aws-sdk-acmpca 1.27.0 → 1.32.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-acmpca.rb +3 -2
- data/lib/aws-sdk-acmpca/client.rb +361 -102
- data/lib/aws-sdk-acmpca/client_api.rb +103 -0
- data/lib/aws-sdk-acmpca/types.rb +1104 -85
- metadata +4 -4
@@ -16,9 +16,14 @@ module Aws::ACMPCA
|
|
16
16
|
ASN1PrintableString64 = Shapes::StringShape.new(name: 'ASN1PrintableString64')
|
17
17
|
ASN1Subject = Shapes::StructureShape.new(name: 'ASN1Subject')
|
18
18
|
AWSPolicy = Shapes::StringShape.new(name: 'AWSPolicy')
|
19
|
+
AccessDescription = Shapes::StructureShape.new(name: 'AccessDescription')
|
20
|
+
AccessDescriptionList = Shapes::ListShape.new(name: 'AccessDescriptionList')
|
21
|
+
AccessMethod = Shapes::StructureShape.new(name: 'AccessMethod')
|
22
|
+
AccessMethodType = Shapes::StringShape.new(name: 'AccessMethodType')
|
19
23
|
AccountId = Shapes::StringShape.new(name: 'AccountId')
|
20
24
|
ActionList = Shapes::ListShape.new(name: 'ActionList')
|
21
25
|
ActionType = Shapes::StringShape.new(name: 'ActionType')
|
26
|
+
ApiPassthrough = Shapes::StructureShape.new(name: 'ApiPassthrough')
|
22
27
|
Arn = Shapes::StringShape.new(name: 'Arn')
|
23
28
|
AuditReportId = Shapes::StringShape.new(name: 'AuditReportId')
|
24
29
|
AuditReportResponseFormat = Shapes::StringShape.new(name: 'AuditReportResponseFormat')
|
@@ -34,6 +39,7 @@ module Aws::ACMPCA
|
|
34
39
|
CertificateChain = Shapes::StringShape.new(name: 'CertificateChain')
|
35
40
|
CertificateChainBlob = Shapes::BlobShape.new(name: 'CertificateChainBlob')
|
36
41
|
CertificateMismatchException = Shapes::StructureShape.new(name: 'CertificateMismatchException')
|
42
|
+
CertificatePolicyList = Shapes::ListShape.new(name: 'CertificatePolicyList')
|
37
43
|
ConcurrentModificationException = Shapes::StructureShape.new(name: 'ConcurrentModificationException')
|
38
44
|
CountryCodeString = Shapes::StringShape.new(name: 'CountryCodeString')
|
39
45
|
CreateCertificateAuthorityAuditReportRequest = Shapes::StructureShape.new(name: 'CreateCertificateAuthorityAuditReportRequest')
|
@@ -44,6 +50,8 @@ module Aws::ACMPCA
|
|
44
50
|
CrlConfiguration = Shapes::StructureShape.new(name: 'CrlConfiguration')
|
45
51
|
CsrBlob = Shapes::BlobShape.new(name: 'CsrBlob')
|
46
52
|
CsrBody = Shapes::StringShape.new(name: 'CsrBody')
|
53
|
+
CsrExtensions = Shapes::StructureShape.new(name: 'CsrExtensions')
|
54
|
+
CustomObjectIdentifier = Shapes::StringShape.new(name: 'CustomObjectIdentifier')
|
47
55
|
DeleteCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DeleteCertificateAuthorityRequest')
|
48
56
|
DeletePermissionRequest = Shapes::StructureShape.new(name: 'DeletePermissionRequest')
|
49
57
|
DeletePolicyRequest = Shapes::StructureShape.new(name: 'DeletePolicyRequest')
|
@@ -51,7 +59,14 @@ module Aws::ACMPCA
|
|
51
59
|
DescribeCertificateAuthorityAuditReportResponse = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityAuditReportResponse')
|
52
60
|
DescribeCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityRequest')
|
53
61
|
DescribeCertificateAuthorityResponse = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityResponse')
|
62
|
+
EdiPartyName = Shapes::StructureShape.new(name: 'EdiPartyName')
|
63
|
+
ExtendedKeyUsage = Shapes::StructureShape.new(name: 'ExtendedKeyUsage')
|
64
|
+
ExtendedKeyUsageList = Shapes::ListShape.new(name: 'ExtendedKeyUsageList')
|
65
|
+
ExtendedKeyUsageType = Shapes::StringShape.new(name: 'ExtendedKeyUsageType')
|
66
|
+
Extensions = Shapes::StructureShape.new(name: 'Extensions')
|
54
67
|
FailureReason = Shapes::StringShape.new(name: 'FailureReason')
|
68
|
+
GeneralName = Shapes::StructureShape.new(name: 'GeneralName')
|
69
|
+
GeneralNameList = Shapes::ListShape.new(name: 'GeneralNameList')
|
55
70
|
GetCertificateAuthorityCertificateRequest = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCertificateRequest')
|
56
71
|
GetCertificateAuthorityCertificateResponse = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCertificateResponse')
|
57
72
|
GetCertificateAuthorityCsrRequest = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCsrRequest')
|
@@ -73,6 +88,7 @@ module Aws::ACMPCA
|
|
73
88
|
IssueCertificateRequest = Shapes::StructureShape.new(name: 'IssueCertificateRequest')
|
74
89
|
IssueCertificateResponse = Shapes::StructureShape.new(name: 'IssueCertificateResponse')
|
75
90
|
KeyAlgorithm = Shapes::StringShape.new(name: 'KeyAlgorithm')
|
91
|
+
KeyUsage = Shapes::StructureShape.new(name: 'KeyUsage')
|
76
92
|
LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
|
77
93
|
ListCertificateAuthoritiesRequest = Shapes::StructureShape.new(name: 'ListCertificateAuthoritiesRequest')
|
78
94
|
ListCertificateAuthoritiesResponse = Shapes::StructureShape.new(name: 'ListCertificateAuthoritiesResponse')
|
@@ -85,13 +101,19 @@ module Aws::ACMPCA
|
|
85
101
|
MalformedCertificateException = Shapes::StructureShape.new(name: 'MalformedCertificateException')
|
86
102
|
MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
|
87
103
|
NextToken = Shapes::StringShape.new(name: 'NextToken')
|
104
|
+
OtherName = Shapes::StructureShape.new(name: 'OtherName')
|
88
105
|
PermanentDeletionTimeInDays = Shapes::IntegerShape.new(name: 'PermanentDeletionTimeInDays')
|
89
106
|
Permission = Shapes::StructureShape.new(name: 'Permission')
|
90
107
|
PermissionAlreadyExistsException = Shapes::StructureShape.new(name: 'PermissionAlreadyExistsException')
|
91
108
|
PermissionList = Shapes::ListShape.new(name: 'PermissionList')
|
109
|
+
PolicyInformation = Shapes::StructureShape.new(name: 'PolicyInformation')
|
110
|
+
PolicyQualifierId = Shapes::StringShape.new(name: 'PolicyQualifierId')
|
111
|
+
PolicyQualifierInfo = Shapes::StructureShape.new(name: 'PolicyQualifierInfo')
|
112
|
+
PolicyQualifierInfoList = Shapes::ListShape.new(name: 'PolicyQualifierInfoList')
|
92
113
|
PositiveLong = Shapes::IntegerShape.new(name: 'PositiveLong')
|
93
114
|
Principal = Shapes::StringShape.new(name: 'Principal')
|
94
115
|
PutPolicyRequest = Shapes::StructureShape.new(name: 'PutPolicyRequest')
|
116
|
+
Qualifier = Shapes::StructureShape.new(name: 'Qualifier')
|
95
117
|
RequestAlreadyProcessedException = Shapes::StructureShape.new(name: 'RequestAlreadyProcessedException')
|
96
118
|
RequestFailedException = Shapes::StructureShape.new(name: 'RequestFailedException')
|
97
119
|
RequestInProgressException = Shapes::StructureShape.new(name: 'RequestInProgressException')
|
@@ -108,7 +130,9 @@ module Aws::ACMPCA
|
|
108
130
|
String128 = Shapes::StringShape.new(name: 'String128')
|
109
131
|
String16 = Shapes::StringShape.new(name: 'String16')
|
110
132
|
String253 = Shapes::StringShape.new(name: 'String253')
|
133
|
+
String256 = Shapes::StringShape.new(name: 'String256')
|
111
134
|
String3 = Shapes::StringShape.new(name: 'String3')
|
135
|
+
String39 = Shapes::StringShape.new(name: 'String39')
|
112
136
|
String3To255 = Shapes::StringShape.new(name: 'String3To255')
|
113
137
|
String40 = Shapes::StringShape.new(name: 'String40')
|
114
138
|
String5 = Shapes::StringShape.new(name: 'String5')
|
@@ -141,8 +165,22 @@ module Aws::ACMPCA
|
|
141
165
|
ASN1Subject.add_member(:generation_qualifier, Shapes::ShapeRef.new(shape: String3, location_name: "GenerationQualifier"))
|
142
166
|
ASN1Subject.struct_class = Types::ASN1Subject
|
143
167
|
|
168
|
+
AccessDescription.add_member(:access_method, Shapes::ShapeRef.new(shape: AccessMethod, required: true, location_name: "AccessMethod"))
|
169
|
+
AccessDescription.add_member(:access_location, Shapes::ShapeRef.new(shape: GeneralName, required: true, location_name: "AccessLocation"))
|
170
|
+
AccessDescription.struct_class = Types::AccessDescription
|
171
|
+
|
172
|
+
AccessDescriptionList.member = Shapes::ShapeRef.new(shape: AccessDescription)
|
173
|
+
|
174
|
+
AccessMethod.add_member(:custom_object_identifier, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, location_name: "CustomObjectIdentifier"))
|
175
|
+
AccessMethod.add_member(:access_method_type, Shapes::ShapeRef.new(shape: AccessMethodType, location_name: "AccessMethodType"))
|
176
|
+
AccessMethod.struct_class = Types::AccessMethod
|
177
|
+
|
144
178
|
ActionList.member = Shapes::ShapeRef.new(shape: ActionType)
|
145
179
|
|
180
|
+
ApiPassthrough.add_member(:extensions, Shapes::ShapeRef.new(shape: Extensions, location_name: "Extensions"))
|
181
|
+
ApiPassthrough.add_member(:subject, Shapes::ShapeRef.new(shape: ASN1Subject, location_name: "Subject"))
|
182
|
+
ApiPassthrough.struct_class = Types::ApiPassthrough
|
183
|
+
|
146
184
|
CertificateAuthorities.member = Shapes::ShapeRef.new(shape: CertificateAuthority)
|
147
185
|
|
148
186
|
CertificateAuthority.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
|
@@ -163,11 +201,14 @@ module Aws::ACMPCA
|
|
163
201
|
CertificateAuthorityConfiguration.add_member(:key_algorithm, Shapes::ShapeRef.new(shape: KeyAlgorithm, required: true, location_name: "KeyAlgorithm"))
|
164
202
|
CertificateAuthorityConfiguration.add_member(:signing_algorithm, Shapes::ShapeRef.new(shape: SigningAlgorithm, required: true, location_name: "SigningAlgorithm"))
|
165
203
|
CertificateAuthorityConfiguration.add_member(:subject, Shapes::ShapeRef.new(shape: ASN1Subject, required: true, location_name: "Subject"))
|
204
|
+
CertificateAuthorityConfiguration.add_member(:csr_extensions, Shapes::ShapeRef.new(shape: CsrExtensions, location_name: "CsrExtensions"))
|
166
205
|
CertificateAuthorityConfiguration.struct_class = Types::CertificateAuthorityConfiguration
|
167
206
|
|
168
207
|
CertificateMismatchException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
169
208
|
CertificateMismatchException.struct_class = Types::CertificateMismatchException
|
170
209
|
|
210
|
+
CertificatePolicyList.member = Shapes::ShapeRef.new(shape: PolicyInformation)
|
211
|
+
|
171
212
|
ConcurrentModificationException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
172
213
|
ConcurrentModificationException.struct_class = Types::ConcurrentModificationException
|
173
214
|
|
@@ -202,6 +243,10 @@ module Aws::ACMPCA
|
|
202
243
|
CrlConfiguration.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: String3To255, location_name: "S3BucketName"))
|
203
244
|
CrlConfiguration.struct_class = Types::CrlConfiguration
|
204
245
|
|
246
|
+
CsrExtensions.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsage, location_name: "KeyUsage"))
|
247
|
+
CsrExtensions.add_member(:subject_information_access, Shapes::ShapeRef.new(shape: AccessDescriptionList, location_name: "SubjectInformationAccess"))
|
248
|
+
CsrExtensions.struct_class = Types::CsrExtensions
|
249
|
+
|
205
250
|
DeleteCertificateAuthorityRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
206
251
|
DeleteCertificateAuthorityRequest.add_member(:permanent_deletion_time_in_days, Shapes::ShapeRef.new(shape: PermanentDeletionTimeInDays, location_name: "PermanentDeletionTimeInDays"))
|
207
252
|
DeleteCertificateAuthorityRequest.struct_class = Types::DeleteCertificateAuthorityRequest
|
@@ -230,6 +275,34 @@ module Aws::ACMPCA
|
|
230
275
|
DescribeCertificateAuthorityResponse.add_member(:certificate_authority, Shapes::ShapeRef.new(shape: CertificateAuthority, location_name: "CertificateAuthority"))
|
231
276
|
DescribeCertificateAuthorityResponse.struct_class = Types::DescribeCertificateAuthorityResponse
|
232
277
|
|
278
|
+
EdiPartyName.add_member(:party_name, Shapes::ShapeRef.new(shape: String256, required: true, location_name: "PartyName"))
|
279
|
+
EdiPartyName.add_member(:name_assigner, Shapes::ShapeRef.new(shape: String256, location_name: "NameAssigner"))
|
280
|
+
EdiPartyName.struct_class = Types::EdiPartyName
|
281
|
+
|
282
|
+
ExtendedKeyUsage.add_member(:extended_key_usage_type, Shapes::ShapeRef.new(shape: ExtendedKeyUsageType, location_name: "ExtendedKeyUsageType"))
|
283
|
+
ExtendedKeyUsage.add_member(:extended_key_usage_object_identifier, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, location_name: "ExtendedKeyUsageObjectIdentifier"))
|
284
|
+
ExtendedKeyUsage.struct_class = Types::ExtendedKeyUsage
|
285
|
+
|
286
|
+
ExtendedKeyUsageList.member = Shapes::ShapeRef.new(shape: ExtendedKeyUsage)
|
287
|
+
|
288
|
+
Extensions.add_member(:certificate_policies, Shapes::ShapeRef.new(shape: CertificatePolicyList, location_name: "CertificatePolicies"))
|
289
|
+
Extensions.add_member(:extended_key_usage, Shapes::ShapeRef.new(shape: ExtendedKeyUsageList, location_name: "ExtendedKeyUsage"))
|
290
|
+
Extensions.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsage, location_name: "KeyUsage"))
|
291
|
+
Extensions.add_member(:subject_alternative_names, Shapes::ShapeRef.new(shape: GeneralNameList, location_name: "SubjectAlternativeNames"))
|
292
|
+
Extensions.struct_class = Types::Extensions
|
293
|
+
|
294
|
+
GeneralName.add_member(:other_name, Shapes::ShapeRef.new(shape: OtherName, location_name: "OtherName"))
|
295
|
+
GeneralName.add_member(:rfc_822_name, Shapes::ShapeRef.new(shape: String256, location_name: "Rfc822Name"))
|
296
|
+
GeneralName.add_member(:dns_name, Shapes::ShapeRef.new(shape: String253, location_name: "DnsName"))
|
297
|
+
GeneralName.add_member(:directory_name, Shapes::ShapeRef.new(shape: ASN1Subject, location_name: "DirectoryName"))
|
298
|
+
GeneralName.add_member(:edi_party_name, Shapes::ShapeRef.new(shape: EdiPartyName, location_name: "EdiPartyName"))
|
299
|
+
GeneralName.add_member(:uniform_resource_identifier, Shapes::ShapeRef.new(shape: String253, location_name: "UniformResourceIdentifier"))
|
300
|
+
GeneralName.add_member(:ip_address, Shapes::ShapeRef.new(shape: String39, location_name: "IpAddress"))
|
301
|
+
GeneralName.add_member(:registered_id, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, location_name: "RegisteredId"))
|
302
|
+
GeneralName.struct_class = Types::GeneralName
|
303
|
+
|
304
|
+
GeneralNameList.member = Shapes::ShapeRef.new(shape: GeneralName)
|
305
|
+
|
233
306
|
GetCertificateAuthorityCertificateRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
234
307
|
GetCertificateAuthorityCertificateRequest.struct_class = Types::GetCertificateAuthorityCertificateRequest
|
235
308
|
|
@@ -283,17 +356,30 @@ module Aws::ACMPCA
|
|
283
356
|
InvalidTagException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
284
357
|
InvalidTagException.struct_class = Types::InvalidTagException
|
285
358
|
|
359
|
+
IssueCertificateRequest.add_member(:api_passthrough, Shapes::ShapeRef.new(shape: ApiPassthrough, location_name: "ApiPassthrough"))
|
286
360
|
IssueCertificateRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
287
361
|
IssueCertificateRequest.add_member(:csr, Shapes::ShapeRef.new(shape: CsrBlob, required: true, location_name: "Csr"))
|
288
362
|
IssueCertificateRequest.add_member(:signing_algorithm, Shapes::ShapeRef.new(shape: SigningAlgorithm, required: true, location_name: "SigningAlgorithm"))
|
289
363
|
IssueCertificateRequest.add_member(:template_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "TemplateArn"))
|
290
364
|
IssueCertificateRequest.add_member(:validity, Shapes::ShapeRef.new(shape: Validity, required: true, location_name: "Validity"))
|
365
|
+
IssueCertificateRequest.add_member(:validity_not_before, Shapes::ShapeRef.new(shape: Validity, location_name: "ValidityNotBefore"))
|
291
366
|
IssueCertificateRequest.add_member(:idempotency_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "IdempotencyToken"))
|
292
367
|
IssueCertificateRequest.struct_class = Types::IssueCertificateRequest
|
293
368
|
|
294
369
|
IssueCertificateResponse.add_member(:certificate_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "CertificateArn"))
|
295
370
|
IssueCertificateResponse.struct_class = Types::IssueCertificateResponse
|
296
371
|
|
372
|
+
KeyUsage.add_member(:digital_signature, Shapes::ShapeRef.new(shape: Boolean, location_name: "DigitalSignature"))
|
373
|
+
KeyUsage.add_member(:non_repudiation, Shapes::ShapeRef.new(shape: Boolean, location_name: "NonRepudiation"))
|
374
|
+
KeyUsage.add_member(:key_encipherment, Shapes::ShapeRef.new(shape: Boolean, location_name: "KeyEncipherment"))
|
375
|
+
KeyUsage.add_member(:data_encipherment, Shapes::ShapeRef.new(shape: Boolean, location_name: "DataEncipherment"))
|
376
|
+
KeyUsage.add_member(:key_agreement, Shapes::ShapeRef.new(shape: Boolean, location_name: "KeyAgreement"))
|
377
|
+
KeyUsage.add_member(:key_cert_sign, Shapes::ShapeRef.new(shape: Boolean, location_name: "KeyCertSign"))
|
378
|
+
KeyUsage.add_member(:crl_sign, Shapes::ShapeRef.new(shape: Boolean, location_name: "CRLSign"))
|
379
|
+
KeyUsage.add_member(:encipher_only, Shapes::ShapeRef.new(shape: Boolean, location_name: "EncipherOnly"))
|
380
|
+
KeyUsage.add_member(:decipher_only, Shapes::ShapeRef.new(shape: Boolean, location_name: "DecipherOnly"))
|
381
|
+
KeyUsage.struct_class = Types::KeyUsage
|
382
|
+
|
297
383
|
LimitExceededException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
298
384
|
LimitExceededException.struct_class = Types::LimitExceededException
|
299
385
|
|
@@ -333,6 +419,10 @@ module Aws::ACMPCA
|
|
333
419
|
MalformedCertificateException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
334
420
|
MalformedCertificateException.struct_class = Types::MalformedCertificateException
|
335
421
|
|
422
|
+
OtherName.add_member(:type_id, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, required: true, location_name: "TypeId"))
|
423
|
+
OtherName.add_member(:value, Shapes::ShapeRef.new(shape: String256, required: true, location_name: "Value"))
|
424
|
+
OtherName.struct_class = Types::OtherName
|
425
|
+
|
336
426
|
Permission.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "CertificateAuthorityArn"))
|
337
427
|
Permission.add_member(:created_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "CreatedAt"))
|
338
428
|
Permission.add_member(:principal, Shapes::ShapeRef.new(shape: Principal, location_name: "Principal"))
|
@@ -346,10 +436,23 @@ module Aws::ACMPCA
|
|
346
436
|
|
347
437
|
PermissionList.member = Shapes::ShapeRef.new(shape: Permission)
|
348
438
|
|
439
|
+
PolicyInformation.add_member(:cert_policy_id, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, required: true, location_name: "CertPolicyId"))
|
440
|
+
PolicyInformation.add_member(:policy_qualifiers, Shapes::ShapeRef.new(shape: PolicyQualifierInfoList, location_name: "PolicyQualifiers"))
|
441
|
+
PolicyInformation.struct_class = Types::PolicyInformation
|
442
|
+
|
443
|
+
PolicyQualifierInfo.add_member(:policy_qualifier_id, Shapes::ShapeRef.new(shape: PolicyQualifierId, required: true, location_name: "PolicyQualifierId"))
|
444
|
+
PolicyQualifierInfo.add_member(:qualifier, Shapes::ShapeRef.new(shape: Qualifier, required: true, location_name: "Qualifier"))
|
445
|
+
PolicyQualifierInfo.struct_class = Types::PolicyQualifierInfo
|
446
|
+
|
447
|
+
PolicyQualifierInfoList.member = Shapes::ShapeRef.new(shape: PolicyQualifierInfo)
|
448
|
+
|
349
449
|
PutPolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "ResourceArn"))
|
350
450
|
PutPolicyRequest.add_member(:policy, Shapes::ShapeRef.new(shape: AWSPolicy, required: true, location_name: "Policy"))
|
351
451
|
PutPolicyRequest.struct_class = Types::PutPolicyRequest
|
352
452
|
|
453
|
+
Qualifier.add_member(:cps_uri, Shapes::ShapeRef.new(shape: String256, required: true, location_name: "CpsUri"))
|
454
|
+
Qualifier.struct_class = Types::Qualifier
|
455
|
+
|
353
456
|
RequestAlreadyProcessedException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
354
457
|
RequestAlreadyProcessedException.struct_class = Types::RequestAlreadyProcessedException
|
355
458
|
|
data/lib/aws-sdk-acmpca/types.rb
CHANGED
@@ -10,16 +10,12 @@
|
|
10
10
|
module Aws::ACMPCA
|
11
11
|
module Types
|
12
12
|
|
13
|
-
# Contains information about the certificate subject. The
|
14
|
-
#
|
15
|
-
#
|
16
|
-
#
|
17
|
-
#
|
18
|
-
#
|
19
|
-
# (DN). A DN is a sequence of relative distinguished names (RDNs). The
|
20
|
-
# RDNs are separated by commas in the certificate. The DN must be unique
|
21
|
-
# for each entity, but your private CA can issue more than one
|
22
|
-
# certificate with the same DN to the same entity.
|
13
|
+
# Contains information about the certificate subject. The `Subject`
|
14
|
+
# field in the certificate identifies the entity that owns or controls
|
15
|
+
# the public key in the certificate. The entity can be a user, computer,
|
16
|
+
# device, or service. The `Subject `must contain an X.500 distinguished
|
17
|
+
# name (DN). A DN is a sequence of relative distinguished names (RDNs).
|
18
|
+
# The RDNs are separated by commas in the certificate.
|
23
19
|
#
|
24
20
|
# @note When making an API call, you may pass ASN1Subject
|
25
21
|
# data as a hash:
|
@@ -65,7 +61,11 @@ module Aws::ACMPCA
|
|
65
61
|
# @return [String]
|
66
62
|
#
|
67
63
|
# @!attribute [rw] common_name
|
68
|
-
#
|
64
|
+
# For CA and end-entity certificates in a private PKI, the common name
|
65
|
+
# (CN) can be any string within the length limit.
|
66
|
+
#
|
67
|
+
# Note: In publicly trusted certificates, the common name must be a
|
68
|
+
# fully qualified domain name (FQDN) associated with the certificate
|
69
69
|
# subject.
|
70
70
|
# @return [String]
|
71
71
|
#
|
@@ -96,7 +96,7 @@ module Aws::ACMPCA
|
|
96
96
|
# @!attribute [rw] initials
|
97
97
|
# Concatenation that typically contains the first letter of the
|
98
98
|
# **GivenName**, the first letter of the middle name if one exists,
|
99
|
-
# and the first letter of the **
|
99
|
+
# and the first letter of the **Surname**.
|
100
100
|
# @return [String]
|
101
101
|
#
|
102
102
|
# @!attribute [rw] pseudonym
|
@@ -131,6 +131,224 @@ module Aws::ACMPCA
|
|
131
131
|
include Aws::Structure
|
132
132
|
end
|
133
133
|
|
134
|
+
# Provides access information used by the `authorityInfoAccess` and
|
135
|
+
# `subjectInfoAccess` extensions described in [RFC 5280][1].
|
136
|
+
#
|
137
|
+
#
|
138
|
+
#
|
139
|
+
# [1]: https://tools.ietf.org/html/rfc5280
|
140
|
+
#
|
141
|
+
# @note When making an API call, you may pass AccessDescription
|
142
|
+
# data as a hash:
|
143
|
+
#
|
144
|
+
# {
|
145
|
+
# access_method: { # required
|
146
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
147
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
148
|
+
# },
|
149
|
+
# access_location: { # required
|
150
|
+
# other_name: {
|
151
|
+
# type_id: "CustomObjectIdentifier", # required
|
152
|
+
# value: "String256", # required
|
153
|
+
# },
|
154
|
+
# rfc_822_name: "String256",
|
155
|
+
# dns_name: "String253",
|
156
|
+
# directory_name: {
|
157
|
+
# country: "CountryCodeString",
|
158
|
+
# organization: "String64",
|
159
|
+
# organizational_unit: "String64",
|
160
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
161
|
+
# state: "String128",
|
162
|
+
# common_name: "String64",
|
163
|
+
# serial_number: "ASN1PrintableString64",
|
164
|
+
# locality: "String128",
|
165
|
+
# title: "String64",
|
166
|
+
# surname: "String40",
|
167
|
+
# given_name: "String16",
|
168
|
+
# initials: "String5",
|
169
|
+
# pseudonym: "String128",
|
170
|
+
# generation_qualifier: "String3",
|
171
|
+
# },
|
172
|
+
# edi_party_name: {
|
173
|
+
# party_name: "String256", # required
|
174
|
+
# name_assigner: "String256",
|
175
|
+
# },
|
176
|
+
# uniform_resource_identifier: "String253",
|
177
|
+
# ip_address: "String39",
|
178
|
+
# registered_id: "CustomObjectIdentifier",
|
179
|
+
# },
|
180
|
+
# }
|
181
|
+
#
|
182
|
+
# @!attribute [rw] access_method
|
183
|
+
# The type and format of `AccessDescription` information.
|
184
|
+
# @return [Types::AccessMethod]
|
185
|
+
#
|
186
|
+
# @!attribute [rw] access_location
|
187
|
+
# The location of `AccessDescription` information.
|
188
|
+
# @return [Types::GeneralName]
|
189
|
+
#
|
190
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/AccessDescription AWS API Documentation
|
191
|
+
#
|
192
|
+
class AccessDescription < Struct.new(
|
193
|
+
:access_method,
|
194
|
+
:access_location)
|
195
|
+
SENSITIVE = []
|
196
|
+
include Aws::Structure
|
197
|
+
end
|
198
|
+
|
199
|
+
# Describes the type and format of extension access. Only one of
|
200
|
+
# `CustomObjectIdentifier` or `AccessMethodType` may be provided.
|
201
|
+
# Providing both results in `InvalidArgsException`.
|
202
|
+
#
|
203
|
+
# @note When making an API call, you may pass AccessMethod
|
204
|
+
# data as a hash:
|
205
|
+
#
|
206
|
+
# {
|
207
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
208
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
209
|
+
# }
|
210
|
+
#
|
211
|
+
# @!attribute [rw] custom_object_identifier
|
212
|
+
# An object identifier (OID) specifying the `AccessMethod`. The OID
|
213
|
+
# must satisfy the regular expression shown below. For more
|
214
|
+
# information, see NIST's definition of [Object Identifier (OID)][1].
|
215
|
+
#
|
216
|
+
#
|
217
|
+
#
|
218
|
+
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
219
|
+
# @return [String]
|
220
|
+
#
|
221
|
+
# @!attribute [rw] access_method_type
|
222
|
+
# Specifies the `AccessMethod`.
|
223
|
+
# @return [String]
|
224
|
+
#
|
225
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/AccessMethod AWS API Documentation
|
226
|
+
#
|
227
|
+
class AccessMethod < Struct.new(
|
228
|
+
:custom_object_identifier,
|
229
|
+
:access_method_type)
|
230
|
+
SENSITIVE = []
|
231
|
+
include Aws::Structure
|
232
|
+
end
|
233
|
+
|
234
|
+
# Contains X.509 certificate information to be placed in an issued
|
235
|
+
# certificate. An `APIPassthrough` or `APICSRPassthrough` template
|
236
|
+
# variant must be selected, or else this parameter is ignored.
|
237
|
+
#
|
238
|
+
# If conflicting or duplicate certificate information is supplied from
|
239
|
+
# other sources, ACM Private CA applies [order of operation
|
240
|
+
# rules](xxxxx) to determine what information is used.
|
241
|
+
#
|
242
|
+
# @note When making an API call, you may pass ApiPassthrough
|
243
|
+
# data as a hash:
|
244
|
+
#
|
245
|
+
# {
|
246
|
+
# extensions: {
|
247
|
+
# certificate_policies: [
|
248
|
+
# {
|
249
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
250
|
+
# policy_qualifiers: [
|
251
|
+
# {
|
252
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
253
|
+
# qualifier: { # required
|
254
|
+
# cps_uri: "String256", # required
|
255
|
+
# },
|
256
|
+
# },
|
257
|
+
# ],
|
258
|
+
# },
|
259
|
+
# ],
|
260
|
+
# extended_key_usage: [
|
261
|
+
# {
|
262
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
263
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
264
|
+
# },
|
265
|
+
# ],
|
266
|
+
# key_usage: {
|
267
|
+
# digital_signature: false,
|
268
|
+
# non_repudiation: false,
|
269
|
+
# key_encipherment: false,
|
270
|
+
# data_encipherment: false,
|
271
|
+
# key_agreement: false,
|
272
|
+
# key_cert_sign: false,
|
273
|
+
# crl_sign: false,
|
274
|
+
# encipher_only: false,
|
275
|
+
# decipher_only: false,
|
276
|
+
# },
|
277
|
+
# subject_alternative_names: [
|
278
|
+
# {
|
279
|
+
# other_name: {
|
280
|
+
# type_id: "CustomObjectIdentifier", # required
|
281
|
+
# value: "String256", # required
|
282
|
+
# },
|
283
|
+
# rfc_822_name: "String256",
|
284
|
+
# dns_name: "String253",
|
285
|
+
# directory_name: {
|
286
|
+
# country: "CountryCodeString",
|
287
|
+
# organization: "String64",
|
288
|
+
# organizational_unit: "String64",
|
289
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
290
|
+
# state: "String128",
|
291
|
+
# common_name: "String64",
|
292
|
+
# serial_number: "ASN1PrintableString64",
|
293
|
+
# locality: "String128",
|
294
|
+
# title: "String64",
|
295
|
+
# surname: "String40",
|
296
|
+
# given_name: "String16",
|
297
|
+
# initials: "String5",
|
298
|
+
# pseudonym: "String128",
|
299
|
+
# generation_qualifier: "String3",
|
300
|
+
# },
|
301
|
+
# edi_party_name: {
|
302
|
+
# party_name: "String256", # required
|
303
|
+
# name_assigner: "String256",
|
304
|
+
# },
|
305
|
+
# uniform_resource_identifier: "String253",
|
306
|
+
# ip_address: "String39",
|
307
|
+
# registered_id: "CustomObjectIdentifier",
|
308
|
+
# },
|
309
|
+
# ],
|
310
|
+
# },
|
311
|
+
# subject: {
|
312
|
+
# country: "CountryCodeString",
|
313
|
+
# organization: "String64",
|
314
|
+
# organizational_unit: "String64",
|
315
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
316
|
+
# state: "String128",
|
317
|
+
# common_name: "String64",
|
318
|
+
# serial_number: "ASN1PrintableString64",
|
319
|
+
# locality: "String128",
|
320
|
+
# title: "String64",
|
321
|
+
# surname: "String40",
|
322
|
+
# given_name: "String16",
|
323
|
+
# initials: "String5",
|
324
|
+
# pseudonym: "String128",
|
325
|
+
# generation_qualifier: "String3",
|
326
|
+
# },
|
327
|
+
# }
|
328
|
+
#
|
329
|
+
# @!attribute [rw] extensions
|
330
|
+
# Specifies X.509 extension information for a certificate.
|
331
|
+
# @return [Types::Extensions]
|
332
|
+
#
|
333
|
+
# @!attribute [rw] subject
|
334
|
+
# Contains information about the certificate subject. The `Subject`
|
335
|
+
# field in the certificate identifies the entity that owns or controls
|
336
|
+
# the public key in the certificate. The entity can be a user,
|
337
|
+
# computer, device, or service. The `Subject `must contain an X.500
|
338
|
+
# distinguished name (DN). A DN is a sequence of relative
|
339
|
+
# distinguished names (RDNs). The RDNs are separated by commas in the
|
340
|
+
# certificate.
|
341
|
+
# @return [Types::ASN1Subject]
|
342
|
+
#
|
343
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ApiPassthrough AWS API Documentation
|
344
|
+
#
|
345
|
+
class ApiPassthrough < Struct.new(
|
346
|
+
:extensions,
|
347
|
+
:subject)
|
348
|
+
SENSITIVE = []
|
349
|
+
include Aws::Structure
|
350
|
+
end
|
351
|
+
|
134
352
|
# Contains information about your private certificate authority (CA).
|
135
353
|
# Your private CA can issue and revoke X.509 digital certificates.
|
136
354
|
# Digital certificates verify that the entity named in the certificate
|
@@ -264,6 +482,58 @@ module Aws::ACMPCA
|
|
264
482
|
# pseudonym: "String128",
|
265
483
|
# generation_qualifier: "String3",
|
266
484
|
# },
|
485
|
+
# csr_extensions: {
|
486
|
+
# key_usage: {
|
487
|
+
# digital_signature: false,
|
488
|
+
# non_repudiation: false,
|
489
|
+
# key_encipherment: false,
|
490
|
+
# data_encipherment: false,
|
491
|
+
# key_agreement: false,
|
492
|
+
# key_cert_sign: false,
|
493
|
+
# crl_sign: false,
|
494
|
+
# encipher_only: false,
|
495
|
+
# decipher_only: false,
|
496
|
+
# },
|
497
|
+
# subject_information_access: [
|
498
|
+
# {
|
499
|
+
# access_method: { # required
|
500
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
501
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
502
|
+
# },
|
503
|
+
# access_location: { # required
|
504
|
+
# other_name: {
|
505
|
+
# type_id: "CustomObjectIdentifier", # required
|
506
|
+
# value: "String256", # required
|
507
|
+
# },
|
508
|
+
# rfc_822_name: "String256",
|
509
|
+
# dns_name: "String253",
|
510
|
+
# directory_name: {
|
511
|
+
# country: "CountryCodeString",
|
512
|
+
# organization: "String64",
|
513
|
+
# organizational_unit: "String64",
|
514
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
515
|
+
# state: "String128",
|
516
|
+
# common_name: "String64",
|
517
|
+
# serial_number: "ASN1PrintableString64",
|
518
|
+
# locality: "String128",
|
519
|
+
# title: "String64",
|
520
|
+
# surname: "String40",
|
521
|
+
# given_name: "String16",
|
522
|
+
# initials: "String5",
|
523
|
+
# pseudonym: "String128",
|
524
|
+
# generation_qualifier: "String3",
|
525
|
+
# },
|
526
|
+
# edi_party_name: {
|
527
|
+
# party_name: "String256", # required
|
528
|
+
# name_assigner: "String256",
|
529
|
+
# },
|
530
|
+
# uniform_resource_identifier: "String253",
|
531
|
+
# ip_address: "String39",
|
532
|
+
# registered_id: "CustomObjectIdentifier",
|
533
|
+
# },
|
534
|
+
# },
|
535
|
+
# ],
|
536
|
+
# },
|
267
537
|
# }
|
268
538
|
#
|
269
539
|
# @!attribute [rw] key_algorithm
|
@@ -286,12 +556,18 @@ module Aws::ACMPCA
|
|
286
556
|
# your private CA.
|
287
557
|
# @return [Types::ASN1Subject]
|
288
558
|
#
|
559
|
+
# @!attribute [rw] csr_extensions
|
560
|
+
# Specifies information to be added to the extension section of the
|
561
|
+
# certificate signing request (CSR).
|
562
|
+
# @return [Types::CsrExtensions]
|
563
|
+
#
|
289
564
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CertificateAuthorityConfiguration AWS API Documentation
|
290
565
|
#
|
291
566
|
class CertificateAuthorityConfiguration < Struct.new(
|
292
567
|
:key_algorithm,
|
293
568
|
:signing_algorithm,
|
294
|
-
:subject
|
569
|
+
:subject,
|
570
|
+
:csr_extensions)
|
295
571
|
SENSITIVE = []
|
296
572
|
include Aws::Structure
|
297
573
|
end
|
@@ -400,6 +676,58 @@ module Aws::ACMPCA
|
|
400
676
|
# pseudonym: "String128",
|
401
677
|
# generation_qualifier: "String3",
|
402
678
|
# },
|
679
|
+
# csr_extensions: {
|
680
|
+
# key_usage: {
|
681
|
+
# digital_signature: false,
|
682
|
+
# non_repudiation: false,
|
683
|
+
# key_encipherment: false,
|
684
|
+
# data_encipherment: false,
|
685
|
+
# key_agreement: false,
|
686
|
+
# key_cert_sign: false,
|
687
|
+
# crl_sign: false,
|
688
|
+
# encipher_only: false,
|
689
|
+
# decipher_only: false,
|
690
|
+
# },
|
691
|
+
# subject_information_access: [
|
692
|
+
# {
|
693
|
+
# access_method: { # required
|
694
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
695
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
696
|
+
# },
|
697
|
+
# access_location: { # required
|
698
|
+
# other_name: {
|
699
|
+
# type_id: "CustomObjectIdentifier", # required
|
700
|
+
# value: "String256", # required
|
701
|
+
# },
|
702
|
+
# rfc_822_name: "String256",
|
703
|
+
# dns_name: "String253",
|
704
|
+
# directory_name: {
|
705
|
+
# country: "CountryCodeString",
|
706
|
+
# organization: "String64",
|
707
|
+
# organizational_unit: "String64",
|
708
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
709
|
+
# state: "String128",
|
710
|
+
# common_name: "String64",
|
711
|
+
# serial_number: "ASN1PrintableString64",
|
712
|
+
# locality: "String128",
|
713
|
+
# title: "String64",
|
714
|
+
# surname: "String40",
|
715
|
+
# given_name: "String16",
|
716
|
+
# initials: "String5",
|
717
|
+
# pseudonym: "String128",
|
718
|
+
# generation_qualifier: "String3",
|
719
|
+
# },
|
720
|
+
# edi_party_name: {
|
721
|
+
# party_name: "String256", # required
|
722
|
+
# name_assigner: "String256",
|
723
|
+
# },
|
724
|
+
# uniform_resource_identifier: "String253",
|
725
|
+
# ip_address: "String39",
|
726
|
+
# registered_id: "CustomObjectIdentifier",
|
727
|
+
# },
|
728
|
+
# },
|
729
|
+
# ],
|
730
|
+
# },
|
403
731
|
# },
|
404
732
|
# revocation_configuration: {
|
405
733
|
# crl_configuration: {
|
@@ -442,13 +770,15 @@ module Aws::ACMPCA
|
|
442
770
|
# @return [String]
|
443
771
|
#
|
444
772
|
# @!attribute [rw] idempotency_token
|
445
|
-
#
|
446
|
-
# **CreateCertificateAuthority
|
447
|
-
#
|
448
|
-
#
|
449
|
-
#
|
450
|
-
#
|
451
|
-
# token
|
773
|
+
# Custom string that can be used to distinguish between calls to the
|
774
|
+
# **CreateCertificateAuthority** action. Idempotency tokens for
|
775
|
+
# **CreateCertificateAuthority** time out after five minutes.
|
776
|
+
# Therefore, if you call **CreateCertificateAuthority** multiple times
|
777
|
+
# with the same idempotency token within five minutes, ACM Private CA
|
778
|
+
# recognizes that you are requesting only certificate authority and
|
779
|
+
# will issue only one. If you change the idempotency token for each
|
780
|
+
# call, PCA recognizes that you are requesting multiple certificate
|
781
|
+
# authorities.
|
452
782
|
# @return [String]
|
453
783
|
#
|
454
784
|
# @!attribute [rw] tags
|
@@ -635,7 +965,7 @@ module Aws::ACMPCA
|
|
635
965
|
# @return [Boolean]
|
636
966
|
#
|
637
967
|
# @!attribute [rw] expiration_in_days
|
638
|
-
#
|
968
|
+
# Validity period of the CRL in days.
|
639
969
|
# @return [Integer]
|
640
970
|
#
|
641
971
|
# @!attribute [rw] custom_cname
|
@@ -670,6 +1000,89 @@ module Aws::ACMPCA
|
|
670
1000
|
include Aws::Structure
|
671
1001
|
end
|
672
1002
|
|
1003
|
+
# Describes the certificate extensions to be added to the certificate
|
1004
|
+
# signing request (CSR).
|
1005
|
+
#
|
1006
|
+
# @note When making an API call, you may pass CsrExtensions
|
1007
|
+
# data as a hash:
|
1008
|
+
#
|
1009
|
+
# {
|
1010
|
+
# key_usage: {
|
1011
|
+
# digital_signature: false,
|
1012
|
+
# non_repudiation: false,
|
1013
|
+
# key_encipherment: false,
|
1014
|
+
# data_encipherment: false,
|
1015
|
+
# key_agreement: false,
|
1016
|
+
# key_cert_sign: false,
|
1017
|
+
# crl_sign: false,
|
1018
|
+
# encipher_only: false,
|
1019
|
+
# decipher_only: false,
|
1020
|
+
# },
|
1021
|
+
# subject_information_access: [
|
1022
|
+
# {
|
1023
|
+
# access_method: { # required
|
1024
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
1025
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
1026
|
+
# },
|
1027
|
+
# access_location: { # required
|
1028
|
+
# other_name: {
|
1029
|
+
# type_id: "CustomObjectIdentifier", # required
|
1030
|
+
# value: "String256", # required
|
1031
|
+
# },
|
1032
|
+
# rfc_822_name: "String256",
|
1033
|
+
# dns_name: "String253",
|
1034
|
+
# directory_name: {
|
1035
|
+
# country: "CountryCodeString",
|
1036
|
+
# organization: "String64",
|
1037
|
+
# organizational_unit: "String64",
|
1038
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1039
|
+
# state: "String128",
|
1040
|
+
# common_name: "String64",
|
1041
|
+
# serial_number: "ASN1PrintableString64",
|
1042
|
+
# locality: "String128",
|
1043
|
+
# title: "String64",
|
1044
|
+
# surname: "String40",
|
1045
|
+
# given_name: "String16",
|
1046
|
+
# initials: "String5",
|
1047
|
+
# pseudonym: "String128",
|
1048
|
+
# generation_qualifier: "String3",
|
1049
|
+
# },
|
1050
|
+
# edi_party_name: {
|
1051
|
+
# party_name: "String256", # required
|
1052
|
+
# name_assigner: "String256",
|
1053
|
+
# },
|
1054
|
+
# uniform_resource_identifier: "String253",
|
1055
|
+
# ip_address: "String39",
|
1056
|
+
# registered_id: "CustomObjectIdentifier",
|
1057
|
+
# },
|
1058
|
+
# },
|
1059
|
+
# ],
|
1060
|
+
# }
|
1061
|
+
#
|
1062
|
+
# @!attribute [rw] key_usage
|
1063
|
+
# Indicates the purpose of the certificate and of the key contained in
|
1064
|
+
# the certificate.
|
1065
|
+
# @return [Types::KeyUsage]
|
1066
|
+
#
|
1067
|
+
# @!attribute [rw] subject_information_access
|
1068
|
+
# For CA certificates, provides a path to additional information
|
1069
|
+
# pertaining to the CA, such as revocation and policy. For more
|
1070
|
+
# information, see [Subject Information Access][1] in RFC 5280.
|
1071
|
+
#
|
1072
|
+
#
|
1073
|
+
#
|
1074
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.2.2.2
|
1075
|
+
# @return [Array<Types::AccessDescription>]
|
1076
|
+
#
|
1077
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CsrExtensions AWS API Documentation
|
1078
|
+
#
|
1079
|
+
class CsrExtensions < Struct.new(
|
1080
|
+
:key_usage,
|
1081
|
+
:subject_information_access)
|
1082
|
+
SENSITIVE = []
|
1083
|
+
include Aws::Structure
|
1084
|
+
end
|
1085
|
+
|
673
1086
|
# @note When making an API call, you may pass DeleteCertificateAuthorityRequest
|
674
1087
|
# data as a hash:
|
675
1088
|
#
|
@@ -882,6 +1295,289 @@ module Aws::ACMPCA
|
|
882
1295
|
include Aws::Structure
|
883
1296
|
end
|
884
1297
|
|
1298
|
+
# Describes an Electronic Data Interchange (EDI) entity as described in
|
1299
|
+
# as defined in [Subject Alternative Name][1] in RFC 5280.
|
1300
|
+
#
|
1301
|
+
#
|
1302
|
+
#
|
1303
|
+
# [1]: https://tools.ietf.org/html/rfc5280
|
1304
|
+
#
|
1305
|
+
# @note When making an API call, you may pass EdiPartyName
|
1306
|
+
# data as a hash:
|
1307
|
+
#
|
1308
|
+
# {
|
1309
|
+
# party_name: "String256", # required
|
1310
|
+
# name_assigner: "String256",
|
1311
|
+
# }
|
1312
|
+
#
|
1313
|
+
# @!attribute [rw] party_name
|
1314
|
+
# Specifies the party name.
|
1315
|
+
# @return [String]
|
1316
|
+
#
|
1317
|
+
# @!attribute [rw] name_assigner
|
1318
|
+
# Specifies the name assigner.
|
1319
|
+
# @return [String]
|
1320
|
+
#
|
1321
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/EdiPartyName AWS API Documentation
|
1322
|
+
#
|
1323
|
+
class EdiPartyName < Struct.new(
|
1324
|
+
:party_name,
|
1325
|
+
:name_assigner)
|
1326
|
+
SENSITIVE = []
|
1327
|
+
include Aws::Structure
|
1328
|
+
end
|
1329
|
+
|
1330
|
+
# Specifies additional purposes for which the certified public key may
|
1331
|
+
# be used other than basic purposes indicated in the `KeyUsage`
|
1332
|
+
# extension.
|
1333
|
+
#
|
1334
|
+
# @note When making an API call, you may pass ExtendedKeyUsage
|
1335
|
+
# data as a hash:
|
1336
|
+
#
|
1337
|
+
# {
|
1338
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
1339
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
1340
|
+
# }
|
1341
|
+
#
|
1342
|
+
# @!attribute [rw] extended_key_usage_type
|
1343
|
+
# Specifies a standard `ExtendedKeyUsage` as defined as in [RFC
|
1344
|
+
# 5280][1].
|
1345
|
+
#
|
1346
|
+
#
|
1347
|
+
#
|
1348
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.2.1.12
|
1349
|
+
# @return [String]
|
1350
|
+
#
|
1351
|
+
# @!attribute [rw] extended_key_usage_object_identifier
|
1352
|
+
# Specifies a custom `ExtendedKeyUsage` with an object identifier
|
1353
|
+
# (OID).
|
1354
|
+
# @return [String]
|
1355
|
+
#
|
1356
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ExtendedKeyUsage AWS API Documentation
|
1357
|
+
#
|
1358
|
+
class ExtendedKeyUsage < Struct.new(
|
1359
|
+
:extended_key_usage_type,
|
1360
|
+
:extended_key_usage_object_identifier)
|
1361
|
+
SENSITIVE = []
|
1362
|
+
include Aws::Structure
|
1363
|
+
end
|
1364
|
+
|
1365
|
+
# Contains X.509 extension information for a certificate.
|
1366
|
+
#
|
1367
|
+
# @note When making an API call, you may pass Extensions
|
1368
|
+
# data as a hash:
|
1369
|
+
#
|
1370
|
+
# {
|
1371
|
+
# certificate_policies: [
|
1372
|
+
# {
|
1373
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
1374
|
+
# policy_qualifiers: [
|
1375
|
+
# {
|
1376
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
1377
|
+
# qualifier: { # required
|
1378
|
+
# cps_uri: "String256", # required
|
1379
|
+
# },
|
1380
|
+
# },
|
1381
|
+
# ],
|
1382
|
+
# },
|
1383
|
+
# ],
|
1384
|
+
# extended_key_usage: [
|
1385
|
+
# {
|
1386
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
1387
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
1388
|
+
# },
|
1389
|
+
# ],
|
1390
|
+
# key_usage: {
|
1391
|
+
# digital_signature: false,
|
1392
|
+
# non_repudiation: false,
|
1393
|
+
# key_encipherment: false,
|
1394
|
+
# data_encipherment: false,
|
1395
|
+
# key_agreement: false,
|
1396
|
+
# key_cert_sign: false,
|
1397
|
+
# crl_sign: false,
|
1398
|
+
# encipher_only: false,
|
1399
|
+
# decipher_only: false,
|
1400
|
+
# },
|
1401
|
+
# subject_alternative_names: [
|
1402
|
+
# {
|
1403
|
+
# other_name: {
|
1404
|
+
# type_id: "CustomObjectIdentifier", # required
|
1405
|
+
# value: "String256", # required
|
1406
|
+
# },
|
1407
|
+
# rfc_822_name: "String256",
|
1408
|
+
# dns_name: "String253",
|
1409
|
+
# directory_name: {
|
1410
|
+
# country: "CountryCodeString",
|
1411
|
+
# organization: "String64",
|
1412
|
+
# organizational_unit: "String64",
|
1413
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1414
|
+
# state: "String128",
|
1415
|
+
# common_name: "String64",
|
1416
|
+
# serial_number: "ASN1PrintableString64",
|
1417
|
+
# locality: "String128",
|
1418
|
+
# title: "String64",
|
1419
|
+
# surname: "String40",
|
1420
|
+
# given_name: "String16",
|
1421
|
+
# initials: "String5",
|
1422
|
+
# pseudonym: "String128",
|
1423
|
+
# generation_qualifier: "String3",
|
1424
|
+
# },
|
1425
|
+
# edi_party_name: {
|
1426
|
+
# party_name: "String256", # required
|
1427
|
+
# name_assigner: "String256",
|
1428
|
+
# },
|
1429
|
+
# uniform_resource_identifier: "String253",
|
1430
|
+
# ip_address: "String39",
|
1431
|
+
# registered_id: "CustomObjectIdentifier",
|
1432
|
+
# },
|
1433
|
+
# ],
|
1434
|
+
# }
|
1435
|
+
#
|
1436
|
+
# @!attribute [rw] certificate_policies
|
1437
|
+
# Contains a sequence of one or more policy information terms, each of
|
1438
|
+
# which consists of an object identifier (OID) and optional
|
1439
|
+
# qualifiers. For more information, see NIST's definition of [Object
|
1440
|
+
# Identifier (OID)][1].
|
1441
|
+
#
|
1442
|
+
# In an end-entity certificate, these terms indicate the policy under
|
1443
|
+
# which the certificate was issued and the purposes for which it may
|
1444
|
+
# be used. In a CA certificate, these terms limit the set of policies
|
1445
|
+
# for certification paths that include this certificate.
|
1446
|
+
#
|
1447
|
+
#
|
1448
|
+
#
|
1449
|
+
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
1450
|
+
# @return [Array<Types::PolicyInformation>]
|
1451
|
+
#
|
1452
|
+
# @!attribute [rw] extended_key_usage
|
1453
|
+
# Specifies additional purposes for which the certified public key may
|
1454
|
+
# be used other than basic purposes indicated in the `KeyUsage`
|
1455
|
+
# extension.
|
1456
|
+
# @return [Array<Types::ExtendedKeyUsage>]
|
1457
|
+
#
|
1458
|
+
# @!attribute [rw] key_usage
|
1459
|
+
# Defines one or more purposes for which the key contained in the
|
1460
|
+
# certificate can be used. Default value for each option is false.
|
1461
|
+
# @return [Types::KeyUsage]
|
1462
|
+
#
|
1463
|
+
# @!attribute [rw] subject_alternative_names
|
1464
|
+
# The subject alternative name extension allows identities to be bound
|
1465
|
+
# to the subject of the certificate. These identities may be included
|
1466
|
+
# in addition to or in place of the identity in the subject field of
|
1467
|
+
# the certificate.
|
1468
|
+
# @return [Array<Types::GeneralName>]
|
1469
|
+
#
|
1470
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Extensions AWS API Documentation
|
1471
|
+
#
|
1472
|
+
class Extensions < Struct.new(
|
1473
|
+
:certificate_policies,
|
1474
|
+
:extended_key_usage,
|
1475
|
+
:key_usage,
|
1476
|
+
:subject_alternative_names)
|
1477
|
+
SENSITIVE = []
|
1478
|
+
include Aws::Structure
|
1479
|
+
end
|
1480
|
+
|
1481
|
+
# Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280][1].
|
1482
|
+
# Only one of the following naming options should be provided. Providing
|
1483
|
+
# more than one option results in an `InvalidArgsException` error.
|
1484
|
+
#
|
1485
|
+
#
|
1486
|
+
#
|
1487
|
+
# [1]: https://tools.ietf.org/html/rfc5280
|
1488
|
+
#
|
1489
|
+
# @note When making an API call, you may pass GeneralName
|
1490
|
+
# data as a hash:
|
1491
|
+
#
|
1492
|
+
# {
|
1493
|
+
# other_name: {
|
1494
|
+
# type_id: "CustomObjectIdentifier", # required
|
1495
|
+
# value: "String256", # required
|
1496
|
+
# },
|
1497
|
+
# rfc_822_name: "String256",
|
1498
|
+
# dns_name: "String253",
|
1499
|
+
# directory_name: {
|
1500
|
+
# country: "CountryCodeString",
|
1501
|
+
# organization: "String64",
|
1502
|
+
# organizational_unit: "String64",
|
1503
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1504
|
+
# state: "String128",
|
1505
|
+
# common_name: "String64",
|
1506
|
+
# serial_number: "ASN1PrintableString64",
|
1507
|
+
# locality: "String128",
|
1508
|
+
# title: "String64",
|
1509
|
+
# surname: "String40",
|
1510
|
+
# given_name: "String16",
|
1511
|
+
# initials: "String5",
|
1512
|
+
# pseudonym: "String128",
|
1513
|
+
# generation_qualifier: "String3",
|
1514
|
+
# },
|
1515
|
+
# edi_party_name: {
|
1516
|
+
# party_name: "String256", # required
|
1517
|
+
# name_assigner: "String256",
|
1518
|
+
# },
|
1519
|
+
# uniform_resource_identifier: "String253",
|
1520
|
+
# ip_address: "String39",
|
1521
|
+
# registered_id: "CustomObjectIdentifier",
|
1522
|
+
# }
|
1523
|
+
#
|
1524
|
+
# @!attribute [rw] other_name
|
1525
|
+
# Represents `GeneralName` using an `OtherName` object.
|
1526
|
+
# @return [Types::OtherName]
|
1527
|
+
#
|
1528
|
+
# @!attribute [rw] rfc_822_name
|
1529
|
+
# Represents `GeneralName` as an [RFC 822][1] email address.
|
1530
|
+
#
|
1531
|
+
#
|
1532
|
+
#
|
1533
|
+
# [1]: https://tools.ietf.org/html/rfc822
|
1534
|
+
# @return [String]
|
1535
|
+
#
|
1536
|
+
# @!attribute [rw] dns_name
|
1537
|
+
# Represents `GeneralName` as a DNS name.
|
1538
|
+
# @return [String]
|
1539
|
+
#
|
1540
|
+
# @!attribute [rw] directory_name
|
1541
|
+
# Contains information about the certificate subject. The `Subject`
|
1542
|
+
# field in the certificate identifies the entity that owns or controls
|
1543
|
+
# the public key in the certificate. The entity can be a user,
|
1544
|
+
# computer, device, or service. The `Subject `must contain an X.500
|
1545
|
+
# distinguished name (DN). A DN is a sequence of relative
|
1546
|
+
# distinguished names (RDNs). The RDNs are separated by commas in the
|
1547
|
+
# certificate.
|
1548
|
+
# @return [Types::ASN1Subject]
|
1549
|
+
#
|
1550
|
+
# @!attribute [rw] edi_party_name
|
1551
|
+
# Represents `GeneralName` as an `EdiPartyName` object.
|
1552
|
+
# @return [Types::EdiPartyName]
|
1553
|
+
#
|
1554
|
+
# @!attribute [rw] uniform_resource_identifier
|
1555
|
+
# Represents `GeneralName` as a URI.
|
1556
|
+
# @return [String]
|
1557
|
+
#
|
1558
|
+
# @!attribute [rw] ip_address
|
1559
|
+
# Represents `GeneralName` as an IPv4 or IPv6 address.
|
1560
|
+
# @return [String]
|
1561
|
+
#
|
1562
|
+
# @!attribute [rw] registered_id
|
1563
|
+
# Represents `GeneralName` as an object identifier (OID).
|
1564
|
+
# @return [String]
|
1565
|
+
#
|
1566
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GeneralName AWS API Documentation
|
1567
|
+
#
|
1568
|
+
class GeneralName < Struct.new(
|
1569
|
+
:other_name,
|
1570
|
+
:rfc_822_name,
|
1571
|
+
:dns_name,
|
1572
|
+
:directory_name,
|
1573
|
+
:edi_party_name,
|
1574
|
+
:uniform_resource_identifier,
|
1575
|
+
:ip_address,
|
1576
|
+
:registered_id)
|
1577
|
+
SENSITIVE = []
|
1578
|
+
include Aws::Structure
|
1579
|
+
end
|
1580
|
+
|
885
1581
|
# @note When making an API call, you may pass GetCertificateAuthorityCertificateRequest
|
886
1582
|
# data as a hash:
|
887
1583
|
#
|
@@ -911,10 +1607,9 @@ module Aws::ACMPCA
|
|
911
1607
|
#
|
912
1608
|
# @!attribute [rw] certificate_chain
|
913
1609
|
# Base64-encoded certificate chain that includes any intermediate
|
914
|
-
# certificates and chains up to root
|
915
|
-
#
|
916
|
-
#
|
917
|
-
# null.
|
1610
|
+
# certificates and chains up to root certificate that you used to sign
|
1611
|
+
# your private CA certificate. The chain does not include your private
|
1612
|
+
# CA certificate. If this is a root CA, the value will be null.
|
918
1613
|
# @return [String]
|
919
1614
|
#
|
920
1615
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificateResponse AWS API Documentation
|
@@ -1009,9 +1704,8 @@ module Aws::ACMPCA
|
|
1009
1704
|
# @return [String]
|
1010
1705
|
#
|
1011
1706
|
# @!attribute [rw] certificate_chain
|
1012
|
-
# The base64 PEM-encoded certificate chain that chains up to the
|
1013
|
-
#
|
1014
|
-
# CA certificate.
|
1707
|
+
# The base64 PEM-encoded certificate chain that chains up to the root
|
1708
|
+
# CA certificate that you used to sign your private CA certificate.
|
1015
1709
|
# @return [String]
|
1016
1710
|
#
|
1017
1711
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateResponse AWS API Documentation
|
@@ -1156,7 +1850,7 @@ module Aws::ACMPCA
|
|
1156
1850
|
#
|
1157
1851
|
#
|
1158
1852
|
#
|
1159
|
-
# [1]: https://docs.aws.amazon.com/
|
1853
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
|
1160
1854
|
#
|
1161
1855
|
# @!attribute [rw] message
|
1162
1856
|
# @return [String]
|
@@ -1213,6 +1907,89 @@ module Aws::ACMPCA
|
|
1213
1907
|
# data as a hash:
|
1214
1908
|
#
|
1215
1909
|
# {
|
1910
|
+
# api_passthrough: {
|
1911
|
+
# extensions: {
|
1912
|
+
# certificate_policies: [
|
1913
|
+
# {
|
1914
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
1915
|
+
# policy_qualifiers: [
|
1916
|
+
# {
|
1917
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
1918
|
+
# qualifier: { # required
|
1919
|
+
# cps_uri: "String256", # required
|
1920
|
+
# },
|
1921
|
+
# },
|
1922
|
+
# ],
|
1923
|
+
# },
|
1924
|
+
# ],
|
1925
|
+
# extended_key_usage: [
|
1926
|
+
# {
|
1927
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
1928
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
1929
|
+
# },
|
1930
|
+
# ],
|
1931
|
+
# key_usage: {
|
1932
|
+
# digital_signature: false,
|
1933
|
+
# non_repudiation: false,
|
1934
|
+
# key_encipherment: false,
|
1935
|
+
# data_encipherment: false,
|
1936
|
+
# key_agreement: false,
|
1937
|
+
# key_cert_sign: false,
|
1938
|
+
# crl_sign: false,
|
1939
|
+
# encipher_only: false,
|
1940
|
+
# decipher_only: false,
|
1941
|
+
# },
|
1942
|
+
# subject_alternative_names: [
|
1943
|
+
# {
|
1944
|
+
# other_name: {
|
1945
|
+
# type_id: "CustomObjectIdentifier", # required
|
1946
|
+
# value: "String256", # required
|
1947
|
+
# },
|
1948
|
+
# rfc_822_name: "String256",
|
1949
|
+
# dns_name: "String253",
|
1950
|
+
# directory_name: {
|
1951
|
+
# country: "CountryCodeString",
|
1952
|
+
# organization: "String64",
|
1953
|
+
# organizational_unit: "String64",
|
1954
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1955
|
+
# state: "String128",
|
1956
|
+
# common_name: "String64",
|
1957
|
+
# serial_number: "ASN1PrintableString64",
|
1958
|
+
# locality: "String128",
|
1959
|
+
# title: "String64",
|
1960
|
+
# surname: "String40",
|
1961
|
+
# given_name: "String16",
|
1962
|
+
# initials: "String5",
|
1963
|
+
# pseudonym: "String128",
|
1964
|
+
# generation_qualifier: "String3",
|
1965
|
+
# },
|
1966
|
+
# edi_party_name: {
|
1967
|
+
# party_name: "String256", # required
|
1968
|
+
# name_assigner: "String256",
|
1969
|
+
# },
|
1970
|
+
# uniform_resource_identifier: "String253",
|
1971
|
+
# ip_address: "String39",
|
1972
|
+
# registered_id: "CustomObjectIdentifier",
|
1973
|
+
# },
|
1974
|
+
# ],
|
1975
|
+
# },
|
1976
|
+
# subject: {
|
1977
|
+
# country: "CountryCodeString",
|
1978
|
+
# organization: "String64",
|
1979
|
+
# organizational_unit: "String64",
|
1980
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1981
|
+
# state: "String128",
|
1982
|
+
# common_name: "String64",
|
1983
|
+
# serial_number: "ASN1PrintableString64",
|
1984
|
+
# locality: "String128",
|
1985
|
+
# title: "String64",
|
1986
|
+
# surname: "String40",
|
1987
|
+
# given_name: "String16",
|
1988
|
+
# initials: "String5",
|
1989
|
+
# pseudonym: "String128",
|
1990
|
+
# generation_qualifier: "String3",
|
1991
|
+
# },
|
1992
|
+
# },
|
1216
1993
|
# certificate_authority_arn: "Arn", # required
|
1217
1994
|
# csr: "data", # required
|
1218
1995
|
# signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
|
@@ -1221,9 +1998,29 @@ module Aws::ACMPCA
|
|
1221
1998
|
# value: 1, # required
|
1222
1999
|
# type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
|
1223
2000
|
# },
|
2001
|
+
# validity_not_before: {
|
2002
|
+
# value: 1, # required
|
2003
|
+
# type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
|
2004
|
+
# },
|
1224
2005
|
# idempotency_token: "IdempotencyToken",
|
1225
2006
|
# }
|
1226
2007
|
#
|
2008
|
+
# @!attribute [rw] api_passthrough
|
2009
|
+
# Specifies X.509 certificate information to be included in the issued
|
2010
|
+
# certificate. An `APIPassthrough` or `APICSRPassthrough` template
|
2011
|
+
# variant must be selected, or else this parameter is ignored. For
|
2012
|
+
# more information about using these templates, see [Understanding
|
2013
|
+
# Certificate Templates][1].
|
2014
|
+
#
|
2015
|
+
# If conflicting or duplicate certificate information is supplied
|
2016
|
+
# during certificate issuance, ACM Private CA applies [order of
|
2017
|
+
# operation rules](xxxxx) to determine what information is used.
|
2018
|
+
#
|
2019
|
+
#
|
2020
|
+
#
|
2021
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
|
2022
|
+
# @return [Types::ApiPassthrough]
|
2023
|
+
#
|
1227
2024
|
# @!attribute [rw] certificate_authority_arn
|
1228
2025
|
# The Amazon Resource Name (ARN) that was returned when you called
|
1229
2026
|
# [CreateCertificateAuthority][1]. This must be of the form:
|
@@ -1238,15 +2035,15 @@ module Aws::ACMPCA
|
|
1238
2035
|
#
|
1239
2036
|
# @!attribute [rw] csr
|
1240
2037
|
# The certificate signing request (CSR) for the certificate you want
|
1241
|
-
# to issue.
|
1242
|
-
# CSR and a 2048 bit RSA private key.
|
2038
|
+
# to issue. As an example, you can use the following OpenSSL command
|
2039
|
+
# to create the CSR and a 2048 bit RSA private key.
|
1243
2040
|
#
|
1244
2041
|
# `openssl req -new -newkey rsa:2048 -days 365 -keyout
|
1245
2042
|
# private/test_cert_priv_key.pem -out csr/test_cert_.csr`
|
1246
2043
|
#
|
1247
|
-
# If you have a configuration file, you can use the following
|
1248
|
-
# command. The `usr_cert` block in the configuration file
|
1249
|
-
# your X509 version 3 extensions.
|
2044
|
+
# If you have a configuration file, you can then use the following
|
2045
|
+
# OpenSSL command. The `usr_cert` block in the configuration file
|
2046
|
+
# contains your X509 version 3 extensions.
|
1250
2047
|
#
|
1251
2048
|
# `openssl req -new -config openssl_rsa.cnf -extensions usr_cert
|
1252
2049
|
# -newkey rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem
|
@@ -1261,7 +2058,8 @@ module Aws::ACMPCA
|
|
1261
2058
|
# to be issued.
|
1262
2059
|
#
|
1263
2060
|
# This parameter should not be confused with the `SigningAlgorithm`
|
1264
|
-
# parameter used to sign a CSR
|
2061
|
+
# parameter used to sign a CSR in the `CreateCertificateAuthority`
|
2062
|
+
# action.
|
1265
2063
|
# @return [String]
|
1266
2064
|
#
|
1267
2065
|
# @!attribute [rw] template_arn
|
@@ -1275,77 +2073,85 @@ module Aws::ACMPCA
|
|
1275
2073
|
# Note: The CA depth configured on a subordinate CA certificate must
|
1276
2074
|
# not exceed the limit set by its parents in the CA hierarchy.
|
1277
2075
|
#
|
1278
|
-
#
|
1279
|
-
#
|
1280
|
-
#
|
1281
|
-
# * arn:aws:acm-pca:::template/CodeSigningCertificate/V1
|
1282
|
-
#
|
1283
|
-
# * arn:aws:acm-pca:::template/CodeSigningCertificate\_CSRPassthrough/V1
|
1284
|
-
#
|
1285
|
-
# * arn:aws:acm-pca:::template/EndEntityCertificate/V1
|
2076
|
+
# For a list of `TemplateArn` values supported by ACM Private CA, see
|
2077
|
+
# [Understanding Certificate Templates][2].
|
1286
2078
|
#
|
1287
|
-
# * arn:aws:acm-pca:::template/EndEntityCertificate\_CSRPassthrough/V1
|
1288
2079
|
#
|
1289
|
-
# * arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1
|
1290
2080
|
#
|
1291
|
-
#
|
1292
|
-
#
|
1293
|
-
#
|
1294
|
-
#
|
1295
|
-
# * arn:aws:acm-pca:::template/EndEntityServerAuthCertificate\_CSRPassthrough/V1
|
2081
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth
|
2082
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
|
2083
|
+
# @return [String]
|
1296
2084
|
#
|
1297
|
-
#
|
2085
|
+
# @!attribute [rw] validity
|
2086
|
+
# Information describing the end of the validity period of the
|
2087
|
+
# certificate. This parameter sets the “Not After” date for the
|
2088
|
+
# certificate.
|
1298
2089
|
#
|
1299
|
-
#
|
2090
|
+
# Certificate validity is the period of time during which a
|
2091
|
+
# certificate is valid. Validity can be expressed as an explicit date
|
2092
|
+
# and time when the certificate expires, or as a span of time after
|
2093
|
+
# issuance, stated in days, months, or years. For more information,
|
2094
|
+
# see [Validity][1] in RFC 5280.
|
1300
2095
|
#
|
1301
|
-
#
|
2096
|
+
# This value is unaffected when `ValidityNotBefore` is also specified.
|
2097
|
+
# For example, if `Validity` is set to 20 days in the future, the
|
2098
|
+
# certificate will expire 20 days from issuance time regardless of the
|
2099
|
+
# `ValidityNotBefore` value.
|
1302
2100
|
#
|
1303
|
-
#
|
2101
|
+
# The end of the validity period configured on a certificate must not
|
2102
|
+
# exceed the limit set on its parents in the CA hierarchy.
|
1304
2103
|
#
|
1305
|
-
# * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen1/V1
|
1306
2104
|
#
|
1307
|
-
# * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen2/V1
|
1308
2105
|
#
|
1309
|
-
#
|
2106
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
2107
|
+
# @return [Types::Validity]
|
1310
2108
|
#
|
1311
|
-
#
|
2109
|
+
# @!attribute [rw] validity_not_before
|
2110
|
+
# Information describing the start of the validity period of the
|
2111
|
+
# certificate. This parameter sets the “Not Before" date for the
|
2112
|
+
# certificate.
|
1312
2113
|
#
|
2114
|
+
# By default, when issuing a certificate, ACM Private CA sets the
|
2115
|
+
# "Not Before" date to the issuance time minus 60 minutes. This
|
2116
|
+
# compensates for clock inconsistencies across computer systems. The
|
2117
|
+
# `ValidityNotBefore` parameter can be used to customize the “Not
|
2118
|
+
# Before” value.
|
1313
2119
|
#
|
2120
|
+
# Unlike the `Validity` parameter, the `ValidityNotBefore` parameter
|
2121
|
+
# is optional.
|
1314
2122
|
#
|
1315
|
-
#
|
1316
|
-
#
|
1317
|
-
#
|
2123
|
+
# The `ValidityNotBefore` value is expressed as an explicit date and
|
2124
|
+
# time, using the `Validity` type value `ABSOLUTE`. For more
|
2125
|
+
# information, see [Validity][1] in this API reference and
|
2126
|
+
# [Validity][2] in RFC 5280.
|
1318
2127
|
#
|
1319
|
-
# @!attribute [rw] validity
|
1320
|
-
# Information describing the validity period of the certificate.
|
1321
2128
|
#
|
1322
|
-
# When issuing a certificate, ACM Private CA sets the "Not Before"
|
1323
|
-
# date in the validity field to date and time minus 60 minutes. This
|
1324
|
-
# is intended to compensate for time inconsistencies across systems of
|
1325
|
-
# 60 minutes or less.
|
1326
2129
|
#
|
1327
|
-
#
|
1328
|
-
#
|
2130
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html
|
2131
|
+
# [2]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
1329
2132
|
# @return [Types::Validity]
|
1330
2133
|
#
|
1331
2134
|
# @!attribute [rw] idempotency_token
|
1332
|
-
#
|
1333
|
-
# **IssueCertificate** action. Idempotency tokens
|
1334
|
-
#
|
1335
|
-
# with the same idempotency
|
1336
|
-
#
|
1337
|
-
#
|
1338
|
-
# PCA recognizes that you
|
2135
|
+
# Alphanumeric string that can be used to distinguish between calls to
|
2136
|
+
# the **IssueCertificate** action. Idempotency tokens for
|
2137
|
+
# **IssueCertificate** time out after one minute. Therefore, if you
|
2138
|
+
# call **IssueCertificate** multiple times with the same idempotency
|
2139
|
+
# token within one minute, ACM Private CA recognizes that you are
|
2140
|
+
# requesting only one certificate and will issue only one. If you
|
2141
|
+
# change the idempotency token for each call, PCA recognizes that you
|
2142
|
+
# are requesting multiple certificates.
|
1339
2143
|
# @return [String]
|
1340
2144
|
#
|
1341
2145
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificateRequest AWS API Documentation
|
1342
2146
|
#
|
1343
2147
|
class IssueCertificateRequest < Struct.new(
|
2148
|
+
:api_passthrough,
|
1344
2149
|
:certificate_authority_arn,
|
1345
2150
|
:csr,
|
1346
2151
|
:signing_algorithm,
|
1347
2152
|
:template_arn,
|
1348
2153
|
:validity,
|
2154
|
+
:validity_not_before,
|
1349
2155
|
:idempotency_token)
|
1350
2156
|
SENSITIVE = []
|
1351
2157
|
include Aws::Structure
|
@@ -1367,6 +2173,76 @@ module Aws::ACMPCA
|
|
1367
2173
|
include Aws::Structure
|
1368
2174
|
end
|
1369
2175
|
|
2176
|
+
# Defines one or more purposes for which the key contained in the
|
2177
|
+
# certificate can be used. Default value for each option is false.
|
2178
|
+
#
|
2179
|
+
# @note When making an API call, you may pass KeyUsage
|
2180
|
+
# data as a hash:
|
2181
|
+
#
|
2182
|
+
# {
|
2183
|
+
# digital_signature: false,
|
2184
|
+
# non_repudiation: false,
|
2185
|
+
# key_encipherment: false,
|
2186
|
+
# data_encipherment: false,
|
2187
|
+
# key_agreement: false,
|
2188
|
+
# key_cert_sign: false,
|
2189
|
+
# crl_sign: false,
|
2190
|
+
# encipher_only: false,
|
2191
|
+
# decipher_only: false,
|
2192
|
+
# }
|
2193
|
+
#
|
2194
|
+
# @!attribute [rw] digital_signature
|
2195
|
+
# Key can be used for digital signing.
|
2196
|
+
# @return [Boolean]
|
2197
|
+
#
|
2198
|
+
# @!attribute [rw] non_repudiation
|
2199
|
+
# Key can be used for non-repudiation.
|
2200
|
+
# @return [Boolean]
|
2201
|
+
#
|
2202
|
+
# @!attribute [rw] key_encipherment
|
2203
|
+
# Key can be used to encipher data.
|
2204
|
+
# @return [Boolean]
|
2205
|
+
#
|
2206
|
+
# @!attribute [rw] data_encipherment
|
2207
|
+
# Key can be used to decipher data.
|
2208
|
+
# @return [Boolean]
|
2209
|
+
#
|
2210
|
+
# @!attribute [rw] key_agreement
|
2211
|
+
# Key can be used in a key-agreement protocol.
|
2212
|
+
# @return [Boolean]
|
2213
|
+
#
|
2214
|
+
# @!attribute [rw] key_cert_sign
|
2215
|
+
# Key can be used to sign certificates.
|
2216
|
+
# @return [Boolean]
|
2217
|
+
#
|
2218
|
+
# @!attribute [rw] crl_sign
|
2219
|
+
# Key can be used to sign CRLs.
|
2220
|
+
# @return [Boolean]
|
2221
|
+
#
|
2222
|
+
# @!attribute [rw] encipher_only
|
2223
|
+
# Key can be used only to encipher data.
|
2224
|
+
# @return [Boolean]
|
2225
|
+
#
|
2226
|
+
# @!attribute [rw] decipher_only
|
2227
|
+
# Key can be used only to decipher data.
|
2228
|
+
# @return [Boolean]
|
2229
|
+
#
|
2230
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/KeyUsage AWS API Documentation
|
2231
|
+
#
|
2232
|
+
class KeyUsage < Struct.new(
|
2233
|
+
:digital_signature,
|
2234
|
+
:non_repudiation,
|
2235
|
+
:key_encipherment,
|
2236
|
+
:data_encipherment,
|
2237
|
+
:key_agreement,
|
2238
|
+
:key_cert_sign,
|
2239
|
+
:crl_sign,
|
2240
|
+
:encipher_only,
|
2241
|
+
:decipher_only)
|
2242
|
+
SENSITIVE = []
|
2243
|
+
include Aws::Structure
|
2244
|
+
end
|
2245
|
+
|
1370
2246
|
# An ACM Private CA quota has been exceeded. See the exception message
|
1371
2247
|
# returned to determine the quota that was exceeded.
|
1372
2248
|
#
|
@@ -1610,6 +2486,40 @@ module Aws::ACMPCA
|
|
1610
2486
|
include Aws::Structure
|
1611
2487
|
end
|
1612
2488
|
|
2489
|
+
# Defines a custom ASN.1 X.400 `GeneralName` using an object identifier
|
2490
|
+
# (OID) and value. The OID must satisfy the regular expression shown
|
2491
|
+
# below. For more information, see NIST's definition of [Object
|
2492
|
+
# Identifier (OID)][1].
|
2493
|
+
#
|
2494
|
+
#
|
2495
|
+
#
|
2496
|
+
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
2497
|
+
#
|
2498
|
+
# @note When making an API call, you may pass OtherName
|
2499
|
+
# data as a hash:
|
2500
|
+
#
|
2501
|
+
# {
|
2502
|
+
# type_id: "CustomObjectIdentifier", # required
|
2503
|
+
# value: "String256", # required
|
2504
|
+
# }
|
2505
|
+
#
|
2506
|
+
# @!attribute [rw] type_id
|
2507
|
+
# Specifies an OID.
|
2508
|
+
# @return [String]
|
2509
|
+
#
|
2510
|
+
# @!attribute [rw] value
|
2511
|
+
# Specifies an OID value.
|
2512
|
+
# @return [String]
|
2513
|
+
#
|
2514
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/OtherName AWS API Documentation
|
2515
|
+
#
|
2516
|
+
class OtherName < Struct.new(
|
2517
|
+
:type_id,
|
2518
|
+
:value)
|
2519
|
+
SENSITIVE = []
|
2520
|
+
include Aws::Structure
|
2521
|
+
end
|
2522
|
+
|
1613
2523
|
# Permissions designate which private CA actions can be performed by an
|
1614
2524
|
# AWS service or entity. In order for ACM to automatically renew private
|
1615
2525
|
# certificates, you must give the ACM service principal all available
|
@@ -1677,6 +2587,79 @@ module Aws::ACMPCA
|
|
1677
2587
|
include Aws::Structure
|
1678
2588
|
end
|
1679
2589
|
|
2590
|
+
# Defines the X.509 `CertificatePolicies` extension.
|
2591
|
+
#
|
2592
|
+
# @note When making an API call, you may pass PolicyInformation
|
2593
|
+
# data as a hash:
|
2594
|
+
#
|
2595
|
+
# {
|
2596
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
2597
|
+
# policy_qualifiers: [
|
2598
|
+
# {
|
2599
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
2600
|
+
# qualifier: { # required
|
2601
|
+
# cps_uri: "String256", # required
|
2602
|
+
# },
|
2603
|
+
# },
|
2604
|
+
# ],
|
2605
|
+
# }
|
2606
|
+
#
|
2607
|
+
# @!attribute [rw] cert_policy_id
|
2608
|
+
# Specifies the object identifier (OID) of the certificate policy
|
2609
|
+
# under which the certificate was issued. For more information, see
|
2610
|
+
# NIST's definition of [Object Identifier (OID)][1].
|
2611
|
+
#
|
2612
|
+
#
|
2613
|
+
#
|
2614
|
+
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
2615
|
+
# @return [String]
|
2616
|
+
#
|
2617
|
+
# @!attribute [rw] policy_qualifiers
|
2618
|
+
# Modifies the given `CertPolicyId` with a qualifier. ACM Private CA
|
2619
|
+
# supports the certification practice statement (CPS) qualifier.
|
2620
|
+
# @return [Array<Types::PolicyQualifierInfo>]
|
2621
|
+
#
|
2622
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyInformation AWS API Documentation
|
2623
|
+
#
|
2624
|
+
class PolicyInformation < Struct.new(
|
2625
|
+
:cert_policy_id,
|
2626
|
+
:policy_qualifiers)
|
2627
|
+
SENSITIVE = []
|
2628
|
+
include Aws::Structure
|
2629
|
+
end
|
2630
|
+
|
2631
|
+
# Modifies the `CertPolicyId` of a `PolicyInformation` object with a
|
2632
|
+
# qualifier. ACM Private CA supports the certification practice
|
2633
|
+
# statement (CPS) qualifier.
|
2634
|
+
#
|
2635
|
+
# @note When making an API call, you may pass PolicyQualifierInfo
|
2636
|
+
# data as a hash:
|
2637
|
+
#
|
2638
|
+
# {
|
2639
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
2640
|
+
# qualifier: { # required
|
2641
|
+
# cps_uri: "String256", # required
|
2642
|
+
# },
|
2643
|
+
# }
|
2644
|
+
#
|
2645
|
+
# @!attribute [rw] policy_qualifier_id
|
2646
|
+
# Identifies the qualifier modifying a `CertPolicyId`.
|
2647
|
+
# @return [String]
|
2648
|
+
#
|
2649
|
+
# @!attribute [rw] qualifier
|
2650
|
+
# Defines the qualifier type. ACM Private CA supports the use of a URI
|
2651
|
+
# for a CPS qualifier in this field.
|
2652
|
+
# @return [Types::Qualifier]
|
2653
|
+
#
|
2654
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyQualifierInfo AWS API Documentation
|
2655
|
+
#
|
2656
|
+
class PolicyQualifierInfo < Struct.new(
|
2657
|
+
:policy_qualifier_id,
|
2658
|
+
:qualifier)
|
2659
|
+
SENSITIVE = []
|
2660
|
+
include Aws::Structure
|
2661
|
+
end
|
2662
|
+
|
1680
2663
|
# @note When making an API call, you may pass PutPolicyRequest
|
1681
2664
|
# data as a hash:
|
1682
2665
|
#
|
@@ -1698,7 +2681,7 @@ module Aws::ACMPCA
|
|
1698
2681
|
# @return [String]
|
1699
2682
|
#
|
1700
2683
|
# @!attribute [rw] policy
|
1701
|
-
# The path and
|
2684
|
+
# The path and file name of a JSON-formatted IAM policy to attach to
|
1702
2685
|
# the specified private CA resource. If this policy does not contain
|
1703
2686
|
# all required statements or if it includes any statement that is not
|
1704
2687
|
# allowed, the `PutPolicy` action returns an `InvalidPolicyException`.
|
@@ -1719,6 +2702,34 @@ module Aws::ACMPCA
|
|
1719
2702
|
include Aws::Structure
|
1720
2703
|
end
|
1721
2704
|
|
2705
|
+
# Defines a `PolicyInformation` qualifier. ACM Private CA supports the
|
2706
|
+
# [certification practice statement (CPS) qualifier][1] defined in RFC
|
2707
|
+
# 5280.
|
2708
|
+
#
|
2709
|
+
#
|
2710
|
+
#
|
2711
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.2.1.4
|
2712
|
+
#
|
2713
|
+
# @note When making an API call, you may pass Qualifier
|
2714
|
+
# data as a hash:
|
2715
|
+
#
|
2716
|
+
# {
|
2717
|
+
# cps_uri: "String256", # required
|
2718
|
+
# }
|
2719
|
+
#
|
2720
|
+
# @!attribute [rw] cps_uri
|
2721
|
+
# Contains a pointer to a certification practice statement (CPS)
|
2722
|
+
# published by the CA.
|
2723
|
+
# @return [String]
|
2724
|
+
#
|
2725
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Qualifier AWS API Documentation
|
2726
|
+
#
|
2727
|
+
class Qualifier < Struct.new(
|
2728
|
+
:cps_uri)
|
2729
|
+
SENSITIVE = []
|
2730
|
+
include Aws::Structure
|
2731
|
+
end
|
2732
|
+
|
1722
2733
|
# Your request has already been completed.
|
1723
2734
|
#
|
1724
2735
|
# @!attribute [rw] message
|
@@ -2059,17 +3070,20 @@ module Aws::ACMPCA
|
|
2059
3070
|
|
2060
3071
|
# Validity specifies the period of time during which a certificate is
|
2061
3072
|
# valid. Validity can be expressed as an explicit date and time when the
|
2062
|
-
# certificate expires, or as a span of time
|
2063
|
-
# days, months, or years. For more
|
2064
|
-
# 5280.
|
3073
|
+
# validity of a certificate starts or expires, or as a span of time
|
3074
|
+
# after issuance, stated in days, months, or years. For more
|
3075
|
+
# information, see [Validity][1] in RFC 5280.
|
2065
3076
|
#
|
2066
|
-
#
|
2067
|
-
# action.
|
3077
|
+
# ACM Private CA API consumes the `Validity` data type differently in
|
3078
|
+
# two distinct parameters of the `IssueCertificate` action. The required
|
3079
|
+
# parameter `IssueCertificate`\:`Validity` specifies the end of a
|
3080
|
+
# certificate's validity period. The optional parameter
|
3081
|
+
# `IssueCertificate`\:`ValidityNotBefore` specifies a customized
|
3082
|
+
# starting time for the validity period.
|
2068
3083
|
#
|
2069
3084
|
#
|
2070
3085
|
#
|
2071
3086
|
# [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
2072
|
-
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
|
2073
3087
|
#
|
2074
3088
|
# @note When making an API call, you may pass Validity
|
2075
3089
|
# data as a hash:
|
@@ -2100,8 +3114,9 @@ module Aws::ACMPCA
|
|
2100
3114
|
#
|
2101
3115
|
# * Output expiration date/time: 12/31/2049 23:59:59
|
2102
3116
|
#
|
2103
|
-
# `ABSOLUTE`\: The specific date and time when the
|
2104
|
-
# expire, expressed in seconds since the
|
3117
|
+
# `ABSOLUTE`\: The specific date and time when the validity of a
|
3118
|
+
# certificate will start or expire, expressed in seconds since the
|
3119
|
+
# Unix Epoch.
|
2105
3120
|
#
|
2106
3121
|
# * Sample input value: 2524608000
|
2107
3122
|
#
|
@@ -2116,6 +3131,10 @@ module Aws::ACMPCA
|
|
2116
3131
|
# * Sample input value: 90
|
2117
3132
|
#
|
2118
3133
|
# * Output expiration date: 01/10/2020 12:34:54 UTC
|
3134
|
+
#
|
3135
|
+
# The minimum validity duration for a certificate using relative time
|
3136
|
+
# (`DAYS`) is one day. The minimum validity for a certificate using
|
3137
|
+
# absolute time (`ABSOLUTE` or `END_DATE`) is one second.
|
2119
3138
|
# @return [String]
|
2120
3139
|
#
|
2121
3140
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Validity AWS API Documentation
|