Package privateca_v1.types (1.9.0rc0)

Request message for CertificateAuthorityService.ActivateCertificateAuthority.

A CaPool represents a group of CertificateAuthorities that form a trust anchor. A CaPool can be used to manage issuance policies for one or more CertificateAuthority resources and to rotate CA certificates in and out of the trust anchor.

A Certificate corresponds to a signed X.509 certificate issued by a CertificateAuthority.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

A CertificateAuthority represents an individual Certificate Authority. A CertificateAuthority can be used to create Certificates.

A CertificateConfig describes an X.509 certificate or CSR that is to be created, as an alternative to using ASN.1.

A CertificateDescription describes an X.509 certificate or CSR that has been issued, as an alternative to using ASN.1 / X.509.

Describes a set of X.509 extensions that may be part of some certificate issuance controls.

Describes constraints on a Certificate's Subject and SubjectAltNames.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

A CertificateRevocationList corresponds to a signed X.509 certificate Revocation List (CRL). A CRL contains the serial numbers of certificates that should no longer be trusted.

A CertificateTemplate refers to a managed template for certificate issuance.

Request message for CertificateAuthorityService.CreateCaPool.

Request message for CertificateAuthorityService.CreateCertificateAuthority.

Request message for CertificateAuthorityService.CreateCertificate.

Request message for CertificateAuthorityService.CreateCertificateTemplate.

Request message for CertificateAuthorityService.DeleteCaPool.

Request message for CertificateAuthorityService.DeleteCertificateAuthority.

Request message for CertificateAuthorityService.DeleteCertificateTemplate.

Request message for CertificateAuthorityService.DisableCertificateAuthority.

Request message for CertificateAuthorityService.EnableCertificateAuthority.

Request message for CertificateAuthorityService.FetchCaCerts.

Response message for CertificateAuthorityService.FetchCaCerts.

Request message for CertificateAuthorityService.FetchCertificateAuthorityCsr.

Response message for CertificateAuthorityService.FetchCertificateAuthorityCsr.

Request message for CertificateAuthorityService.GetCaPool.

Request message for CertificateAuthorityService.GetCertificateAuthority.

Request message for CertificateAuthorityService.GetCertificate.

Request message for CertificateAuthorityService.GetCertificateRevocationList.

Request message for CertificateAuthorityService.GetCertificateTemplate.

A KeyUsage describes key usage values that may appear in an X.509 certificate.

Request message for CertificateAuthorityService.ListCaPools.

Response message for CertificateAuthorityService.ListCaPools.

Request message for CertificateAuthorityService.ListCertificateAuthorities.

Response message for CertificateAuthorityService.ListCertificateAuthorities.

Request message for CertificateAuthorityService.ListCertificateRevocationLists.

Response message for CertificateAuthorityService.ListCertificateRevocationLists.

Request message for CertificateAuthorityService.ListCertificateTemplates.

Response message for CertificateAuthorityService.ListCertificateTemplates.

Request message for CertificateAuthorityService.ListCertificates.

Response message for CertificateAuthorityService.ListCertificates.

An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.

Represents the metadata of the long-running operation.

A PublicKey describes a public key.

A RevocationReason indicates whether a Certificate has been revoked, and the reason for revocation. These correspond to standard revocation reasons from RFC 5280. Note that the enum labels and values in this definition are not the same ASN.1 values defined in RFC 5280. These values will be translated to the correct ASN.1 values when a CRL is created.

Values: REVOCATION_REASON_UNSPECIFIED (0): Default unspecified value. This value does indicate that a Certificate has been revoked, but that a reason has not been recorded. KEY_COMPROMISE (1): Key material for this Certificate may have leaked. CERTIFICATE_AUTHORITY_COMPROMISE (2): The key material for a certificate authority in the issuing path may have leaked. AFFILIATION_CHANGED (3): The subject or other attributes in this Certificate have changed. SUPERSEDED (4): This Certificate has been superseded. CESSATION_OF_OPERATION (5): This Certificate or entities in the issuing path have ceased to operate. CERTIFICATE_HOLD (6): This Certificate should not be considered valid, it is expected that it may become valid in the future. PRIVILEGE_WITHDRAWN (7): This Certificate no longer has permission to assert the listed attributes. ATTRIBUTE_AUTHORITY_COMPROMISE (8): The authority which determines appropriate attributes for a Certificate may have been compromised.

Request message for CertificateAuthorityService.RevokeCertificate.

Subject describes parts of a distinguished name that, in turn, describes the subject of the certificate.

SubjectAltNames corresponds to a more modern way of listing what the asserted identity is in a certificate (i.e., compared to the "common name" in the distinguished name).

Describes the way in which a Certificate's Subject and/or SubjectAltNames will be resolved.

Values: SUBJECT_REQUEST_MODE_UNSPECIFIED (0): Not specified. DEFAULT (1): The default mode used in most cases. Indicates that the certificate's Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission. REFLECTED_SPIFFE (2): A mode reserved for special cases. Indicates that the certificate should have one SPIFFE SubjectAltNames set by the service based on the caller's identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission.

Describes a subordinate CA's issuers. This is either a resource name to a known issuing CertificateAuthority, or a PEM issuer certificate chain.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Request message for CertificateAuthorityService.UndeleteCertificateAuthority.

Request message for CertificateAuthorityService.UpdateCaPool.

Request message for CertificateAuthorityService.UpdateCertificateAuthority.

Request message for CertificateAuthorityService.UpdateCertificate.

Request message for CertificateAuthorityService.UpdateCertificateRevocationList.

Request message for CertificateAuthorityService.UpdateCertificateTemplate.

An X509Extension specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.

An X509Parameters is used to describe certain fields of an X.509 certificate, such as the key usage fields, fields specific to CA certificates, certificate policy extensions and custom extensions.