Package cloud.google.com/go/security/privateca/apiv1/privatecapb (v1.9.0)

Stay organized with collections Save and categorize content based on your preferences.

Variables

RevocationReason_name, RevocationReason_value

var (
	RevocationReason_name = map[int32]string{
		0: "REVOCATION_REASON_UNSPECIFIED",
		1: "KEY_COMPROMISE",
		2: "CERTIFICATE_AUTHORITY_COMPROMISE",
		3: "AFFILIATION_CHANGED",
		4: "SUPERSEDED",
		5: "CESSATION_OF_OPERATION",
		6: "CERTIFICATE_HOLD",
		7: "PRIVILEGE_WITHDRAWN",
		8: "ATTRIBUTE_AUTHORITY_COMPROMISE",
	}
	RevocationReason_value = map[string]int32{
		"REVOCATION_REASON_UNSPECIFIED":    0,
		"KEY_COMPROMISE":                   1,
		"CERTIFICATE_AUTHORITY_COMPROMISE": 2,
		"AFFILIATION_CHANGED":              3,
		"SUPERSEDED":                       4,
		"CESSATION_OF_OPERATION":           5,
		"CERTIFICATE_HOLD":                 6,
		"PRIVILEGE_WITHDRAWN":              7,
		"ATTRIBUTE_AUTHORITY_COMPROMISE":   8,
	}
)

Enum value maps for RevocationReason.

SubjectRequestMode_name, SubjectRequestMode_value

var (
	SubjectRequestMode_name = map[int32]string{
		0: "SUBJECT_REQUEST_MODE_UNSPECIFIED",
		1: "DEFAULT",
		2: "REFLECTED_SPIFFE",
	}
	SubjectRequestMode_value = map[string]int32{
		"SUBJECT_REQUEST_MODE_UNSPECIFIED": 0,
		"DEFAULT":                          1,
		"REFLECTED_SPIFFE":                 2,
	}
)

Enum value maps for SubjectRequestMode.

CertificateAuthority_Type_name, CertificateAuthority_Type_value

var (
	CertificateAuthority_Type_name = map[int32]string{
		0: "TYPE_UNSPECIFIED",
		1: "SELF_SIGNED",
		2: "SUBORDINATE",
	}
	CertificateAuthority_Type_value = map[string]int32{
		"TYPE_UNSPECIFIED": 0,
		"SELF_SIGNED":      1,
		"SUBORDINATE":      2,
	}
)

Enum value maps for CertificateAuthority_Type.

CertificateAuthority_State_name, CertificateAuthority_State_value

var (
	CertificateAuthority_State_name = map[int32]string{
		0: "STATE_UNSPECIFIED",
		1: "ENABLED",
		2: "DISABLED",
		3: "STAGED",
		4: "AWAITING_USER_ACTIVATION",
		5: "DELETED",
	}
	CertificateAuthority_State_value = map[string]int32{
		"STATE_UNSPECIFIED":        0,
		"ENABLED":                  1,
		"DISABLED":                 2,
		"STAGED":                   3,
		"AWAITING_USER_ACTIVATION": 4,
		"DELETED":                  5,
	}
)

Enum value maps for CertificateAuthority_State.

CertificateAuthority_SignHashAlgorithm_name, CertificateAuthority_SignHashAlgorithm_value

var (
	CertificateAuthority_SignHashAlgorithm_name = map[int32]string{
		0: "SIGN_HASH_ALGORITHM_UNSPECIFIED",
		1: "RSA_PSS_2048_SHA256",
		2: "RSA_PSS_3072_SHA256",
		3: "RSA_PSS_4096_SHA256",
		6: "RSA_PKCS1_2048_SHA256",
		7: "RSA_PKCS1_3072_SHA256",
		8: "RSA_PKCS1_4096_SHA256",
		4: "EC_P256_SHA256",
		5: "EC_P384_SHA384",
	}
	CertificateAuthority_SignHashAlgorithm_value = map[string]int32{
		"SIGN_HASH_ALGORITHM_UNSPECIFIED": 0,
		"RSA_PSS_2048_SHA256":             1,
		"RSA_PSS_3072_SHA256":             2,
		"RSA_PSS_4096_SHA256":             3,
		"RSA_PKCS1_2048_SHA256":           6,
		"RSA_PKCS1_3072_SHA256":           7,
		"RSA_PKCS1_4096_SHA256":           8,
		"EC_P256_SHA256":                  4,
		"EC_P384_SHA384":                  5,
	}
)

Enum value maps for CertificateAuthority_SignHashAlgorithm.

CaPool_Tier_name, CaPool_Tier_value

var (
	CaPool_Tier_name = map[int32]string{
		0: "TIER_UNSPECIFIED",
		1: "ENTERPRISE",
		2: "DEVOPS",
	}
	CaPool_Tier_value = map[string]int32{
		"TIER_UNSPECIFIED": 0,
		"ENTERPRISE":       1,
		"DEVOPS":           2,
	}
)

Enum value maps for CaPool_Tier.

CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_name, CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_value

var (
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_name = map[int32]string{
		0: "EC_SIGNATURE_ALGORITHM_UNSPECIFIED",
		1: "ECDSA_P256",
		2: "ECDSA_P384",
		3: "EDDSA_25519",
	}
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm_value = map[string]int32{
		"EC_SIGNATURE_ALGORITHM_UNSPECIFIED": 0,
		"ECDSA_P256":                         1,
		"ECDSA_P384":                         2,
		"EDDSA_25519":                        3,
	}
)

Enum value maps for CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm.

CertificateRevocationList_State_name, CertificateRevocationList_State_value

var (
	CertificateRevocationList_State_name = map[int32]string{
		0: "STATE_UNSPECIFIED",
		1: "ACTIVE",
		2: "SUPERSEDED",
	}
	CertificateRevocationList_State_value = map[string]int32{
		"STATE_UNSPECIFIED": 0,
		"ACTIVE":            1,
		"SUPERSEDED":        2,
	}
)

Enum value maps for CertificateRevocationList_State.

PublicKey_KeyFormat_name, PublicKey_KeyFormat_value

var (
	PublicKey_KeyFormat_name = map[int32]string{
		0: "KEY_FORMAT_UNSPECIFIED",
		1: "PEM",
	}
	PublicKey_KeyFormat_value = map[string]int32{
		"KEY_FORMAT_UNSPECIFIED": 0,
		"PEM":                    1,
	}
)

Enum value maps for PublicKey_KeyFormat.

CertificateExtensionConstraints_KnownCertificateExtension_name, CertificateExtensionConstraints_KnownCertificateExtension_value

var (
	CertificateExtensionConstraints_KnownCertificateExtension_name = map[int32]string{
		0: "KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED",
		1: "BASE_KEY_USAGE",
		2: "EXTENDED_KEY_USAGE",
		3: "CA_OPTIONS",
		4: "POLICY_IDS",
		5: "AIA_OCSP_SERVERS",
	}
	CertificateExtensionConstraints_KnownCertificateExtension_value = map[string]int32{
		"KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED": 0,
		"BASE_KEY_USAGE":     1,
		"EXTENDED_KEY_USAGE": 2,
		"CA_OPTIONS":         3,
		"POLICY_IDS":         4,
		"AIA_OCSP_SERVERS":   5,
	}
)

Enum value maps for CertificateExtensionConstraints_KnownCertificateExtension.

File_google_cloud_security_privateca_v1_resources_proto

var File_google_cloud_security_privateca_v1_resources_proto protoreflect.FileDescriptor

File_google_cloud_security_privateca_v1_service_proto

var File_google_cloud_security_privateca_v1_service_proto protoreflect.FileDescriptor

Functions

func RegisterCertificateAuthorityServiceServer

func RegisterCertificateAuthorityServiceServer(s *grpc.Server, srv CertificateAuthorityServiceServer)

ActivateCertificateAuthorityRequest

type ActivateCertificateAuthorityRequest struct {

	// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
	// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The signed CA certificate issued from
	// [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
	PemCaCertificate string `protobuf:"bytes,2,opt,name=pem_ca_certificate,json=pemCaCertificate,proto3" json:"pem_ca_certificate,omitempty"`
	// Required. Must include information about the issuer of 'pem_ca_certificate', and any
	// further issuers until the self-signed CA.
	SubordinateConfig *SubordinateConfig `protobuf:"bytes,3,opt,name=subordinate_config,json=subordinateConfig,proto3" json:"subordinate_config,omitempty"`
	// Optional. An ID to identify requests. Specify a unique request ID so that if you must
	// retry your request, the server will know to ignore the request if it has
	// already been completed. The server will guarantee that for at least 60
	// minutes since the first request.
	//
	// For example, consider a situation where you make an initial request and t
	// he request times out. If you make the request again with the same request
	// ID, the server can check if original operation with the same request ID
	// was received, and if so, will ignore the second request. This prevents
	// clients from accidentally creating duplicate commitments.
	//
	// The request ID must be a valid UUID with the exception that zero UUID is
	// not supported (00000000-0000-0000-0000-000000000000).
	RequestId string `protobuf:"bytes,4,opt,name=request_id,json=requestId,proto3" json:"request_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].

func (*ActivateCertificateAuthorityRequest) Descriptor

func (*ActivateCertificateAuthorityRequest) Descriptor() ([]byte, []int)

Deprecated: Use ActivateCertificateAuthorityRequest.ProtoReflect.Descriptor instead.

func (*ActivateCertificateAuthorityRequest) GetName

func (*ActivateCertificateAuthorityRequest) GetPemCaCertificate

func (x *ActivateCertificateAuthorityRequest) GetPemCaCertificate() string

func (*ActivateCertificateAuthorityRequest) GetRequestId

func (x *ActivateCertificateAuthorityRequest) GetRequestId() string

func (*ActivateCertificateAuthorityRequest) GetSubordinateConfig

func (x *ActivateCertificateAuthorityRequest) GetSubordinateConfig() *SubordinateConfig

func (*ActivateCertificateAuthorityRequest) ProtoMessage

func (*ActivateCertificateAuthorityRequest) ProtoMessage()

func (*ActivateCertificateAuthorityRequest) ProtoReflect

func (*ActivateCertificateAuthorityRequest) Reset

func (*ActivateCertificateAuthorityRequest) String

CaPool

type CaPool struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Tier CaPool_Tier `protobuf:"varint,2,opt,name=tier,proto3,enum=google.cloud.security.privateca.v1.CaPool_Tier" json:"tier,omitempty"`

	IssuancePolicy *CaPool_IssuancePolicy `protobuf:"bytes,3,opt,name=issuance_policy,json=issuancePolicy,proto3" json:"issuance_policy,omitempty"`

	PublishingOptions *CaPool_PublishingOptions `protobuf:"bytes,4,opt,name=publishing_options,json=publishingOptions,proto3" json:"publishing_options,omitempty"`

	Labels map[string]string "" /* 153 byte string literal not displayed */

}

A [CaPool][google.cloud.security.privateca.v1.CaPool] represents a group of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] that form a trust anchor. A [CaPool][google.cloud.security.privateca.v1.CaPool] can be used to manage issuance policies for one or more [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resources and to rotate CA certificates in and out of the trust anchor.

func (*CaPool) Descriptor

func (*CaPool) Descriptor() ([]byte, []int)

Deprecated: Use CaPool.ProtoReflect.Descriptor instead.

func (*CaPool) GetIssuancePolicy

func (x *CaPool) GetIssuancePolicy() *CaPool_IssuancePolicy

func (*CaPool) GetLabels

func (x *CaPool) GetLabels() map[string]string

func (*CaPool) GetName

func (x *CaPool) GetName() string

func (*CaPool) GetPublishingOptions

func (x *CaPool) GetPublishingOptions() *CaPool_PublishingOptions

func (*CaPool) GetTier

func (x *CaPool) GetTier() CaPool_Tier

func (*CaPool) ProtoMessage

func (*CaPool) ProtoMessage()

func (*CaPool) ProtoReflect

func (x *CaPool) ProtoReflect() protoreflect.Message

func (*CaPool) Reset

func (x *CaPool) Reset()

func (*CaPool) String

func (x *CaPool) String() string

CaPool_IssuancePolicy

type CaPool_IssuancePolicy struct {

	// Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
	// public key must match one of the key types listed here. Otherwise,
	// any key may be used.
	AllowedKeyTypes []*CaPool_IssuancePolicy_AllowedKeyType `protobuf:"bytes,1,rep,name=allowed_key_types,json=allowedKeyTypes,proto3" json:"allowed_key_types,omitempty"`
	// Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
	// that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
	// [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
	// be explicitly truncated to match it.
	MaximumLifetime *duration.Duration `protobuf:"bytes,2,opt,name=maximum_lifetime,json=maximumLifetime,proto3" json:"maximum_lifetime,omitempty"`
	// Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
	// used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
	AllowedIssuanceModes *CaPool_IssuancePolicy_IssuanceModes `protobuf:"bytes,3,opt,name=allowed_issuance_modes,json=allowedIssuanceModes,proto3" json:"allowed_issuance_modes,omitempty"`
	// Optional. A set of X.509 values that will be applied to all certificates issued
	// through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
	// values for the same properties, they will be overwritten by the values
	// defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
	// that defines conflicting
	// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
	// properties, the certificate issuance request will fail.
	BaselineValues *X509Parameters `protobuf:"bytes,4,opt,name=baseline_values,json=baselineValues,proto3" json:"baseline_values,omitempty"`
	// Optional. Describes constraints on identities that may appear in
	// [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
	// If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
	// certificate's identity.
	IdentityConstraints *CertificateIdentityConstraints `protobuf:"bytes,5,opt,name=identity_constraints,json=identityConstraints,proto3" json:"identity_constraints,omitempty"`
	// Optional. Describes the set of X.509 extensions that may appear in a
	// [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
	// sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
	// those extensions will be dropped. If a certificate request uses a
	// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
	// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
	// appear here, the certificate issuance request will fail. If this is
	// omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
	// certificate's X.509 extensions. These constraints do not apply to X.509
	// extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
	PassthroughExtensions *CertificateExtensionConstraints `protobuf:"bytes,6,opt,name=passthrough_extensions,json=passthroughExtensions,proto3" json:"passthrough_extensions,omitempty"`
	// contains filtered or unexported fields
}

Defines controls over all certificate issuance within a [CaPool][google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy) Descriptor

func (*CaPool_IssuancePolicy) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy) GetAllowedIssuanceModes

func (x *CaPool_IssuancePolicy) GetAllowedIssuanceModes() *CaPool_IssuancePolicy_IssuanceModes

func (*CaPool_IssuancePolicy) GetAllowedKeyTypes

func (*CaPool_IssuancePolicy) GetBaselineValues

func (x *CaPool_IssuancePolicy) GetBaselineValues() *X509Parameters

func (*CaPool_IssuancePolicy) GetIdentityConstraints

func (x *CaPool_IssuancePolicy) GetIdentityConstraints() *CertificateIdentityConstraints

func (*CaPool_IssuancePolicy) GetMaximumLifetime

func (x *CaPool_IssuancePolicy) GetMaximumLifetime() *duration.Duration

func (*CaPool_IssuancePolicy) GetPassthroughExtensions

func (x *CaPool_IssuancePolicy) GetPassthroughExtensions() *CertificateExtensionConstraints

func (*CaPool_IssuancePolicy) ProtoMessage

func (*CaPool_IssuancePolicy) ProtoMessage()

func (*CaPool_IssuancePolicy) ProtoReflect

func (x *CaPool_IssuancePolicy) ProtoReflect() protoreflect.Message

func (*CaPool_IssuancePolicy) Reset

func (x *CaPool_IssuancePolicy) Reset()

func (*CaPool_IssuancePolicy) String

func (x *CaPool_IssuancePolicy) String() string

CaPool_IssuancePolicy_AllowedKeyType

type CaPool_IssuancePolicy_AllowedKeyType struct {

	// Types that are assignable to KeyType:
	//
	//	*CaPool_IssuancePolicy_AllowedKeyType_Rsa
	//	*CaPool_IssuancePolicy_AllowedKeyType_EllipticCurve
	KeyType isCaPool_IssuancePolicy_AllowedKeyType_KeyType `protobuf_oneof:"key_type"`
	// contains filtered or unexported fields
}

Describes a "type" of key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool]. Note that a single [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] may refer to either a fully-qualified key algorithm, such as RSA 4096, or a family of key algorithms, such as any RSA key.

func (*CaPool_IssuancePolicy_AllowedKeyType) Descriptor

func (*CaPool_IssuancePolicy_AllowedKeyType) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_AllowedKeyType) GetEllipticCurve

func (*CaPool_IssuancePolicy_AllowedKeyType) GetKeyType

func (m *CaPool_IssuancePolicy_AllowedKeyType) GetKeyType() isCaPool_IssuancePolicy_AllowedKeyType_KeyType

func (*CaPool_IssuancePolicy_AllowedKeyType) GetRsa

func (*CaPool_IssuancePolicy_AllowedKeyType) ProtoMessage

func (*CaPool_IssuancePolicy_AllowedKeyType) ProtoMessage()

func (*CaPool_IssuancePolicy_AllowedKeyType) ProtoReflect

func (*CaPool_IssuancePolicy_AllowedKeyType) Reset

func (*CaPool_IssuancePolicy_AllowedKeyType) String

CaPool_IssuancePolicy_AllowedKeyType_EcKeyType

type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType struct {
	SignatureAlgorithm CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm "" /* 224 byte string literal not displayed */

}

Describes an Elliptic Curve key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Descriptor

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_EcKeyType.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) GetSignatureAlgorithm

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoMessage

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) ProtoReflect

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) Reset

func (*CaPool_IssuancePolicy_AllowedKeyType_EcKeyType) String

CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm

type CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm int32

Describes an elliptic curve-based signature algorithm that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].

CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EC_SIGNATURE_ALGORITHM_UNSPECIFIED, CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P256, CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P384, CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EDDSA_25519

const (
	// Not specified. Signifies that any signature algorithm may be used.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EC_SIGNATURE_ALGORITHM_UNSPECIFIED CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 0
	// Refers to the Elliptic Curve Digital Signature Algorithm over the
	// NIST P-256 curve.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P256 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 1
	// Refers to the Elliptic Curve Digital Signature Algorithm over the
	// NIST P-384 curve.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_ECDSA_P384 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 2
	// Refers to the Edwards-curve Digital Signature Algorithm over curve
	// 25519, as described in RFC 8410.
	CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EDDSA_25519 CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm = 3
)

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Descriptor

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Enum

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) EnumDescriptor

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm.Descriptor instead.

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Number

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) String

func (CaPool_IssuancePolicy_AllowedKeyType_EcKeyType_EcSignatureAlgorithm) Type

CaPool_IssuancePolicy_AllowedKeyType_EllipticCurve

type CaPool_IssuancePolicy_AllowedKeyType_EllipticCurve struct {
	// Represents an allowed Elliptic Curve key type.
	EllipticCurve *CaPool_IssuancePolicy_AllowedKeyType_EcKeyType `protobuf:"bytes,2,opt,name=elliptic_curve,json=ellipticCurve,proto3,oneof"`
}

CaPool_IssuancePolicy_AllowedKeyType_Rsa

type CaPool_IssuancePolicy_AllowedKeyType_Rsa struct {
	// Represents an allowed RSA key type.
	Rsa *CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType `protobuf:"bytes,1,opt,name=rsa,proto3,oneof"`
}

CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType

type CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType struct {

	// Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
	// not set, or if set to zero, the service-level min RSA modulus size
	// will continue to apply.
	MinModulusSize int64 `protobuf:"varint,1,opt,name=min_modulus_size,json=minModulusSize,proto3" json:"min_modulus_size,omitempty"`
	// Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
	// not set, or if set to zero, the service will not enforce an explicit
	// upper bound on RSA modulus sizes.
	MaxModulusSize int64 `protobuf:"varint,2,opt,name=max_modulus_size,json=maxModulusSize,proto3" json:"max_modulus_size,omitempty"`
	// contains filtered or unexported fields
}

Describes an RSA key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Descriptor

Deprecated: Use CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMaxModulusSize

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) GetMinModulusSize

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoMessage

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) ProtoReflect

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) Reset

func (*CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType) String

CaPool_IssuancePolicy_IssuanceModes

type CaPool_IssuancePolicy_IssuanceModes struct {
	AllowCsrBasedIssuance bool "" /* 129 byte string literal not displayed */

	AllowConfigBasedIssuance bool "" /* 138 byte string literal not displayed */

}

[IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] specifies the allowed ways in which [Certificates][google.cloud.security.privateca.v1.Certificate] may be requested from this [CaPool][google.cloud.security.privateca.v1.CaPool].

func (*CaPool_IssuancePolicy_IssuanceModes) Descriptor

func (*CaPool_IssuancePolicy_IssuanceModes) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_IssuancePolicy_IssuanceModes.ProtoReflect.Descriptor instead.

func (*CaPool_IssuancePolicy_IssuanceModes) GetAllowConfigBasedIssuance

func (x *CaPool_IssuancePolicy_IssuanceModes) GetAllowConfigBasedIssuance() bool

func (*CaPool_IssuancePolicy_IssuanceModes) GetAllowCsrBasedIssuance

func (x *CaPool_IssuancePolicy_IssuanceModes) GetAllowCsrBasedIssuance() bool

func (*CaPool_IssuancePolicy_IssuanceModes) ProtoMessage

func (*CaPool_IssuancePolicy_IssuanceModes) ProtoMessage()

func (*CaPool_IssuancePolicy_IssuanceModes) ProtoReflect

func (*CaPool_IssuancePolicy_IssuanceModes) Reset

func (*CaPool_IssuancePolicy_IssuanceModes) String

CaPool_PublishingOptions

type CaPool_PublishingOptions struct {

	// Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
	// includes its URL in the "Authority Information Access" X.509 extension
	// in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
	// certificate will not be published and the corresponding X.509 extension
	// will not be written in issued certificates.
	PublishCaCert bool `protobuf:"varint,1,opt,name=publish_ca_cert,json=publishCaCert,proto3" json:"publish_ca_cert,omitempty"`
	// Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
	// URL in the "CRL Distribution Points" X.509 extension in all issued
	// [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
	// and the corresponding X.509 extension will not be written in issued
	// certificates.
	// CRLs will expire 7 days from their creation. However, we will rebuild
	// daily. CRLs are also rebuilt shortly after a certificate is revoked.
	PublishCrl bool `protobuf:"varint,2,opt,name=publish_crl,json=publishCrl,proto3" json:"publish_crl,omitempty"`
	// contains filtered or unexported fields
}

Options relating to the publication of each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and CRLs and their inclusion as extensions in issued [Certificates][google.cloud.security.privateca.v1.Certificate]. The options set here apply to certificates issued by any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the [CaPool][google.cloud.security.privateca.v1.CaPool].

func (*CaPool_PublishingOptions) Descriptor

func (*CaPool_PublishingOptions) Descriptor() ([]byte, []int)

Deprecated: Use CaPool_PublishingOptions.ProtoReflect.Descriptor instead.

func (*CaPool_PublishingOptions) GetPublishCaCert

func (x *CaPool_PublishingOptions) GetPublishCaCert() bool

func (*CaPool_PublishingOptions) GetPublishCrl

func (x *CaPool_PublishingOptions) GetPublishCrl() bool

func (*CaPool_PublishingOptions) ProtoMessage

func (*CaPool_PublishingOptions) ProtoMessage()

func (*CaPool_PublishingOptions) ProtoReflect

func (x *CaPool_PublishingOptions) ProtoReflect() protoreflect.Message

func (*CaPool_PublishingOptions) Reset

func (x *CaPool_PublishingOptions) Reset()

func (*CaPool_PublishingOptions) String

func (x *CaPool_PublishingOptions) String() string

CaPool_Tier

type CaPool_Tier int32

The tier of a [CaPool][google.cloud.security.privateca.v1.CaPool], indicating its supported functionality and/or billing SKU.

CaPool_TIER_UNSPECIFIED, CaPool_ENTERPRISE, CaPool_DEVOPS

const (
	// Not specified.
	CaPool_TIER_UNSPECIFIED CaPool_Tier = 0
	// Enterprise tier.
	CaPool_ENTERPRISE CaPool_Tier = 1
	// DevOps tier.
	CaPool_DEVOPS CaPool_Tier = 2
)

func (CaPool_Tier) Descriptor

func (CaPool_Tier) Enum

func (x CaPool_Tier) Enum() *CaPool_Tier

func (CaPool_Tier) EnumDescriptor

func (CaPool_Tier) EnumDescriptor() ([]byte, []int)

Deprecated: Use CaPool_Tier.Descriptor instead.

func (CaPool_Tier) Number

func (x CaPool_Tier) Number() protoreflect.EnumNumber

func (CaPool_Tier) String

func (x CaPool_Tier) String() string

func (CaPool_Tier) Type

Certificate

type Certificate struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	CertificateConfig isCertificate_CertificateConfig `protobuf_oneof:"certificate_config"`

	IssuerCertificateAuthority string "" /* 141 byte string literal not displayed */

	Lifetime *duration.Duration `protobuf:"bytes,5,opt,name=lifetime,proto3" json:"lifetime,omitempty"`

	CertificateTemplate string `protobuf:"bytes,6,opt,name=certificate_template,json=certificateTemplate,proto3" json:"certificate_template,omitempty"`

	SubjectMode SubjectRequestMode "" /* 154 byte string literal not displayed */

	RevocationDetails *Certificate_RevocationDetails `protobuf:"bytes,8,opt,name=revocation_details,json=revocationDetails,proto3" json:"revocation_details,omitempty"`

	PemCertificate string `protobuf:"bytes,9,opt,name=pem_certificate,json=pemCertificate,proto3" json:"pem_certificate,omitempty"`

	CertificateDescription *CertificateDescription "" /* 128 byte string literal not displayed */

	PemCertificateChain []string `protobuf:"bytes,11,rep,name=pem_certificate_chain,json=pemCertificateChain,proto3" json:"pem_certificate_chain,omitempty"`

	CreateTime *timestamp.Timestamp `protobuf:"bytes,12,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`

	UpdateTime *timestamp.Timestamp `protobuf:"bytes,13,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`

	Labels map[string]string "" /* 154 byte string literal not displayed */

}

A [Certificate][google.cloud.security.privateca.v1.Certificate] corresponds to a signed X.509 certificate issued by a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].

func (*Certificate) Descriptor

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetCertificateConfig

func (m *Certificate) GetCertificateConfig() isCertificate_CertificateConfig

func (*Certificate) GetCertificateDescription

func (x *Certificate) GetCertificateDescription() *CertificateDescription

func (*Certificate) GetCertificateTemplate

func (x *Certificate) GetCertificateTemplate() string

func (*Certificate) GetConfig

func (x *Certificate) GetConfig() *CertificateConfig

func (*Certificate) GetCreateTime

func (x *Certificate) GetCreateTime() *timestamp.Timestamp

func (*Certificate) GetIssuerCertificateAuthority

func (x *Certificate) GetIssuerCertificateAuthority() string

func (*Certificate) GetLabels

func (x *Certificate) GetLabels() map[string]string

func (*Certificate) GetLifetime

func (x *Certificate) GetLifetime() *duration.Duration

func (*Certificate) GetName

func (x *Certificate) GetName() string

func (*Certificate) GetPemCertificate

func (x *Certificate) GetPemCertificate() string

func (*Certificate) GetPemCertificateChain

func (x *Certificate) GetPemCertificateChain() []string

func (*Certificate) GetPemCsr

func (x *Certificate) GetPemCsr() string

func (*Certificate) GetRevocationDetails

func (x *Certificate) GetRevocationDetails() *Certificate_RevocationDetails

func (*Certificate) GetSubjectMode

func (x *Certificate) GetSubjectMode() SubjectRequestMode

func (*Certificate) GetUpdateTime

func (x *Certificate) GetUpdateTime() *timestamp.Timestamp

func (*Certificate) ProtoMessage

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset

func (x *Certificate) Reset()

func (*Certificate) String

func (x *Certificate) String() string

CertificateAuthority

type CertificateAuthority struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Type CertificateAuthority_Type "" /* 128 byte string literal not displayed */

	Config *CertificateConfig `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`

	Lifetime *duration.Duration `protobuf:"bytes,4,opt,name=lifetime,proto3" json:"lifetime,omitempty"`

	KeySpec *CertificateAuthority_KeyVersionSpec `protobuf:"bytes,5,opt,name=key_spec,json=keySpec,proto3" json:"key_spec,omitempty"`

	SubordinateConfig *SubordinateConfig `protobuf:"bytes,6,opt,name=subordinate_config,json=subordinateConfig,proto3" json:"subordinate_config,omitempty"`

	Tier CaPool_Tier `protobuf:"varint,7,opt,name=tier,proto3,enum=google.cloud.security.privateca.v1.CaPool_Tier" json:"tier,omitempty"`

	State CertificateAuthority_State "" /* 131 byte string literal not displayed */

	PemCaCertificates []string `protobuf:"bytes,9,rep,name=pem_ca_certificates,json=pemCaCertificates,proto3" json:"pem_ca_certificates,omitempty"`

	CaCertificateDescriptions []*CertificateDescription "" /* 139 byte string literal not displayed */

	GcsBucket string `protobuf:"bytes,11,opt,name=gcs_bucket,json=gcsBucket,proto3" json:"gcs_bucket,omitempty"`

	AccessUrls *CertificateAuthority_AccessUrls `protobuf:"bytes,12,opt,name=access_urls,json=accessUrls,proto3" json:"access_urls,omitempty"`

	CreateTime *timestamp.Timestamp `protobuf:"bytes,13,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`

	UpdateTime *timestamp.Timestamp `protobuf:"bytes,14,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`

	DeleteTime *timestamp.Timestamp `protobuf:"bytes,15,opt,name=delete_time,json=deleteTime,proto3" json:"delete_time,omitempty"`

	ExpireTime *timestamp.Timestamp `protobuf:"bytes,16,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`

	Labels map[string]string "" /* 154 byte string literal not displayed */

}

A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] represents an individual Certificate Authority. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] can be used to create [Certificates][google.cloud.security.privateca.v1.Certificate].

func (*CertificateAuthority) Descriptor

func (*CertificateAuthority) Descriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority.ProtoReflect.Descriptor instead.

func (*CertificateAuthority) GetAccessUrls

func (*CertificateAuthority) GetCaCertificateDescriptions

func (x *CertificateAuthority) GetCaCertificateDescriptions() []*CertificateDescription

func (*CertificateAuthority) GetConfig

func (x *CertificateAuthority) GetConfig() *CertificateConfig

func (*CertificateAuthority) GetCreateTime

func (x *CertificateAuthority) GetCreateTime() *timestamp.Timestamp

func (*CertificateAuthority) GetDeleteTime

func (x *CertificateAuthority) GetDeleteTime() *timestamp.Timestamp

func (*CertificateAuthority) GetExpireTime

func (x *CertificateAuthority) GetExpireTime() *timestamp.Timestamp

func (*CertificateAuthority) GetGcsBucket

func (x *CertificateAuthority) GetGcsBucket() string

func (*CertificateAuthority) GetKeySpec

func (*CertificateAuthority) GetLabels

func (x *CertificateAuthority) GetLabels() map[string]string

func (*CertificateAuthority) GetLifetime

func (x *CertificateAuthority) GetLifetime() *duration.Duration

func (*CertificateAuthority) GetName

func (x *CertificateAuthority) GetName() string

func (*CertificateAuthority) GetPemCaCertificates

func (x *CertificateAuthority) GetPemCaCertificates() []string

func (*CertificateAuthority) GetState

func (*CertificateAuthority) GetSubordinateConfig

func (x *CertificateAuthority) GetSubordinateConfig() *SubordinateConfig

func (*CertificateAuthority) GetTier

func (x *CertificateAuthority) GetTier() CaPool_Tier

func (*CertificateAuthority) GetType

func (*CertificateAuthority) GetUpdateTime

func (x *CertificateAuthority) GetUpdateTime() *timestamp.Timestamp

func (*CertificateAuthority) ProtoMessage

func (*CertificateAuthority) ProtoMessage()

func (*CertificateAuthority) ProtoReflect

func (x *CertificateAuthority) ProtoReflect() protoreflect.Message

func (*CertificateAuthority) Reset

func (x *CertificateAuthority) Reset()

func (*CertificateAuthority) String

func (x *CertificateAuthority) String() string

CertificateAuthorityServiceClient

type CertificateAuthorityServiceClient interface {
	// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCertificate(ctx context.Context, in *CreateCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
	GetCertificate(ctx context.Context, in *GetCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
	ListCertificates(ctx context.Context, in *ListCertificatesRequest, opts ...grpc.CallOption) (*ListCertificatesResponse, error)
	// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
	RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
	// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
	UpdateCertificate(ctx context.Context, in *UpdateCertificateRequest, opts ...grpc.CallOption) (*Certificate, error)
	// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
	// the parent Certificate Authority signs a certificate signing request from
	// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
	// process.
	ActivateCertificateAuthority(ctx context.Context, in *ActivateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
	CreateCertificateAuthority(ctx context.Context, in *CreateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DisableCertificateAuthority(ctx context.Context, in *DisableCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	EnableCertificateAuthority(ctx context.Context, in *EnableCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
	// CSR must then be signed by the desired parent Certificate Authority, which
	// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
	// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
	FetchCertificateAuthorityCsr(ctx context.Context, in *FetchCertificateAuthorityCsrRequest, opts ...grpc.CallOption) (*FetchCertificateAuthorityCsrResponse, error)
	// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	GetCertificateAuthority(ctx context.Context, in *GetCertificateAuthorityRequest, opts ...grpc.CallOption) (*CertificateAuthority, error)
	// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
	ListCertificateAuthorities(ctx context.Context, in *ListCertificateAuthoritiesRequest, opts ...grpc.CallOption) (*ListCertificateAuthoritiesResponse, error)
	// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
	UndeleteCertificateAuthority(ctx context.Context, in *UndeleteCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DeleteCertificateAuthority(ctx context.Context, in *DeleteCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	UpdateCertificateAuthority(ctx context.Context, in *UpdateCertificateAuthorityRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCaPool(ctx context.Context, in *CreateCaPoolRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
	UpdateCaPool(ctx context.Context, in *UpdateCaPoolRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
	GetCaPool(ctx context.Context, in *GetCaPoolRequest, opts ...grpc.CallOption) (*CaPool, error)
	// Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
	ListCaPools(ctx context.Context, in *ListCaPoolsRequest, opts ...grpc.CallOption) (*ListCaPoolsResponse, error)
	// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
	DeleteCaPool(ctx context.Context, in *DeleteCaPoolRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
	// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
	FetchCaCerts(ctx context.Context, in *FetchCaCertsRequest, opts ...grpc.CallOption) (*FetchCaCertsResponse, error)
	// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	GetCertificateRevocationList(ctx context.Context, in *GetCertificateRevocationListRequest, opts ...grpc.CallOption) (*CertificateRevocationList, error)
	// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
	ListCertificateRevocationLists(ctx context.Context, in *ListCertificateRevocationListsRequest, opts ...grpc.CallOption) (*ListCertificateRevocationListsResponse, error)
	// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	UpdateCertificateRevocationList(ctx context.Context, in *UpdateCertificateRevocationListRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
	CreateCertificateTemplate(ctx context.Context, in *CreateCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	DeleteCertificateTemplate(ctx context.Context, in *DeleteCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
	// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	GetCertificateTemplate(ctx context.Context, in *GetCertificateTemplateRequest, opts ...grpc.CallOption) (*CertificateTemplate, error)
	// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
	ListCertificateTemplates(ctx context.Context, in *ListCertificateTemplatesRequest, opts ...grpc.CallOption) (*ListCertificateTemplatesResponse, error)
	// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	UpdateCertificateTemplate(ctx context.Context, in *UpdateCertificateTemplateRequest, opts ...grpc.CallOption) (*longrunning.Operation, error)
}

CertificateAuthorityServiceClient is the client API for CertificateAuthorityService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewCertificateAuthorityServiceClient

func NewCertificateAuthorityServiceClient(cc grpc.ClientConnInterface) CertificateAuthorityServiceClient

CertificateAuthorityServiceServer

type CertificateAuthorityServiceServer interface {
	// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
	// [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCertificate(context.Context, *CreateCertificateRequest) (*Certificate, error)
	// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
	GetCertificate(context.Context, *GetCertificateRequest) (*Certificate, error)
	// Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
	ListCertificates(context.Context, *ListCertificatesRequest) (*ListCertificatesResponse, error)
	// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
	RevokeCertificate(context.Context, *RevokeCertificateRequest) (*Certificate, error)
	// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
	// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
	UpdateCertificate(context.Context, *UpdateCertificateRequest) (*Certificate, error)
	// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
	// the parent Certificate Authority signs a certificate signing request from
	// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
	// process.
	ActivateCertificateAuthority(context.Context, *ActivateCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
	CreateCertificateAuthority(context.Context, *CreateCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DisableCertificateAuthority(context.Context, *DisableCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	EnableCertificateAuthority(context.Context, *EnableCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// that is in state
	// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
	// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
	// CSR must then be signed by the desired parent Certificate Authority, which
	// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
	// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
	FetchCertificateAuthorityCsr(context.Context, *FetchCertificateAuthorityCsrRequest) (*FetchCertificateAuthorityCsrResponse, error)
	// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	GetCertificateAuthority(context.Context, *GetCertificateAuthorityRequest) (*CertificateAuthority, error)
	// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
	ListCertificateAuthorities(context.Context, *ListCertificateAuthoritiesRequest) (*ListCertificateAuthoritiesResponse, error)
	// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
	UndeleteCertificateAuthority(context.Context, *UndeleteCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	DeleteCertificateAuthority(context.Context, *DeleteCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
	UpdateCertificateAuthority(context.Context, *UpdateCertificateAuthorityRequest) (*longrunning.Operation, error)
	// Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
	CreateCaPool(context.Context, *CreateCaPoolRequest) (*longrunning.Operation, error)
	// Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
	UpdateCaPool(context.Context, *UpdateCaPoolRequest) (*longrunning.Operation, error)
	// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
	GetCaPool(context.Context, *GetCaPoolRequest) (*CaPool, error)
	// Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
	ListCaPools(context.Context, *ListCaPoolsRequest) (*ListCaPoolsResponse, error)
	// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
	DeleteCaPool(context.Context, *DeleteCaPoolRequest) (*longrunning.Operation, error)
	// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
	// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
	FetchCaCerts(context.Context, *FetchCaCertsRequest) (*FetchCaCertsResponse, error)
	// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	GetCertificateRevocationList(context.Context, *GetCertificateRevocationListRequest) (*CertificateRevocationList, error)
	// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
	ListCertificateRevocationLists(context.Context, *ListCertificateRevocationListsRequest) (*ListCertificateRevocationListsResponse, error)
	// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
	UpdateCertificateRevocationList(context.Context, *UpdateCertificateRevocationListRequest) (*longrunning.Operation, error)
	// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
	CreateCertificateTemplate(context.Context, *CreateCertificateTemplateRequest) (*longrunning.Operation, error)
	// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	DeleteCertificateTemplate(context.Context, *DeleteCertificateTemplateRequest) (*longrunning.Operation, error)
	// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	GetCertificateTemplate(context.Context, *GetCertificateTemplateRequest) (*CertificateTemplate, error)
	// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
	ListCertificateTemplates(context.Context, *ListCertificateTemplatesRequest) (*ListCertificateTemplatesResponse, error)
	// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
	UpdateCertificateTemplate(context.Context, *UpdateCertificateTemplateRequest) (*longrunning.Operation, error)
}

CertificateAuthorityServiceServer is the server API for CertificateAuthorityService service.

CertificateAuthority_AccessUrls

type CertificateAuthority_AccessUrls struct {
	CaCertificateAccessUrl string "" /* 131 byte string literal not displayed */

	CrlAccessUrls []string `protobuf:"bytes,2,rep,name=crl_access_urls,json=crlAccessUrls,proto3" json:"crl_access_urls,omitempty"`

}

URLs where a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will publish content.

func (*CertificateAuthority_AccessUrls) Descriptor

func (*CertificateAuthority_AccessUrls) Descriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_AccessUrls.ProtoReflect.Descriptor instead.

func (*CertificateAuthority_AccessUrls) GetCaCertificateAccessUrl

func (x *CertificateAuthority_AccessUrls) GetCaCertificateAccessUrl() string

func (*CertificateAuthority_AccessUrls) GetCrlAccessUrls

func (x *CertificateAuthority_AccessUrls) GetCrlAccessUrls() []string

func (*CertificateAuthority_AccessUrls) ProtoMessage

func (*CertificateAuthority_AccessUrls) ProtoMessage()

func (*CertificateAuthority_AccessUrls) ProtoReflect

func (*CertificateAuthority_AccessUrls) Reset

func (*CertificateAuthority_AccessUrls) String

CertificateAuthority_KeyVersionSpec

type CertificateAuthority_KeyVersionSpec struct {

	// Types that are assignable to KeyVersion:
	//
	//	*CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion
	//	*CertificateAuthority_KeyVersionSpec_Algorithm
	KeyVersion isCertificateAuthority_KeyVersionSpec_KeyVersion `protobuf_oneof:"KeyVersion"`
	// contains filtered or unexported fields
}

A Cloud KMS key configuration that a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will use.

func (*CertificateAuthority_KeyVersionSpec) Descriptor

func (*CertificateAuthority_KeyVersionSpec) Descriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_KeyVersionSpec.ProtoReflect.Descriptor instead.

func (*CertificateAuthority_KeyVersionSpec) GetAlgorithm

func (*CertificateAuthority_KeyVersionSpec) GetCloudKmsKeyVersion

func (x *CertificateAuthority_KeyVersionSpec) GetCloudKmsKeyVersion() string

func (*CertificateAuthority_KeyVersionSpec) GetKeyVersion

func (m *CertificateAuthority_KeyVersionSpec) GetKeyVersion() isCertificateAuthority_KeyVersionSpec_KeyVersion

func (*CertificateAuthority_KeyVersionSpec) ProtoMessage

func (*CertificateAuthority_KeyVersionSpec) ProtoMessage()

func (*CertificateAuthority_KeyVersionSpec) ProtoReflect

func (*CertificateAuthority_KeyVersionSpec) Reset

func (*CertificateAuthority_KeyVersionSpec) String

CertificateAuthority_KeyVersionSpec_Algorithm

type CertificateAuthority_KeyVersionSpec_Algorithm struct {
	Algorithm CertificateAuthority_SignHashAlgorithm "" /* 130 byte string literal not displayed */
}

CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion

type CertificateAuthority_KeyVersionSpec_CloudKmsKeyVersion struct {
	// The resource name for an existing Cloud KMS CryptoKeyVersion in the
	// format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
	// This option enables full flexibility in the key's capabilities and
	// properties.
	CloudKmsKeyVersion string `protobuf:"bytes,1,opt,name=cloud_kms_key_version,json=cloudKmsKeyVersion,proto3,oneof"`
}

CertificateAuthority_SignHashAlgorithm

type CertificateAuthority_SignHashAlgorithm int32

The algorithm of a Cloud KMS CryptoKeyVersion of a [CryptoKey][google.cloud.kms.v1.CryptoKey] with the [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value ASYMMETRIC_SIGN. These values correspond to the [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] values. For RSA signing algorithms, the PSS algorithms should be preferred, use PKCS1 algorithms if required for compatibility. For further recommendations, see https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.

CertificateAuthority_SIGN_HASH_ALGORITHM_UNSPECIFIED, CertificateAuthority_RSA_PSS_2048_SHA256, CertificateAuthority_RSA_PSS_3072_SHA256, CertificateAuthority_RSA_PSS_4096_SHA256, CertificateAuthority_RSA_PKCS1_2048_SHA256, CertificateAuthority_RSA_PKCS1_3072_SHA256, CertificateAuthority_RSA_PKCS1_4096_SHA256, CertificateAuthority_EC_P256_SHA256, CertificateAuthority_EC_P384_SHA384

const (
	// Not specified.
	CertificateAuthority_SIGN_HASH_ALGORITHM_UNSPECIFIED CertificateAuthority_SignHashAlgorithm = 0
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
	CertificateAuthority_RSA_PSS_2048_SHA256 CertificateAuthority_SignHashAlgorithm = 1
	// maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
	CertificateAuthority_RSA_PSS_3072_SHA256 CertificateAuthority_SignHashAlgorithm = 2
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
	CertificateAuthority_RSA_PSS_4096_SHA256 CertificateAuthority_SignHashAlgorithm = 3
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
	CertificateAuthority_RSA_PKCS1_2048_SHA256 CertificateAuthority_SignHashAlgorithm = 6
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
	CertificateAuthority_RSA_PKCS1_3072_SHA256 CertificateAuthority_SignHashAlgorithm = 7
	// maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
	CertificateAuthority_RSA_PKCS1_4096_SHA256 CertificateAuthority_SignHashAlgorithm = 8
	// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
	CertificateAuthority_EC_P256_SHA256 CertificateAuthority_SignHashAlgorithm = 4
	// maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
	CertificateAuthority_EC_P384_SHA384 CertificateAuthority_SignHashAlgorithm = 5
)

func (CertificateAuthority_SignHashAlgorithm) Descriptor

func (CertificateAuthority_SignHashAlgorithm) Enum

func (CertificateAuthority_SignHashAlgorithm) EnumDescriptor

func (CertificateAuthority_SignHashAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_SignHashAlgorithm.Descriptor instead.

func (CertificateAuthority_SignHashAlgorithm) Number

func (CertificateAuthority_SignHashAlgorithm) String

func (CertificateAuthority_SignHashAlgorithm) Type

CertificateAuthority_State

type CertificateAuthority_State int32

The state of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating if it can be used.

CertificateAuthority_STATE_UNSPECIFIED, CertificateAuthority_ENABLED, CertificateAuthority_DISABLED, CertificateAuthority_STAGED, CertificateAuthority_AWAITING_USER_ACTIVATION, CertificateAuthority_DELETED

const (
	// Not specified.
	CertificateAuthority_STATE_UNSPECIFIED CertificateAuthority_State = 0
	// Certificates can be issued from this CA. CRLs will be generated for this
	// CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will be
	// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_ENABLED CertificateAuthority_State = 1
	// Certificates cannot be issued from this CA. CRLs will still be generated.
	// The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not be
	// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_DISABLED CertificateAuthority_State = 2
	// Certificates can be issued from this CA. CRLs will be generated for this
	// CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not
	// be used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_STAGED CertificateAuthority_State = 3
	// Certificates cannot be issued from this CA. CRLs will not be generated.
	// The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
	// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_AWAITING_USER_ACTIVATION CertificateAuthority_State = 4
	// Certificates cannot be issued from this CA. CRLs will not be generated.
	// The CA may still be recovered by calling
	// [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority] before
	// [expire_time][google.cloud.security.privateca.v1.CertificateAuthority.expire_time].
	// The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
	// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
	CertificateAuthority_DELETED CertificateAuthority_State = 5
)

func (CertificateAuthority_State) Descriptor

func (CertificateAuthority_State) Enum

func (CertificateAuthority_State) EnumDescriptor

func (CertificateAuthority_State) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_State.Descriptor instead.

func (CertificateAuthority_State) Number

func (CertificateAuthority_State) String

func (CertificateAuthority_State) Type

CertificateAuthority_Type

type CertificateAuthority_Type int32

The type of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating its issuing chain.

CertificateAuthority_TYPE_UNSPECIFIED, CertificateAuthority_SELF_SIGNED, CertificateAuthority_SUBORDINATE

const (
	// Not specified.
	CertificateAuthority_TYPE_UNSPECIFIED CertificateAuthority_Type = 0
	// Self-signed CA.
	CertificateAuthority_SELF_SIGNED CertificateAuthority_Type = 1
	// Subordinate CA. Could be issued by a Private CA [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
	// or an unmanaged CA.
	CertificateAuthority_SUBORDINATE CertificateAuthority_Type = 2
)

func (CertificateAuthority_Type) Descriptor

func (CertificateAuthority_Type) Enum

func (CertificateAuthority_Type) EnumDescriptor

func (CertificateAuthority_Type) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateAuthority_Type.Descriptor instead.

func (CertificateAuthority_Type) Number

func (CertificateAuthority_Type) String

func (x CertificateAuthority_Type) String() string

func (CertificateAuthority_Type) Type

CertificateConfig

type CertificateConfig struct {

	// Required. Specifies some of the values in a certificate that are related to the
	// subject.
	SubjectConfig *CertificateConfig_SubjectConfig `protobuf:"bytes,1,opt,name=subject_config,json=subjectConfig,proto3" json:"subject_config,omitempty"`
	// Required. Describes how some of the technical X.509 fields in a certificate should be
	// populated.
	X509Config *X509Parameters `protobuf:"bytes,2,opt,name=x509_config,json=x509Config,proto3" json:"x509_config,omitempty"`
	// Optional. The public key that corresponds to this config. This is, for example, used
	// when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
	// self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
	PublicKey *PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// contains filtered or unexported fields
}

A [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig] describes an X.509 certificate or CSR that is to be created, as an alternative to using ASN.1.

func (*CertificateConfig) Descriptor

func (*CertificateConfig) Descriptor() ([]byte, []int)

Deprecated: Use CertificateConfig.ProtoReflect.Descriptor instead.

func (*CertificateConfig) GetPublicKey

func (x *CertificateConfig) GetPublicKey() *PublicKey

func (*CertificateConfig) GetSubjectConfig

func (x *CertificateConfig) GetSubjectConfig() *CertificateConfig_SubjectConfig

func (*CertificateConfig) GetX509Config

func (x *CertificateConfig) GetX509Config() *X509Parameters

func (*CertificateConfig) ProtoMessage

func (*CertificateConfig) ProtoMessage()

func (*CertificateConfig) ProtoReflect

func (x *CertificateConfig) ProtoReflect() protoreflect.Message

func (*CertificateConfig) Reset

func (x *CertificateConfig) Reset()

func (*CertificateConfig) String

func (x *CertificateConfig) String() string

CertificateConfig_SubjectConfig

type CertificateConfig_SubjectConfig struct {

	// Required. Contains distinguished name fields such as the common name, location and
	// organization.
	Subject *Subject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
	// Optional. The subject alternative name fields.
	SubjectAltName *SubjectAltNames `protobuf:"bytes,2,opt,name=subject_alt_name,json=subjectAltName,proto3" json:"subject_alt_name,omitempty"`
	// contains filtered or unexported fields
}

These values are used to create the distinguished name and subject alternative name fields in an X.509 certificate.

func (*CertificateConfig_SubjectConfig) Descriptor

func (*CertificateConfig_SubjectConfig) Descriptor() ([]byte, []int)

Deprecated: Use CertificateConfig_SubjectConfig.ProtoReflect.Descriptor instead.

func (*CertificateConfig_SubjectConfig) GetSubject

func (x *CertificateConfig_SubjectConfig) GetSubject() *Subject

func (*CertificateConfig_SubjectConfig) GetSubjectAltName

func (x *CertificateConfig_SubjectConfig) GetSubjectAltName() *SubjectAltNames

func (*CertificateConfig_SubjectConfig) ProtoMessage

func (*CertificateConfig_SubjectConfig) ProtoMessage()

func (*CertificateConfig_SubjectConfig) ProtoReflect

func (*CertificateConfig_SubjectConfig) Reset

func (*CertificateConfig_SubjectConfig) String

CertificateDescription

type CertificateDescription struct {
	SubjectDescription *CertificateDescription_SubjectDescription `protobuf:"bytes,1,opt,name=subject_description,json=subjectDescription,proto3" json:"subject_description,omitempty"`

	X509Description *X509Parameters `protobuf:"bytes,2,opt,name=x509_description,json=x509Description,proto3" json:"x509_description,omitempty"`

	PublicKey *PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`

	SubjectKeyId *CertificateDescription_KeyId `protobuf:"bytes,4,opt,name=subject_key_id,json=subjectKeyId,proto3" json:"subject_key_id,omitempty"`

	AuthorityKeyId *CertificateDescription_KeyId `protobuf:"bytes,5,opt,name=authority_key_id,json=authorityKeyId,proto3" json:"authority_key_id,omitempty"`

	CrlDistributionPoints []string `protobuf:"bytes,6,rep,name=crl_distribution_points,json=crlDistributionPoints,proto3" json:"crl_distribution_points,omitempty"`

	AiaIssuingCertificateUrls []string "" /* 140 byte string literal not displayed */

	CertFingerprint *CertificateDescription_CertificateFingerprint `protobuf:"bytes,8,opt,name=cert_fingerprint,json=certFingerprint,proto3" json:"cert_fingerprint,omitempty"`

}

A [CertificateDescription][google.cloud.security.privateca.v1.CertificateDescription] describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.

func (*CertificateDescription) Descriptor

func (*CertificateDescription) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription.ProtoReflect.Descriptor instead.

func (*CertificateDescription) GetAiaIssuingCertificateUrls

func (x *CertificateDescription) GetAiaIssuingCertificateUrls() []string

func (*CertificateDescription) GetAuthorityKeyId

func (x *CertificateDescription) GetAuthorityKeyId() *CertificateDescription_KeyId

func (*CertificateDescription) GetCertFingerprint

func (*CertificateDescription) GetCrlDistributionPoints

func (x *CertificateDescription) GetCrlDistributionPoints() []string

func (*CertificateDescription) GetPublicKey

func (x *CertificateDescription) GetPublicKey() *PublicKey

func (*CertificateDescription) GetSubjectDescription

func (*CertificateDescription) GetSubjectKeyId

func (*CertificateDescription) GetX509Description

func (x *CertificateDescription) GetX509Description() *X509Parameters

func (*CertificateDescription) ProtoMessage

func (*CertificateDescription) ProtoMessage()

func (*CertificateDescription) ProtoReflect

func (x *CertificateDescription) ProtoReflect() protoreflect.Message

func (*CertificateDescription) Reset

func (x *CertificateDescription) Reset()

func (*CertificateDescription) String

func (x *CertificateDescription) String() string

CertificateDescription_CertificateFingerprint

type CertificateDescription_CertificateFingerprint struct {

	// The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
	Sha256Hash string `protobuf:"bytes,1,opt,name=sha256_hash,json=sha256Hash,proto3" json:"sha256_hash,omitempty"`
	// contains filtered or unexported fields
}

A group of fingerprints for the x509 certificate.

func (*CertificateDescription_CertificateFingerprint) Descriptor

Deprecated: Use CertificateDescription_CertificateFingerprint.ProtoReflect.Descriptor instead.

func (*CertificateDescription_CertificateFingerprint) GetSha256Hash

func (*CertificateDescription_CertificateFingerprint) ProtoMessage

func (*CertificateDescription_CertificateFingerprint) ProtoReflect

func (*CertificateDescription_CertificateFingerprint) Reset

func (*CertificateDescription_CertificateFingerprint) String

CertificateDescription_KeyId

type CertificateDescription_KeyId struct {

	// Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
	// likely the 160 bit SHA-1 hash of the public key.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// contains filtered or unexported fields
}

A KeyId identifies a specific public key, usually by hashing the public key.

func (*CertificateDescription_KeyId) Descriptor

func (*CertificateDescription_KeyId) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription_KeyId.ProtoReflect.Descriptor instead.

func (*CertificateDescription_KeyId) GetKeyId

func (x *CertificateDescription_KeyId) GetKeyId() string

func (*CertificateDescription_KeyId) ProtoMessage

func (*CertificateDescription_KeyId) ProtoMessage()

func (*CertificateDescription_KeyId) ProtoReflect

func (*CertificateDescription_KeyId) Reset

func (x *CertificateDescription_KeyId) Reset()

func (*CertificateDescription_KeyId) String

CertificateDescription_SubjectDescription

type CertificateDescription_SubjectDescription struct {

	// Contains distinguished name fields such as the common name, location and
	// / organization.
	Subject *Subject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
	// The subject alternative name fields.
	SubjectAltName *SubjectAltNames `protobuf:"bytes,2,opt,name=subject_alt_name,json=subjectAltName,proto3" json:"subject_alt_name,omitempty"`
	// The serial number encoded in lowercase hexadecimal.
	HexSerialNumber string `protobuf:"bytes,3,opt,name=hex_serial_number,json=hexSerialNumber,proto3" json:"hex_serial_number,omitempty"`
	// For convenience, the actual lifetime of an issued certificate.
	Lifetime *duration.Duration `protobuf:"bytes,4,opt,name=lifetime,proto3" json:"lifetime,omitempty"`
	// The time at which the certificate becomes valid.
	NotBeforeTime *timestamp.Timestamp `protobuf:"bytes,5,opt,name=not_before_time,json=notBeforeTime,proto3" json:"not_before_time,omitempty"`
	// The time after which the certificate is expired.
	// Per RFC 5280, the validity period for a certificate is the period of time
	// from not_before_time through not_after_time, inclusive.
	// Corresponds to 'not_before_time' + 'lifetime' - 1 second.
	NotAfterTime *timestamp.Timestamp `protobuf:"bytes,6,opt,name=not_after_time,json=notAfterTime,proto3" json:"not_after_time,omitempty"`
	// contains filtered or unexported fields
}

These values describe fields in an issued X.509 certificate such as the distinguished name, subject alternative names, serial number, and lifetime.

func (*CertificateDescription_SubjectDescription) Descriptor

func (*CertificateDescription_SubjectDescription) Descriptor() ([]byte, []int)

Deprecated: Use CertificateDescription_SubjectDescription.ProtoReflect.Descriptor instead.

func (*CertificateDescription_SubjectDescription) GetHexSerialNumber

func (x *CertificateDescription_SubjectDescription) GetHexSerialNumber() string

func (*CertificateDescription_SubjectDescription) GetLifetime

func (*CertificateDescription_SubjectDescription) GetNotAfterTime

func (*CertificateDescription_SubjectDescription) GetNotBeforeTime

func (*CertificateDescription_SubjectDescription) GetSubject

func (*CertificateDescription_SubjectDescription) GetSubjectAltName

func (*CertificateDescription_SubjectDescription) ProtoMessage

func (*CertificateDescription_SubjectDescription) ProtoReflect

func (*CertificateDescription_SubjectDescription) Reset

func (*CertificateDescription_SubjectDescription) String

CertificateExtensionConstraints

type CertificateExtensionConstraints struct {
	KnownExtensions []CertificateExtensionConstraints_KnownCertificateExtension "" /* 212 byte string literal not displayed */

	AdditionalExtensions []*ObjectId `protobuf:"bytes,2,rep,name=additional_extensions,json=additionalExtensions,proto3" json:"additional_extensions,omitempty"`

}

Describes a set of X.509 extensions that may be part of some certificate issuance controls.

func (*CertificateExtensionConstraints) Descriptor

func (*CertificateExtensionConstraints) Descriptor() ([]byte, []int)

Deprecated: Use CertificateExtensionConstraints.ProtoReflect.Descriptor instead.

func (*CertificateExtensionConstraints) GetAdditionalExtensions

func (x *CertificateExtensionConstraints) GetAdditionalExtensions() []*ObjectId

func (*CertificateExtensionConstraints) GetKnownExtensions

func (*CertificateExtensionConstraints) ProtoMessage

func (*CertificateExtensionConstraints) ProtoMessage()

func (*CertificateExtensionConstraints) ProtoReflect

func (*CertificateExtensionConstraints) Reset

func (*CertificateExtensionConstraints) String

CertificateExtensionConstraints_KnownCertificateExtension

type CertificateExtensionConstraints_KnownCertificateExtension int32

Describes well-known X.509 extensions that can appear in a [Certificate][google.cloud.security.privateca.v1.Certificate], not including the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension.

CertificateExtensionConstraints_KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED, CertificateExtensionConstraints_BASE_KEY_USAGE, CertificateExtensionConstraints_EXTENDED_KEY_USAGE, CertificateExtensionConstraints_CA_OPTIONS, CertificateExtensionConstraints_POLICY_IDS, CertificateExtensionConstraints_AIA_OCSP_SERVERS

const (
	// Not specified.
	CertificateExtensionConstraints_KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED CertificateExtensionConstraints_KnownCertificateExtension = 0
	// Refers to a certificate's Key Usage extension, as described in [RFC 5280
	// section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
	// This corresponds to the [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage] field.
	CertificateExtensionConstraints_BASE_KEY_USAGE CertificateExtensionConstraints_KnownCertificateExtension = 1
	// Refers to a certificate's Extended Key Usage extension, as described in
	// [RFC 5280
	// section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
	// This corresponds to the [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage] message.
	CertificateExtensionConstraints_EXTENDED_KEY_USAGE CertificateExtensionConstraints_KnownCertificateExtension = 2
	// Refers to a certificate's Basic Constraints extension, as described in
	// [RFC 5280
	// section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
	// This corresponds to the [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options] field.
	CertificateExtensionConstraints_CA_OPTIONS CertificateExtensionConstraints_KnownCertificateExtension = 3
	// Refers to a certificate's Policy object identifiers, as described in
	// [RFC 5280
	// section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
	// This corresponds to the [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids] field.
	CertificateExtensionConstraints_POLICY_IDS CertificateExtensionConstraints_KnownCertificateExtension = 4
	// Refers to OCSP servers in a certificate's Authority Information Access
	// extension, as described in
	// [RFC 5280
	// section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
	// This corresponds to the [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers] field.
	CertificateExtensionConstraints_AIA_OCSP_SERVERS CertificateExtensionConstraints_KnownCertificateExtension = 5
)

func (CertificateExtensionConstraints_KnownCertificateExtension) Descriptor

func (CertificateExtensionConstraints_KnownCertificateExtension) Enum

func (CertificateExtensionConstraints_KnownCertificateExtension) EnumDescriptor

Deprecated: Use CertificateExtensionConstraints_KnownCertificateExtension.Descriptor instead.

func (CertificateExtensionConstraints_KnownCertificateExtension) Number

func (CertificateExtensionConstraints_KnownCertificateExtension) String

func (CertificateExtensionConstraints_KnownCertificateExtension) Type

CertificateIdentityConstraints

type CertificateIdentityConstraints struct {
	CelExpression *expr.Expr `protobuf:"bytes,1,opt,name=cel_expression,json=celExpression,proto3" json:"cel_expression,omitempty"`

	AllowSubjectPassthrough *bool "" /* 139 byte string literal not displayed */

	AllowSubjectAltNamesPassthrough *bool "" /* 167 byte string literal not displayed */

}

Describes constraints on a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames].

func (*CertificateIdentityConstraints) Descriptor

func (*CertificateIdentityConstraints) Descriptor() ([]byte, []int)

Deprecated: Use CertificateIdentityConstraints.ProtoReflect.Descriptor instead.

func (*CertificateIdentityConstraints) GetAllowSubjectAltNamesPassthrough

func (x *CertificateIdentityConstraints) GetAllowSubjectAltNamesPassthrough() bool

func (*CertificateIdentityConstraints) GetAllowSubjectPassthrough

func (x *CertificateIdentityConstraints) GetAllowSubjectPassthrough() bool

func (*CertificateIdentityConstraints) GetCelExpression

func (x *CertificateIdentityConstraints) GetCelExpression() *expr.Expr

func (*CertificateIdentityConstraints) ProtoMessage

func (*CertificateIdentityConstraints) ProtoMessage()

func (*CertificateIdentityConstraints) ProtoReflect

func (*CertificateIdentityConstraints) Reset

func (x *CertificateIdentityConstraints) Reset()

func (*CertificateIdentityConstraints) String

CertificateRevocationList

type CertificateRevocationList struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	SequenceNumber int64 `protobuf:"varint,2,opt,name=sequence_number,json=sequenceNumber,proto3" json:"sequence_number,omitempty"`

	RevokedCertificates []*CertificateRevocationList_RevokedCertificate `protobuf:"bytes,3,rep,name=revoked_certificates,json=revokedCertificates,proto3" json:"revoked_certificates,omitempty"`

	PemCrl string `protobuf:"bytes,4,opt,name=pem_crl,json=pemCrl,proto3" json:"pem_crl,omitempty"`

	AccessUrl string `protobuf:"bytes,5,opt,name=access_url,json=accessUrl,proto3" json:"access_url,omitempty"`

	State CertificateRevocationList_State "" /* 136 byte string literal not displayed */

	CreateTime *timestamp.Timestamp `protobuf:"bytes,7,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`

	UpdateTime *timestamp.Timestamp `protobuf:"bytes,8,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`

	RevisionId string `protobuf:"bytes,9,opt,name=revision_id,json=revisionId,proto3" json:"revision_id,omitempty"`

	Labels map[string]string "" /* 154 byte string literal not displayed */

}

A [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] corresponds to a signed X.509 certificate Revocation List (CRL). A CRL contains the serial numbers of certificates that should no longer be trusted.

func (*CertificateRevocationList) Descriptor

func (*CertificateRevocationList) Descriptor() ([]byte, []int)

Deprecated: Use CertificateRevocationList.ProtoReflect.Descriptor instead.

func (*CertificateRevocationList) GetAccessUrl

func (x *CertificateRevocationList) GetAccessUrl() string

func (*CertificateRevocationList) GetCreateTime

func (x *CertificateRevocationList) GetCreateTime() *timestamp.Timestamp

func (*CertificateRevocationList) GetLabels

func (x *CertificateRevocationList) GetLabels() map[string]string

func (*CertificateRevocationList) GetName

func (x *CertificateRevocationList) GetName() string

func (*CertificateRevocationList) GetPemCrl

func (x *CertificateRevocationList) GetPemCrl() string

func (*CertificateRevocationList) GetRevisionId

func (x *CertificateRevocationList) GetRevisionId() string

func (*CertificateRevocationList) GetRevokedCertificates

func (*CertificateRevocationList) GetSequenceNumber

func (x *CertificateRevocationList) GetSequenceNumber() int64

func (*CertificateRevocationList) GetState

func (*CertificateRevocationList) GetUpdateTime

func (x *CertificateRevocationList) GetUpdateTime() *timestamp.Timestamp

func (*CertificateRevocationList) ProtoMessage

func (*CertificateRevocationList) ProtoMessage()

func (*CertificateRevocationList) ProtoReflect

func (*CertificateRevocationList) Reset

func (x *CertificateRevocationList) Reset()

func (*CertificateRevocationList) String

func (x *CertificateRevocationList) String() string

CertificateRevocationList_RevokedCertificate

type CertificateRevocationList_RevokedCertificate struct {
	Certificate string `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`

	HexSerialNumber string `protobuf:"bytes,2,opt,name=hex_serial_number,json=hexSerialNumber,proto3" json:"hex_serial_number,omitempty"`

	RevocationReason RevocationReason "" /* 167 byte string literal not displayed */

}

Describes a revoked [Certificate][google.cloud.security.privateca.v1.Certificate].

func (*CertificateRevocationList_RevokedCertificate) Descriptor

Deprecated: Use CertificateRevocationList_RevokedCertificate.ProtoReflect.Descriptor instead.

func (*CertificateRevocationList_RevokedCertificate) GetCertificate

func (*CertificateRevocationList_RevokedCertificate) GetHexSerialNumber

func (x *CertificateRevocationList_RevokedCertificate) GetHexSerialNumber() string

func (*CertificateRevocationList_RevokedCertificate) GetRevocationReason

func (*CertificateRevocationList_RevokedCertificate) ProtoMessage