aws-sdk-acmpca 1.31.0 → 1.32.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-acmpca.rb +1 -1
- data/lib/aws-sdk-acmpca/client.rb +168 -58
- data/lib/aws-sdk-acmpca/client_api.rb +47 -0
- data/lib/aws-sdk-acmpca/types.rb +567 -87
- metadata +2 -2
data/lib/aws-sdk-acmpca/types.rb
CHANGED
@@ -10,16 +10,12 @@
|
|
10
10
|
module Aws::ACMPCA
|
11
11
|
module Types
|
12
12
|
|
13
|
-
# Contains information about the certificate subject. The
|
14
|
-
#
|
15
|
-
#
|
16
|
-
#
|
17
|
-
#
|
18
|
-
#
|
19
|
-
# (DN). A DN is a sequence of relative distinguished names (RDNs). The
|
20
|
-
# RDNs are separated by commas in the certificate. The DN must be unique
|
21
|
-
# for each entity, but your private CA can issue more than one
|
22
|
-
# certificate with the same DN to the same entity.
|
13
|
+
# Contains information about the certificate subject. The `Subject`
|
14
|
+
# field in the certificate identifies the entity that owns or controls
|
15
|
+
# the public key in the certificate. The entity can be a user, computer,
|
16
|
+
# device, or service. The `Subject `must contain an X.500 distinguished
|
17
|
+
# name (DN). A DN is a sequence of relative distinguished names (RDNs).
|
18
|
+
# The RDNs are separated by commas in the certificate.
|
23
19
|
#
|
24
20
|
# @note When making an API call, you may pass ASN1Subject
|
25
21
|
# data as a hash:
|
@@ -100,7 +96,7 @@ module Aws::ACMPCA
|
|
100
96
|
# @!attribute [rw] initials
|
101
97
|
# Concatenation that typically contains the first letter of the
|
102
98
|
# **GivenName**, the first letter of the middle name if one exists,
|
103
|
-
# and the first letter of the **
|
99
|
+
# and the first letter of the **Surname**.
|
104
100
|
# @return [String]
|
105
101
|
#
|
106
102
|
# @!attribute [rw] pseudonym
|
@@ -235,6 +231,124 @@ module Aws::ACMPCA
|
|
235
231
|
include Aws::Structure
|
236
232
|
end
|
237
233
|
|
234
|
+
# Contains X.509 certificate information to be placed in an issued
|
235
|
+
# certificate. An `APIPassthrough` or `APICSRPassthrough` template
|
236
|
+
# variant must be selected, or else this parameter is ignored.
|
237
|
+
#
|
238
|
+
# If conflicting or duplicate certificate information is supplied from
|
239
|
+
# other sources, ACM Private CA applies [order of operation
|
240
|
+
# rules](xxxxx) to determine what information is used.
|
241
|
+
#
|
242
|
+
# @note When making an API call, you may pass ApiPassthrough
|
243
|
+
# data as a hash:
|
244
|
+
#
|
245
|
+
# {
|
246
|
+
# extensions: {
|
247
|
+
# certificate_policies: [
|
248
|
+
# {
|
249
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
250
|
+
# policy_qualifiers: [
|
251
|
+
# {
|
252
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
253
|
+
# qualifier: { # required
|
254
|
+
# cps_uri: "String256", # required
|
255
|
+
# },
|
256
|
+
# },
|
257
|
+
# ],
|
258
|
+
# },
|
259
|
+
# ],
|
260
|
+
# extended_key_usage: [
|
261
|
+
# {
|
262
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
263
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
264
|
+
# },
|
265
|
+
# ],
|
266
|
+
# key_usage: {
|
267
|
+
# digital_signature: false,
|
268
|
+
# non_repudiation: false,
|
269
|
+
# key_encipherment: false,
|
270
|
+
# data_encipherment: false,
|
271
|
+
# key_agreement: false,
|
272
|
+
# key_cert_sign: false,
|
273
|
+
# crl_sign: false,
|
274
|
+
# encipher_only: false,
|
275
|
+
# decipher_only: false,
|
276
|
+
# },
|
277
|
+
# subject_alternative_names: [
|
278
|
+
# {
|
279
|
+
# other_name: {
|
280
|
+
# type_id: "CustomObjectIdentifier", # required
|
281
|
+
# value: "String256", # required
|
282
|
+
# },
|
283
|
+
# rfc_822_name: "String256",
|
284
|
+
# dns_name: "String253",
|
285
|
+
# directory_name: {
|
286
|
+
# country: "CountryCodeString",
|
287
|
+
# organization: "String64",
|
288
|
+
# organizational_unit: "String64",
|
289
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
290
|
+
# state: "String128",
|
291
|
+
# common_name: "String64",
|
292
|
+
# serial_number: "ASN1PrintableString64",
|
293
|
+
# locality: "String128",
|
294
|
+
# title: "String64",
|
295
|
+
# surname: "String40",
|
296
|
+
# given_name: "String16",
|
297
|
+
# initials: "String5",
|
298
|
+
# pseudonym: "String128",
|
299
|
+
# generation_qualifier: "String3",
|
300
|
+
# },
|
301
|
+
# edi_party_name: {
|
302
|
+
# party_name: "String256", # required
|
303
|
+
# name_assigner: "String256",
|
304
|
+
# },
|
305
|
+
# uniform_resource_identifier: "String253",
|
306
|
+
# ip_address: "String39",
|
307
|
+
# registered_id: "CustomObjectIdentifier",
|
308
|
+
# },
|
309
|
+
# ],
|
310
|
+
# },
|
311
|
+
# subject: {
|
312
|
+
# country: "CountryCodeString",
|
313
|
+
# organization: "String64",
|
314
|
+
# organizational_unit: "String64",
|
315
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
316
|
+
# state: "String128",
|
317
|
+
# common_name: "String64",
|
318
|
+
# serial_number: "ASN1PrintableString64",
|
319
|
+
# locality: "String128",
|
320
|
+
# title: "String64",
|
321
|
+
# surname: "String40",
|
322
|
+
# given_name: "String16",
|
323
|
+
# initials: "String5",
|
324
|
+
# pseudonym: "String128",
|
325
|
+
# generation_qualifier: "String3",
|
326
|
+
# },
|
327
|
+
# }
|
328
|
+
#
|
329
|
+
# @!attribute [rw] extensions
|
330
|
+
# Specifies X.509 extension information for a certificate.
|
331
|
+
# @return [Types::Extensions]
|
332
|
+
#
|
333
|
+
# @!attribute [rw] subject
|
334
|
+
# Contains information about the certificate subject. The `Subject`
|
335
|
+
# field in the certificate identifies the entity that owns or controls
|
336
|
+
# the public key in the certificate. The entity can be a user,
|
337
|
+
# computer, device, or service. The `Subject `must contain an X.500
|
338
|
+
# distinguished name (DN). A DN is a sequence of relative
|
339
|
+
# distinguished names (RDNs). The RDNs are separated by commas in the
|
340
|
+
# certificate.
|
341
|
+
# @return [Types::ASN1Subject]
|
342
|
+
#
|
343
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ApiPassthrough AWS API Documentation
|
344
|
+
#
|
345
|
+
class ApiPassthrough < Struct.new(
|
346
|
+
:extensions,
|
347
|
+
:subject)
|
348
|
+
SENSITIVE = []
|
349
|
+
include Aws::Structure
|
350
|
+
end
|
351
|
+
|
238
352
|
# Contains information about your private certificate authority (CA).
|
239
353
|
# Your private CA can issue and revoke X.509 digital certificates.
|
240
354
|
# Digital certificates verify that the entity named in the certificate
|
@@ -656,13 +770,15 @@ module Aws::ACMPCA
|
|
656
770
|
# @return [String]
|
657
771
|
#
|
658
772
|
# @!attribute [rw] idempotency_token
|
659
|
-
#
|
660
|
-
# **CreateCertificateAuthority
|
661
|
-
#
|
662
|
-
#
|
663
|
-
#
|
664
|
-
#
|
665
|
-
# token
|
773
|
+
# Custom string that can be used to distinguish between calls to the
|
774
|
+
# **CreateCertificateAuthority** action. Idempotency tokens for
|
775
|
+
# **CreateCertificateAuthority** time out after five minutes.
|
776
|
+
# Therefore, if you call **CreateCertificateAuthority** multiple times
|
777
|
+
# with the same idempotency token within five minutes, ACM Private CA
|
778
|
+
# recognizes that you are requesting only certificate authority and
|
779
|
+
# will issue only one. If you change the idempotency token for each
|
780
|
+
# call, PCA recognizes that you are requesting multiple certificate
|
781
|
+
# authorities.
|
666
782
|
# @return [String]
|
667
783
|
#
|
668
784
|
# @!attribute [rw] tags
|
@@ -1211,10 +1327,160 @@ module Aws::ACMPCA
|
|
1211
1327
|
include Aws::Structure
|
1212
1328
|
end
|
1213
1329
|
|
1330
|
+
# Specifies additional purposes for which the certified public key may
|
1331
|
+
# be used other than basic purposes indicated in the `KeyUsage`
|
1332
|
+
# extension.
|
1333
|
+
#
|
1334
|
+
# @note When making an API call, you may pass ExtendedKeyUsage
|
1335
|
+
# data as a hash:
|
1336
|
+
#
|
1337
|
+
# {
|
1338
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
1339
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
1340
|
+
# }
|
1341
|
+
#
|
1342
|
+
# @!attribute [rw] extended_key_usage_type
|
1343
|
+
# Specifies a standard `ExtendedKeyUsage` as defined as in [RFC
|
1344
|
+
# 5280][1].
|
1345
|
+
#
|
1346
|
+
#
|
1347
|
+
#
|
1348
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.2.1.12
|
1349
|
+
# @return [String]
|
1350
|
+
#
|
1351
|
+
# @!attribute [rw] extended_key_usage_object_identifier
|
1352
|
+
# Specifies a custom `ExtendedKeyUsage` with an object identifier
|
1353
|
+
# (OID).
|
1354
|
+
# @return [String]
|
1355
|
+
#
|
1356
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ExtendedKeyUsage AWS API Documentation
|
1357
|
+
#
|
1358
|
+
class ExtendedKeyUsage < Struct.new(
|
1359
|
+
:extended_key_usage_type,
|
1360
|
+
:extended_key_usage_object_identifier)
|
1361
|
+
SENSITIVE = []
|
1362
|
+
include Aws::Structure
|
1363
|
+
end
|
1364
|
+
|
1365
|
+
# Contains X.509 extension information for a certificate.
|
1366
|
+
#
|
1367
|
+
# @note When making an API call, you may pass Extensions
|
1368
|
+
# data as a hash:
|
1369
|
+
#
|
1370
|
+
# {
|
1371
|
+
# certificate_policies: [
|
1372
|
+
# {
|
1373
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
1374
|
+
# policy_qualifiers: [
|
1375
|
+
# {
|
1376
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
1377
|
+
# qualifier: { # required
|
1378
|
+
# cps_uri: "String256", # required
|
1379
|
+
# },
|
1380
|
+
# },
|
1381
|
+
# ],
|
1382
|
+
# },
|
1383
|
+
# ],
|
1384
|
+
# extended_key_usage: [
|
1385
|
+
# {
|
1386
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
1387
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
1388
|
+
# },
|
1389
|
+
# ],
|
1390
|
+
# key_usage: {
|
1391
|
+
# digital_signature: false,
|
1392
|
+
# non_repudiation: false,
|
1393
|
+
# key_encipherment: false,
|
1394
|
+
# data_encipherment: false,
|
1395
|
+
# key_agreement: false,
|
1396
|
+
# key_cert_sign: false,
|
1397
|
+
# crl_sign: false,
|
1398
|
+
# encipher_only: false,
|
1399
|
+
# decipher_only: false,
|
1400
|
+
# },
|
1401
|
+
# subject_alternative_names: [
|
1402
|
+
# {
|
1403
|
+
# other_name: {
|
1404
|
+
# type_id: "CustomObjectIdentifier", # required
|
1405
|
+
# value: "String256", # required
|
1406
|
+
# },
|
1407
|
+
# rfc_822_name: "String256",
|
1408
|
+
# dns_name: "String253",
|
1409
|
+
# directory_name: {
|
1410
|
+
# country: "CountryCodeString",
|
1411
|
+
# organization: "String64",
|
1412
|
+
# organizational_unit: "String64",
|
1413
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1414
|
+
# state: "String128",
|
1415
|
+
# common_name: "String64",
|
1416
|
+
# serial_number: "ASN1PrintableString64",
|
1417
|
+
# locality: "String128",
|
1418
|
+
# title: "String64",
|
1419
|
+
# surname: "String40",
|
1420
|
+
# given_name: "String16",
|
1421
|
+
# initials: "String5",
|
1422
|
+
# pseudonym: "String128",
|
1423
|
+
# generation_qualifier: "String3",
|
1424
|
+
# },
|
1425
|
+
# edi_party_name: {
|
1426
|
+
# party_name: "String256", # required
|
1427
|
+
# name_assigner: "String256",
|
1428
|
+
# },
|
1429
|
+
# uniform_resource_identifier: "String253",
|
1430
|
+
# ip_address: "String39",
|
1431
|
+
# registered_id: "CustomObjectIdentifier",
|
1432
|
+
# },
|
1433
|
+
# ],
|
1434
|
+
# }
|
1435
|
+
#
|
1436
|
+
# @!attribute [rw] certificate_policies
|
1437
|
+
# Contains a sequence of one or more policy information terms, each of
|
1438
|
+
# which consists of an object identifier (OID) and optional
|
1439
|
+
# qualifiers. For more information, see NIST's definition of [Object
|
1440
|
+
# Identifier (OID)][1].
|
1441
|
+
#
|
1442
|
+
# In an end-entity certificate, these terms indicate the policy under
|
1443
|
+
# which the certificate was issued and the purposes for which it may
|
1444
|
+
# be used. In a CA certificate, these terms limit the set of policies
|
1445
|
+
# for certification paths that include this certificate.
|
1446
|
+
#
|
1447
|
+
#
|
1448
|
+
#
|
1449
|
+
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
1450
|
+
# @return [Array<Types::PolicyInformation>]
|
1451
|
+
#
|
1452
|
+
# @!attribute [rw] extended_key_usage
|
1453
|
+
# Specifies additional purposes for which the certified public key may
|
1454
|
+
# be used other than basic purposes indicated in the `KeyUsage`
|
1455
|
+
# extension.
|
1456
|
+
# @return [Array<Types::ExtendedKeyUsage>]
|
1457
|
+
#
|
1458
|
+
# @!attribute [rw] key_usage
|
1459
|
+
# Defines one or more purposes for which the key contained in the
|
1460
|
+
# certificate can be used. Default value for each option is false.
|
1461
|
+
# @return [Types::KeyUsage]
|
1462
|
+
#
|
1463
|
+
# @!attribute [rw] subject_alternative_names
|
1464
|
+
# The subject alternative name extension allows identities to be bound
|
1465
|
+
# to the subject of the certificate. These identities may be included
|
1466
|
+
# in addition to or in place of the identity in the subject field of
|
1467
|
+
# the certificate.
|
1468
|
+
# @return [Array<Types::GeneralName>]
|
1469
|
+
#
|
1470
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Extensions AWS API Documentation
|
1471
|
+
#
|
1472
|
+
class Extensions < Struct.new(
|
1473
|
+
:certificate_policies,
|
1474
|
+
:extended_key_usage,
|
1475
|
+
:key_usage,
|
1476
|
+
:subject_alternative_names)
|
1477
|
+
SENSITIVE = []
|
1478
|
+
include Aws::Structure
|
1479
|
+
end
|
1480
|
+
|
1214
1481
|
# Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280][1].
|
1215
|
-
# Only one of the following naming options should be
|
1216
|
-
#
|
1217
|
-
# error.
|
1482
|
+
# Only one of the following naming options should be provided. Providing
|
1483
|
+
# more than one option results in an `InvalidArgsException` error.
|
1218
1484
|
#
|
1219
1485
|
#
|
1220
1486
|
#
|
@@ -1272,16 +1538,13 @@ module Aws::ACMPCA
|
|
1272
1538
|
# @return [String]
|
1273
1539
|
#
|
1274
1540
|
# @!attribute [rw] directory_name
|
1275
|
-
# Contains information about the certificate subject. The
|
1276
|
-
#
|
1277
|
-
#
|
1278
|
-
#
|
1279
|
-
#
|
1280
|
-
#
|
1281
|
-
#
|
1282
|
-
# RDNs are separated by commas in the certificate. The DN must be
|
1283
|
-
# unique for each entity, but your private CA can issue more than one
|
1284
|
-
# certificate with the same DN to the same entity.
|
1541
|
+
# Contains information about the certificate subject. The `Subject`
|
1542
|
+
# field in the certificate identifies the entity that owns or controls
|
1543
|
+
# the public key in the certificate. The entity can be a user,
|
1544
|
+
# computer, device, or service. The `Subject `must contain an X.500
|
1545
|
+
# distinguished name (DN). A DN is a sequence of relative
|
1546
|
+
# distinguished names (RDNs). The RDNs are separated by commas in the
|
1547
|
+
# certificate.
|
1285
1548
|
# @return [Types::ASN1Subject]
|
1286
1549
|
#
|
1287
1550
|
# @!attribute [rw] edi_party_name
|
@@ -1644,6 +1907,89 @@ module Aws::ACMPCA
|
|
1644
1907
|
# data as a hash:
|
1645
1908
|
#
|
1646
1909
|
# {
|
1910
|
+
# api_passthrough: {
|
1911
|
+
# extensions: {
|
1912
|
+
# certificate_policies: [
|
1913
|
+
# {
|
1914
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
1915
|
+
# policy_qualifiers: [
|
1916
|
+
# {
|
1917
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
1918
|
+
# qualifier: { # required
|
1919
|
+
# cps_uri: "String256", # required
|
1920
|
+
# },
|
1921
|
+
# },
|
1922
|
+
# ],
|
1923
|
+
# },
|
1924
|
+
# ],
|
1925
|
+
# extended_key_usage: [
|
1926
|
+
# {
|
1927
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
1928
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
1929
|
+
# },
|
1930
|
+
# ],
|
1931
|
+
# key_usage: {
|
1932
|
+
# digital_signature: false,
|
1933
|
+
# non_repudiation: false,
|
1934
|
+
# key_encipherment: false,
|
1935
|
+
# data_encipherment: false,
|
1936
|
+
# key_agreement: false,
|
1937
|
+
# key_cert_sign: false,
|
1938
|
+
# crl_sign: false,
|
1939
|
+
# encipher_only: false,
|
1940
|
+
# decipher_only: false,
|
1941
|
+
# },
|
1942
|
+
# subject_alternative_names: [
|
1943
|
+
# {
|
1944
|
+
# other_name: {
|
1945
|
+
# type_id: "CustomObjectIdentifier", # required
|
1946
|
+
# value: "String256", # required
|
1947
|
+
# },
|
1948
|
+
# rfc_822_name: "String256",
|
1949
|
+
# dns_name: "String253",
|
1950
|
+
# directory_name: {
|
1951
|
+
# country: "CountryCodeString",
|
1952
|
+
# organization: "String64",
|
1953
|
+
# organizational_unit: "String64",
|
1954
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1955
|
+
# state: "String128",
|
1956
|
+
# common_name: "String64",
|
1957
|
+
# serial_number: "ASN1PrintableString64",
|
1958
|
+
# locality: "String128",
|
1959
|
+
# title: "String64",
|
1960
|
+
# surname: "String40",
|
1961
|
+
# given_name: "String16",
|
1962
|
+
# initials: "String5",
|
1963
|
+
# pseudonym: "String128",
|
1964
|
+
# generation_qualifier: "String3",
|
1965
|
+
# },
|
1966
|
+
# edi_party_name: {
|
1967
|
+
# party_name: "String256", # required
|
1968
|
+
# name_assigner: "String256",
|
1969
|
+
# },
|
1970
|
+
# uniform_resource_identifier: "String253",
|
1971
|
+
# ip_address: "String39",
|
1972
|
+
# registered_id: "CustomObjectIdentifier",
|
1973
|
+
# },
|
1974
|
+
# ],
|
1975
|
+
# },
|
1976
|
+
# subject: {
|
1977
|
+
# country: "CountryCodeString",
|
1978
|
+
# organization: "String64",
|
1979
|
+
# organizational_unit: "String64",
|
1980
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1981
|
+
# state: "String128",
|
1982
|
+
# common_name: "String64",
|
1983
|
+
# serial_number: "ASN1PrintableString64",
|
1984
|
+
# locality: "String128",
|
1985
|
+
# title: "String64",
|
1986
|
+
# surname: "String40",
|
1987
|
+
# given_name: "String16",
|
1988
|
+
# initials: "String5",
|
1989
|
+
# pseudonym: "String128",
|
1990
|
+
# generation_qualifier: "String3",
|
1991
|
+
# },
|
1992
|
+
# },
|
1647
1993
|
# certificate_authority_arn: "Arn", # required
|
1648
1994
|
# csr: "data", # required
|
1649
1995
|
# signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
|
@@ -1652,9 +1998,29 @@ module Aws::ACMPCA
|
|
1652
1998
|
# value: 1, # required
|
1653
1999
|
# type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
|
1654
2000
|
# },
|
2001
|
+
# validity_not_before: {
|
2002
|
+
# value: 1, # required
|
2003
|
+
# type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
|
2004
|
+
# },
|
1655
2005
|
# idempotency_token: "IdempotencyToken",
|
1656
2006
|
# }
|
1657
2007
|
#
|
2008
|
+
# @!attribute [rw] api_passthrough
|
2009
|
+
# Specifies X.509 certificate information to be included in the issued
|
2010
|
+
# certificate. An `APIPassthrough` or `APICSRPassthrough` template
|
2011
|
+
# variant must be selected, or else this parameter is ignored. For
|
2012
|
+
# more information about using these templates, see [Understanding
|
2013
|
+
# Certificate Templates][1].
|
2014
|
+
#
|
2015
|
+
# If conflicting or duplicate certificate information is supplied
|
2016
|
+
# during certificate issuance, ACM Private CA applies [order of
|
2017
|
+
# operation rules](xxxxx) to determine what information is used.
|
2018
|
+
#
|
2019
|
+
#
|
2020
|
+
#
|
2021
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
|
2022
|
+
# @return [Types::ApiPassthrough]
|
2023
|
+
#
|
1658
2024
|
# @!attribute [rw] certificate_authority_arn
|
1659
2025
|
# The Amazon Resource Name (ARN) that was returned when you called
|
1660
2026
|
# [CreateCertificateAuthority][1]. This must be of the form:
|
@@ -1669,15 +2035,15 @@ module Aws::ACMPCA
|
|
1669
2035
|
#
|
1670
2036
|
# @!attribute [rw] csr
|
1671
2037
|
# The certificate signing request (CSR) for the certificate you want
|
1672
|
-
# to issue.
|
1673
|
-
# CSR and a 2048 bit RSA private key.
|
2038
|
+
# to issue. As an example, you can use the following OpenSSL command
|
2039
|
+
# to create the CSR and a 2048 bit RSA private key.
|
1674
2040
|
#
|
1675
2041
|
# `openssl req -new -newkey rsa:2048 -days 365 -keyout
|
1676
2042
|
# private/test_cert_priv_key.pem -out csr/test_cert_.csr`
|
1677
2043
|
#
|
1678
|
-
# If you have a configuration file, you can use the following
|
1679
|
-
# command. The `usr_cert` block in the configuration file
|
1680
|
-
# your X509 version 3 extensions.
|
2044
|
+
# If you have a configuration file, you can then use the following
|
2045
|
+
# OpenSSL command. The `usr_cert` block in the configuration file
|
2046
|
+
# contains your X509 version 3 extensions.
|
1681
2047
|
#
|
1682
2048
|
# `openssl req -new -config openssl_rsa.cnf -extensions usr_cert
|
1683
2049
|
# -newkey rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem
|
@@ -1692,7 +2058,8 @@ module Aws::ACMPCA
|
|
1692
2058
|
# to be issued.
|
1693
2059
|
#
|
1694
2060
|
# This parameter should not be confused with the `SigningAlgorithm`
|
1695
|
-
# parameter used to sign a CSR
|
2061
|
+
# parameter used to sign a CSR in the `CreateCertificateAuthority`
|
2062
|
+
# action.
|
1696
2063
|
# @return [String]
|
1697
2064
|
#
|
1698
2065
|
# @!attribute [rw] template_arn
|
@@ -1706,77 +2073,85 @@ module Aws::ACMPCA
|
|
1706
2073
|
# Note: The CA depth configured on a subordinate CA certificate must
|
1707
2074
|
# not exceed the limit set by its parents in the CA hierarchy.
|
1708
2075
|
#
|
1709
|
-
#
|
1710
|
-
#
|
1711
|
-
#
|
1712
|
-
# * arn:aws:acm-pca:::template/CodeSigningCertificate/V1
|
2076
|
+
# For a list of `TemplateArn` values supported by ACM Private CA, see
|
2077
|
+
# [Understanding Certificate Templates][2].
|
1713
2078
|
#
|
1714
|
-
# * arn:aws:acm-pca:::template/CodeSigningCertificate\_CSRPassthrough/V1
|
1715
2079
|
#
|
1716
|
-
# * arn:aws:acm-pca:::template/EndEntityCertificate/V1
|
1717
2080
|
#
|
1718
|
-
#
|
1719
|
-
#
|
1720
|
-
#
|
1721
|
-
#
|
1722
|
-
# * arn:aws:acm-pca:::template/EndEntityClientAuthCertificate\_CSRPassthrough/V1
|
1723
|
-
#
|
1724
|
-
# * arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1
|
1725
|
-
#
|
1726
|
-
# * arn:aws:acm-pca:::template/EndEntityServerAuthCertificate\_CSRPassthrough/V1
|
2081
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth
|
2082
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
|
2083
|
+
# @return [String]
|
1727
2084
|
#
|
1728
|
-
#
|
2085
|
+
# @!attribute [rw] validity
|
2086
|
+
# Information describing the end of the validity period of the
|
2087
|
+
# certificate. This parameter sets the “Not After” date for the
|
2088
|
+
# certificate.
|
1729
2089
|
#
|
1730
|
-
#
|
2090
|
+
# Certificate validity is the period of time during which a
|
2091
|
+
# certificate is valid. Validity can be expressed as an explicit date
|
2092
|
+
# and time when the certificate expires, or as a span of time after
|
2093
|
+
# issuance, stated in days, months, or years. For more information,
|
2094
|
+
# see [Validity][1] in RFC 5280.
|
1731
2095
|
#
|
1732
|
-
#
|
2096
|
+
# This value is unaffected when `ValidityNotBefore` is also specified.
|
2097
|
+
# For example, if `Validity` is set to 20 days in the future, the
|
2098
|
+
# certificate will expire 20 days from issuance time regardless of the
|
2099
|
+
# `ValidityNotBefore` value.
|
1733
2100
|
#
|
1734
|
-
#
|
2101
|
+
# The end of the validity period configured on a certificate must not
|
2102
|
+
# exceed the limit set on its parents in the CA hierarchy.
|
1735
2103
|
#
|
1736
|
-
# * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen1/V1
|
1737
2104
|
#
|
1738
|
-
# * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen2/V1
|
1739
2105
|
#
|
1740
|
-
#
|
2106
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
2107
|
+
# @return [Types::Validity]
|
1741
2108
|
#
|
1742
|
-
#
|
2109
|
+
# @!attribute [rw] validity_not_before
|
2110
|
+
# Information describing the start of the validity period of the
|
2111
|
+
# certificate. This parameter sets the “Not Before" date for the
|
2112
|
+
# certificate.
|
1743
2113
|
#
|
2114
|
+
# By default, when issuing a certificate, ACM Private CA sets the
|
2115
|
+
# "Not Before" date to the issuance time minus 60 minutes. This
|
2116
|
+
# compensates for clock inconsistencies across computer systems. The
|
2117
|
+
# `ValidityNotBefore` parameter can be used to customize the “Not
|
2118
|
+
# Before” value.
|
1744
2119
|
#
|
2120
|
+
# Unlike the `Validity` parameter, the `ValidityNotBefore` parameter
|
2121
|
+
# is optional.
|
1745
2122
|
#
|
1746
|
-
#
|
1747
|
-
#
|
1748
|
-
#
|
2123
|
+
# The `ValidityNotBefore` value is expressed as an explicit date and
|
2124
|
+
# time, using the `Validity` type value `ABSOLUTE`. For more
|
2125
|
+
# information, see [Validity][1] in this API reference and
|
2126
|
+
# [Validity][2] in RFC 5280.
|
1749
2127
|
#
|
1750
|
-
# @!attribute [rw] validity
|
1751
|
-
# Information describing the validity period of the certificate.
|
1752
2128
|
#
|
1753
|
-
# When issuing a certificate, ACM Private CA sets the "Not Before"
|
1754
|
-
# date in the validity field to date and time minus 60 minutes. This
|
1755
|
-
# is intended to compensate for time inconsistencies across systems of
|
1756
|
-
# 60 minutes or less.
|
1757
2129
|
#
|
1758
|
-
#
|
1759
|
-
#
|
2130
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html
|
2131
|
+
# [2]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
1760
2132
|
# @return [Types::Validity]
|
1761
2133
|
#
|
1762
2134
|
# @!attribute [rw] idempotency_token
|
1763
|
-
#
|
1764
|
-
# **IssueCertificate** action. Idempotency tokens
|
1765
|
-
#
|
1766
|
-
# with the same idempotency
|
1767
|
-
#
|
1768
|
-
#
|
1769
|
-
# PCA recognizes that you
|
2135
|
+
# Alphanumeric string that can be used to distinguish between calls to
|
2136
|
+
# the **IssueCertificate** action. Idempotency tokens for
|
2137
|
+
# **IssueCertificate** time out after one minute. Therefore, if you
|
2138
|
+
# call **IssueCertificate** multiple times with the same idempotency
|
2139
|
+
# token within one minute, ACM Private CA recognizes that you are
|
2140
|
+
# requesting only one certificate and will issue only one. If you
|
2141
|
+
# change the idempotency token for each call, PCA recognizes that you
|
2142
|
+
# are requesting multiple certificates.
|
1770
2143
|
# @return [String]
|
1771
2144
|
#
|
1772
2145
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificateRequest AWS API Documentation
|
1773
2146
|
#
|
1774
2147
|
class IssueCertificateRequest < Struct.new(
|
2148
|
+
:api_passthrough,
|
1775
2149
|
:certificate_authority_arn,
|
1776
2150
|
:csr,
|
1777
2151
|
:signing_algorithm,
|
1778
2152
|
:template_arn,
|
1779
2153
|
:validity,
|
2154
|
+
:validity_not_before,
|
1780
2155
|
:idempotency_token)
|
1781
2156
|
SENSITIVE = []
|
1782
2157
|
include Aws::Structure
|
@@ -2212,6 +2587,79 @@ module Aws::ACMPCA
|
|
2212
2587
|
include Aws::Structure
|
2213
2588
|
end
|
2214
2589
|
|
2590
|
+
# Defines the X.509 `CertificatePolicies` extension.
|
2591
|
+
#
|
2592
|
+
# @note When making an API call, you may pass PolicyInformation
|
2593
|
+
# data as a hash:
|
2594
|
+
#
|
2595
|
+
# {
|
2596
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
2597
|
+
# policy_qualifiers: [
|
2598
|
+
# {
|
2599
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
2600
|
+
# qualifier: { # required
|
2601
|
+
# cps_uri: "String256", # required
|
2602
|
+
# },
|
2603
|
+
# },
|
2604
|
+
# ],
|
2605
|
+
# }
|
2606
|
+
#
|
2607
|
+
# @!attribute [rw] cert_policy_id
|
2608
|
+
# Specifies the object identifier (OID) of the certificate policy
|
2609
|
+
# under which the certificate was issued. For more information, see
|
2610
|
+
# NIST's definition of [Object Identifier (OID)][1].
|
2611
|
+
#
|
2612
|
+
#
|
2613
|
+
#
|
2614
|
+
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
2615
|
+
# @return [String]
|
2616
|
+
#
|
2617
|
+
# @!attribute [rw] policy_qualifiers
|
2618
|
+
# Modifies the given `CertPolicyId` with a qualifier. ACM Private CA
|
2619
|
+
# supports the certification practice statement (CPS) qualifier.
|
2620
|
+
# @return [Array<Types::PolicyQualifierInfo>]
|
2621
|
+
#
|
2622
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyInformation AWS API Documentation
|
2623
|
+
#
|
2624
|
+
class PolicyInformation < Struct.new(
|
2625
|
+
:cert_policy_id,
|
2626
|
+
:policy_qualifiers)
|
2627
|
+
SENSITIVE = []
|
2628
|
+
include Aws::Structure
|
2629
|
+
end
|
2630
|
+
|
2631
|
+
# Modifies the `CertPolicyId` of a `PolicyInformation` object with a
|
2632
|
+
# qualifier. ACM Private CA supports the certification practice
|
2633
|
+
# statement (CPS) qualifier.
|
2634
|
+
#
|
2635
|
+
# @note When making an API call, you may pass PolicyQualifierInfo
|
2636
|
+
# data as a hash:
|
2637
|
+
#
|
2638
|
+
# {
|
2639
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
2640
|
+
# qualifier: { # required
|
2641
|
+
# cps_uri: "String256", # required
|
2642
|
+
# },
|
2643
|
+
# }
|
2644
|
+
#
|
2645
|
+
# @!attribute [rw] policy_qualifier_id
|
2646
|
+
# Identifies the qualifier modifying a `CertPolicyId`.
|
2647
|
+
# @return [String]
|
2648
|
+
#
|
2649
|
+
# @!attribute [rw] qualifier
|
2650
|
+
# Defines the qualifier type. ACM Private CA supports the use of a URI
|
2651
|
+
# for a CPS qualifier in this field.
|
2652
|
+
# @return [Types::Qualifier]
|
2653
|
+
#
|
2654
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyQualifierInfo AWS API Documentation
|
2655
|
+
#
|
2656
|
+
class PolicyQualifierInfo < Struct.new(
|
2657
|
+
:policy_qualifier_id,
|
2658
|
+
:qualifier)
|
2659
|
+
SENSITIVE = []
|
2660
|
+
include Aws::Structure
|
2661
|
+
end
|
2662
|
+
|
2215
2663
|
# @note When making an API call, you may pass PutPolicyRequest
|
2216
2664
|
# data as a hash:
|
2217
2665
|
#
|
@@ -2233,7 +2681,7 @@ module Aws::ACMPCA
|
|
2233
2681
|
# @return [String]
|
2234
2682
|
#
|
2235
2683
|
# @!attribute [rw] policy
|
2236
|
-
# The path and
|
2684
|
+
# The path and file name of a JSON-formatted IAM policy to attach to
|
2237
2685
|
# the specified private CA resource. If this policy does not contain
|
2238
2686
|
# all required statements or if it includes any statement that is not
|
2239
2687
|
# allowed, the `PutPolicy` action returns an `InvalidPolicyException`.
|
@@ -2254,6 +2702,34 @@ module Aws::ACMPCA
|
|
2254
2702
|
include Aws::Structure
|
2255
2703
|
end
|
2256
2704
|
|
2705
|
+
# Defines a `PolicyInformation` qualifier. ACM Private CA supports the
|
2706
|
+
# [certification practice statement (CPS) qualifier][1] defined in RFC
|
2707
|
+
# 5280.
|
2708
|
+
#
|
2709
|
+
#
|
2710
|
+
#
|
2711
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.2.1.4
|
2712
|
+
#
|
2713
|
+
# @note When making an API call, you may pass Qualifier
|
2714
|
+
# data as a hash:
|
2715
|
+
#
|
2716
|
+
# {
|
2717
|
+
# cps_uri: "String256", # required
|
2718
|
+
# }
|
2719
|
+
#
|
2720
|
+
# @!attribute [rw] cps_uri
|
2721
|
+
# Contains a pointer to a certification practice statement (CPS)
|
2722
|
+
# published by the CA.
|
2723
|
+
# @return [String]
|
2724
|
+
#
|
2725
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Qualifier AWS API Documentation
|
2726
|
+
#
|
2727
|
+
class Qualifier < Struct.new(
|
2728
|
+
:cps_uri)
|
2729
|
+
SENSITIVE = []
|
2730
|
+
include Aws::Structure
|
2731
|
+
end
|
2732
|
+
|
2257
2733
|
# Your request has already been completed.
|
2258
2734
|
#
|
2259
2735
|
# @!attribute [rw] message
|
@@ -2594,17 +3070,20 @@ module Aws::ACMPCA
|
|
2594
3070
|
|
2595
3071
|
# Validity specifies the period of time during which a certificate is
|
2596
3072
|
# valid. Validity can be expressed as an explicit date and time when the
|
2597
|
-
# certificate expires, or as a span of time
|
2598
|
-
# days, months, or years. For more
|
2599
|
-
# 5280.
|
3073
|
+
# validity of a certificate starts or expires, or as a span of time
|
3074
|
+
# after issuance, stated in days, months, or years. For more
|
3075
|
+
# information, see [Validity][1] in RFC 5280.
|
2600
3076
|
#
|
2601
|
-
#
|
2602
|
-
# action.
|
3077
|
+
# ACM Private CA API consumes the `Validity` data type differently in
|
3078
|
+
# two distinct parameters of the `IssueCertificate` action. The required
|
3079
|
+
# parameter `IssueCertificate`\:`Validity` specifies the end of a
|
3080
|
+
# certificate's validity period. The optional parameter
|
3081
|
+
# `IssueCertificate`\:`ValidityNotBefore` specifies a customized
|
3082
|
+
# starting time for the validity period.
|
2603
3083
|
#
|
2604
3084
|
#
|
2605
3085
|
#
|
2606
3086
|
# [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
2607
|
-
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
|
2608
3087
|
#
|
2609
3088
|
# @note When making an API call, you may pass Validity
|
2610
3089
|
# data as a hash:
|
@@ -2635,8 +3114,9 @@ module Aws::ACMPCA
|
|
2635
3114
|
#
|
2636
3115
|
# * Output expiration date/time: 12/31/2049 23:59:59
|
2637
3116
|
#
|
2638
|
-
# `ABSOLUTE`\: The specific date and time when the
|
2639
|
-
# expire, expressed in seconds since the
|
3117
|
+
# `ABSOLUTE`\: The specific date and time when the validity of a
|
3118
|
+
# certificate will start or expire, expressed in seconds since the
|
3119
|
+
# Unix Epoch.
|
2640
3120
|
#
|
2641
3121
|
# * Sample input value: 2524608000
|
2642
3122
|
#
|