uses to sign certificate requests.
     */
    readonly signingAlgorithm: pulumi.Output<string>;
    /**
     * Structure that contains X.500 distinguished name information for your CA.
     */
    readonly subject: pulumi.Output<outputs.acmpca.CertificateAuthoritySubject>;
    /**
     * Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see [Controlling Access Using IAM Tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html) .
     */
    readonly tags: pulumi.Output<outputs.Tag[] | undefined>;
    /**
     * The type of the certificate authority.
     */
    readonly type: pulumi.Output<string>;
    /**
     * Usage mode of the ceritificate authority.
     */
    readonly usageMode: pulumi.Output<string | undefined>;
    /**
     * Create a CertificateAuthority resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: CertificateAuthorityArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * The set of arguments for constructing a CertificateAuthority resource.
 */
export interface CertificateAuthorityArgs {
    /**
     * Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
     */
    csrExtensions?: pulumi.Input<inputs.acmpca.CertificateAuthorityCsrExtensionsArgs>;
    /**
     * Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
     */
    keyAlgorithm: pulumi.Input<string>;
    /**
     * KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
     */
    keyStorageSecurityStandard?: pulumi.Input<string>;
    /**
     * Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
     */
    revocationConfiguration?: pulumi.Input<inputs.acmpca.CertificateAuthorityRevocationConfigurationArgs>;
    /**
     * Algorithm your CA uses to sign certificate requests.
     */
    signingAlgorithm: pulumi.Input<string>;
    /**
     * Structure that contains X.500 distinguished name information for your CA.
     */
    subject: pulumi.Input<inputs.acmpca.CertificateAuthoritySubjectArgs>;
    /**
     * Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see [Controlling Access Using IAM Tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html) .
     */
    tags?: pulumi.Input<pulumi.Input<inputs.TagArgs>[]>;
    /**
     * The type of the certificate authority.
     */
    type: pulumi.Input<string>;
    /**
     * Usage mode of the ceritificate authority.
     */
    usageMode?: pulumi.Input<string>;
}
