aws-sdk-acmpca 1.31.0 → 1.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +193 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-acmpca.rb +2 -2
- data/lib/aws-sdk-acmpca/client.rb +193 -61
- data/lib/aws-sdk-acmpca/client_api.rb +53 -1
- data/lib/aws-sdk-acmpca/errors.rb +1 -1
- data/lib/aws-sdk-acmpca/resource.rb +1 -1
- data/lib/aws-sdk-acmpca/types.rb +642 -93
- data/lib/aws-sdk-acmpca/waiters.rb +1 -1
- metadata +11 -9
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
|
@@ -23,6 +23,7 @@ module Aws::ACMPCA
|
|
|
23
23
|
AccountId = Shapes::StringShape.new(name: 'AccountId')
|
|
24
24
|
ActionList = Shapes::ListShape.new(name: 'ActionList')
|
|
25
25
|
ActionType = Shapes::StringShape.new(name: 'ActionType')
|
|
26
|
+
ApiPassthrough = Shapes::StructureShape.new(name: 'ApiPassthrough')
|
|
26
27
|
Arn = Shapes::StringShape.new(name: 'Arn')
|
|
27
28
|
AuditReportId = Shapes::StringShape.new(name: 'AuditReportId')
|
|
28
29
|
AuditReportResponseFormat = Shapes::StringShape.new(name: 'AuditReportResponseFormat')
|
|
@@ -38,6 +39,7 @@ module Aws::ACMPCA
|
|
|
38
39
|
CertificateChain = Shapes::StringShape.new(name: 'CertificateChain')
|
|
39
40
|
CertificateChainBlob = Shapes::BlobShape.new(name: 'CertificateChainBlob')
|
|
40
41
|
CertificateMismatchException = Shapes::StructureShape.new(name: 'CertificateMismatchException')
|
|
42
|
+
CertificatePolicyList = Shapes::ListShape.new(name: 'CertificatePolicyList')
|
|
41
43
|
ConcurrentModificationException = Shapes::StructureShape.new(name: 'ConcurrentModificationException')
|
|
42
44
|
CountryCodeString = Shapes::StringShape.new(name: 'CountryCodeString')
|
|
43
45
|
CreateCertificateAuthorityAuditReportRequest = Shapes::StructureShape.new(name: 'CreateCertificateAuthorityAuditReportRequest')
|
|
@@ -58,8 +60,13 @@ module Aws::ACMPCA
|
|
|
58
60
|
DescribeCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityRequest')
|
|
59
61
|
DescribeCertificateAuthorityResponse = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityResponse')
|
|
60
62
|
EdiPartyName = Shapes::StructureShape.new(name: 'EdiPartyName')
|
|
63
|
+
ExtendedKeyUsage = Shapes::StructureShape.new(name: 'ExtendedKeyUsage')
|
|
64
|
+
ExtendedKeyUsageList = Shapes::ListShape.new(name: 'ExtendedKeyUsageList')
|
|
65
|
+
ExtendedKeyUsageType = Shapes::StringShape.new(name: 'ExtendedKeyUsageType')
|
|
66
|
+
Extensions = Shapes::StructureShape.new(name: 'Extensions')
|
|
61
67
|
FailureReason = Shapes::StringShape.new(name: 'FailureReason')
|
|
62
68
|
GeneralName = Shapes::StructureShape.new(name: 'GeneralName')
|
|
69
|
+
GeneralNameList = Shapes::ListShape.new(name: 'GeneralNameList')
|
|
63
70
|
GetCertificateAuthorityCertificateRequest = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCertificateRequest')
|
|
64
71
|
GetCertificateAuthorityCertificateResponse = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCertificateResponse')
|
|
65
72
|
GetCertificateAuthorityCsrRequest = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCsrRequest')
|
|
@@ -81,6 +88,7 @@ module Aws::ACMPCA
|
|
|
81
88
|
IssueCertificateRequest = Shapes::StructureShape.new(name: 'IssueCertificateRequest')
|
|
82
89
|
IssueCertificateResponse = Shapes::StructureShape.new(name: 'IssueCertificateResponse')
|
|
83
90
|
KeyAlgorithm = Shapes::StringShape.new(name: 'KeyAlgorithm')
|
|
91
|
+
KeyStorageSecurityStandard = Shapes::StringShape.new(name: 'KeyStorageSecurityStandard')
|
|
84
92
|
KeyUsage = Shapes::StructureShape.new(name: 'KeyUsage')
|
|
85
93
|
LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
|
|
86
94
|
ListCertificateAuthoritiesRequest = Shapes::StructureShape.new(name: 'ListCertificateAuthoritiesRequest')
|
|
@@ -99,9 +107,14 @@ module Aws::ACMPCA
|
|
|
99
107
|
Permission = Shapes::StructureShape.new(name: 'Permission')
|
|
100
108
|
PermissionAlreadyExistsException = Shapes::StructureShape.new(name: 'PermissionAlreadyExistsException')
|
|
101
109
|
PermissionList = Shapes::ListShape.new(name: 'PermissionList')
|
|
110
|
+
PolicyInformation = Shapes::StructureShape.new(name: 'PolicyInformation')
|
|
111
|
+
PolicyQualifierId = Shapes::StringShape.new(name: 'PolicyQualifierId')
|
|
112
|
+
PolicyQualifierInfo = Shapes::StructureShape.new(name: 'PolicyQualifierInfo')
|
|
113
|
+
PolicyQualifierInfoList = Shapes::ListShape.new(name: 'PolicyQualifierInfoList')
|
|
102
114
|
PositiveLong = Shapes::IntegerShape.new(name: 'PositiveLong')
|
|
103
115
|
Principal = Shapes::StringShape.new(name: 'Principal')
|
|
104
116
|
PutPolicyRequest = Shapes::StructureShape.new(name: 'PutPolicyRequest')
|
|
117
|
+
Qualifier = Shapes::StructureShape.new(name: 'Qualifier')
|
|
105
118
|
RequestAlreadyProcessedException = Shapes::StructureShape.new(name: 'RequestAlreadyProcessedException')
|
|
106
119
|
RequestFailedException = Shapes::StructureShape.new(name: 'RequestFailedException')
|
|
107
120
|
RequestInProgressException = Shapes::StructureShape.new(name: 'RequestInProgressException')
|
|
@@ -113,6 +126,7 @@ module Aws::ACMPCA
|
|
|
113
126
|
RevokeCertificateRequest = Shapes::StructureShape.new(name: 'RevokeCertificateRequest')
|
|
114
127
|
S3BucketName = Shapes::StringShape.new(name: 'S3BucketName')
|
|
115
128
|
S3Key = Shapes::StringShape.new(name: 'S3Key')
|
|
129
|
+
S3ObjectAcl = Shapes::StringShape.new(name: 'S3ObjectAcl')
|
|
116
130
|
SigningAlgorithm = Shapes::StringShape.new(name: 'SigningAlgorithm')
|
|
117
131
|
String = Shapes::StringShape.new(name: 'String')
|
|
118
132
|
String128 = Shapes::StringShape.new(name: 'String128')
|
|
@@ -165,6 +179,10 @@ module Aws::ACMPCA
|
|
|
165
179
|
|
|
166
180
|
ActionList.member = Shapes::ShapeRef.new(shape: ActionType)
|
|
167
181
|
|
|
182
|
+
ApiPassthrough.add_member(:extensions, Shapes::ShapeRef.new(shape: Extensions, location_name: "Extensions"))
|
|
183
|
+
ApiPassthrough.add_member(:subject, Shapes::ShapeRef.new(shape: ASN1Subject, location_name: "Subject"))
|
|
184
|
+
ApiPassthrough.struct_class = Types::ApiPassthrough
|
|
185
|
+
|
|
168
186
|
CertificateAuthorities.member = Shapes::ShapeRef.new(shape: CertificateAuthority)
|
|
169
187
|
|
|
170
188
|
CertificateAuthority.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
|
|
@@ -180,6 +198,7 @@ module Aws::ACMPCA
|
|
|
180
198
|
CertificateAuthority.add_member(:certificate_authority_configuration, Shapes::ShapeRef.new(shape: CertificateAuthorityConfiguration, location_name: "CertificateAuthorityConfiguration"))
|
|
181
199
|
CertificateAuthority.add_member(:revocation_configuration, Shapes::ShapeRef.new(shape: RevocationConfiguration, location_name: "RevocationConfiguration"))
|
|
182
200
|
CertificateAuthority.add_member(:restorable_until, Shapes::ShapeRef.new(shape: TStamp, location_name: "RestorableUntil"))
|
|
201
|
+
CertificateAuthority.add_member(:key_storage_security_standard, Shapes::ShapeRef.new(shape: KeyStorageSecurityStandard, location_name: "KeyStorageSecurityStandard"))
|
|
183
202
|
CertificateAuthority.struct_class = Types::CertificateAuthority
|
|
184
203
|
|
|
185
204
|
CertificateAuthorityConfiguration.add_member(:key_algorithm, Shapes::ShapeRef.new(shape: KeyAlgorithm, required: true, location_name: "KeyAlgorithm"))
|
|
@@ -191,6 +210,8 @@ module Aws::ACMPCA
|
|
|
191
210
|
CertificateMismatchException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
|
192
211
|
CertificateMismatchException.struct_class = Types::CertificateMismatchException
|
|
193
212
|
|
|
213
|
+
CertificatePolicyList.member = Shapes::ShapeRef.new(shape: PolicyInformation)
|
|
214
|
+
|
|
194
215
|
ConcurrentModificationException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
|
195
216
|
ConcurrentModificationException.struct_class = Types::ConcurrentModificationException
|
|
196
217
|
|
|
@@ -207,6 +228,7 @@ module Aws::ACMPCA
|
|
|
207
228
|
CreateCertificateAuthorityRequest.add_member(:revocation_configuration, Shapes::ShapeRef.new(shape: RevocationConfiguration, location_name: "RevocationConfiguration"))
|
|
208
229
|
CreateCertificateAuthorityRequest.add_member(:certificate_authority_type, Shapes::ShapeRef.new(shape: CertificateAuthorityType, required: true, location_name: "CertificateAuthorityType"))
|
|
209
230
|
CreateCertificateAuthorityRequest.add_member(:idempotency_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "IdempotencyToken"))
|
|
231
|
+
CreateCertificateAuthorityRequest.add_member(:key_storage_security_standard, Shapes::ShapeRef.new(shape: KeyStorageSecurityStandard, location_name: "KeyStorageSecurityStandard"))
|
|
210
232
|
CreateCertificateAuthorityRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
|
|
211
233
|
CreateCertificateAuthorityRequest.struct_class = Types::CreateCertificateAuthorityRequest
|
|
212
234
|
|
|
@@ -223,6 +245,7 @@ module Aws::ACMPCA
|
|
|
223
245
|
CrlConfiguration.add_member(:expiration_in_days, Shapes::ShapeRef.new(shape: Integer1To5000, location_name: "ExpirationInDays", metadata: {"box"=>true}))
|
|
224
246
|
CrlConfiguration.add_member(:custom_cname, Shapes::ShapeRef.new(shape: String253, location_name: "CustomCname"))
|
|
225
247
|
CrlConfiguration.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: String3To255, location_name: "S3BucketName"))
|
|
248
|
+
CrlConfiguration.add_member(:s3_object_acl, Shapes::ShapeRef.new(shape: S3ObjectAcl, location_name: "S3ObjectAcl"))
|
|
226
249
|
CrlConfiguration.struct_class = Types::CrlConfiguration
|
|
227
250
|
|
|
228
251
|
CsrExtensions.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsage, location_name: "KeyUsage"))
|
|
@@ -261,6 +284,18 @@ module Aws::ACMPCA
|
|
|
261
284
|
EdiPartyName.add_member(:name_assigner, Shapes::ShapeRef.new(shape: String256, location_name: "NameAssigner"))
|
|
262
285
|
EdiPartyName.struct_class = Types::EdiPartyName
|
|
263
286
|
|
|
287
|
+
ExtendedKeyUsage.add_member(:extended_key_usage_type, Shapes::ShapeRef.new(shape: ExtendedKeyUsageType, location_name: "ExtendedKeyUsageType"))
|
|
288
|
+
ExtendedKeyUsage.add_member(:extended_key_usage_object_identifier, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, location_name: "ExtendedKeyUsageObjectIdentifier"))
|
|
289
|
+
ExtendedKeyUsage.struct_class = Types::ExtendedKeyUsage
|
|
290
|
+
|
|
291
|
+
ExtendedKeyUsageList.member = Shapes::ShapeRef.new(shape: ExtendedKeyUsage)
|
|
292
|
+
|
|
293
|
+
Extensions.add_member(:certificate_policies, Shapes::ShapeRef.new(shape: CertificatePolicyList, location_name: "CertificatePolicies"))
|
|
294
|
+
Extensions.add_member(:extended_key_usage, Shapes::ShapeRef.new(shape: ExtendedKeyUsageList, location_name: "ExtendedKeyUsage"))
|
|
295
|
+
Extensions.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsage, location_name: "KeyUsage"))
|
|
296
|
+
Extensions.add_member(:subject_alternative_names, Shapes::ShapeRef.new(shape: GeneralNameList, location_name: "SubjectAlternativeNames"))
|
|
297
|
+
Extensions.struct_class = Types::Extensions
|
|
298
|
+
|
|
264
299
|
GeneralName.add_member(:other_name, Shapes::ShapeRef.new(shape: OtherName, location_name: "OtherName"))
|
|
265
300
|
GeneralName.add_member(:rfc_822_name, Shapes::ShapeRef.new(shape: String256, location_name: "Rfc822Name"))
|
|
266
301
|
GeneralName.add_member(:dns_name, Shapes::ShapeRef.new(shape: String253, location_name: "DnsName"))
|
|
@@ -271,6 +306,8 @@ module Aws::ACMPCA
|
|
|
271
306
|
GeneralName.add_member(:registered_id, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, location_name: "RegisteredId"))
|
|
272
307
|
GeneralName.struct_class = Types::GeneralName
|
|
273
308
|
|
|
309
|
+
GeneralNameList.member = Shapes::ShapeRef.new(shape: GeneralName)
|
|
310
|
+
|
|
274
311
|
GetCertificateAuthorityCertificateRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
|
275
312
|
GetCertificateAuthorityCertificateRequest.struct_class = Types::GetCertificateAuthorityCertificateRequest
|
|
276
313
|
|
|
@@ -324,11 +361,13 @@ module Aws::ACMPCA
|
|
|
324
361
|
InvalidTagException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
|
325
362
|
InvalidTagException.struct_class = Types::InvalidTagException
|
|
326
363
|
|
|
364
|
+
IssueCertificateRequest.add_member(:api_passthrough, Shapes::ShapeRef.new(shape: ApiPassthrough, location_name: "ApiPassthrough"))
|
|
327
365
|
IssueCertificateRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
|
328
366
|
IssueCertificateRequest.add_member(:csr, Shapes::ShapeRef.new(shape: CsrBlob, required: true, location_name: "Csr"))
|
|
329
367
|
IssueCertificateRequest.add_member(:signing_algorithm, Shapes::ShapeRef.new(shape: SigningAlgorithm, required: true, location_name: "SigningAlgorithm"))
|
|
330
368
|
IssueCertificateRequest.add_member(:template_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "TemplateArn"))
|
|
331
369
|
IssueCertificateRequest.add_member(:validity, Shapes::ShapeRef.new(shape: Validity, required: true, location_name: "Validity"))
|
|
370
|
+
IssueCertificateRequest.add_member(:validity_not_before, Shapes::ShapeRef.new(shape: Validity, location_name: "ValidityNotBefore"))
|
|
332
371
|
IssueCertificateRequest.add_member(:idempotency_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "IdempotencyToken"))
|
|
333
372
|
IssueCertificateRequest.struct_class = Types::IssueCertificateRequest
|
|
334
373
|
|
|
@@ -402,10 +441,23 @@ module Aws::ACMPCA
|
|
|
402
441
|
|
|
403
442
|
PermissionList.member = Shapes::ShapeRef.new(shape: Permission)
|
|
404
443
|
|
|
444
|
+
PolicyInformation.add_member(:cert_policy_id, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, required: true, location_name: "CertPolicyId"))
|
|
445
|
+
PolicyInformation.add_member(:policy_qualifiers, Shapes::ShapeRef.new(shape: PolicyQualifierInfoList, location_name: "PolicyQualifiers"))
|
|
446
|
+
PolicyInformation.struct_class = Types::PolicyInformation
|
|
447
|
+
|
|
448
|
+
PolicyQualifierInfo.add_member(:policy_qualifier_id, Shapes::ShapeRef.new(shape: PolicyQualifierId, required: true, location_name: "PolicyQualifierId"))
|
|
449
|
+
PolicyQualifierInfo.add_member(:qualifier, Shapes::ShapeRef.new(shape: Qualifier, required: true, location_name: "Qualifier"))
|
|
450
|
+
PolicyQualifierInfo.struct_class = Types::PolicyQualifierInfo
|
|
451
|
+
|
|
452
|
+
PolicyQualifierInfoList.member = Shapes::ShapeRef.new(shape: PolicyQualifierInfo)
|
|
453
|
+
|
|
405
454
|
PutPolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "ResourceArn"))
|
|
406
455
|
PutPolicyRequest.add_member(:policy, Shapes::ShapeRef.new(shape: AWSPolicy, required: true, location_name: "Policy"))
|
|
407
456
|
PutPolicyRequest.struct_class = Types::PutPolicyRequest
|
|
408
457
|
|
|
458
|
+
Qualifier.add_member(:cps_uri, Shapes::ShapeRef.new(shape: String256, required: true, location_name: "CpsUri"))
|
|
459
|
+
Qualifier.struct_class = Types::Qualifier
|
|
460
|
+
|
|
409
461
|
RequestAlreadyProcessedException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
|
410
462
|
RequestAlreadyProcessedException.struct_class = Types::RequestAlreadyProcessedException
|
|
411
463
|
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
data/lib/aws-sdk-acmpca/types.rb
CHANGED
|
@@ -3,23 +3,19 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
|
10
10
|
module Aws::ACMPCA
|
|
11
11
|
module Types
|
|
12
12
|
|
|
13
|
-
# Contains information about the certificate subject. The
|
|
14
|
-
#
|
|
15
|
-
#
|
|
16
|
-
#
|
|
17
|
-
#
|
|
18
|
-
#
|
|
19
|
-
# (DN). A DN is a sequence of relative distinguished names (RDNs). The
|
|
20
|
-
# RDNs are separated by commas in the certificate. The DN must be unique
|
|
21
|
-
# for each entity, but your private CA can issue more than one
|
|
22
|
-
# certificate with the same DN to the same entity.
|
|
13
|
+
# Contains information about the certificate subject. The `Subject`
|
|
14
|
+
# field in the certificate identifies the entity that owns or controls
|
|
15
|
+
# the public key in the certificate. The entity can be a user, computer,
|
|
16
|
+
# device, or service. The `Subject `must contain an X.500 distinguished
|
|
17
|
+
# name (DN). A DN is a sequence of relative distinguished names (RDNs).
|
|
18
|
+
# The RDNs are separated by commas in the certificate.
|
|
23
19
|
#
|
|
24
20
|
# @note When making an API call, you may pass ASN1Subject
|
|
25
21
|
# data as a hash:
|
|
@@ -100,7 +96,7 @@ module Aws::ACMPCA
|
|
|
100
96
|
# @!attribute [rw] initials
|
|
101
97
|
# Concatenation that typically contains the first letter of the
|
|
102
98
|
# **GivenName**, the first letter of the middle name if one exists,
|
|
103
|
-
# and the first letter of the **
|
|
99
|
+
# and the first letter of the **Surname**.
|
|
104
100
|
# @return [String]
|
|
105
101
|
#
|
|
106
102
|
# @!attribute [rw] pseudonym
|
|
@@ -235,6 +231,128 @@ module Aws::ACMPCA
|
|
|
235
231
|
include Aws::Structure
|
|
236
232
|
end
|
|
237
233
|
|
|
234
|
+
# Contains X.509 certificate information to be placed in an issued
|
|
235
|
+
# certificate. An `APIPassthrough` or `APICSRPassthrough` template
|
|
236
|
+
# variant must be selected, or else this parameter is ignored.
|
|
237
|
+
#
|
|
238
|
+
# If conflicting or duplicate certificate information is supplied from
|
|
239
|
+
# other sources, ACM Private CA applies [order of operation rules][1] to
|
|
240
|
+
# determine what information is used.
|
|
241
|
+
#
|
|
242
|
+
#
|
|
243
|
+
#
|
|
244
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
|
|
245
|
+
#
|
|
246
|
+
# @note When making an API call, you may pass ApiPassthrough
|
|
247
|
+
# data as a hash:
|
|
248
|
+
#
|
|
249
|
+
# {
|
|
250
|
+
# extensions: {
|
|
251
|
+
# certificate_policies: [
|
|
252
|
+
# {
|
|
253
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
|
254
|
+
# policy_qualifiers: [
|
|
255
|
+
# {
|
|
256
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
|
257
|
+
# qualifier: { # required
|
|
258
|
+
# cps_uri: "String256", # required
|
|
259
|
+
# },
|
|
260
|
+
# },
|
|
261
|
+
# ],
|
|
262
|
+
# },
|
|
263
|
+
# ],
|
|
264
|
+
# extended_key_usage: [
|
|
265
|
+
# {
|
|
266
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
|
267
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
|
268
|
+
# },
|
|
269
|
+
# ],
|
|
270
|
+
# key_usage: {
|
|
271
|
+
# digital_signature: false,
|
|
272
|
+
# non_repudiation: false,
|
|
273
|
+
# key_encipherment: false,
|
|
274
|
+
# data_encipherment: false,
|
|
275
|
+
# key_agreement: false,
|
|
276
|
+
# key_cert_sign: false,
|
|
277
|
+
# crl_sign: false,
|
|
278
|
+
# encipher_only: false,
|
|
279
|
+
# decipher_only: false,
|
|
280
|
+
# },
|
|
281
|
+
# subject_alternative_names: [
|
|
282
|
+
# {
|
|
283
|
+
# other_name: {
|
|
284
|
+
# type_id: "CustomObjectIdentifier", # required
|
|
285
|
+
# value: "String256", # required
|
|
286
|
+
# },
|
|
287
|
+
# rfc_822_name: "String256",
|
|
288
|
+
# dns_name: "String253",
|
|
289
|
+
# directory_name: {
|
|
290
|
+
# country: "CountryCodeString",
|
|
291
|
+
# organization: "String64",
|
|
292
|
+
# organizational_unit: "String64",
|
|
293
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
|
294
|
+
# state: "String128",
|
|
295
|
+
# common_name: "String64",
|
|
296
|
+
# serial_number: "ASN1PrintableString64",
|
|
297
|
+
# locality: "String128",
|
|
298
|
+
# title: "String64",
|
|
299
|
+
# surname: "String40",
|
|
300
|
+
# given_name: "String16",
|
|
301
|
+
# initials: "String5",
|
|
302
|
+
# pseudonym: "String128",
|
|
303
|
+
# generation_qualifier: "String3",
|
|
304
|
+
# },
|
|
305
|
+
# edi_party_name: {
|
|
306
|
+
# party_name: "String256", # required
|
|
307
|
+
# name_assigner: "String256",
|
|
308
|
+
# },
|
|
309
|
+
# uniform_resource_identifier: "String253",
|
|
310
|
+
# ip_address: "String39",
|
|
311
|
+
# registered_id: "CustomObjectIdentifier",
|
|
312
|
+
# },
|
|
313
|
+
# ],
|
|
314
|
+
# },
|
|
315
|
+
# subject: {
|
|
316
|
+
# country: "CountryCodeString",
|
|
317
|
+
# organization: "String64",
|
|
318
|
+
# organizational_unit: "String64",
|
|
319
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
|
320
|
+
# state: "String128",
|
|
321
|
+
# common_name: "String64",
|
|
322
|
+
# serial_number: "ASN1PrintableString64",
|
|
323
|
+
# locality: "String128",
|
|
324
|
+
# title: "String64",
|
|
325
|
+
# surname: "String40",
|
|
326
|
+
# given_name: "String16",
|
|
327
|
+
# initials: "String5",
|
|
328
|
+
# pseudonym: "String128",
|
|
329
|
+
# generation_qualifier: "String3",
|
|
330
|
+
# },
|
|
331
|
+
# }
|
|
332
|
+
#
|
|
333
|
+
# @!attribute [rw] extensions
|
|
334
|
+
# Specifies X.509 extension information for a certificate.
|
|
335
|
+
# @return [Types::Extensions]
|
|
336
|
+
#
|
|
337
|
+
# @!attribute [rw] subject
|
|
338
|
+
# Contains information about the certificate subject. The `Subject`
|
|
339
|
+
# field in the certificate identifies the entity that owns or controls
|
|
340
|
+
# the public key in the certificate. The entity can be a user,
|
|
341
|
+
# computer, device, or service. The `Subject `must contain an X.500
|
|
342
|
+
# distinguished name (DN). A DN is a sequence of relative
|
|
343
|
+
# distinguished names (RDNs). The RDNs are separated by commas in the
|
|
344
|
+
# certificate.
|
|
345
|
+
# @return [Types::ASN1Subject]
|
|
346
|
+
#
|
|
347
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ApiPassthrough AWS API Documentation
|
|
348
|
+
#
|
|
349
|
+
class ApiPassthrough < Struct.new(
|
|
350
|
+
:extensions,
|
|
351
|
+
:subject)
|
|
352
|
+
SENSITIVE = []
|
|
353
|
+
include Aws::Structure
|
|
354
|
+
end
|
|
355
|
+
|
|
238
356
|
# Contains information about your private certificate authority (CA).
|
|
239
357
|
# Your private CA can issue and revoke X.509 digital certificates.
|
|
240
358
|
# Digital certificates verify that the entity named in the certificate
|
|
@@ -314,6 +432,20 @@ module Aws::ACMPCA
|
|
|
314
432
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html
|
|
315
433
|
# @return [Time]
|
|
316
434
|
#
|
|
435
|
+
# @!attribute [rw] key_storage_security_standard
|
|
436
|
+
# Defines a cryptographic key management compliance standard used for
|
|
437
|
+
# handling CA keys.
|
|
438
|
+
#
|
|
439
|
+
# Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
|
|
440
|
+
#
|
|
441
|
+
# Note: AWS Region ap-northeast-3 supports only
|
|
442
|
+
# FIPS\_140\_2\_LEVEL\_2\_OR\_HIGHER. You must explicitly specify this
|
|
443
|
+
# parameter and value when creating a CA in that Region. Specifying a
|
|
444
|
+
# different value (or no value) results in an `InvalidArgsException`
|
|
445
|
+
# with the message "A certificate authority cannot be created in this
|
|
446
|
+
# region with the specified security standard."
|
|
447
|
+
# @return [String]
|
|
448
|
+
#
|
|
317
449
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CertificateAuthority AWS API Documentation
|
|
318
450
|
#
|
|
319
451
|
class CertificateAuthority < Struct.new(
|
|
@@ -329,7 +461,8 @@ module Aws::ACMPCA
|
|
|
329
461
|
:failure_reason,
|
|
330
462
|
:certificate_authority_configuration,
|
|
331
463
|
:revocation_configuration,
|
|
332
|
-
:restorable_until
|
|
464
|
+
:restorable_until,
|
|
465
|
+
:key_storage_security_standard)
|
|
333
466
|
SENSITIVE = []
|
|
334
467
|
include Aws::Structure
|
|
335
468
|
end
|
|
@@ -621,10 +754,12 @@ module Aws::ACMPCA
|
|
|
621
754
|
# expiration_in_days: 1,
|
|
622
755
|
# custom_cname: "String253",
|
|
623
756
|
# s3_bucket_name: "String3To255",
|
|
757
|
+
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
|
624
758
|
# },
|
|
625
759
|
# },
|
|
626
760
|
# certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
|
|
627
761
|
# idempotency_token: "IdempotencyToken",
|
|
762
|
+
# key_storage_security_standard: "FIPS_140_2_LEVEL_2_OR_HIGHER", # accepts FIPS_140_2_LEVEL_2_OR_HIGHER, FIPS_140_2_LEVEL_3_OR_HIGHER
|
|
628
763
|
# tags: [
|
|
629
764
|
# {
|
|
630
765
|
# key: "TagKey", # required
|
|
@@ -656,13 +791,30 @@ module Aws::ACMPCA
|
|
|
656
791
|
# @return [String]
|
|
657
792
|
#
|
|
658
793
|
# @!attribute [rw] idempotency_token
|
|
659
|
-
#
|
|
660
|
-
# **CreateCertificateAuthority
|
|
661
|
-
#
|
|
662
|
-
#
|
|
663
|
-
#
|
|
664
|
-
#
|
|
665
|
-
# token
|
|
794
|
+
# Custom string that can be used to distinguish between calls to the
|
|
795
|
+
# **CreateCertificateAuthority** action. Idempotency tokens for
|
|
796
|
+
# **CreateCertificateAuthority** time out after five minutes.
|
|
797
|
+
# Therefore, if you call **CreateCertificateAuthority** multiple times
|
|
798
|
+
# with the same idempotency token within five minutes, ACM Private CA
|
|
799
|
+
# recognizes that you are requesting only certificate authority and
|
|
800
|
+
# will issue only one. If you change the idempotency token for each
|
|
801
|
+
# call, PCA recognizes that you are requesting multiple certificate
|
|
802
|
+
# authorities.
|
|
803
|
+
# @return [String]
|
|
804
|
+
#
|
|
805
|
+
# @!attribute [rw] key_storage_security_standard
|
|
806
|
+
# Specifies a cryptographic key management compliance standard used
|
|
807
|
+
# for handling CA keys.
|
|
808
|
+
#
|
|
809
|
+
# Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
|
|
810
|
+
#
|
|
811
|
+
# Note: `FIPS_140_2_LEVEL_3_OR_HIGHER` is not supported in Region
|
|
812
|
+
# ap-northeast-3. When creating a CA in the ap-northeast-3, you must
|
|
813
|
+
# provide `FIPS_140_2_LEVEL_2_OR_HIGHER` as the argument for
|
|
814
|
+
# `KeyStorageSecurityStandard`. Failure to do this results in an
|
|
815
|
+
# `InvalidArgsException` with the message, "A certificate authority
|
|
816
|
+
# cannot be created in this region with the specified security
|
|
817
|
+
# standard."
|
|
666
818
|
# @return [String]
|
|
667
819
|
#
|
|
668
820
|
# @!attribute [rw] tags
|
|
@@ -683,6 +835,7 @@ module Aws::ACMPCA
|
|
|
683
835
|
:revocation_configuration,
|
|
684
836
|
:certificate_authority_type,
|
|
685
837
|
:idempotency_token,
|
|
838
|
+
:key_storage_security_standard,
|
|
686
839
|
:tags)
|
|
687
840
|
SENSITIVE = []
|
|
688
841
|
include Aws::Structure
|
|
@@ -764,7 +917,7 @@ module Aws::ACMPCA
|
|
|
764
917
|
# Points** extension of each certificate it issues. Your S3 bucket
|
|
765
918
|
# policy must give write permission to ACM Private CA.
|
|
766
919
|
#
|
|
767
|
-
# ACM Private
|
|
920
|
+
# ACM Private CA assets that are stored in Amazon S3 can be protected
|
|
768
921
|
# with encryption. For more information, see [Encrypting Your CRLs][1].
|
|
769
922
|
#
|
|
770
923
|
# Your private CA uses the value in the **ExpirationInDays** parameter
|
|
@@ -833,6 +986,7 @@ module Aws::ACMPCA
|
|
|
833
986
|
# expiration_in_days: 1,
|
|
834
987
|
# custom_cname: "String253",
|
|
835
988
|
# s3_bucket_name: "String3To255",
|
|
989
|
+
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
|
836
990
|
# }
|
|
837
991
|
#
|
|
838
992
|
# @!attribute [rw] enabled
|
|
@@ -865,12 +1019,39 @@ module Aws::ACMPCA
|
|
|
865
1019
|
# is placed into the **CRL Distribution Points** extension of the
|
|
866
1020
|
# issued certificate. You can change the name of your bucket by
|
|
867
1021
|
# calling the [UpdateCertificateAuthority][1] action. You must specify
|
|
868
|
-
# a bucket policy that allows ACM Private CA to write the CRL to
|
|
869
|
-
# bucket.
|
|
1022
|
+
# a [bucket policy][2] that allows ACM Private CA to write the CRL to
|
|
1023
|
+
# your bucket.
|
|
870
1024
|
#
|
|
871
1025
|
#
|
|
872
1026
|
#
|
|
873
1027
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
|
|
1028
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies
|
|
1029
|
+
# @return [String]
|
|
1030
|
+
#
|
|
1031
|
+
# @!attribute [rw] s3_object_acl
|
|
1032
|
+
# Determines whether the CRL will be publicly readable or privately
|
|
1033
|
+
# held in the CRL Amazon S3 bucket. If you choose PUBLIC\_READ, the
|
|
1034
|
+
# CRL will be accessible over the public internet. If you choose
|
|
1035
|
+
# BUCKET\_OWNER\_FULL\_CONTROL, only the owner of the CRL S3 bucket
|
|
1036
|
+
# can access the CRL, and your PKI clients may need an alternative
|
|
1037
|
+
# method of access.
|
|
1038
|
+
#
|
|
1039
|
+
# If no value is specified, the default is `PUBLIC_READ`.
|
|
1040
|
+
#
|
|
1041
|
+
# *Note:* This default can cause CA creation to fail in some
|
|
1042
|
+
# circumstances. If you have have enabled the Block Public Access
|
|
1043
|
+
# (BPA) feature in your S3 account, then you must specify the value of
|
|
1044
|
+
# this parameter as `BUCKET_OWNER_FULL_CONTROL`, and not doing so
|
|
1045
|
+
# results in an error. If you have disabled BPA in S3, then you can
|
|
1046
|
+
# specify either `BUCKET_OWNER_FULL_CONTROL` or `PUBLIC_READ` as the
|
|
1047
|
+
# value.
|
|
1048
|
+
#
|
|
1049
|
+
# For more information, see [Blocking public access to the S3
|
|
1050
|
+
# bucket][1].
|
|
1051
|
+
#
|
|
1052
|
+
#
|
|
1053
|
+
#
|
|
1054
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-bpa
|
|
874
1055
|
# @return [String]
|
|
875
1056
|
#
|
|
876
1057
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CrlConfiguration AWS API Documentation
|
|
@@ -879,7 +1060,8 @@ module Aws::ACMPCA
|
|
|
879
1060
|
:enabled,
|
|
880
1061
|
:expiration_in_days,
|
|
881
1062
|
:custom_cname,
|
|
882
|
-
:s3_bucket_name
|
|
1063
|
+
:s3_bucket_name,
|
|
1064
|
+
:s3_object_acl)
|
|
883
1065
|
SENSITIVE = []
|
|
884
1066
|
include Aws::Structure
|
|
885
1067
|
end
|
|
@@ -1211,10 +1393,160 @@ module Aws::ACMPCA
|
|
|
1211
1393
|
include Aws::Structure
|
|
1212
1394
|
end
|
|
1213
1395
|
|
|
1396
|
+
# Specifies additional purposes for which the certified public key may
|
|
1397
|
+
# be used other than basic purposes indicated in the `KeyUsage`
|
|
1398
|
+
# extension.
|
|
1399
|
+
#
|
|
1400
|
+
# @note When making an API call, you may pass ExtendedKeyUsage
|
|
1401
|
+
# data as a hash:
|
|
1402
|
+
#
|
|
1403
|
+
# {
|
|
1404
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
|
1405
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
|
1406
|
+
# }
|
|
1407
|
+
#
|
|
1408
|
+
# @!attribute [rw] extended_key_usage_type
|
|
1409
|
+
# Specifies a standard `ExtendedKeyUsage` as defined as in [RFC
|
|
1410
|
+
# 5280][1].
|
|
1411
|
+
#
|
|
1412
|
+
#
|
|
1413
|
+
#
|
|
1414
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.2.1.12
|
|
1415
|
+
# @return [String]
|
|
1416
|
+
#
|
|
1417
|
+
# @!attribute [rw] extended_key_usage_object_identifier
|
|
1418
|
+
# Specifies a custom `ExtendedKeyUsage` with an object identifier
|
|
1419
|
+
# (OID).
|
|
1420
|
+
# @return [String]
|
|
1421
|
+
#
|
|
1422
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ExtendedKeyUsage AWS API Documentation
|
|
1423
|
+
#
|
|
1424
|
+
class ExtendedKeyUsage < Struct.new(
|
|
1425
|
+
:extended_key_usage_type,
|
|
1426
|
+
:extended_key_usage_object_identifier)
|
|
1427
|
+
SENSITIVE = []
|
|
1428
|
+
include Aws::Structure
|
|
1429
|
+
end
|
|
1430
|
+
|
|
1431
|
+
# Contains X.509 extension information for a certificate.
|
|
1432
|
+
#
|
|
1433
|
+
# @note When making an API call, you may pass Extensions
|
|
1434
|
+
# data as a hash:
|
|
1435
|
+
#
|
|
1436
|
+
# {
|
|
1437
|
+
# certificate_policies: [
|
|
1438
|
+
# {
|
|
1439
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
|
1440
|
+
# policy_qualifiers: [
|
|
1441
|
+
# {
|
|
1442
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
|
1443
|
+
# qualifier: { # required
|
|
1444
|
+
# cps_uri: "String256", # required
|
|
1445
|
+
# },
|
|
1446
|
+
# },
|
|
1447
|
+
# ],
|
|
1448
|
+
# },
|
|
1449
|
+
# ],
|
|
1450
|
+
# extended_key_usage: [
|
|
1451
|
+
# {
|
|
1452
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
|
1453
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
|
1454
|
+
# },
|
|
1455
|
+
# ],
|
|
1456
|
+
# key_usage: {
|
|
1457
|
+
# digital_signature: false,
|
|
1458
|
+
# non_repudiation: false,
|
|
1459
|
+
# key_encipherment: false,
|
|
1460
|
+
# data_encipherment: false,
|
|
1461
|
+
# key_agreement: false,
|
|
1462
|
+
# key_cert_sign: false,
|
|
1463
|
+
# crl_sign: false,
|
|
1464
|
+
# encipher_only: false,
|
|
1465
|
+
# decipher_only: false,
|
|
1466
|
+
# },
|
|
1467
|
+
# subject_alternative_names: [
|
|
1468
|
+
# {
|
|
1469
|
+
# other_name: {
|
|
1470
|
+
# type_id: "CustomObjectIdentifier", # required
|
|
1471
|
+
# value: "String256", # required
|
|
1472
|
+
# },
|
|
1473
|
+
# rfc_822_name: "String256",
|
|
1474
|
+
# dns_name: "String253",
|
|
1475
|
+
# directory_name: {
|
|
1476
|
+
# country: "CountryCodeString",
|
|
1477
|
+
# organization: "String64",
|
|
1478
|
+
# organizational_unit: "String64",
|
|
1479
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
|
1480
|
+
# state: "String128",
|
|
1481
|
+
# common_name: "String64",
|
|
1482
|
+
# serial_number: "ASN1PrintableString64",
|
|
1483
|
+
# locality: "String128",
|
|
1484
|
+
# title: "String64",
|
|
1485
|
+
# surname: "String40",
|
|
1486
|
+
# given_name: "String16",
|
|
1487
|
+
# initials: "String5",
|
|
1488
|
+
# pseudonym: "String128",
|
|
1489
|
+
# generation_qualifier: "String3",
|
|
1490
|
+
# },
|
|
1491
|
+
# edi_party_name: {
|
|
1492
|
+
# party_name: "String256", # required
|
|
1493
|
+
# name_assigner: "String256",
|
|
1494
|
+
# },
|
|
1495
|
+
# uniform_resource_identifier: "String253",
|
|
1496
|
+
# ip_address: "String39",
|
|
1497
|
+
# registered_id: "CustomObjectIdentifier",
|
|
1498
|
+
# },
|
|
1499
|
+
# ],
|
|
1500
|
+
# }
|
|
1501
|
+
#
|
|
1502
|
+
# @!attribute [rw] certificate_policies
|
|
1503
|
+
# Contains a sequence of one or more policy information terms, each of
|
|
1504
|
+
# which consists of an object identifier (OID) and optional
|
|
1505
|
+
# qualifiers. For more information, see NIST's definition of [Object
|
|
1506
|
+
# Identifier (OID)][1].
|
|
1507
|
+
#
|
|
1508
|
+
# In an end-entity certificate, these terms indicate the policy under
|
|
1509
|
+
# which the certificate was issued and the purposes for which it may
|
|
1510
|
+
# be used. In a CA certificate, these terms limit the set of policies
|
|
1511
|
+
# for certification paths that include this certificate.
|
|
1512
|
+
#
|
|
1513
|
+
#
|
|
1514
|
+
#
|
|
1515
|
+
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
|
1516
|
+
# @return [Array<Types::PolicyInformation>]
|
|
1517
|
+
#
|
|
1518
|
+
# @!attribute [rw] extended_key_usage
|
|
1519
|
+
# Specifies additional purposes for which the certified public key may
|
|
1520
|
+
# be used other than basic purposes indicated in the `KeyUsage`
|
|
1521
|
+
# extension.
|
|
1522
|
+
# @return [Array<Types::ExtendedKeyUsage>]
|
|
1523
|
+
#
|
|
1524
|
+
# @!attribute [rw] key_usage
|
|
1525
|
+
# Defines one or more purposes for which the key contained in the
|
|
1526
|
+
# certificate can be used. Default value for each option is false.
|
|
1527
|
+
# @return [Types::KeyUsage]
|
|
1528
|
+
#
|
|
1529
|
+
# @!attribute [rw] subject_alternative_names
|
|
1530
|
+
# The subject alternative name extension allows identities to be bound
|
|
1531
|
+
# to the subject of the certificate. These identities may be included
|
|
1532
|
+
# in addition to or in place of the identity in the subject field of
|
|
1533
|
+
# the certificate.
|
|
1534
|
+
# @return [Array<Types::GeneralName>]
|
|
1535
|
+
#
|
|
1536
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Extensions AWS API Documentation
|
|
1537
|
+
#
|
|
1538
|
+
class Extensions < Struct.new(
|
|
1539
|
+
:certificate_policies,
|
|
1540
|
+
:extended_key_usage,
|
|
1541
|
+
:key_usage,
|
|
1542
|
+
:subject_alternative_names)
|
|
1543
|
+
SENSITIVE = []
|
|
1544
|
+
include Aws::Structure
|
|
1545
|
+
end
|
|
1546
|
+
|
|
1214
1547
|
# Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280][1].
|
|
1215
|
-
# Only one of the following naming options should be
|
|
1216
|
-
#
|
|
1217
|
-
# error.
|
|
1548
|
+
# Only one of the following naming options should be provided. Providing
|
|
1549
|
+
# more than one option results in an `InvalidArgsException` error.
|
|
1218
1550
|
#
|
|
1219
1551
|
#
|
|
1220
1552
|
#
|
|
@@ -1272,16 +1604,13 @@ module Aws::ACMPCA
|
|
|
1272
1604
|
# @return [String]
|
|
1273
1605
|
#
|
|
1274
1606
|
# @!attribute [rw] directory_name
|
|
1275
|
-
# Contains information about the certificate subject. The
|
|
1276
|
-
#
|
|
1277
|
-
#
|
|
1278
|
-
#
|
|
1279
|
-
#
|
|
1280
|
-
#
|
|
1281
|
-
#
|
|
1282
|
-
# RDNs are separated by commas in the certificate. The DN must be
|
|
1283
|
-
# unique for each entity, but your private CA can issue more than one
|
|
1284
|
-
# certificate with the same DN to the same entity.
|
|
1607
|
+
# Contains information about the certificate subject. The `Subject`
|
|
1608
|
+
# field in the certificate identifies the entity that owns or controls
|
|
1609
|
+
# the public key in the certificate. The entity can be a user,
|
|
1610
|
+
# computer, device, or service. The `Subject `must contain an X.500
|
|
1611
|
+
# distinguished name (DN). A DN is a sequence of relative
|
|
1612
|
+
# distinguished names (RDNs). The RDNs are separated by commas in the
|
|
1613
|
+
# certificate.
|
|
1285
1614
|
# @return [Types::ASN1Subject]
|
|
1286
1615
|
#
|
|
1287
1616
|
# @!attribute [rw] edi_party_name
|
|
@@ -1644,6 +1973,89 @@ module Aws::ACMPCA
|
|
|
1644
1973
|
# data as a hash:
|
|
1645
1974
|
#
|
|
1646
1975
|
# {
|
|
1976
|
+
# api_passthrough: {
|
|
1977
|
+
# extensions: {
|
|
1978
|
+
# certificate_policies: [
|
|
1979
|
+
# {
|
|
1980
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
|
1981
|
+
# policy_qualifiers: [
|
|
1982
|
+
# {
|
|
1983
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
|
1984
|
+
# qualifier: { # required
|
|
1985
|
+
# cps_uri: "String256", # required
|
|
1986
|
+
# },
|
|
1987
|
+
# },
|
|
1988
|
+
# ],
|
|
1989
|
+
# },
|
|
1990
|
+
# ],
|
|
1991
|
+
# extended_key_usage: [
|
|
1992
|
+
# {
|
|
1993
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
|
1994
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
|
1995
|
+
# },
|
|
1996
|
+
# ],
|
|
1997
|
+
# key_usage: {
|
|
1998
|
+
# digital_signature: false,
|
|
1999
|
+
# non_repudiation: false,
|
|
2000
|
+
# key_encipherment: false,
|
|
2001
|
+
# data_encipherment: false,
|
|
2002
|
+
# key_agreement: false,
|
|
2003
|
+
# key_cert_sign: false,
|
|
2004
|
+
# crl_sign: false,
|
|
2005
|
+
# encipher_only: false,
|
|
2006
|
+
# decipher_only: false,
|
|
2007
|
+
# },
|
|
2008
|
+
# subject_alternative_names: [
|
|
2009
|
+
# {
|
|
2010
|
+
# other_name: {
|
|
2011
|
+
# type_id: "CustomObjectIdentifier", # required
|
|
2012
|
+
# value: "String256", # required
|
|
2013
|
+
# },
|
|
2014
|
+
# rfc_822_name: "String256",
|
|
2015
|
+
# dns_name: "String253",
|
|
2016
|
+
# directory_name: {
|
|
2017
|
+
# country: "CountryCodeString",
|
|
2018
|
+
# organization: "String64",
|
|
2019
|
+
# organizational_unit: "String64",
|
|
2020
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
|
2021
|
+
# state: "String128",
|
|
2022
|
+
# common_name: "String64",
|
|
2023
|
+
# serial_number: "ASN1PrintableString64",
|
|
2024
|
+
# locality: "String128",
|
|
2025
|
+
# title: "String64",
|
|
2026
|
+
# surname: "String40",
|
|
2027
|
+
# given_name: "String16",
|
|
2028
|
+
# initials: "String5",
|
|
2029
|
+
# pseudonym: "String128",
|
|
2030
|
+
# generation_qualifier: "String3",
|
|
2031
|
+
# },
|
|
2032
|
+
# edi_party_name: {
|
|
2033
|
+
# party_name: "String256", # required
|
|
2034
|
+
# name_assigner: "String256",
|
|
2035
|
+
# },
|
|
2036
|
+
# uniform_resource_identifier: "String253",
|
|
2037
|
+
# ip_address: "String39",
|
|
2038
|
+
# registered_id: "CustomObjectIdentifier",
|
|
2039
|
+
# },
|
|
2040
|
+
# ],
|
|
2041
|
+
# },
|
|
2042
|
+
# subject: {
|
|
2043
|
+
# country: "CountryCodeString",
|
|
2044
|
+
# organization: "String64",
|
|
2045
|
+
# organizational_unit: "String64",
|
|
2046
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
|
2047
|
+
# state: "String128",
|
|
2048
|
+
# common_name: "String64",
|
|
2049
|
+
# serial_number: "ASN1PrintableString64",
|
|
2050
|
+
# locality: "String128",
|
|
2051
|
+
# title: "String64",
|
|
2052
|
+
# surname: "String40",
|
|
2053
|
+
# given_name: "String16",
|
|
2054
|
+
# initials: "String5",
|
|
2055
|
+
# pseudonym: "String128",
|
|
2056
|
+
# generation_qualifier: "String3",
|
|
2057
|
+
# },
|
|
2058
|
+
# },
|
|
1647
2059
|
# certificate_authority_arn: "Arn", # required
|
|
1648
2060
|
# csr: "data", # required
|
|
1649
2061
|
# signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
|
|
@@ -1652,9 +2064,30 @@ module Aws::ACMPCA
|
|
|
1652
2064
|
# value: 1, # required
|
|
1653
2065
|
# type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
|
|
1654
2066
|
# },
|
|
2067
|
+
# validity_not_before: {
|
|
2068
|
+
# value: 1, # required
|
|
2069
|
+
# type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
|
|
2070
|
+
# },
|
|
1655
2071
|
# idempotency_token: "IdempotencyToken",
|
|
1656
2072
|
# }
|
|
1657
2073
|
#
|
|
2074
|
+
# @!attribute [rw] api_passthrough
|
|
2075
|
+
# Specifies X.509 certificate information to be included in the issued
|
|
2076
|
+
# certificate. An `APIPassthrough` or `APICSRPassthrough` template
|
|
2077
|
+
# variant must be selected, or else this parameter is ignored. For
|
|
2078
|
+
# more information about using these templates, see [Understanding
|
|
2079
|
+
# Certificate Templates][1].
|
|
2080
|
+
#
|
|
2081
|
+
# If conflicting or duplicate certificate information is supplied
|
|
2082
|
+
# during certificate issuance, ACM Private CA applies [order of
|
|
2083
|
+
# operation rules][2] to determine what information is used.
|
|
2084
|
+
#
|
|
2085
|
+
#
|
|
2086
|
+
#
|
|
2087
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
|
|
2088
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
|
|
2089
|
+
# @return [Types::ApiPassthrough]
|
|
2090
|
+
#
|
|
1658
2091
|
# @!attribute [rw] certificate_authority_arn
|
|
1659
2092
|
# The Amazon Resource Name (ARN) that was returned when you called
|
|
1660
2093
|
# [CreateCertificateAuthority][1]. This must be of the form:
|
|
@@ -1669,15 +2102,15 @@ module Aws::ACMPCA
|
|
|
1669
2102
|
#
|
|
1670
2103
|
# @!attribute [rw] csr
|
|
1671
2104
|
# The certificate signing request (CSR) for the certificate you want
|
|
1672
|
-
# to issue.
|
|
1673
|
-
# CSR and a 2048 bit RSA private key.
|
|
2105
|
+
# to issue. As an example, you can use the following OpenSSL command
|
|
2106
|
+
# to create the CSR and a 2048 bit RSA private key.
|
|
1674
2107
|
#
|
|
1675
2108
|
# `openssl req -new -newkey rsa:2048 -days 365 -keyout
|
|
1676
2109
|
# private/test_cert_priv_key.pem -out csr/test_cert_.csr`
|
|
1677
2110
|
#
|
|
1678
|
-
# If you have a configuration file, you can use the following
|
|
1679
|
-
# command. The `usr_cert` block in the configuration file
|
|
1680
|
-
# your X509 version 3 extensions.
|
|
2111
|
+
# If you have a configuration file, you can then use the following
|
|
2112
|
+
# OpenSSL command. The `usr_cert` block in the configuration file
|
|
2113
|
+
# contains your X509 version 3 extensions.
|
|
1681
2114
|
#
|
|
1682
2115
|
# `openssl req -new -config openssl_rsa.cnf -extensions usr_cert
|
|
1683
2116
|
# -newkey rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem
|
|
@@ -1692,7 +2125,8 @@ module Aws::ACMPCA
|
|
|
1692
2125
|
# to be issued.
|
|
1693
2126
|
#
|
|
1694
2127
|
# This parameter should not be confused with the `SigningAlgorithm`
|
|
1695
|
-
# parameter used to sign a CSR
|
|
2128
|
+
# parameter used to sign a CSR in the `CreateCertificateAuthority`
|
|
2129
|
+
# action.
|
|
1696
2130
|
# @return [String]
|
|
1697
2131
|
#
|
|
1698
2132
|
# @!attribute [rw] template_arn
|
|
@@ -1706,77 +2140,85 @@ module Aws::ACMPCA
|
|
|
1706
2140
|
# Note: The CA depth configured on a subordinate CA certificate must
|
|
1707
2141
|
# not exceed the limit set by its parents in the CA hierarchy.
|
|
1708
2142
|
#
|
|
1709
|
-
#
|
|
1710
|
-
#
|
|
1711
|
-
#
|
|
1712
|
-
# * arn:aws:acm-pca:::template/CodeSigningCertificate/V1
|
|
2143
|
+
# For a list of `TemplateArn` values supported by ACM Private CA, see
|
|
2144
|
+
# [Understanding Certificate Templates][2].
|
|
1713
2145
|
#
|
|
1714
|
-
# * arn:aws:acm-pca:::template/CodeSigningCertificate\_CSRPassthrough/V1
|
|
1715
2146
|
#
|
|
1716
|
-
# * arn:aws:acm-pca:::template/EndEntityCertificate/V1
|
|
1717
2147
|
#
|
|
1718
|
-
#
|
|
1719
|
-
#
|
|
1720
|
-
#
|
|
1721
|
-
#
|
|
1722
|
-
# * arn:aws:acm-pca:::template/EndEntityClientAuthCertificate\_CSRPassthrough/V1
|
|
1723
|
-
#
|
|
1724
|
-
# * arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1
|
|
1725
|
-
#
|
|
1726
|
-
# * arn:aws:acm-pca:::template/EndEntityServerAuthCertificate\_CSRPassthrough/V1
|
|
2148
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth
|
|
2149
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
|
|
2150
|
+
# @return [String]
|
|
1727
2151
|
#
|
|
1728
|
-
#
|
|
2152
|
+
# @!attribute [rw] validity
|
|
2153
|
+
# Information describing the end of the validity period of the
|
|
2154
|
+
# certificate. This parameter sets the “Not After” date for the
|
|
2155
|
+
# certificate.
|
|
1729
2156
|
#
|
|
1730
|
-
#
|
|
2157
|
+
# Certificate validity is the period of time during which a
|
|
2158
|
+
# certificate is valid. Validity can be expressed as an explicit date
|
|
2159
|
+
# and time when the certificate expires, or as a span of time after
|
|
2160
|
+
# issuance, stated in days, months, or years. For more information,
|
|
2161
|
+
# see [Validity][1] in RFC 5280.
|
|
1731
2162
|
#
|
|
1732
|
-
#
|
|
2163
|
+
# This value is unaffected when `ValidityNotBefore` is also specified.
|
|
2164
|
+
# For example, if `Validity` is set to 20 days in the future, the
|
|
2165
|
+
# certificate will expire 20 days from issuance time regardless of the
|
|
2166
|
+
# `ValidityNotBefore` value.
|
|
1733
2167
|
#
|
|
1734
|
-
#
|
|
2168
|
+
# The end of the validity period configured on a certificate must not
|
|
2169
|
+
# exceed the limit set on its parents in the CA hierarchy.
|
|
1735
2170
|
#
|
|
1736
|
-
# * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen1/V1
|
|
1737
2171
|
#
|
|
1738
|
-
# * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen2/V1
|
|
1739
2172
|
#
|
|
1740
|
-
#
|
|
2173
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
|
2174
|
+
# @return [Types::Validity]
|
|
1741
2175
|
#
|
|
1742
|
-
#
|
|
2176
|
+
# @!attribute [rw] validity_not_before
|
|
2177
|
+
# Information describing the start of the validity period of the
|
|
2178
|
+
# certificate. This parameter sets the “Not Before" date for the
|
|
2179
|
+
# certificate.
|
|
1743
2180
|
#
|
|
2181
|
+
# By default, when issuing a certificate, ACM Private CA sets the
|
|
2182
|
+
# "Not Before" date to the issuance time minus 60 minutes. This
|
|
2183
|
+
# compensates for clock inconsistencies across computer systems. The
|
|
2184
|
+
# `ValidityNotBefore` parameter can be used to customize the “Not
|
|
2185
|
+
# Before” value.
|
|
1744
2186
|
#
|
|
2187
|
+
# Unlike the `Validity` parameter, the `ValidityNotBefore` parameter
|
|
2188
|
+
# is optional.
|
|
1745
2189
|
#
|
|
1746
|
-
#
|
|
1747
|
-
#
|
|
1748
|
-
#
|
|
2190
|
+
# The `ValidityNotBefore` value is expressed as an explicit date and
|
|
2191
|
+
# time, using the `Validity` type value `ABSOLUTE`. For more
|
|
2192
|
+
# information, see [Validity][1] in this API reference and
|
|
2193
|
+
# [Validity][2] in RFC 5280.
|
|
1749
2194
|
#
|
|
1750
|
-
# @!attribute [rw] validity
|
|
1751
|
-
# Information describing the validity period of the certificate.
|
|
1752
2195
|
#
|
|
1753
|
-
# When issuing a certificate, ACM Private CA sets the "Not Before"
|
|
1754
|
-
# date in the validity field to date and time minus 60 minutes. This
|
|
1755
|
-
# is intended to compensate for time inconsistencies across systems of
|
|
1756
|
-
# 60 minutes or less.
|
|
1757
2196
|
#
|
|
1758
|
-
#
|
|
1759
|
-
#
|
|
2197
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html
|
|
2198
|
+
# [2]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
|
1760
2199
|
# @return [Types::Validity]
|
|
1761
2200
|
#
|
|
1762
2201
|
# @!attribute [rw] idempotency_token
|
|
1763
|
-
#
|
|
1764
|
-
# **IssueCertificate** action. Idempotency tokens
|
|
1765
|
-
#
|
|
1766
|
-
# with the same idempotency
|
|
1767
|
-
#
|
|
1768
|
-
#
|
|
1769
|
-
# PCA recognizes that you
|
|
2202
|
+
# Alphanumeric string that can be used to distinguish between calls to
|
|
2203
|
+
# the **IssueCertificate** action. Idempotency tokens for
|
|
2204
|
+
# **IssueCertificate** time out after one minute. Therefore, if you
|
|
2205
|
+
# call **IssueCertificate** multiple times with the same idempotency
|
|
2206
|
+
# token within one minute, ACM Private CA recognizes that you are
|
|
2207
|
+
# requesting only one certificate and will issue only one. If you
|
|
2208
|
+
# change the idempotency token for each call, PCA recognizes that you
|
|
2209
|
+
# are requesting multiple certificates.
|
|
1770
2210
|
# @return [String]
|
|
1771
2211
|
#
|
|
1772
2212
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificateRequest AWS API Documentation
|
|
1773
2213
|
#
|
|
1774
2214
|
class IssueCertificateRequest < Struct.new(
|
|
2215
|
+
:api_passthrough,
|
|
1775
2216
|
:certificate_authority_arn,
|
|
1776
2217
|
:csr,
|
|
1777
2218
|
:signing_algorithm,
|
|
1778
2219
|
:template_arn,
|
|
1779
2220
|
:validity,
|
|
2221
|
+
:validity_not_before,
|
|
1780
2222
|
:idempotency_token)
|
|
1781
2223
|
SENSITIVE = []
|
|
1782
2224
|
include Aws::Structure
|
|
@@ -2212,6 +2654,79 @@ module Aws::ACMPCA
|
|
|
2212
2654
|
include Aws::Structure
|
|
2213
2655
|
end
|
|
2214
2656
|
|
|
2657
|
+
# Defines the X.509 `CertificatePolicies` extension.
|
|
2658
|
+
#
|
|
2659
|
+
# @note When making an API call, you may pass PolicyInformation
|
|
2660
|
+
# data as a hash:
|
|
2661
|
+
#
|
|
2662
|
+
# {
|
|
2663
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
|
2664
|
+
# policy_qualifiers: [
|
|
2665
|
+
# {
|
|
2666
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
|
2667
|
+
# qualifier: { # required
|
|
2668
|
+
# cps_uri: "String256", # required
|
|
2669
|
+
# },
|
|
2670
|
+
# },
|
|
2671
|
+
# ],
|
|
2672
|
+
# }
|
|
2673
|
+
#
|
|
2674
|
+
# @!attribute [rw] cert_policy_id
|
|
2675
|
+
# Specifies the object identifier (OID) of the certificate policy
|
|
2676
|
+
# under which the certificate was issued. For more information, see
|
|
2677
|
+
# NIST's definition of [Object Identifier (OID)][1].
|
|
2678
|
+
#
|
|
2679
|
+
#
|
|
2680
|
+
#
|
|
2681
|
+
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
|
2682
|
+
# @return [String]
|
|
2683
|
+
#
|
|
2684
|
+
# @!attribute [rw] policy_qualifiers
|
|
2685
|
+
# Modifies the given `CertPolicyId` with a qualifier. ACM Private CA
|
|
2686
|
+
# supports the certification practice statement (CPS) qualifier.
|
|
2687
|
+
# @return [Array<Types::PolicyQualifierInfo>]
|
|
2688
|
+
#
|
|
2689
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyInformation AWS API Documentation
|
|
2690
|
+
#
|
|
2691
|
+
class PolicyInformation < Struct.new(
|
|
2692
|
+
:cert_policy_id,
|
|
2693
|
+
:policy_qualifiers)
|
|
2694
|
+
SENSITIVE = []
|
|
2695
|
+
include Aws::Structure
|
|
2696
|
+
end
|
|
2697
|
+
|
|
2698
|
+
# Modifies the `CertPolicyId` of a `PolicyInformation` object with a
|
|
2699
|
+
# qualifier. ACM Private CA supports the certification practice
|
|
2700
|
+
# statement (CPS) qualifier.
|
|
2701
|
+
#
|
|
2702
|
+
# @note When making an API call, you may pass PolicyQualifierInfo
|
|
2703
|
+
# data as a hash:
|
|
2704
|
+
#
|
|
2705
|
+
# {
|
|
2706
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
|
2707
|
+
# qualifier: { # required
|
|
2708
|
+
# cps_uri: "String256", # required
|
|
2709
|
+
# },
|
|
2710
|
+
# }
|
|
2711
|
+
#
|
|
2712
|
+
# @!attribute [rw] policy_qualifier_id
|
|
2713
|
+
# Identifies the qualifier modifying a `CertPolicyId`.
|
|
2714
|
+
# @return [String]
|
|
2715
|
+
#
|
|
2716
|
+
# @!attribute [rw] qualifier
|
|
2717
|
+
# Defines the qualifier type. ACM Private CA supports the use of a URI
|
|
2718
|
+
# for a CPS qualifier in this field.
|
|
2719
|
+
# @return [Types::Qualifier]
|
|
2720
|
+
#
|
|
2721
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyQualifierInfo AWS API Documentation
|
|
2722
|
+
#
|
|
2723
|
+
class PolicyQualifierInfo < Struct.new(
|
|
2724
|
+
:policy_qualifier_id,
|
|
2725
|
+
:qualifier)
|
|
2726
|
+
SENSITIVE = []
|
|
2727
|
+
include Aws::Structure
|
|
2728
|
+
end
|
|
2729
|
+
|
|
2215
2730
|
# @note When making an API call, you may pass PutPolicyRequest
|
|
2216
2731
|
# data as a hash:
|
|
2217
2732
|
#
|
|
@@ -2233,7 +2748,7 @@ module Aws::ACMPCA
|
|
|
2233
2748
|
# @return [String]
|
|
2234
2749
|
#
|
|
2235
2750
|
# @!attribute [rw] policy
|
|
2236
|
-
# The path and
|
|
2751
|
+
# The path and file name of a JSON-formatted IAM policy to attach to
|
|
2237
2752
|
# the specified private CA resource. If this policy does not contain
|
|
2238
2753
|
# all required statements or if it includes any statement that is not
|
|
2239
2754
|
# allowed, the `PutPolicy` action returns an `InvalidPolicyException`.
|
|
@@ -2254,6 +2769,34 @@ module Aws::ACMPCA
|
|
|
2254
2769
|
include Aws::Structure
|
|
2255
2770
|
end
|
|
2256
2771
|
|
|
2772
|
+
# Defines a `PolicyInformation` qualifier. ACM Private CA supports the
|
|
2773
|
+
# [certification practice statement (CPS) qualifier][1] defined in RFC
|
|
2774
|
+
# 5280.
|
|
2775
|
+
#
|
|
2776
|
+
#
|
|
2777
|
+
#
|
|
2778
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.2.1.4
|
|
2779
|
+
#
|
|
2780
|
+
# @note When making an API call, you may pass Qualifier
|
|
2781
|
+
# data as a hash:
|
|
2782
|
+
#
|
|
2783
|
+
# {
|
|
2784
|
+
# cps_uri: "String256", # required
|
|
2785
|
+
# }
|
|
2786
|
+
#
|
|
2787
|
+
# @!attribute [rw] cps_uri
|
|
2788
|
+
# Contains a pointer to a certification practice statement (CPS)
|
|
2789
|
+
# published by the CA.
|
|
2790
|
+
# @return [String]
|
|
2791
|
+
#
|
|
2792
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Qualifier AWS API Documentation
|
|
2793
|
+
#
|
|
2794
|
+
class Qualifier < Struct.new(
|
|
2795
|
+
:cps_uri)
|
|
2796
|
+
SENSITIVE = []
|
|
2797
|
+
include Aws::Structure
|
|
2798
|
+
end
|
|
2799
|
+
|
|
2257
2800
|
# Your request has already been completed.
|
|
2258
2801
|
#
|
|
2259
2802
|
# @!attribute [rw] message
|
|
@@ -2356,6 +2899,7 @@ module Aws::ACMPCA
|
|
|
2356
2899
|
# expiration_in_days: 1,
|
|
2357
2900
|
# custom_cname: "String253",
|
|
2358
2901
|
# s3_bucket_name: "String3To255",
|
|
2902
|
+
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
|
2359
2903
|
# },
|
|
2360
2904
|
# }
|
|
2361
2905
|
#
|
|
@@ -2561,6 +3105,7 @@ module Aws::ACMPCA
|
|
|
2561
3105
|
# expiration_in_days: 1,
|
|
2562
3106
|
# custom_cname: "String253",
|
|
2563
3107
|
# s3_bucket_name: "String3To255",
|
|
3108
|
+
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
|
2564
3109
|
# },
|
|
2565
3110
|
# },
|
|
2566
3111
|
# status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED
|
|
@@ -2594,17 +3139,20 @@ module Aws::ACMPCA
|
|
|
2594
3139
|
|
|
2595
3140
|
# Validity specifies the period of time during which a certificate is
|
|
2596
3141
|
# valid. Validity can be expressed as an explicit date and time when the
|
|
2597
|
-
# certificate expires, or as a span of time
|
|
2598
|
-
# days, months, or years. For more
|
|
2599
|
-
# 5280.
|
|
3142
|
+
# validity of a certificate starts or expires, or as a span of time
|
|
3143
|
+
# after issuance, stated in days, months, or years. For more
|
|
3144
|
+
# information, see [Validity][1] in RFC 5280.
|
|
2600
3145
|
#
|
|
2601
|
-
#
|
|
2602
|
-
# action.
|
|
3146
|
+
# ACM Private CA API consumes the `Validity` data type differently in
|
|
3147
|
+
# two distinct parameters of the `IssueCertificate` action. The required
|
|
3148
|
+
# parameter `IssueCertificate`\:`Validity` specifies the end of a
|
|
3149
|
+
# certificate's validity period. The optional parameter
|
|
3150
|
+
# `IssueCertificate`\:`ValidityNotBefore` specifies a customized
|
|
3151
|
+
# starting time for the validity period.
|
|
2603
3152
|
#
|
|
2604
3153
|
#
|
|
2605
3154
|
#
|
|
2606
3155
|
# [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
|
2607
|
-
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
|
|
2608
3156
|
#
|
|
2609
3157
|
# @note When making an API call, you may pass Validity
|
|
2610
3158
|
# data as a hash:
|
|
@@ -2635,8 +3183,9 @@ module Aws::ACMPCA
|
|
|
2635
3183
|
#
|
|
2636
3184
|
# * Output expiration date/time: 12/31/2049 23:59:59
|
|
2637
3185
|
#
|
|
2638
|
-
# `ABSOLUTE`\: The specific date and time when the
|
|
2639
|
-
# expire, expressed in seconds since the
|
|
3186
|
+
# `ABSOLUTE`\: The specific date and time when the validity of a
|
|
3187
|
+
# certificate will start or expire, expressed in seconds since the
|
|
3188
|
+
# Unix Epoch.
|
|
2640
3189
|
#
|
|
2641
3190
|
# * Sample input value: 2524608000
|
|
2642
3191
|
#
|