発行済みの証明書を取り消します。
もっと見る
このコードサンプルを含む詳細なドキュメントについては、以下をご覧ください。
コードサンプル
Go
CA Service への認証を行うには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
import (
"context"
"fmt"
"io"
privateca "cloud.google.com/go/security/privateca/apiv1"
"cloud.google.com/go/security/privateca/apiv1/privatecapb"
)
// Revoke an issued certificate. Once revoked, the certificate will become invalid
// and will expire post its lifetime.
func revokeCertificate(
w io.Writer,
projectId string,
location string,
caPoolId string,
certId string) error {
// projectId := "your_project_id"
// location := "us-central1" // For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
// caPoolId := "ca-pool-id" // The CA Pool id in which the certificate exists.
// certId := "certificate" // A unique name for the certificate.
ctx := context.Background()
caClient, err := privateca.NewCertificateAuthorityClient(ctx)
if err != nil {
return fmt.Errorf("NewCertificateAuthorityClient creation failed: %w", err)
}
defer caClient.Close()
fullCertName := fmt.Sprintf("projects/%s/locations/%s/caPools/%s/certificates/%s", projectId, location,
caPoolId, certId)
// Create the RevokeCertificateRequest and specify the appropriate revocation reason.
// See https://pkg.go.dev/cloud.google.com/go/security/privateca/apiv1/privatecapb#RevokeCertificateRequest.
req := &privatecapb.RevokeCertificateRequest{
Name: fullCertName,
Reason: privatecapb.RevocationReason_PRIVILEGE_WITHDRAWN,
}
_, err = caClient.RevokeCertificate(ctx, req)
if err != nil {
return fmt.Errorf("RevokeCertificate failed: %w", err)
}
fmt.Fprintf(w, "Certificate %s revoked", certId)
return nil
}
Java
CA Service への認証を行うには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.Certificate;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.CertificateName;
import com.google.cloud.security.privateca.v1.RevocationReason;
import com.google.cloud.security.privateca.v1.RevokeCertificateRequest;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
public class RevokeCertificate {
public static void main(String[] args)
throws IOException, ExecutionException, InterruptedException {
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// poolId: Id for the CA pool which contains the certificate.
// certificateName: Name of the certificate to be revoked.
String project = "your-project-id";
String location = "ca-location";
String poolId = "ca-pool-id";
String certificateName = "certificate-name";
revokeCertificate(project, location, poolId, certificateName);
}
// Revoke an issued certificate. Once revoked, the certificate will become invalid and will expire
// post its lifetime.
public static void revokeCertificate(
String project, String location, String poolId, String certificateName)
throws IOException, ExecutionException, InterruptedException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the `certificateAuthorityServiceClient.close()` method on the client to safely
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
CertificateAuthorityServiceClient.create()) {
// Create Certificate Name.
CertificateName certificateNameParent =
CertificateName.newBuilder()
.setProject(project)
.setLocation(location)
.setCaPool(poolId)
.setCertificate(certificateName)
.build();
// Create Revoke Certificate Request and specify the appropriate revocation reason.
RevokeCertificateRequest revokeCertificateRequest =
RevokeCertificateRequest.newBuilder()
.setName(certificateNameParent.toString())
.setReason(RevocationReason.PRIVILEGE_WITHDRAWN)
.build();
// Revoke certificate.
ApiFuture<Certificate> response =
certificateAuthorityServiceClient
.revokeCertificateCallable()
.futureCall(revokeCertificateRequest);
Certificate certificateResponse = response.get();
System.out.println("Certificate Revoked: " + certificateResponse.getName());
}
}
}
Python
CA Service への認証を行うには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
import google.cloud.security.privateca_v1 as privateca_v1
def revoke_certificate(
project_id: str,
location: str,
ca_pool_name: str,
certificate_name: str,
) -> None:
"""
Revoke an issued certificate. Once revoked, the certificate will become invalid and will expire post its lifetime.
Args:
project_id: project ID or project number of the Cloud project you want to use.
location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
ca_pool_name: name for the CA pool which contains the certificate.
certificate_name: name of the certificate to be revoked.
"""
caServiceClient = privateca_v1.CertificateAuthorityServiceClient()
# Create Certificate Path.
certificate_path = caServiceClient.certificate_path(
project_id, location, ca_pool_name, certificate_name
)
# Create Revoke Certificate Request and specify the appropriate revocation reason.
request = privateca_v1.RevokeCertificateRequest(
name=certificate_path, reason=privateca_v1.RevocationReason.PRIVILEGE_WITHDRAWN
)
result = caServiceClient.revoke_certificate(request=request)
print("Certificate revoke result:", result)
次のステップ
他の Google Cloud プロダクトに関連するコードサンプルの検索およびフィルタ検索を行うには、Google Cloud のサンプルをご覧ください。