privateca

package
v0.0.0-...-c645305 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 18, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	RevocationReason_name = map[int32]string{
		0: "REVOCATION_REASON_UNSPECIFIED",
		1: "KEY_COMPROMISE",
		2: "CERTIFICATE_AUTHORITY_COMPROMISE",
		3: "AFFILIATION_CHANGED",
		4: "SUPERSEDED",
		5: "CESSATION_OF_OPERATION",
		6: "CERTIFICATE_HOLD",
		7: "PRIVILEGE_WITHDRAWN",
		8: "ATTRIBUTE_AUTHORITY_COMPROMISE",
	}
	RevocationReason_value = map[string]int32{
		"REVOCATION_REASON_UNSPECIFIED":    0,
		"KEY_COMPROMISE":                   1,
		"CERTIFICATE_AUTHORITY_COMPROMISE": 2,
		"AFFILIATION_CHANGED":              3,
		"SUPERSEDED":                       4,
		"CESSATION_OF_OPERATION":           5,
		"CERTIFICATE_HOLD":                 6,
		"PRIVILEGE_WITHDRAWN":              7,
		"ATTRIBUTE_AUTHORITY_COMPROMISE":   8,
	}
)

Enum value maps for RevocationReason.

View Source
var (
	SubjectRequestMode_name = map[int32]string{
		0: "SUBJECT_REQUEST_MODE_UNSPECIFIED",
		1: "DEFAULT",
		2: "REFLECTED_SPIFFE",
	}
	SubjectRequestMode_value = map[string]int32{
		"SUBJECT_REQUEST_MODE_UNSPECIFIED": 0,
		"DEFAULT":                          1,
		"REFLECTED_SPIFFE":                 2,
	}
)

Enum value maps for SubjectRequestMode.

View Source
var (
	PublicKey_KeyFormat_name = map[int32]string{
		0: "KEY_FORMAT_UNSPECIFIED",
		1: "PEM",
	}
	PublicKey_KeyFormat_value = map[string]int32{
		"KEY_FORMAT_UNSPECIFIED": 0,
		"PEM":                    1,
	}
)

Enum value maps for PublicKey_KeyFormat.

View Source
var (
	CertificateExtensionConstraints_KnownCertificateExtension_name = map[int32]string{
		0: "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED",
		1: "BASE_KEY_USAGE",
		2: "EXTENDED_KEY_USAGE",
		3: "CA_OPTIONS",
		4: "POLICY_IDS",
		5: "AIA_OCSP_SERVERS",
	}
	CertificateExtensionConstraints_KnownCertificateExtension_value = map[string]int32{
		"KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED": 0,
		"BASE_KEY_USAGE":     1,
		"EXTENDED_KEY_USAGE": 2,
		"CA_OPTIONS":         3,
		"POLICY_IDS":         4,
		"AIA_OCSP_SERVERS":   5,
	}
)

Enum value maps for CertificateExtensionConstraints_KnownCertificateExtension.

View Source
var File_google_cloud_security_privateca_v1_resources_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Certificate

type Certificate struct {

	// Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
	// `projects/*/locations/*/caPools/*/certificates/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The config used to create a signed X.509 certificate.
	//
	// Types that are assignable to CertificateConfig:
	//
	//	*Certificate_PemCsr
	//	*Certificate_Config
	CertificateConfig isCertificate_CertificateConfig `protobuf_oneof:"certificate_config"`
	// Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
	// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	IssuerCertificateAuthority string `` /* 141-byte string literal not displayed */
	// Required. Immutable. The desired lifetime of a certificate. Used to create the
	// "not_before_time" and "not_after_time" fields inside an X.509
	// certificate. Note that the lifetime may be truncated if it would extend
	// past the life of any certificate authority in the issuing chain.
	Lifetime *duration.Duration `protobuf:"bytes,5,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
	// Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
	// certificate, in the format
	// `projects/*/locations/*/certificateTemplates/*`.
	// If this is specified, the caller must have the necessary permission to
	// use this template. If this is omitted, no template will be used.
	// This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
	CertificateTemplate string `protobuf:"bytes,6,opt,name=certificate_template,json=certificateTemplate,proto3" json:"certificate_template,omitempty"`
	// Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
	// If this is omitted, the `DEFAULT` subject mode will be used.
	SubjectMode SubjectRequestMode `` /* 154-byte string literal not displayed */
	// Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
	// [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
	RevocationDetails *Certificate_RevocationDetails `protobuf:"bytes,8,opt,name=revocation_details,json=revocationDetails,proto3" json:"revocation_details,omitempty"`
	// Output only. The pem-encoded, signed X.509 certificate.
	PemCertificate string `protobuf:"bytes,9,opt,name=pem_certificate,json=pemCertificate,proto3" json:"pem_certificate,omitempty"`
	// Output only. A structured description of the issued X.509 certificate.
	CertificateDescription *CertificateDescription `` /* 128-byte string literal not displayed */
	// Output only. The chain that may be used to verify the X.509 certificate. Expected to be
	// in issuer-to-root order according to RFC 5246.
	PemCertificateChain []string `protobuf:"bytes,11,rep,name=pem_certificate_chain,json=pemCertificateChain,proto3" json:"pem_certificate_chain,omitempty"`
	// Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,12,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Optional. Labels with user-defined metadata.
	Labels map[string]string `` /* 154-byte string literal not displayed */
	// contains filtered or unexported fields
}

A Certificate[google.cloud.security.privateca.v1.Certificate] corresponds to a signed X.509 certificate issued by a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].

func (*Certificate) Descriptor deprecated

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetCertificateConfig

func (m *Certificate) GetCertificateConfig() isCertificate_CertificateConfig

func (*Certificate) GetCertificateDescription

func (x *Certificate) GetCertificateDescription() *CertificateDescription

func (*Certificate) GetCertificateTemplate

func (x *Certificate) GetCertificateTemplate() string

func (*Certificate) GetConfig

func (x *Certificate) GetConfig() *CertificateConfig

func (*Certificate) GetCreateTime

func (x *Certificate) GetCreateTime() *timestamppb.Timestamp

func (*Certificate) GetIssuerCertificateAuthority

func (x *Certificate) GetIssuerCertificateAuthority() string

func (*Certificate) GetLabels

func (x *Certificate) GetLabels() map[string]string

func (*Certificate) GetLifetime

func (x *Certificate) GetLifetime() *duration.Duration

func (*Certificate) GetName

func (x *Certificate) GetName() string

func (*Certificate) GetPemCertificate

func (x *Certificate) GetPemCertificate() string

func (*Certificate) GetPemCertificateChain

func (x *Certificate) GetPemCertificateChain() []string

func (*Certificate) GetPemCsr

func (x *Certificate) GetPemCsr() string

func (*Certificate) GetRevocationDetails

func (x *Certificate) GetRevocationDetails() *Certificate_RevocationDetails

func (*Certificate) GetSubjectMode

func (x *Certificate) GetSubjectMode() SubjectRequestMode

func (*Certificate) GetUpdateTime

func (x *Certificate) GetUpdateTime() *timestamppb.Timestamp

func (*Certificate) ProtoMessage

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset

func (x *Certificate) Reset()

func (*Certificate) String

func (x *Certificate) String() string

type CertificateConfig

type CertificateConfig struct {

	// Required. Specifies some of the values in a certificate that are related to the
	// subject.
	SubjectConfig *CertificateConfig_SubjectConfig `protobuf:"bytes,1,opt,name=subject_config,json=subjectConfig,proto3" json:"subject_config,omitempty"`
	// Required. Describes how some of the technical X.509 fields in a certificate should be
	// populated.
	X509Config *X509Parameters `protobuf:"bytes,2,opt,name=x509_config,json=x509Config,proto3" json:"x509_config,omitempty"`
	// Optional. The public key that corresponds to this config. This is, for example, used
	// when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
	// self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
	PublicKey *PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// contains filtered or unexported fields
}

A CertificateConfig[google.cloud.security.privateca.v1.CertificateConfig] describes an X.509 certificate or CSR that is to be created, as an alternative to using ASN.1.

func (*CertificateConfig) Descriptor deprecated

func (*CertificateConfig) Descriptor() ([]byte, []int)

Deprecated: Use CertificateConfig.ProtoReflect.Descriptor instead.

func (*CertificateConfig) GetPublicKey

func (x *CertificateConfig) GetPublicKey() *PublicKey

func (*CertificateConfig) GetSubjectConfig

func (x *CertificateConfig) GetSubjectConfig() *CertificateConfig_SubjectConfig

func (*CertificateConfig) GetX509Config

func (x *CertificateConfig) GetX509Config() *X509Parameters

func (*CertificateConfig) ProtoMessage

func (*CertificateConfig) ProtoMessage()

func (*CertificateConfig) ProtoReflect

func (x *CertificateConfig) ProtoReflect() protoreflect.Message

func (*CertificateConfig) Reset

func (x *CertificateConfig) Reset()

func (*CertificateConfig) String

func (x *CertificateConfig) String() string

type CertificateConfig_SubjectConfig

type CertificateConfig_SubjectConfig struct {

	// Required. Contains distinguished name fields such as the common name, location and
	// organization.
	Subject *Subject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
	// Optional. The subject alternative name fields.
	SubjectAltName *SubjectAltNames `protobuf:"bytes,2,opt,name=subject_alt_name,json=subjectAltName,proto3" json:"subject_alt_name,omitempty"`
	// contains filtered or unexported fields
}

These values are used to create the distinguished name and subject alternative name fields in an X.509 certificate.

func (*CertificateConfig_SubjectConfig) Descriptor deprecated

func (*CertificateConfig_SubjectConfig) Descriptor() ([]byte, []int)

Deprecated: Use CertificateConfig_SubjectConfig.ProtoReflect.Descriptor instead.

func (*CertificateConfig_SubjectConfig) GetSubject

func (x *CertificateConfig_SubjectConfig) GetSubject() *Subject

func (*CertificateConfig_SubjectConfig) GetSubjectAltName

func (x *CertificateConfig_SubjectConfig) GetSubjectAltName() *SubjectAltNames

func (*CertificateConfig_SubjectConfig) ProtoMessage

func (*CertificateConfig_SubjectConfig) ProtoMessage()

func (*CertificateConfig_SubjectConfig) ProtoReflect

func (*CertificateConfig_SubjectConfig) Reset

func (*CertificateConfig_SubjectConfig) String

type CertificateDescription

type CertificateDescription struct {

	// Describes some of the values in a certificate that are related to the
	// subject and lifetime.
	SubjectDescription *CertificateDescription_SubjectDescription `protobuf:"bytes,1,opt,name=subject_description,json=subjectDescription,proto3" json:"subject_description,omitempty"`
	// Describes some of the technical X.509 fields in a certificate.
	X509Description *X509Parameters `protobuf:"bytes,2,opt,name=x509_description,json=x509Description,proto3" json:"x509_description,omitempty"`
	// The public key that corresponds to an issued certificate.
	PublicKey *PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// Provides a means of identifiying certificates that contain a particular
	// public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
	SubjectKeyId *CertificateDescription_KeyId `protobuf:"bytes,4,opt,name=subject_key_id,json=subjectKeyId,proto3" json:"subject_key_id,omitempty"`
	// Identifies the subject_key_id of the parent certificate, per
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.1
	AuthorityKeyId *CertificateDescription_KeyId `protobuf:"bytes,5,opt,name=authority_key_id,json=authorityKeyId,proto3" json:"authority_key_id,omitempty"`
	// Describes a list of locations to obtain CRL information, i.e.
	// the DistributionPoint.fullName described by
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.13
	CrlDistributionPoints []string `` /* 126-byte string literal not displayed */
	// Describes lists of issuer CA certificate URLs that appear in the
	// "Authority Information Access" extension in the certificate.
	AiaIssuingCertificateUrls []string `` /* 140-byte string literal not displayed */
	// The hash of the x.509 certificate.
	CertFingerprint *CertificateDescription_CertificateFingerprint `protobuf:"bytes,8,opt,name=cert_fingerprint,json=certFingerprint,proto3" json:"cert_fingerprint,omitempty"`
	// contains filtered or unexported fields
}

A CertificateDescription[google.cloud.security.privateca.v1.CertificateDescription] describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.

func (*CertificateDescription) Descriptor deprecated

func (*CertificateDescription) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription.ProtoReflect.Descriptor instead.

func (*CertificateDescription) GetAiaIssuingCertificateUrls

func (x *CertificateDescription) GetAiaIssuingCertificateUrls() []string

func (*CertificateDescription) GetAuthorityKeyId

func (x *CertificateDescription) GetAuthorityKeyId() *CertificateDescription_KeyId

func (*CertificateDescription) GetCertFingerprint

func (*CertificateDescription) GetCrlDistributionPoints

func (x *CertificateDescription) GetCrlDistributionPoints() []string

func (*CertificateDescription) GetPublicKey

func (x *CertificateDescription) GetPublicKey() *PublicKey

func (*CertificateDescription) GetSubjectDescription

func (*CertificateDescription) GetSubjectKeyId

func (*CertificateDescription) GetX509Description

func (x *CertificateDescription) GetX509Description() *X509Parameters

func (*CertificateDescription) ProtoMessage

func (*CertificateDescription) ProtoMessage()

func (*CertificateDescription) ProtoReflect

func (x *CertificateDescription) ProtoReflect() protoreflect.Message

func (*CertificateDescription) Reset

func (x *CertificateDescription) Reset()

func (*CertificateDescription) String

func (x *CertificateDescription) String() string

type CertificateDescription_CertificateFingerprint

type CertificateDescription_CertificateFingerprint struct {

	// The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
	Sha256Hash string `protobuf:"bytes,1,opt,name=sha256_hash,json=sha256Hash,proto3" json:"sha256_hash,omitempty"`
	// contains filtered or unexported fields
}

A group of fingerprints for the x509 certificate.

func (*CertificateDescription_CertificateFingerprint) Descriptor deprecated

Deprecated: Use CertificateDescription_CertificateFingerprint.ProtoReflect.Descriptor instead.

func (*CertificateDescription_CertificateFingerprint) GetSha256Hash

func (*CertificateDescription_CertificateFingerprint) ProtoMessage

func (*CertificateDescription_CertificateFingerprint) ProtoReflect

func (*CertificateDescription_CertificateFingerprint) Reset

func (*CertificateDescription_CertificateFingerprint) String

type CertificateDescription_KeyId

type CertificateDescription_KeyId struct {

	// Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
	// likely the 160 bit SHA-1 hash of the public key.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// contains filtered or unexported fields
}

A KeyId identifies a specific public key, usually by hashing the public key.

func (*CertificateDescription_KeyId) Descriptor deprecated

func (*CertificateDescription_KeyId) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription_KeyId.ProtoReflect.Descriptor instead.

func (*CertificateDescription_KeyId) GetKeyId

func (x *CertificateDescription_KeyId) GetKeyId() string

func (*CertificateDescription_KeyId) ProtoMessage

func (*CertificateDescription_KeyId) ProtoMessage()

func (*CertificateDescription_KeyId) ProtoReflect

func (*CertificateDescription_KeyId) Reset

func (x *CertificateDescription_KeyId) Reset()

func (*CertificateDescription_KeyId) String

type CertificateDescription_SubjectDescription

type CertificateDescription_SubjectDescription struct {

	// Contains distinguished name fields such as the common name, location and
	// / organization.
	Subject *Subject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
	// The subject alternative name fields.
	SubjectAltName *SubjectAltNames `protobuf:"bytes,2,opt,name=subject_alt_name,json=subjectAltName,proto3" json:"subject_alt_name,omitempty"`
	// The serial number encoded in lowercase hexadecimal.
	HexSerialNumber string `protobuf:"bytes,3,opt,name=hex_serial_number,json=hexSerialNumber,proto3" json:"hex_serial_number,omitempty"`
	// For convenience, the actual lifetime of an issued certificate.
	Lifetime *duration.Duration `protobuf:"bytes,4,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
	// The time at which the certificate becomes valid.
	NotBeforeTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=not_before_time,json=notBeforeTime,proto3" json:"not_before_time,omitempty"`
	// The time after which the certificate is expired.
	// Per RFC 5280, the validity period for a certificate is the period of time
	// from not_before_time through not_after_time, inclusive.
	// Corresponds to 'not_before_time' + 'lifetime' - 1 second.
	NotAfterTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=not_after_time,json=notAfterTime,proto3" json:"not_after_time,omitempty"`
	// contains filtered or unexported fields
}

These values describe fields in an issued X.509 certificate such as the distinguished name, subject alternative names, serial number, and lifetime.

func (*CertificateDescription_SubjectDescription) Descriptor deprecated

func (*CertificateDescription_SubjectDescription) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription_SubjectDescription.ProtoReflect.Descriptor instead.

func (*CertificateDescription_SubjectDescription) GetHexSerialNumber

func (x *CertificateDescription_SubjectDescription) GetHexSerialNumber() string

func (*CertificateDescription_SubjectDescription) GetLifetime

func (*CertificateDescription_SubjectDescription) GetNotAfterTime

func (*CertificateDescription_SubjectDescription) GetNotBeforeTime

func (*CertificateDescription_SubjectDescription) GetSubject

func (*CertificateDescription_SubjectDescription) GetSubjectAltName

func (*CertificateDescription_SubjectDescription) ProtoMessage

func (*CertificateDescription_SubjectDescription) ProtoReflect

func (*CertificateDescription_SubjectDescription) Reset

func (*CertificateDescription_SubjectDescription) String

type CertificateExtensionConstraints

type CertificateExtensionConstraints struct {

	// Optional. A set of named X.509 extensions. Will be combined with
	// [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
	KnownExtensions []CertificateExtensionConstraints_KnownCertificateExtension `` /* 212-byte string literal not displayed */
	// Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
	// Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
	// X.509 extensions.
	AdditionalExtensions []*ObjectId `protobuf:"bytes,2,rep,name=additional_extensions,json=additionalExtensions,proto3" json:"additional_extensions,omitempty"`
	// contains filtered or unexported fields
}

Describes a set of X.509 extensions that may be part of some certificate issuance controls.

func (*CertificateExtensionConstraints) Descriptor deprecated

func (*CertificateExtensionConstraints) Descriptor() ([]byte, []int)

Deprecated: Use CertificateExtensionConstraints.ProtoReflect.Descriptor instead.

func (*CertificateExtensionConstraints) GetAdditionalExtensions

func (x *CertificateExtensionConstraints) GetAdditionalExtensions() []*ObjectId

func (*CertificateExtensionConstraints) GetKnownExtensions

func (*CertificateExtensionConstraints) ProtoMessage

func (*CertificateExtensionConstraints) ProtoMessage()

func (*CertificateExtensionConstraints) ProtoReflect

func (*CertificateExtensionConstraints) Reset

func (*CertificateExtensionConstraints) String

type CertificateExtensionConstraints_KnownCertificateExtension

type CertificateExtensionConstraints_KnownCertificateExtension int32

Describes well-known X.509 extensions that can appear in a Certificate[google.cloud.security.privateca.v1.Certificate], not including the SubjectAltNames[google.cloud.security.privateca.v1.SubjectAltNames] extension.

const (
	// Not specified.
	CertificateExtensionConstraints_KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED CertificateExtensionConstraints_KnownCertificateExtension = 0
	// Refers to a certificate's Key Usage extension, as described in [RFC 5280
	// section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
	// This corresponds to the [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage] field.
	CertificateExtensionConstraints_BASE_KEY_USAGE CertificateExtensionConstraints_KnownCertificateExtension = 1
	// Refers to a certificate's Extended Key Usage extension, as described in
	// [RFC 5280
	// section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
	// This corresponds to the [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage] message.
	CertificateExtensionConstraints_EXTENDED_KEY_USAGE CertificateExtensionConstraints_KnownCertificateExtension = 2
	// Refers to a certificate's Basic Constraints extension, as described in
	// [RFC 5280
	// section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
	// This corresponds to the [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options] field.
	CertificateExtensionConstraints_CA_OPTIONS CertificateExtensionConstraints_KnownCertificateExtension = 3
	// Refers to a certificate's Policy object identifiers, as described in
	// [RFC 5280
	// section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
	// This corresponds to the [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids] field.
	CertificateExtensionConstraints_POLICY_IDS CertificateExtensionConstraints_KnownCertificateExtension = 4
	// Refers to OCSP servers in a certificate's Authority Information Access
	// extension, as described in
	// [RFC 5280
	// section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
	// This corresponds to the [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers] field.
	CertificateExtensionConstraints_AIA_OCSP_SERVERS CertificateExtensionConstraints_KnownCertificateExtension = 5
)

func (CertificateExtensionConstraints_KnownCertificateExtension) Descriptor

func (CertificateExtensionConstraints_KnownCertificateExtension) Enum

func (CertificateExtensionConstraints_KnownCertificateExtension) EnumDescriptor deprecated

Deprecated: Use CertificateExtensionConstraints_KnownCertificateExtension.Descriptor instead.

func (CertificateExtensionConstraints_KnownCertificateExtension) Number

func (CertificateExtensionConstraints_KnownCertificateExtension) String

func (CertificateExtensionConstraints_KnownCertificateExtension) Type

type CertificateIdentityConstraints

type CertificateIdentityConstraints struct {

	// Required. If this is true, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
	// request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
	// will be discarded.
	AllowSubjectPassthrough *bool `` /* 139-byte string literal not displayed */
	// Required. If this is true, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
	// certificate request into the signed certificate. Otherwise, the requested
	// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
	AllowSubjectAltNamesPassthrough *bool `` /* 167-byte string literal not displayed */
	// contains filtered or unexported fields
}

Describes constraints on a Certificate[google.cloud.security.privateca.v1.Certificate]'s Subject[google.cloud.security.privateca.v1.Subject] and SubjectAltNames[google.cloud.security.privateca.v1.SubjectAltNames].

func (*CertificateIdentityConstraints) Descriptor deprecated

func (*CertificateIdentityConstraints) Descriptor() ([]byte, []int)

Deprecated: Use CertificateIdentityConstraints.ProtoReflect.Descriptor instead.

func (*CertificateIdentityConstraints) GetAllowSubjectAltNamesPassthrough

func (x *CertificateIdentityConstraints) GetAllowSubjectAltNamesPassthrough() bool

func (*CertificateIdentityConstraints) GetAllowSubjectPassthrough

func (x *CertificateIdentityConstraints) GetAllowSubjectPassthrough() bool

func (*CertificateIdentityConstraints) ProtoMessage

func (*CertificateIdentityConstraints) ProtoMessage()

func (*CertificateIdentityConstraints) ProtoReflect

func (*CertificateIdentityConstraints) Reset

func (x *CertificateIdentityConstraints) Reset()

func (*CertificateIdentityConstraints) String

type Certificate_Config

type Certificate_Config struct {
	// Immutable. A description of the certificate and key that does not require X.509 or
	// ASN.1.
	Config *CertificateConfig `protobuf:"bytes,3,opt,name=config,proto3,oneof"`
}

type Certificate_PemCsr

type Certificate_PemCsr struct {
	// Immutable. A pem-encoded X.509 certificate signing request (CSR).
	PemCsr string `protobuf:"bytes,2,opt,name=pem_csr,json=pemCsr,proto3,oneof"`
}

type Certificate_RevocationDetails

type Certificate_RevocationDetails struct {

	// Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
	RevocationState RevocationReason `` /* 164-byte string literal not displayed */
	// The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
	RevocationTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=revocation_time,json=revocationTime,proto3" json:"revocation_time,omitempty"`
	// contains filtered or unexported fields
}

Describes fields that are relavent to the revocation of a Certificate[google.cloud.security.privateca.v1.Certificate].

func (*Certificate_RevocationDetails) Descriptor deprecated

func (*Certificate_RevocationDetails) Descriptor() ([]byte, []int)

Deprecated: Use Certificate_RevocationDetails.ProtoReflect.Descriptor instead.

func (*Certificate_RevocationDetails) GetRevocationState

func (x *Certificate_RevocationDetails) GetRevocationState() RevocationReason

func (*Certificate_RevocationDetails) GetRevocationTime

func (x *Certificate_RevocationDetails) GetRevocationTime() *timestamppb.Timestamp

func (*Certificate_RevocationDetails) ProtoMessage

func (*Certificate_RevocationDetails) ProtoMessage()

func (*Certificate_RevocationDetails) ProtoReflect

func (*Certificate_RevocationDetails) Reset

func (x *Certificate_RevocationDetails) Reset()

func (*Certificate_RevocationDetails) String

type KeyUsage

type KeyUsage struct {

	// Describes high-level ways in which a key may be used.
	BaseKeyUsage *KeyUsage_KeyUsageOptions `protobuf:"bytes,1,opt,name=base_key_usage,json=baseKeyUsage,proto3" json:"base_key_usage,omitempty"`
	// Detailed scenarios in which a key may be used.
	ExtendedKeyUsage *KeyUsage_ExtendedKeyUsageOptions `protobuf:"bytes,2,opt,name=extended_key_usage,json=extendedKeyUsage,proto3" json:"extended_key_usage,omitempty"`
	// Used to describe extended key usages that are not listed in the
	// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
	UnknownExtendedKeyUsages []*ObjectId `` /* 137-byte string literal not displayed */
	// contains filtered or unexported fields
}

A KeyUsage[google.cloud.security.privateca.v1.KeyUsage] describes key usage values that may appear in an X.509 certificate.

func (*KeyUsage) Descriptor deprecated

func (*KeyUsage) Descriptor() ([]byte, []int)

Deprecated: Use KeyUsage.ProtoReflect.Descriptor instead.

func (*KeyUsage) GetBaseKeyUsage

func (x *KeyUsage) GetBaseKeyUsage() *KeyUsage_KeyUsageOptions

func (*KeyUsage) GetExtendedKeyUsage

func (x *KeyUsage) GetExtendedKeyUsage() *KeyUsage_ExtendedKeyUsageOptions

func (*KeyUsage) GetUnknownExtendedKeyUsages

func (x *KeyUsage) GetUnknownExtendedKeyUsages() []*ObjectId

func (*KeyUsage) ProtoMessage

func (*KeyUsage) ProtoMessage()

func (*KeyUsage) ProtoReflect

func (x *KeyUsage) ProtoReflect() protoreflect.Message

func (*KeyUsage) Reset

func (x *KeyUsage) Reset()

func (*KeyUsage) String

func (x *KeyUsage) String() string

type KeyUsage_ExtendedKeyUsageOptions

type KeyUsage_ExtendedKeyUsageOptions struct {

	// Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
	// server authentication", though regularly used for non-WWW TLS.
	ServerAuth bool `protobuf:"varint,1,opt,name=server_auth,json=serverAuth,proto3" json:"server_auth,omitempty"`
	// Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
	// client authentication", though regularly used for non-WWW TLS.
	ClientAuth bool `protobuf:"varint,2,opt,name=client_auth,json=clientAuth,proto3" json:"client_auth,omitempty"`
	// Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
	// downloadable executable code client authentication".
	CodeSigning bool `protobuf:"varint,3,opt,name=code_signing,json=codeSigning,proto3" json:"code_signing,omitempty"`
	// Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
	// protection".
	EmailProtection bool `protobuf:"varint,4,opt,name=email_protection,json=emailProtection,proto3" json:"email_protection,omitempty"`
	// Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
	// the hash of an object to a time".
	TimeStamping bool `protobuf:"varint,5,opt,name=time_stamping,json=timeStamping,proto3" json:"time_stamping,omitempty"`
	// Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
	// OCSP responses".
	OcspSigning bool `protobuf:"varint,6,opt,name=ocsp_signing,json=ocspSigning,proto3" json:"ocsp_signing,omitempty"`
	// contains filtered or unexported fields
}

[KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] has fields that correspond to certain common OIDs that could be specified as an extended key usage value.

func (*KeyUsage_ExtendedKeyUsageOptions) Descriptor deprecated

func (*KeyUsage_ExtendedKeyUsageOptions) Descriptor() ([]byte, []int)

Deprecated: Use KeyUsage_ExtendedKeyUsageOptions.ProtoReflect.Descriptor instead.

func (*KeyUsage_ExtendedKeyUsageOptions) GetClientAuth

func (x *KeyUsage_ExtendedKeyUsageOptions) GetClientAuth() bool

func (*KeyUsage_ExtendedKeyUsageOptions) GetCodeSigning

func (x *KeyUsage_ExtendedKeyUsageOptions) GetCodeSigning() bool

func (*KeyUsage_ExtendedKeyUsageOptions) GetEmailProtection

func (x *KeyUsage_ExtendedKeyUsageOptions) GetEmailProtection() bool

func (*KeyUsage_ExtendedKeyUsageOptions) GetOcspSigning

func (x *KeyUsage_ExtendedKeyUsageOptions) GetOcspSigning() bool

func (*KeyUsage_ExtendedKeyUsageOptions) GetServerAuth

func (x *KeyUsage_ExtendedKeyUsageOptions) GetServerAuth() bool

func (*KeyUsage_ExtendedKeyUsageOptions) GetTimeStamping

func (x *KeyUsage_ExtendedKeyUsageOptions) GetTimeStamping() bool

func (*KeyUsage_ExtendedKeyUsageOptions) ProtoMessage

func (*KeyUsage_ExtendedKeyUsageOptions) ProtoMessage()

func (*KeyUsage_ExtendedKeyUsageOptions) ProtoReflect

func (*KeyUsage_ExtendedKeyUsageOptions) Reset

func (*KeyUsage_ExtendedKeyUsageOptions) String

type KeyUsage_KeyUsageOptions

type KeyUsage_KeyUsageOptions struct {

	// The key may be used for digital signatures.
	DigitalSignature bool `protobuf:"varint,1,opt,name=digital_signature,json=digitalSignature,proto3" json:"digital_signature,omitempty"`
	// The key may be used for cryptographic commitments. Note that this may
	// also be referred to as "non-repudiation".
	ContentCommitment bool `protobuf:"varint,2,opt,name=content_commitment,json=contentCommitment,proto3" json:"content_commitment,omitempty"`
	// The key may be used to encipher other keys.
	KeyEncipherment bool `protobuf:"varint,3,opt,name=key_encipherment,json=keyEncipherment,proto3" json:"key_encipherment,omitempty"`
	// The key may be used to encipher data.
	DataEncipherment bool `protobuf:"varint,4,opt,name=data_encipherment,json=dataEncipherment,proto3" json:"data_encipherment,omitempty"`
	// The key may be used in a key agreement protocol.
	KeyAgreement bool `protobuf:"varint,5,opt,name=key_agreement,json=keyAgreement,proto3" json:"key_agreement,omitempty"`
	// The key may be used to sign certificates.
	CertSign bool `protobuf:"varint,6,opt,name=cert_sign,json=certSign,proto3" json:"cert_sign,omitempty"`
	// The key may be used sign certificate revocation lists.
	CrlSign bool `protobuf:"varint,7,opt,name=crl_sign,json=crlSign,proto3" json:"crl_sign,omitempty"`
	// The key may be used to encipher only.
	EncipherOnly bool `protobuf:"varint,8,opt,name=encipher_only,json=encipherOnly,proto3" json:"encipher_only,omitempty"`
	// The key may be used to decipher only.
	DecipherOnly bool `protobuf:"varint,9,opt,name=decipher_only,json=decipherOnly,proto3" json:"decipher_only,omitempty"`
	// contains filtered or unexported fields
}

[KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions] corresponds to the key usage values described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.

func (*KeyUsage_KeyUsageOptions) Descriptor deprecated

func (*KeyUsage_KeyUsageOptions) Descriptor() ([]byte, []int)

Deprecated: Use KeyUsage_KeyUsageOptions.ProtoReflect.Descriptor instead.

func (*KeyUsage_KeyUsageOptions) GetCertSign

func (x *KeyUsage_KeyUsageOptions) GetCertSign() bool

func (*KeyUsage_KeyUsageOptions) GetContentCommitment

func (x *KeyUsage_KeyUsageOptions) GetContentCommitment() bool

func (*KeyUsage_KeyUsageOptions) GetCrlSign

func (x *KeyUsage_KeyUsageOptions) GetCrlSign() bool

func (*KeyUsage_KeyUsageOptions) GetDataEncipherment

func (x *KeyUsage_KeyUsageOptions) GetDataEncipherment() bool

func (*KeyUsage_KeyUsageOptions) GetDecipherOnly

func (x *KeyUsage_KeyUsageOptions) GetDecipherOnly() bool

func (*KeyUsage_KeyUsageOptions) GetDigitalSignature

func (x *KeyUsage_KeyUsageOptions) GetDigitalSignature() bool

func (*KeyUsage_KeyUsageOptions) GetEncipherOnly

func (x *KeyUsage_KeyUsageOptions) GetEncipherOnly() bool

func (*KeyUsage_KeyUsageOptions) GetKeyAgreement

func (x *KeyUsage_KeyUsageOptions) GetKeyAgreement() bool

func (*KeyUsage_KeyUsageOptions) GetKeyEncipherment

func (x *KeyUsage_KeyUsageOptions) GetKeyEncipherment() bool

func (*KeyUsage_KeyUsageOptions) ProtoMessage

func (*KeyUsage_KeyUsageOptions) ProtoMessage()

func (*KeyUsage_KeyUsageOptions) ProtoReflect

func (x *KeyUsage_KeyUsageOptions) ProtoReflect() protoreflect.Message

func (*KeyUsage_KeyUsageOptions) Reset

func (x *KeyUsage_KeyUsageOptions) Reset()

func (*KeyUsage_KeyUsageOptions) String

func (x *KeyUsage_KeyUsageOptions) String() string

type ObjectId

type ObjectId struct {

	// Required. The parts of an OID path. The most significant parts of the path come
	// first.
	ObjectIdPath []int32 `protobuf:"varint,1,rep,packed,name=object_id_path,json=objectIdPath,proto3" json:"object_id_path,omitempty"`
	// contains filtered or unexported fields
}

An ObjectId[google.cloud.security.privateca.v1.ObjectId] specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

func (*ObjectId) Descriptor deprecated

func (*ObjectId) Descriptor() ([]byte, []int)

Deprecated: Use ObjectId.ProtoReflect.Descriptor instead.

func (*ObjectId) GetObjectIdPath

func (x *ObjectId) GetObjectIdPath() []int32

func (*ObjectId) ProtoMessage

func (*ObjectId) ProtoMessage()

func (*ObjectId) ProtoReflect

func (x *ObjectId) ProtoReflect() protoreflect.Message

func (*ObjectId) Reset

func (x *ObjectId) Reset()

func (*ObjectId) String

func (x *ObjectId) String() string

type PublicKey

type PublicKey struct {

	// Required. A public key. The padding and encoding
	// must match with the `KeyFormat` value specified for the `format` field.
	Key []byte `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	// Required. The format of the public key.
	Format PublicKey_KeyFormat `` /* 126-byte string literal not displayed */
	// contains filtered or unexported fields
}

A PublicKey[google.cloud.security.privateca.v1.PublicKey] describes a public key.

func (*PublicKey) Descriptor deprecated

func (*PublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.

func (*PublicKey) GetFormat

func (x *PublicKey) GetFormat() PublicKey_KeyFormat

func (*PublicKey) GetKey

func (x *PublicKey) GetKey() []byte

func (*PublicKey) ProtoMessage

func (*PublicKey) ProtoMessage()

func (*PublicKey) ProtoReflect

func (x *PublicKey) ProtoReflect() protoreflect.Message

func (*PublicKey) Reset

func (x *PublicKey) Reset()

func (*PublicKey) String

func (x *PublicKey) String() string

type PublicKey_KeyFormat

type PublicKey_KeyFormat int32

Types of public keys formats that are supported. Currently, only `PEM` format is supported.

const (
	// Default unspecified value.
	PublicKey_KEY_FORMAT_UNSPECIFIED PublicKey_KeyFormat = 0
	// The key is PEM-encoded as defined in [RFC
	// 7468](https://tools.ietf.org/html/rfc7468). It can be any of the
	// following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
	// structure, an RFC 5280
	// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
	// or a PEM-encoded X.509 certificate signing request (CSR). If a
	// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
	// is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
	// or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified,
	// it will used solely for the purpose of extracting the public key. When
	// generated by the service, it will always be an RFC 5280
	// [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
	// structure containing an algorithm identifier and a key.
	PublicKey_PEM PublicKey_KeyFormat = 1
)

func (PublicKey_KeyFormat) Descriptor

func (PublicKey_KeyFormat) Enum

func (PublicKey_KeyFormat) EnumDescriptor deprecated

func (PublicKey_KeyFormat) EnumDescriptor() ([]byte, []int)

Deprecated: Use PublicKey_KeyFormat.Descriptor instead.

func (PublicKey_KeyFormat) Number

func (PublicKey_KeyFormat) String

func (x PublicKey_KeyFormat) String() string

func (PublicKey_KeyFormat) Type

type RevocationReason

type RevocationReason int32

A RevocationReason[google.cloud.security.privateca.v1.RevocationReason] indicates whether a Certificate[google.cloud.security.privateca.v1.Certificate] has been revoked, and the reason for revocation. These correspond to standard revocation reasons from RFC 5280. Note that the enum labels and values in this definition are not the same ASN.1 values defined in RFC 5280. These values will be translated to the correct ASN.1 values when a CRL is created.

const (
	// Default unspecified value. This value does indicate that a [Certificate][google.cloud.security.privateca.v1.Certificate]
	// has been revoked, but that a reason has not been recorded.
	RevocationReason_REVOCATION_REASON_UNSPECIFIED RevocationReason = 0
	// Key material for this [Certificate][google.cloud.security.privateca.v1.Certificate] may have leaked.
	RevocationReason_KEY_COMPROMISE RevocationReason = 1
	// The key material for a certificate authority in the issuing path may have
	// leaked.
	RevocationReason_CERTIFICATE_AUTHORITY_COMPROMISE RevocationReason = 2
	// The subject or other attributes in this [Certificate][google.cloud.security.privateca.v1.Certificate] have changed.
	RevocationReason_AFFILIATION_CHANGED RevocationReason = 3
	// This [Certificate][google.cloud.security.privateca.v1.Certificate] has been superseded.
	RevocationReason_SUPERSEDED RevocationReason = 4
	// This [Certificate][google.cloud.security.privateca.v1.Certificate] or entities in the issuing path have ceased to
	// operate.
	RevocationReason_CESSATION_OF_OPERATION RevocationReason = 5
	// This [Certificate][google.cloud.security.privateca.v1.Certificate] should not be considered valid, it is expected that it
	// may become valid in the future.
	RevocationReason_CERTIFICATE_HOLD RevocationReason = 6
	// This [Certificate][google.cloud.security.privateca.v1.Certificate] no longer has permission to assert the listed
	// attributes.
	RevocationReason_PRIVILEGE_WITHDRAWN RevocationReason = 7
	// The authority which determines appropriate attributes for a [Certificate][google.cloud.security.privateca.v1.Certificate]
	// may have been compromised.
	RevocationReason_ATTRIBUTE_AUTHORITY_COMPROMISE RevocationReason = 8
)

func (RevocationReason) Descriptor

func (RevocationReason) Enum

func (RevocationReason) EnumDescriptor deprecated

func (RevocationReason) EnumDescriptor() ([]byte, []int)

Deprecated: Use RevocationReason.Descriptor instead.

func (RevocationReason) Number

func (RevocationReason) String

func (x RevocationReason) String() string

func (RevocationReason) Type

type Subject

type Subject struct {

	// The "common name" of the subject.
	CommonName string `protobuf:"bytes,1,opt,name=common_name,json=commonName,proto3" json:"common_name,omitempty"`
	// The country code of the subject.
	CountryCode string `protobuf:"bytes,2,opt,name=country_code,json=countryCode,proto3" json:"country_code,omitempty"`
	// The organization of the subject.
	Organization string `protobuf:"bytes,3,opt,name=organization,proto3" json:"organization,omitempty"`
	// The organizational_unit of the subject.
	OrganizationalUnit string `protobuf:"bytes,4,opt,name=organizational_unit,json=organizationalUnit,proto3" json:"organizational_unit,omitempty"`
	// The locality or city of the subject.
	Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"`
	// The province, territory, or regional state of the subject.
	Province string `protobuf:"bytes,6,opt,name=province,proto3" json:"province,omitempty"`
	// The street address of the subject.
	StreetAddress string `protobuf:"bytes,7,opt,name=street_address,json=streetAddress,proto3" json:"street_address,omitempty"`
	// The postal code of the subject.
	PostalCode string `protobuf:"bytes,8,opt,name=postal_code,json=postalCode,proto3" json:"postal_code,omitempty"`
	// contains filtered or unexported fields
}

Subject[google.cloud.security.privateca.v1.Subject] describes parts of a distinguished name that, in turn, describes the subject of the certificate.

func (*Subject) Descriptor deprecated

func (*Subject) Descriptor() ([]byte, []int)

Deprecated: Use Subject.ProtoReflect.Descriptor instead.

func (*Subject) GetCommonName

func (x *Subject) GetCommonName() string

func (*Subject) GetCountryCode

func (x *Subject) GetCountryCode() string

func (*Subject) GetLocality

func (x *Subject) GetLocality() string

func (*Subject) GetOrganization

func (x *Subject) GetOrganization() string

func (*Subject) GetOrganizationalUnit

func (x *Subject) GetOrganizationalUnit() string

func (*Subject) GetPostalCode

func (x *Subject) GetPostalCode() string

func (*Subject) GetProvince

func (x *Subject) GetProvince() string

func (*Subject) GetStreetAddress

func (x *Subject) GetStreetAddress() string

func (*Subject) ProtoMessage

func (*Subject) ProtoMessage()

func (*Subject) ProtoReflect

func (x *Subject) ProtoReflect() protoreflect.Message

func (*Subject) Reset

func (x *Subject) Reset()

func (*Subject) String

func (x *Subject) String() string

type SubjectAltNames

type SubjectAltNames struct {

	// Contains only valid, fully-qualified host names.
	DnsNames []string `protobuf:"bytes,1,rep,name=dns_names,json=dnsNames,proto3" json:"dns_names,omitempty"`
	// Contains only valid RFC 3986 URIs.
	Uris []string `protobuf:"bytes,2,rep,name=uris,proto3" json:"uris,omitempty"`
	// Contains only valid RFC 2822 E-mail addresses.
	EmailAddresses []string `protobuf:"bytes,3,rep,name=email_addresses,json=emailAddresses,proto3" json:"email_addresses,omitempty"`
	// Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
	IpAddresses []string `protobuf:"bytes,4,rep,name=ip_addresses,json=ipAddresses,proto3" json:"ip_addresses,omitempty"`
	// Contains additional subject alternative name values.
	// For each custom_san, the `value` field must contain an ASN.1 encoded
	// UTF8String.
	CustomSans []*X509Extension `protobuf:"bytes,5,rep,name=custom_sans,json=customSans,proto3" json:"custom_sans,omitempty"`
	// contains filtered or unexported fields
}

SubjectAltNames[google.cloud.security.privateca.v1.SubjectAltNames] corresponds to a more modern way of listing what the asserted identity is in a certificate (i.e., compared to the "common name" in the distinguished name).

func (*SubjectAltNames) Descriptor deprecated

func (*SubjectAltNames) Descriptor() ([]byte, []int)

Deprecated: Use SubjectAltNames.ProtoReflect.Descriptor instead.

func (*SubjectAltNames) GetCustomSans

func (x *SubjectAltNames) GetCustomSans() []*X509Extension

func (*SubjectAltNames) GetDnsNames

func (x *SubjectAltNames) GetDnsNames() []string

func (*SubjectAltNames) GetEmailAddresses

func (x *SubjectAltNames) GetEmailAddresses() []string

func (*SubjectAltNames) GetIpAddresses

func (x *SubjectAltNames) GetIpAddresses() []string

func (*SubjectAltNames) GetUris

func (x *SubjectAltNames) GetUris() []string

func (*SubjectAltNames) ProtoMessage

func (*SubjectAltNames) ProtoMessage()

func (*SubjectAltNames) ProtoReflect

func (x *SubjectAltNames) ProtoReflect() protoreflect.Message

func (*SubjectAltNames) Reset

func (x *SubjectAltNames) Reset()

func (*SubjectAltNames) String

func (x *SubjectAltNames) String() string

type SubjectRequestMode

type SubjectRequestMode int32

Describes the way in which a Certificate[google.cloud.security.privateca.v1.Certificate]'s Subject[google.cloud.security.privateca.v1.Subject] and/or SubjectAltNames[google.cloud.security.privateca.v1.SubjectAltNames] will be resolved.

const (
	// Not specified.
	SubjectRequestMode_SUBJECT_REQUEST_MODE_UNSPECIFIED SubjectRequestMode = 0
	// The default mode used in most cases. Indicates that the certificate's
	// [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are specified in the certificate
	// request. This mode requires the caller to have the
	// `privateca.certificates.create` permission.
	SubjectRequestMode_DEFAULT SubjectRequestMode = 1
	// A mode reserved for special cases. Indicates that the certificate should
	// have one or more SPIFFE [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set by the service based
	// on the caller's identity. This mode will ignore any explicitly specified
	// [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in the certificate request.
	// This mode requires the caller to have the
	// `privateca.certificates.createForSelf` permission.
	SubjectRequestMode_REFLECTED_SPIFFE SubjectRequestMode = 2
)

func (SubjectRequestMode) Descriptor

func (SubjectRequestMode) Enum

func (SubjectRequestMode) EnumDescriptor deprecated

func (SubjectRequestMode) EnumDescriptor() ([]byte, []int)

Deprecated: Use SubjectRequestMode.Descriptor instead.

func (SubjectRequestMode) Number

func (SubjectRequestMode) String

func (x SubjectRequestMode) String() string

func (SubjectRequestMode) Type

type SubordinateConfig

type SubordinateConfig struct {

	// Types that are assignable to SubordinateConfig:
	//
	//	*SubordinateConfig_CertificateAuthority
	//	*SubordinateConfig_PemIssuerChain
	SubordinateConfig isSubordinateConfig_SubordinateConfig `protobuf_oneof:"subordinate_config"`
	// contains filtered or unexported fields
}

Describes a subordinate CA's issuers. This is either a resource name to a known issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], or a PEM issuer certificate chain.

func (*SubordinateConfig) Descriptor deprecated

func (*SubordinateConfig) Descriptor() ([]byte, []int)

Deprecated: Use SubordinateConfig.ProtoReflect.Descriptor instead.

func (*SubordinateConfig) GetCertificateAuthority

func (x *SubordinateConfig) GetCertificateAuthority() string

func (*SubordinateConfig) GetPemIssuerChain

func (*SubordinateConfig) GetSubordinateConfig

func (m *SubordinateConfig) GetSubordinateConfig() isSubordinateConfig_SubordinateConfig

func (*SubordinateConfig) ProtoMessage

func (*SubordinateConfig) ProtoMessage()

func (*SubordinateConfig) ProtoReflect

func (x *SubordinateConfig) ProtoReflect() protoreflect.Message

func (*SubordinateConfig) Reset

func (x *SubordinateConfig) Reset()

func (*SubordinateConfig) String

func (x *SubordinateConfig) String() string

type SubordinateConfig_CertificateAuthority

type SubordinateConfig_CertificateAuthority struct {
	// Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
	// subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
	// and usability purposes only. The resource name is in the format
	// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	CertificateAuthority string `protobuf:"bytes,1,opt,name=certificate_authority,json=certificateAuthority,proto3,oneof"`
}

type SubordinateConfig_PemIssuerChain

type SubordinateConfig_PemIssuerChain struct {
	// Required. Contains the PEM certificate chain for the issuers of this
	// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
	PemIssuerChain *SubordinateConfig_SubordinateConfigChain `protobuf:"bytes,2,opt,name=pem_issuer_chain,json=pemIssuerChain,proto3,oneof"`
}

type SubordinateConfig_SubordinateConfigChain

type SubordinateConfig_SubordinateConfigChain struct {

	// Required. Expected to be in leaf-to-root order according to RFC 5246.
	PemCertificates []string `protobuf:"bytes,1,rep,name=pem_certificates,json=pemCertificates,proto3" json:"pem_certificates,omitempty"`
	// contains filtered or unexported fields
}

This message describes a subordinate CA's issuer certificate chain. This wrapper exists for compatibility reasons.

func (*SubordinateConfig_SubordinateConfigChain) Descriptor deprecated

func (*SubordinateConfig_SubordinateConfigChain) Descriptor() ([]byte, []int)

Deprecated: Use SubordinateConfig_SubordinateConfigChain.ProtoReflect.Descriptor instead.

func (*SubordinateConfig_SubordinateConfigChain) GetPemCertificates

func (x *SubordinateConfig_SubordinateConfigChain) GetPemCertificates() []string

func (*SubordinateConfig_SubordinateConfigChain) ProtoMessage

func (*SubordinateConfig_SubordinateConfigChain) ProtoReflect

func (*SubordinateConfig_SubordinateConfigChain) Reset

func (*SubordinateConfig_SubordinateConfigChain) String

type X509Extension

type X509Extension struct {

	// Required. The OID for this X.509 extension.
	ObjectId *ObjectId `protobuf:"bytes,1,opt,name=object_id,json=objectId,proto3" json:"object_id,omitempty"`
	// Optional. Indicates whether or not this extension is critical (i.e., if the client
	// does not know how to handle this extension, the client should consider this
	// to be an error).
	Critical bool `protobuf:"varint,2,opt,name=critical,proto3" json:"critical,omitempty"`
	// Required. The value of this X.509 extension.
	Value []byte `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
	// contains filtered or unexported fields
}

An X509Extension[google.cloud.security.privateca.v1.X509Extension] specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.

func (*X509Extension) Descriptor deprecated

func (*X509Extension) Descriptor() ([]byte, []int)

Deprecated: Use X509Extension.ProtoReflect.Descriptor instead.

func (*X509Extension) GetCritical

func (x *X509Extension) GetCritical() bool

func (*X509Extension) GetObjectId

func (x *X509Extension) GetObjectId() *ObjectId

func (*X509Extension) GetValue

func (x *X509Extension) GetValue() []byte

func (*X509Extension) ProtoMessage

func (*X509Extension) ProtoMessage()

func (*X509Extension) ProtoReflect

func (x *X509Extension) ProtoReflect() protoreflect.Message

func (*X509Extension) Reset

func (x *X509Extension) Reset()

func (*X509Extension) String

func (x *X509Extension) String() string

type X509Parameters

type X509Parameters struct {

	// Optional. Indicates the intended use for keys that correspond to a certificate.
	KeyUsage *KeyUsage `protobuf:"bytes,1,opt,name=key_usage,json=keyUsage,proto3" json:"key_usage,omitempty"`
	// Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
	// certificate.
	CaOptions *X509Parameters_CaOptions `protobuf:"bytes,2,opt,name=ca_options,json=caOptions,proto3" json:"ca_options,omitempty"`
	// Optional. Describes the X.509 certificate policy object identifiers, per
	// https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
	PolicyIds []*ObjectId `protobuf:"bytes,3,rep,name=policy_ids,json=policyIds,proto3" json:"policy_ids,omitempty"`
	// Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
	// that appear in the "Authority Information Access" extension in the
	// certificate.
	AiaOcspServers []string `protobuf:"bytes,4,rep,name=aia_ocsp_servers,json=aiaOcspServers,proto3" json:"aia_ocsp_servers,omitempty"`
	// Optional. Describes custom X.509 extensions.
	AdditionalExtensions []*X509Extension `protobuf:"bytes,5,rep,name=additional_extensions,json=additionalExtensions,proto3" json:"additional_extensions,omitempty"`
	// contains filtered or unexported fields
}

An X509Parameters[google.cloud.security.privateca.v1.X509Parameters] is used to describe certain fields of an X.509 certificate, such as the key usage fields, fields specific to CA certificates, certificate policy extensions and custom extensions.

func (*X509Parameters) Descriptor deprecated

func (*X509Parameters) Descriptor() ([]byte, []int)

Deprecated: Use X509Parameters.ProtoReflect.Descriptor instead.

func (*X509Parameters) GetAdditionalExtensions

func (x *X509Parameters) GetAdditionalExtensions() []*X509Extension

func (*X509Parameters) GetAiaOcspServers

func (x *X509Parameters) GetAiaOcspServers() []string

func (*X509Parameters) GetCaOptions

func (x *X509Parameters) GetCaOptions() *X509Parameters_CaOptions

func (*X509Parameters) GetKeyUsage

func (x *X509Parameters) GetKeyUsage() *KeyUsage

func (*X509Parameters) GetPolicyIds

func (x *X509Parameters) GetPolicyIds() []*ObjectId

func (*X509Parameters) ProtoMessage

func (*X509Parameters) ProtoMessage()

func (*X509Parameters) ProtoReflect

func (x *X509Parameters) ProtoReflect() protoreflect.Message

func (*X509Parameters) Reset

func (x *X509Parameters) Reset()

func (*X509Parameters) String

func (x *X509Parameters) String() string

type X509Parameters_CaOptions

type X509Parameters_CaOptions struct {

	// Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
	// value is missing, the extension will be omitted from the CA certificate.
	IsCa *bool `protobuf:"varint,1,opt,name=is_ca,json=isCa,proto3,oneof" json:"is_ca,omitempty"`
	// Optional. Refers to the path length restriction X.509 extension. For a CA
	// certificate, this value describes the depth of subordinate CA
	// certificates that are allowed.
	// If this value is less than 0, the request will fail.
	// If this value is missing, the max path length will be omitted from the
	// CA certificate.
	MaxIssuerPathLength *int32 `` /* 129-byte string literal not displayed */
	// contains filtered or unexported fields
}

Describes values that are relevant in a CA certificate.

func (*X509Parameters_CaOptions) Descriptor deprecated

func (*X509Parameters_CaOptions) Descriptor() ([]byte, []int)

Deprecated: Use X509Parameters_CaOptions.ProtoReflect.Descriptor instead.

func (*X509Parameters_CaOptions) GetIsCa

func (x *X509Parameters_CaOptions) GetIsCa() bool

func (*X509Parameters_CaOptions) GetMaxIssuerPathLength

func (x *X509Parameters_CaOptions) GetMaxIssuerPathLength() int32

func (*X509Parameters_CaOptions) ProtoMessage

func (*X509Parameters_CaOptions) ProtoMessage()

func (*X509Parameters_CaOptions) ProtoReflect

func (x *X509Parameters_CaOptions) ProtoReflect() protoreflect.Message

func (*X509Parameters_CaOptions) Reset

func (x *X509Parameters_CaOptions) Reset()

func (*X509Parameters_CaOptions) String

func (x *X509Parameters_CaOptions) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL