google-cloud-security-private_ca-v1beta1 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (30) hide show
  1. checksums.yaml +7 -0
  2. data/.yardopts +12 -0
  3. data/AUTHENTICATION.md +169 -0
  4. data/LICENSE.md +203 -0
  5. data/README.md +75 -0
  6. data/lib/google-cloud-security-private_ca-v1beta1.rb +21 -0
  7. data/lib/google/cloud/security/private_ca/v1beta1.rb +37 -0
  8. data/lib/google/cloud/security/private_ca/v1beta1/certificate_authority_service.rb +53 -0
  9. data/lib/google/cloud/security/private_ca/v1beta1/certificate_authority_service/client.rb +2065 -0
  10. data/lib/google/cloud/security/private_ca/v1beta1/certificate_authority_service/credentials.rb +53 -0
  11. data/lib/google/cloud/security/private_ca/v1beta1/certificate_authority_service/operations.rb +572 -0
  12. data/lib/google/cloud/security/private_ca/v1beta1/certificate_authority_service/paths.rb +132 -0
  13. data/lib/google/cloud/security/private_ca/v1beta1/version.rb +30 -0
  14. data/lib/google/cloud/security/privateca/v1beta1/resources_pb.rb +330 -0
  15. data/lib/google/cloud/security/privateca/v1beta1/service_pb.rb +184 -0
  16. data/lib/google/cloud/security/privateca/v1beta1/service_services_pb.rb +99 -0
  17. data/proto_docs/README.md +4 -0
  18. data/proto_docs/google/api/field_behavior.rb +59 -0
  19. data/proto_docs/google/api/resource.rb +283 -0
  20. data/proto_docs/google/cloud/security/privateca/v1beta1/resources.rb +981 -0
  21. data/proto_docs/google/cloud/security/privateca/v1beta1/service.rb +633 -0
  22. data/proto_docs/google/longrunning/operations.rb +150 -0
  23. data/proto_docs/google/protobuf/any.rb +138 -0
  24. data/proto_docs/google/protobuf/duration.rb +98 -0
  25. data/proto_docs/google/protobuf/empty.rb +36 -0
  26. data/proto_docs/google/protobuf/field_mask.rb +229 -0
  27. data/proto_docs/google/protobuf/timestamp.rb +120 -0
  28. data/proto_docs/google/protobuf/wrappers.rb +121 -0
  29. data/proto_docs/google/rpc/status.rb +46 -0
  30. metadata +212 -0
@@ -0,0 +1,981 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module Security
23
+ module PrivateCA
24
+ module V1beta1
25
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} represents an individual Certificate Authority.
26
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} can be used to create {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates}.
27
+ # @!attribute [r] name
28
+ # @return [::String]
29
+ # Output only. The resource name for this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} in the
30
+ # format `projects/*/locations/*/certificateAuthorities/*`.
31
+ # @!attribute [rw] type
32
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::Type]
33
+ # Required. Immutable. The {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::Type Type} of this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}.
34
+ # @!attribute [rw] tier
35
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::Tier]
36
+ # Required. Immutable. The {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::Tier Tier} of this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}.
37
+ # @!attribute [rw] config
38
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateConfig]
39
+ # Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
40
+ # @!attribute [rw] lifetime
41
+ # @return [::Google::Protobuf::Duration]
42
+ # Required. The desired lifetime of the CA certificate. Used to create the
43
+ # "not_before_time" and "not_after_time" fields inside an X.509
44
+ # certificate.
45
+ # @!attribute [rw] key_spec
46
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::KeyVersionSpec]
47
+ # Required. Immutable. Used when issuing certificates for this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}. If this
48
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} is a self-signed CertificateAuthority, this key
49
+ # is also used to sign the self-signed CA certificate. Otherwise, it
50
+ # is used to sign a CSR.
51
+ # @!attribute [rw] certificate_policy
52
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy]
53
+ # Optional. The {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy CertificateAuthorityPolicy} to enforce when issuing
54
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates} from this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}.
55
+ # @!attribute [rw] issuing_options
56
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::IssuingOptions]
57
+ # Optional. The {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::IssuingOptions IssuingOptions} to follow when issuing {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates}
58
+ # from this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}.
59
+ # @!attribute [rw] subordinate_config
60
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::SubordinateConfig]
61
+ # Optional. If this is a subordinate {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}, this field will be set
62
+ # with the subordinate configuration, which describes its issuers. This may
63
+ # be updated, but this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} must continue to validate.
64
+ # @!attribute [r] state
65
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::State]
66
+ # Output only. The {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::State State} for this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}.
67
+ # @!attribute [r] pem_ca_certificates
68
+ # @return [::Array<::String>]
69
+ # Output only. This {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}'s certificate chain, including the current
70
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}'s certificate. Ordered such that the root issuer
71
+ # is the final element (consistent with RFC 5246). For a self-signed CA, this
72
+ # will only list the current {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}'s certificate.
73
+ # @!attribute [r] ca_certificate_descriptions
74
+ # @return [::Array<::Google::Cloud::Security::PrivateCA::V1beta1::CertificateDescription>]
75
+ # Output only. A structured description of this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}'s CA certificate
76
+ # and its issuers. Ordered as self-to-root.
77
+ # @!attribute [rw] gcs_bucket
78
+ # @return [::String]
79
+ # Immutable. The name of a Cloud Storage bucket where this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} will
80
+ # publish content, such as the CA certificate and CRLs. This must be a bucket
81
+ # name, without any prefixes (such as `gs://`) or suffixes (such as
82
+ # `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
83
+ # would simply specify `my-bucket`. If not specified, a managed bucket will
84
+ # be created.
85
+ # @!attribute [r] access_urls
86
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::AccessUrls]
87
+ # Output only. URLs for accessing content published by this CA, such as the CA certificate
88
+ # and CRLs.
89
+ # @!attribute [r] create_time
90
+ # @return [::Google::Protobuf::Timestamp]
91
+ # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} was created.
92
+ # @!attribute [r] update_time
93
+ # @return [::Google::Protobuf::Timestamp]
94
+ # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} was updated.
95
+ # @!attribute [r] delete_time
96
+ # @return [::Google::Protobuf::Timestamp]
97
+ # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} will be deleted, if
98
+ # scheduled for deletion.
99
+ # @!attribute [rw] labels
100
+ # @return [::Google::Protobuf::Map{::String => ::String}]
101
+ # Optional. Labels with user-defined metadata.
102
+ class CertificateAuthority
103
+ include ::Google::Protobuf::MessageExts
104
+ extend ::Google::Protobuf::MessageExts::ClassMethods
105
+
106
+ # Options that affect all certificates issued by a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}.
107
+ # @!attribute [rw] include_ca_cert_url
108
+ # @return [::Boolean]
109
+ # Required. When true, includes a URL to the issuing CA certificate in the
110
+ # "authority information access" X.509 extension.
111
+ # @!attribute [rw] include_crl_access_url
112
+ # @return [::Boolean]
113
+ # Required. When true, includes a URL to the CRL corresponding to certificates
114
+ # issued from a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}.
115
+ # CRLs will expire 7 days from their creation. However, we will rebuild
116
+ # daily. CRLs are also rebuilt shortly after a certificate is revoked.
117
+ class IssuingOptions
118
+ include ::Google::Protobuf::MessageExts
119
+ extend ::Google::Protobuf::MessageExts::ClassMethods
120
+ end
121
+
122
+ # The issuing policy for a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}.
123
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates} will not be successfully issued from this
124
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} if they violate the policy.
125
+ # @!attribute [rw] allowed_config_list
126
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy::AllowedConfigList]
127
+ # Optional. All {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates} issued by the {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}
128
+ # must match at least one listed {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigWrapper ReusableConfigWrapper} in the list.
129
+ # @!attribute [rw] overwrite_config_values
130
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigWrapper]
131
+ # Optional. All {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates} issued by the {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}
132
+ # will use the provided configuration values, overwriting any requested
133
+ # configuration values.
134
+ # @!attribute [rw] allowed_locations_and_organizations
135
+ # @return [::Array<::Google::Cloud::Security::PrivateCA::V1beta1::Subject>]
136
+ # Optional. If any {::Google::Cloud::Security::PrivateCA::V1beta1::Subject Subject} is specified here, then all
137
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates} issued by the {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} must
138
+ # match at least one listed {::Google::Cloud::Security::PrivateCA::V1beta1::Subject Subject}. If a {::Google::Cloud::Security::PrivateCA::V1beta1::Subject Subject} has an empty
139
+ # field, any value will be allowed for that field.
140
+ # @!attribute [rw] allowed_common_names
141
+ # @return [::Array<::String>]
142
+ # Optional. If any value is specified here, then all
143
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates} issued by the {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} must
144
+ # match at least one listed value. If no value is specified, all values
145
+ # will be allowed for this fied. Glob patterns are also supported.
146
+ # @!attribute [rw] allowed_sans
147
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy::AllowedSubjectAltNames]
148
+ # Optional. If a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy::AllowedSubjectAltNames AllowedSubjectAltNames} is specified here, then all
149
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates} issued by the {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} must
150
+ # match {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy::AllowedSubjectAltNames AllowedSubjectAltNames}. If no value or an empty value
151
+ # is specified, any value will be allowed for the {::Google::Cloud::Security::PrivateCA::V1beta1::SubjectAltNames SubjectAltNames}
152
+ # field.
153
+ # @!attribute [rw] maximum_lifetime
154
+ # @return [::Google::Protobuf::Duration]
155
+ # Optional. The maximum lifetime allowed by the {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}. Note that
156
+ # if the any part if the issuing chain expires before a {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate}'s
157
+ # requested maximum_lifetime, the effective lifetime will be explicitly
158
+ # truncated.
159
+ # @!attribute [rw] allowed_issuance_modes
160
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy::IssuanceModes]
161
+ # Optional. If specified, then only methods allowed in the {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy::IssuanceModes IssuanceModes} may be
162
+ # used to issue {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates}.
163
+ class CertificateAuthorityPolicy
164
+ include ::Google::Protobuf::MessageExts
165
+ extend ::Google::Protobuf::MessageExts::ClassMethods
166
+
167
+ # @!attribute [rw] allowed_config_values
168
+ # @return [::Array<::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigWrapper>]
169
+ # Required. All {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates} issued by the {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}
170
+ # must match at least one listed {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigWrapper ReusableConfigWrapper}. If a
171
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigWrapper ReusableConfigWrapper} has an empty field, any value will be
172
+ # allowed for that field.
173
+ class AllowedConfigList
174
+ include ::Google::Protobuf::MessageExts
175
+ extend ::Google::Protobuf::MessageExts::ClassMethods
176
+ end
177
+
178
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy::AllowedSubjectAltNames AllowedSubjectAltNames} specifies the allowed values for
179
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::SubjectAltNames SubjectAltNames} by the {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} when issuing
180
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates}.
181
+ # @!attribute [rw] allowed_dns_names
182
+ # @return [::Array<::String>]
183
+ # Optional. Contains valid, fully-qualified host names. Glob patterns are also
184
+ # supported. To allow an explicit wildcard certificate, escape with
185
+ # backlash (i.e. "\*").
186
+ # E.g. for globbed entries: '*bar.com' will allow foo.bar.com, but not
187
+ # *.bar.com, unless the {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy::AllowedSubjectAltNames#allow_globbing_dns_wildcards allow_globbing_dns_wildcards} field is set.
188
+ # E.g. for wildcard entries: '\*.bar.com' will allow '*.bar.com', but not
189
+ # 'foo.bar.com'.
190
+ # @!attribute [rw] allowed_uris
191
+ # @return [::Array<::String>]
192
+ # Optional. Contains valid RFC 3986 URIs. Glob patterns are also supported. To
193
+ # match across path seperators (i.e. '/') use the double star glob
194
+ # pattern (i.e. '**').
195
+ # @!attribute [rw] allowed_email_addresses
196
+ # @return [::Array<::String>]
197
+ # Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also
198
+ # supported.
199
+ # @!attribute [rw] allowed_ips
200
+ # @return [::Array<::String>]
201
+ # Optional. Contains valid 32-bit IPv4 addresses and subnet ranges or RFC 4291 IPv6
202
+ # addresses and subnet ranges. Subnet ranges are specified using the
203
+ # '/' notation (e.g. 10.0.0.0/8, 2001:700:300:1800::/64). Glob patterns
204
+ # are supported only for ip address entries (i.e. not for subnet ranges).
205
+ # @!attribute [rw] allow_globbing_dns_wildcards
206
+ # @return [::Boolean]
207
+ # Optional. Specifies if glob patterns used for {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy::AllowedSubjectAltNames#allowed_dns_names allowed_dns_names} allows
208
+ # wildcard certificates.
209
+ # @!attribute [rw] allow_custom_sans
210
+ # @return [::Boolean]
211
+ # Optional. Specifies if to allow custom X509Extension values.
212
+ class AllowedSubjectAltNames
213
+ include ::Google::Protobuf::MessageExts
214
+ extend ::Google::Protobuf::MessageExts::ClassMethods
215
+ end
216
+
217
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::CertificateAuthorityPolicy::IssuanceModes IssuanceModes} specifies the allowed ways in which
218
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates} may be requested from this
219
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}.
220
+ # @!attribute [rw] allow_csr_based_issuance
221
+ # @return [::Boolean]
222
+ # Required. When true, allows callers to create {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates} by
223
+ # specifying a CSR.
224
+ # @!attribute [rw] allow_config_based_issuance
225
+ # @return [::Boolean]
226
+ # Required. When true, allows callers to create {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates} by
227
+ # specifying a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateConfig CertificateConfig}.
228
+ class IssuanceModes
229
+ include ::Google::Protobuf::MessageExts
230
+ extend ::Google::Protobuf::MessageExts::ClassMethods
231
+ end
232
+ end
233
+
234
+ # URLs where a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} will publish content.
235
+ # @!attribute [rw] ca_certificate_access_url
236
+ # @return [::String]
237
+ # The URL where this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}'s CA certificate is
238
+ # published. This will only be set for CAs that have been activated.
239
+ # @!attribute [rw] crl_access_url
240
+ # @return [::String]
241
+ # The URL where this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}'s CRLs are published. This
242
+ # will only be set for CAs that have been activated.
243
+ class AccessUrls
244
+ include ::Google::Protobuf::MessageExts
245
+ extend ::Google::Protobuf::MessageExts::ClassMethods
246
+ end
247
+
248
+ # A Cloud KMS key configuration that a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} will use.
249
+ # @!attribute [rw] cloud_kms_key_version
250
+ # @return [::String]
251
+ # Required. The resource name for an existing Cloud KMS CryptoKeyVersion in the
252
+ # format
253
+ # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
254
+ # This option enables full flexibility in the key's capabilities and
255
+ # properties.
256
+ # @!attribute [rw] algorithm
257
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority::SignHashAlgorithm]
258
+ # Required. The algorithm to use for creating a managed Cloud KMS key for a for a
259
+ # simplified experience. All managed keys will be have their
260
+ # [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
261
+ class KeyVersionSpec
262
+ include ::Google::Protobuf::MessageExts
263
+ extend ::Google::Protobuf::MessageExts::ClassMethods
264
+ end
265
+
266
+ # @!attribute [rw] key
267
+ # @return [::String]
268
+ # @!attribute [rw] value
269
+ # @return [::String]
270
+ class LabelsEntry
271
+ include ::Google::Protobuf::MessageExts
272
+ extend ::Google::Protobuf::MessageExts::ClassMethods
273
+ end
274
+
275
+ # The type of a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}, indicating its issuing chain.
276
+ module Type
277
+ # Not specified.
278
+ TYPE_UNSPECIFIED = 0
279
+
280
+ # Self-signed CA.
281
+ SELF_SIGNED = 1
282
+
283
+ # Subordinate CA. Could be issued by a Private CA {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}
284
+ # or an unmanaged CA.
285
+ SUBORDINATE = 2
286
+ end
287
+
288
+ # The tier of a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}, indicating its supported
289
+ # functionality and/or billing SKU.
290
+ module Tier
291
+ # Not specified.
292
+ TIER_UNSPECIFIED = 0
293
+
294
+ # Enterprise tier.
295
+ ENTERPRISE = 1
296
+
297
+ # DevOps tier.
298
+ DEVOPS = 2
299
+ end
300
+
301
+ # The state of a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}, indicating if it can be used.
302
+ module State
303
+ # Not specified.
304
+ STATE_UNSPECIFIED = 0
305
+
306
+ # Certificates can be issued from this CA. CRLs will be generated for this
307
+ # CA.
308
+ ENABLED = 1
309
+
310
+ # Certificates cannot be issued from this CA. CRLs will still be generated.
311
+ DISABLED = 2
312
+
313
+ # Certificates cannot be issued from this CA. CRLs will not be generated.
314
+ PENDING_ACTIVATION = 3
315
+
316
+ # Certificates cannot be issued from this CA. CRLs will not be generated.
317
+ PENDING_DELETION = 4
318
+ end
319
+
320
+ # The algorithm of a Cloud KMS CryptoKeyVersion of a
321
+ # [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
322
+ # [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
323
+ # `ASYMMETRIC_SIGN`. These values correspond to the
324
+ # [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
325
+ # values. For RSA signing algorithms, the PSS algorithms should be preferred,
326
+ # use PKCS1 algorithms if required for compatibility. For further
327
+ # recommandations, see
328
+ # https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
329
+ module SignHashAlgorithm
330
+ # Not specified.
331
+ SIGN_HASH_ALGORITHM_UNSPECIFIED = 0
332
+
333
+ # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
334
+ RSA_PSS_2048_SHA256 = 1
335
+
336
+ # maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
337
+ RSA_PSS_3072_SHA256 = 2
338
+
339
+ # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
340
+ RSA_PSS_4096_SHA256 = 3
341
+
342
+ # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
343
+ RSA_PKCS1_2048_SHA256 = 6
344
+
345
+ # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
346
+ RSA_PKCS1_3072_SHA256 = 7
347
+
348
+ # maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
349
+ RSA_PKCS1_4096_SHA256 = 8
350
+
351
+ # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
352
+ EC_P256_SHA256 = 4
353
+
354
+ # maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
355
+ EC_P384_SHA384 = 5
356
+ end
357
+ end
358
+
359
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateRevocationList CertificateRevocationList} corresponds to a signed X.509 certificate
360
+ # Revocation List (CRL). A CRL contains the serial numbers of certificates that
361
+ # should no longer be trusted.
362
+ # @!attribute [r] name
363
+ # @return [::String]
364
+ # Output only. The resource path for this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateRevocationList CertificateRevocationList} in
365
+ # the format
366
+ # `projects/*/locations/*/certificateAuthorities/*/
367
+ # certificateRevocationLists/*`.
368
+ # @!attribute [r] sequence_number
369
+ # @return [::Integer]
370
+ # Output only. The CRL sequence number that appears in pem_crl.
371
+ # @!attribute [r] revoked_certificates
372
+ # @return [::Array<::Google::Cloud::Security::PrivateCA::V1beta1::CertificateRevocationList::RevokedCertificate>]
373
+ # Output only. The revoked serial numbers that appear in pem_crl.
374
+ # @!attribute [r] pem_crl
375
+ # @return [::String]
376
+ # Output only. The PEM-encoded X.509 CRL.
377
+ # @!attribute [r] access_url
378
+ # @return [::String]
379
+ # Output only. The location where 'pem_crl' can be accessed.
380
+ # @!attribute [r] state
381
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateRevocationList::State]
382
+ # Output only. The {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateRevocationList::State State} for this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateRevocationList CertificateRevocationList}.
383
+ # @!attribute [r] create_time
384
+ # @return [::Google::Protobuf::Timestamp]
385
+ # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateRevocationList CertificateRevocationList} was created.
386
+ # @!attribute [r] update_time
387
+ # @return [::Google::Protobuf::Timestamp]
388
+ # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateRevocationList CertificateRevocationList} was updated.
389
+ # @!attribute [rw] labels
390
+ # @return [::Google::Protobuf::Map{::String => ::String}]
391
+ # Optional. Labels with user-defined metadata.
392
+ class CertificateRevocationList
393
+ include ::Google::Protobuf::MessageExts
394
+ extend ::Google::Protobuf::MessageExts::ClassMethods
395
+
396
+ # Describes a revoked {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate}.
397
+ # @!attribute [rw] certificate
398
+ # @return [::String]
399
+ # The resource path for the {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} in the format
400
+ # `projects/*/locations/*/certificateAuthorities/*/certificates/*`.
401
+ # @!attribute [rw] hex_serial_number
402
+ # @return [::String]
403
+ # The serial number of the {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate}.
404
+ # @!attribute [rw] revocation_reason
405
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::RevocationReason]
406
+ # The reason the {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} was revoked.
407
+ class RevokedCertificate
408
+ include ::Google::Protobuf::MessageExts
409
+ extend ::Google::Protobuf::MessageExts::ClassMethods
410
+ end
411
+
412
+ # @!attribute [rw] key
413
+ # @return [::String]
414
+ # @!attribute [rw] value
415
+ # @return [::String]
416
+ class LabelsEntry
417
+ include ::Google::Protobuf::MessageExts
418
+ extend ::Google::Protobuf::MessageExts::ClassMethods
419
+ end
420
+
421
+ # The state of a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateRevocationList CertificateRevocationList}, indicating if it is current.
422
+ module State
423
+ # Not specified.
424
+ STATE_UNSPECIFIED = 0
425
+
426
+ # The {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateRevocationList CertificateRevocationList} is up to date.
427
+ ACTIVE = 1
428
+
429
+ # The {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateRevocationList CertificateRevocationList} is no longer current.
430
+ SUPERSEDED = 2
431
+ end
432
+ end
433
+
434
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} corresponds to a signed X.509 certificate issued by a
435
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}.
436
+ # @!attribute [r] name
437
+ # @return [::String]
438
+ # Output only. The resource path for this {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} in the format
439
+ # `projects/*/locations/*/certificateAuthorities/*/certificates/*`.
440
+ # @!attribute [rw] pem_csr
441
+ # @return [::String]
442
+ # Immutable. A pem-encoded X.509 certificate signing request (CSR).
443
+ # @!attribute [rw] config
444
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateConfig]
445
+ # Immutable. A description of the certificate and key that does not require X.509 or
446
+ # ASN.1.
447
+ # @!attribute [rw] lifetime
448
+ # @return [::Google::Protobuf::Duration]
449
+ # Required. Immutable. The desired lifetime of a certificate. Used to create the
450
+ # "not_before_time" and "not_after_time" fields inside an X.509
451
+ # certificate. Note that the lifetime may be truncated if it would extend
452
+ # past the life of any certificate authority in the issuing chain.
453
+ # @!attribute [r] revocation_details
454
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::Certificate::RevocationDetails]
455
+ # Output only. Details regarding the revocation of this {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate}. This
456
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} is considered revoked if and only if this field is present.
457
+ # @!attribute [r] pem_certificate
458
+ # @return [::String]
459
+ # Output only. The pem-encoded, signed X.509 certificate.
460
+ # @!attribute [r] certificate_description
461
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateDescription]
462
+ # Output only. A structured description of the issued X.509 certificate.
463
+ # @!attribute [r] pem_certificate_chain
464
+ # @return [::Array<::String>]
465
+ # Output only. The chain that may be used to verify the X.509 certificate. Expected to be
466
+ # in issuer-to-root order according to RFC 5246.
467
+ # @!attribute [r] create_time
468
+ # @return [::Google::Protobuf::Timestamp]
469
+ # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} was created.
470
+ # @!attribute [r] update_time
471
+ # @return [::Google::Protobuf::Timestamp]
472
+ # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} was updated.
473
+ # @!attribute [rw] labels
474
+ # @return [::Google::Protobuf::Map{::String => ::String}]
475
+ # Optional. Labels with user-defined metadata.
476
+ class Certificate
477
+ include ::Google::Protobuf::MessageExts
478
+ extend ::Google::Protobuf::MessageExts::ClassMethods
479
+
480
+ # Describes fields that are relavent to the revocation of a {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate}.
481
+ # @!attribute [rw] revocation_state
482
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::RevocationReason]
483
+ # Indicates why a {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} was revoked.
484
+ # @!attribute [rw] revocation_time
485
+ # @return [::Google::Protobuf::Timestamp]
486
+ # The time at which this {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} was revoked.
487
+ class RevocationDetails
488
+ include ::Google::Protobuf::MessageExts
489
+ extend ::Google::Protobuf::MessageExts::ClassMethods
490
+ end
491
+
492
+ # @!attribute [rw] key
493
+ # @return [::String]
494
+ # @!attribute [rw] value
495
+ # @return [::String]
496
+ class LabelsEntry
497
+ include ::Google::Protobuf::MessageExts
498
+ extend ::Google::Protobuf::MessageExts::ClassMethods
499
+ end
500
+ end
501
+
502
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfig ReusableConfig} refers to a managed {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigValues ReusableConfigValues}. Those, in
503
+ # turn, are used to describe certain fields of an X.509 certificate, such as
504
+ # the key usage fields, fields specific to CA certificates, certificate policy
505
+ # extensions and custom extensions.
506
+ # @!attribute [r] name
507
+ # @return [::String]
508
+ # Output only. The resource path for this {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfig ReusableConfig} in the format
509
+ # `projects/*/locations/*/reusableConfigs/*`.
510
+ # @!attribute [rw] values
511
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigValues]
512
+ # Required. The config values.
513
+ # @!attribute [rw] description
514
+ # @return [::String]
515
+ # Optional. A human-readable description of scenarios these ReusableConfigValues may be
516
+ # compatible with.
517
+ # @!attribute [r] create_time
518
+ # @return [::Google::Protobuf::Timestamp]
519
+ # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfig ReusableConfig} was created.
520
+ # @!attribute [r] update_time
521
+ # @return [::Google::Protobuf::Timestamp]
522
+ # Output only. The time at which this {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfig ReusableConfig} was updated.
523
+ # @!attribute [rw] labels
524
+ # @return [::Google::Protobuf::Map{::String => ::String}]
525
+ # Optional. Labels with user-defined metadata.
526
+ class ReusableConfig
527
+ include ::Google::Protobuf::MessageExts
528
+ extend ::Google::Protobuf::MessageExts::ClassMethods
529
+
530
+ # @!attribute [rw] key
531
+ # @return [::String]
532
+ # @!attribute [rw] value
533
+ # @return [::String]
534
+ class LabelsEntry
535
+ include ::Google::Protobuf::MessageExts
536
+ extend ::Google::Protobuf::MessageExts::ClassMethods
537
+ end
538
+ end
539
+
540
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigValues ReusableConfigValues} is used to describe certain fields of an
541
+ # X.509 certificate, such as the key usage fields, fields specific to CA
542
+ # certificates, certificate policy extensions and custom extensions.
543
+ # @!attribute [rw] key_usage
544
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::KeyUsage]
545
+ # Optional. Indicates the intended use for keys that correspond to a certificate.
546
+ # @!attribute [rw] ca_options
547
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigValues::CaOptions]
548
+ # Optional. Describes options in this {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigValues ReusableConfigValues} that are
549
+ # relevant in a CA certificate.
550
+ # @!attribute [rw] policy_ids
551
+ # @return [::Array<::Google::Cloud::Security::PrivateCA::V1beta1::ObjectId>]
552
+ # Optional. Describes the X.509 certificate policy object identifiers, per
553
+ # https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
554
+ # @!attribute [rw] aia_ocsp_servers
555
+ # @return [::Array<::String>]
556
+ # Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
557
+ # that appear in the "Authority Information Access" extension in the
558
+ # certificate.
559
+ # @!attribute [rw] additional_extensions
560
+ # @return [::Array<::Google::Cloud::Security::PrivateCA::V1beta1::X509Extension>]
561
+ # Optional. Describes custom X.509 extensions.
562
+ class ReusableConfigValues
563
+ include ::Google::Protobuf::MessageExts
564
+ extend ::Google::Protobuf::MessageExts::ClassMethods
565
+
566
+ # Describes values that are relevant in a CA certificate.
567
+ # @!attribute [rw] is_ca
568
+ # @return [::Google::Protobuf::BoolValue]
569
+ # Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
570
+ # value is missing, the extension will be omitted from the CA certificate.
571
+ # @!attribute [rw] max_issuer_path_length
572
+ # @return [::Google::Protobuf::Int32Value]
573
+ # Optional. Refers to the path length restriction X.509 extension. For a CA
574
+ # certificate, this value describes the depth of subordinate CA
575
+ # certificates that are allowed.
576
+ # If this value is less than 0, the request will fail.
577
+ # If this value is missing, the max path length will be omitted from the
578
+ # CA certificate.
579
+ class CaOptions
580
+ include ::Google::Protobuf::MessageExts
581
+ extend ::Google::Protobuf::MessageExts::ClassMethods
582
+ end
583
+ end
584
+
585
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigWrapper ReusableConfigWrapper} describes values that may assist in creating an
586
+ # X.509 certificate, or a reference to a pre-defined set of values.
587
+ # @!attribute [rw] reusable_config
588
+ # @return [::String]
589
+ # Required. A resource path to a {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfig ReusableConfig} in the format
590
+ # `projects/*/locations/*/reusableConfigs/*`.
591
+ # @!attribute [rw] reusable_config_values
592
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigValues]
593
+ # Required. A user-specified inline {::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigValues ReusableConfigValues}.
594
+ class ReusableConfigWrapper
595
+ include ::Google::Protobuf::MessageExts
596
+ extend ::Google::Protobuf::MessageExts::ClassMethods
597
+ end
598
+
599
+ # Describes a subordinate CA's issuers. This is either a resource path to a
600
+ # known issuing {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}, or a PEM issuer certificate chain.
601
+ # @!attribute [rw] certificate_authority
602
+ # @return [::String]
603
+ # Required. This can refer to a {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} in the same project that
604
+ # was used to create a subordinate {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}. This field
605
+ # is used for information and usability purposes only. The resource name
606
+ # is in the format `projects/*/locations/*/certificateAuthorities/*`.
607
+ # @!attribute [rw] pem_issuer_chain
608
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::SubordinateConfig::SubordinateConfigChain]
609
+ # Required. Contains the PEM certificate chain for the issuers of this
610
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority}, but not pem certificate for this CA itself.
611
+ class SubordinateConfig
612
+ include ::Google::Protobuf::MessageExts
613
+ extend ::Google::Protobuf::MessageExts::ClassMethods
614
+
615
+ # This message describes a subordinate CA's issuer certificate chain. This
616
+ # wrapper exists for compatibility reasons.
617
+ # @!attribute [rw] pem_certificates
618
+ # @return [::Array<::String>]
619
+ # Required. Expected to be in leaf-to-root order according to RFC 5246.
620
+ class SubordinateConfigChain
621
+ include ::Google::Protobuf::MessageExts
622
+ extend ::Google::Protobuf::MessageExts::ClassMethods
623
+ end
624
+ end
625
+
626
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::PublicKey PublicKey} describes a public key.
627
+ # @!attribute [rw] type
628
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::PublicKey::KeyType]
629
+ # Required. The type of public key.
630
+ # @!attribute [rw] key
631
+ # @return [::String]
632
+ # Required. A public key. Padding and encoding varies by 'KeyType' and is described
633
+ # along with the KeyType values.
634
+ class PublicKey
635
+ include ::Google::Protobuf::MessageExts
636
+ extend ::Google::Protobuf::MessageExts::ClassMethods
637
+
638
+ # Types of public keys that are supported.
639
+ # At a minimum, we support RSA and ECDSA, for the key sizes or curves listed:
640
+ # https://cloud.google.com/kms/docs/algorithms#asymmetric_signing_algorithms
641
+ module KeyType
642
+ # Default unspecified value.
643
+ KEY_TYPE_UNSPECIFIED = 0
644
+
645
+ # A PEM-encoded PKCS#1/RFC 3447 RSAPrivateKey structure.
646
+ PEM_RSA_KEY = 1
647
+
648
+ # A PEM-encoded compressed NIST P-256/secp256r1/prime256v1 or P-384 key.
649
+ PEM_EC_KEY = 2
650
+ end
651
+ end
652
+
653
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateConfig CertificateConfig} describes an X.509 certificate or CSR that is to be
654
+ # created, as an alternative to using ASN.1.
655
+ # @!attribute [rw] subject_config
656
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateConfig::SubjectConfig]
657
+ # Required. Specifies some of the values in a certificate that are related to the
658
+ # subject.
659
+ # @!attribute [rw] reusable_config
660
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigWrapper]
661
+ # Required. Describes how some of the technical fields in a certificate should be
662
+ # populated.
663
+ # @!attribute [rw] public_key
664
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::PublicKey]
665
+ # Optional. The public key that corresponds to this config. This is, for example, used
666
+ # when issuing {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificates}, but not when creating a
667
+ # self-signed {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} or {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateAuthority CertificateAuthority} CSR.
668
+ class CertificateConfig
669
+ include ::Google::Protobuf::MessageExts
670
+ extend ::Google::Protobuf::MessageExts::ClassMethods
671
+
672
+ # These values are used to create the distinguished name and subject
673
+ # alternative name fields in an X.509 certificate.
674
+ # @!attribute [rw] subject
675
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::Subject]
676
+ # Required. Contains distinguished name fields such as the location and organization.
677
+ # @!attribute [rw] common_name
678
+ # @return [::String]
679
+ # Optional. The "common name" of the distinguished name.
680
+ # @!attribute [rw] subject_alt_name
681
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::SubjectAltNames]
682
+ # Optional. The subject alternative name fields.
683
+ class SubjectConfig
684
+ include ::Google::Protobuf::MessageExts
685
+ extend ::Google::Protobuf::MessageExts::ClassMethods
686
+ end
687
+ end
688
+
689
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::CertificateDescription CertificateDescription} describes an X.509 certificate or CSR that has
690
+ # been issued, as an alternative to using ASN.1 / X.509.
691
+ # @!attribute [rw] subject_description
692
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateDescription::SubjectDescription]
693
+ # Describes some of the values in a certificate that are related to the
694
+ # subject and lifetime.
695
+ # @!attribute [rw] config_values
696
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::ReusableConfigValues]
697
+ # Describes some of the technical fields in a certificate.
698
+ # @!attribute [rw] public_key
699
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::PublicKey]
700
+ # The public key that corresponds to an issued certificate.
701
+ # @!attribute [rw] subject_key_id
702
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateDescription::KeyId]
703
+ # Provides a means of identifiying certificates that contain a particular
704
+ # public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
705
+ # @!attribute [rw] authority_key_id
706
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateDescription::KeyId]
707
+ # Identifies the subject_key_id of the parent certificate, per
708
+ # https://tools.ietf.org/html/rfc5280#section-4.2.1.1
709
+ # @!attribute [rw] crl_distribution_points
710
+ # @return [::Array<::String>]
711
+ # Describes a list of locations to obtain CRL information, i.e.
712
+ # the DistributionPoint.fullName described by
713
+ # https://tools.ietf.org/html/rfc5280#section-4.2.1.13
714
+ # @!attribute [rw] aia_issuing_certificate_urls
715
+ # @return [::Array<::String>]
716
+ # Describes lists of issuer CA certificate URLs that appear in the
717
+ # "Authority Information Access" extension in the certificate.
718
+ # @!attribute [rw] cert_fingerprint
719
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::CertificateDescription::CertificateFingerprint]
720
+ # The hash of the x.509 certificate.
721
+ class CertificateDescription
722
+ include ::Google::Protobuf::MessageExts
723
+ extend ::Google::Protobuf::MessageExts::ClassMethods
724
+
725
+ # These values describe fields in an issued X.509 certificate such as the
726
+ # distinguished name, subject alternative names, serial number, and lifetime.
727
+ # @!attribute [rw] subject
728
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::Subject]
729
+ # Contains distinguished name fields such as the location and organization.
730
+ # @!attribute [rw] common_name
731
+ # @return [::String]
732
+ # The "common name" of the distinguished name.
733
+ # @!attribute [rw] subject_alt_name
734
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::SubjectAltNames]
735
+ # The subject alternative name fields.
736
+ # @!attribute [rw] hex_serial_number
737
+ # @return [::String]
738
+ # The serial number encoded in lowercase hexadecimal.
739
+ # @!attribute [rw] lifetime
740
+ # @return [::Google::Protobuf::Duration]
741
+ # For convenience, the actual lifetime of an issued certificate.
742
+ # Corresponds to 'not_after_time' - 'not_before_time'.
743
+ # @!attribute [rw] not_before_time
744
+ # @return [::Google::Protobuf::Timestamp]
745
+ # The time at which the certificate becomes valid.
746
+ # @!attribute [rw] not_after_time
747
+ # @return [::Google::Protobuf::Timestamp]
748
+ # The time at which the certificate expires.
749
+ class SubjectDescription
750
+ include ::Google::Protobuf::MessageExts
751
+ extend ::Google::Protobuf::MessageExts::ClassMethods
752
+ end
753
+
754
+ # A KeyId identifies a specific public key, usually by hashing the public
755
+ # key.
756
+ # @!attribute [rw] key_id
757
+ # @return [::String]
758
+ # Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
759
+ # likely the 160 bit SHA-1 hash of the public key.
760
+ class KeyId
761
+ include ::Google::Protobuf::MessageExts
762
+ extend ::Google::Protobuf::MessageExts::ClassMethods
763
+ end
764
+
765
+ # A group of fingerprints for the x509 certificate.
766
+ # @!attribute [rw] sha256_hash
767
+ # @return [::String]
768
+ # The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
769
+ class CertificateFingerprint
770
+ include ::Google::Protobuf::MessageExts
771
+ extend ::Google::Protobuf::MessageExts::ClassMethods
772
+ end
773
+ end
774
+
775
+ # An {::Google::Cloud::Security::PrivateCA::V1beta1::ObjectId ObjectId} specifies an object identifier (OID). These provide context
776
+ # and describe types in ASN.1 messages.
777
+ # @!attribute [rw] object_id_path
778
+ # @return [::Array<::Integer>]
779
+ # Required. The parts of an OID path. The most significant parts of the path come
780
+ # first.
781
+ class ObjectId
782
+ include ::Google::Protobuf::MessageExts
783
+ extend ::Google::Protobuf::MessageExts::ClassMethods
784
+ end
785
+
786
+ # An {::Google::Cloud::Security::PrivateCA::V1beta1::X509Extension X509Extension} specifies an X.509 extension, which may be used in
787
+ # different parts of X.509 objects like certificates, CSRs, and CRLs.
788
+ # @!attribute [rw] object_id
789
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::ObjectId]
790
+ # Required. The OID for this X.509 extension.
791
+ # @!attribute [rw] critical
792
+ # @return [::Boolean]
793
+ # Required. Indicates whether or not this extension is critical (i.e., if the client
794
+ # does not know how to handle this extension, the client should consider this
795
+ # to be an error).
796
+ # @!attribute [rw] value
797
+ # @return [::String]
798
+ # Required. The value of this X.509 extension.
799
+ class X509Extension
800
+ include ::Google::Protobuf::MessageExts
801
+ extend ::Google::Protobuf::MessageExts::ClassMethods
802
+ end
803
+
804
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::KeyUsage KeyUsage} describes key usage values that may appear in an X.509
805
+ # certificate.
806
+ # @!attribute [rw] base_key_usage
807
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::KeyUsage::KeyUsageOptions]
808
+ # Describes high-level ways in which a key may be used.
809
+ # @!attribute [rw] extended_key_usage
810
+ # @return [::Google::Cloud::Security::PrivateCA::V1beta1::KeyUsage::ExtendedKeyUsageOptions]
811
+ # Detailed scenarios in which a key may be used.
812
+ # @!attribute [rw] unknown_extended_key_usages
813
+ # @return [::Array<::Google::Cloud::Security::PrivateCA::V1beta1::ObjectId>]
814
+ # Used to describe extended key usages that are not listed in the
815
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::KeyUsage::ExtendedKeyUsageOptions KeyUsage.ExtendedKeyUsageOptions} message.
816
+ class KeyUsage
817
+ include ::Google::Protobuf::MessageExts
818
+ extend ::Google::Protobuf::MessageExts::ClassMethods
819
+
820
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::KeyUsage::KeyUsageOptions KeyUsage.KeyUsageOptions} corresponds to the key usage values
821
+ # described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
822
+ # @!attribute [rw] digital_signature
823
+ # @return [::Boolean]
824
+ # The key may be used for digital signatures.
825
+ # @!attribute [rw] content_commitment
826
+ # @return [::Boolean]
827
+ # The key may be used for cryptographic commitments. Note that this may
828
+ # also be referred to as "non-repudiation".
829
+ # @!attribute [rw] key_encipherment
830
+ # @return [::Boolean]
831
+ # The key may be used to encipher other keys.
832
+ # @!attribute [rw] data_encipherment
833
+ # @return [::Boolean]
834
+ # The key may be used to encipher data.
835
+ # @!attribute [rw] key_agreement
836
+ # @return [::Boolean]
837
+ # The key may be used in a key agreement protocol.
838
+ # @!attribute [rw] cert_sign
839
+ # @return [::Boolean]
840
+ # The key may be used to sign certificates.
841
+ # @!attribute [rw] crl_sign
842
+ # @return [::Boolean]
843
+ # The key may be used sign certificate revocation lists.
844
+ # @!attribute [rw] encipher_only
845
+ # @return [::Boolean]
846
+ # The key may be used to encipher only.
847
+ # @!attribute [rw] decipher_only
848
+ # @return [::Boolean]
849
+ # The key may be used to decipher only.
850
+ class KeyUsageOptions
851
+ include ::Google::Protobuf::MessageExts
852
+ extend ::Google::Protobuf::MessageExts::ClassMethods
853
+ end
854
+
855
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::KeyUsage::ExtendedKeyUsageOptions KeyUsage.ExtendedKeyUsageOptions} has fields that correspond to
856
+ # certain common OIDs that could be specified as an extended key usage value.
857
+ # @!attribute [rw] server_auth
858
+ # @return [::Boolean]
859
+ # Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
860
+ # server authentication", though regularly used for non-WWW TLS.
861
+ # @!attribute [rw] client_auth
862
+ # @return [::Boolean]
863
+ # Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
864
+ # client authentication", though regularly used for non-WWW TLS.
865
+ # @!attribute [rw] code_signing
866
+ # @return [::Boolean]
867
+ # Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
868
+ # downloadable executable code client authentication".
869
+ # @!attribute [rw] email_protection
870
+ # @return [::Boolean]
871
+ # Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
872
+ # protection".
873
+ # @!attribute [rw] time_stamping
874
+ # @return [::Boolean]
875
+ # Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
876
+ # the hash of an object to a time".
877
+ # @!attribute [rw] ocsp_signing
878
+ # @return [::Boolean]
879
+ # Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
880
+ # OCSP responses".
881
+ class ExtendedKeyUsageOptions
882
+ include ::Google::Protobuf::MessageExts
883
+ extend ::Google::Protobuf::MessageExts::ClassMethods
884
+ end
885
+ end
886
+
887
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::Subject Subject} describes parts of a distinguished name that, in turn,
888
+ # describes the subject of the certificate.
889
+ # @!attribute [rw] country_code
890
+ # @return [::String]
891
+ # The country code of the subject.
892
+ # @!attribute [rw] organization
893
+ # @return [::String]
894
+ # The organization of the subject.
895
+ # @!attribute [rw] organizational_unit
896
+ # @return [::String]
897
+ # The organizational_unit of the subject.
898
+ # @!attribute [rw] locality
899
+ # @return [::String]
900
+ # The locality or city of the subject.
901
+ # @!attribute [rw] province
902
+ # @return [::String]
903
+ # The province, territory, or regional state of the subject.
904
+ # @!attribute [rw] street_address
905
+ # @return [::String]
906
+ # The street address of the subject.
907
+ # @!attribute [rw] postal_code
908
+ # @return [::String]
909
+ # The postal code of the subject.
910
+ class Subject
911
+ include ::Google::Protobuf::MessageExts
912
+ extend ::Google::Protobuf::MessageExts::ClassMethods
913
+ end
914
+
915
+ # {::Google::Cloud::Security::PrivateCA::V1beta1::SubjectAltNames SubjectAltNames} corresponds to a more modern way of listing what
916
+ # the asserted identity is in a certificate (i.e., compared to the "common
917
+ # name" in the distinguished name).
918
+ # @!attribute [rw] dns_names
919
+ # @return [::Array<::String>]
920
+ # Contains only valid, fully-qualified host names.
921
+ # @!attribute [rw] uris
922
+ # @return [::Array<::String>]
923
+ # Contains only valid RFC 3986 URIs.
924
+ # @!attribute [rw] email_addresses
925
+ # @return [::Array<::String>]
926
+ # Contains only valid RFC 2822 E-mail addresses.
927
+ # @!attribute [rw] ip_addresses
928
+ # @return [::Array<::String>]
929
+ # Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
930
+ # @!attribute [rw] custom_sans
931
+ # @return [::Array<::Google::Cloud::Security::PrivateCA::V1beta1::X509Extension>]
932
+ # Contains additional subject alternative name values.
933
+ class SubjectAltNames
934
+ include ::Google::Protobuf::MessageExts
935
+ extend ::Google::Protobuf::MessageExts::ClassMethods
936
+ end
937
+
938
+ # A {::Google::Cloud::Security::PrivateCA::V1beta1::RevocationReason RevocationReason} indicates whether a {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} has been revoked,
939
+ # and the reason for revocation. These correspond to standard revocation
940
+ # reasons from RFC 5280. Note that the enum labels and values in this
941
+ # definition are not the same ASN.1 values defined in RFC 5280. These values
942
+ # will be translated to the correct ASN.1 values when a CRL is created.
943
+ module RevocationReason
944
+ # Default unspecified value. This value does indicate that a {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate}
945
+ # has been revoked, but that a reason has not been recorded.
946
+ REVOCATION_REASON_UNSPECIFIED = 0
947
+
948
+ # Key material for this {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} may have leaked.
949
+ KEY_COMPROMISE = 1
950
+
951
+ # The key material for a certificate authority in the issuing path may have
952
+ # leaked.
953
+ CERTIFICATE_AUTHORITY_COMPROMISE = 2
954
+
955
+ # The subject or other attributes in this {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} have changed.
956
+ AFFILIATION_CHANGED = 3
957
+
958
+ # This {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} has been superseded.
959
+ SUPERSEDED = 4
960
+
961
+ # This {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} or entities in the issuing path have ceased to
962
+ # operate.
963
+ CESSATION_OF_OPERATION = 5
964
+
965
+ # This {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} should not be considered valid, it is expected that it
966
+ # may become valid in the future.
967
+ CERTIFICATE_HOLD = 6
968
+
969
+ # This {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate} no longer has permission to assert the listed
970
+ # attributes.
971
+ PRIVILEGE_WITHDRAWN = 7
972
+
973
+ # The authority which determines appropriate attributes for a {::Google::Cloud::Security::PrivateCA::V1beta1::Certificate Certificate}
974
+ # may have been compromised.
975
+ ATTRIBUTE_AUTHORITY_COMPROMISE = 8
976
+ end
977
+ end
978
+ end
979
+ end
980
+ end
981
+ end