Skip to content

Commit

Permalink
Fix missing fields on Certificate (GoogleCloudPlatform#5941)
Browse files Browse the repository at this point in the history
  • Loading branch information
@gfxcc @saqibkhanspeaks12
gfxcc authored and saqibkhanspeaks12 committed Apr 25, 2022
1 parent 704a887 commit 89ac90f
Showing 1 changed file with 191 additions and 3 deletions.
194 changes: 191 additions & 3 deletions mmv1/products/privateca/api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -562,6 +562,11 @@ objects:
required: true
input: true
url_param_only: true
- !ruby/object:Api::Type::String
name: 'issuerCertificateAuthority'
description: |
The resource name of the issuing CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
output: true
- !ruby/object:Api::Type::String
name: 'lifetime'
description: |
Expand Down Expand Up @@ -739,8 +744,187 @@ objects:
output: true
description: |
The time at which the certificate expires.
- !ruby/object:Api::Type::NestedObject
name: 'x509Description'
output: true
description: |
A structured description of the issued X.509 certificate.
properties:
- !ruby/object:Api::Type::Array
name: 'additionalExtensions'
description: |
Describes custom X.509 extensions.
output: true
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::Boolean
name: 'critical'
description: |
Indicates whether or not this extension is critical (i.e., if the client does not know how to
handle this extension, the client should consider this to be an error).
output: true
- !ruby/object:Api::Type::String
name: 'value'
description: |
The value of this X.509 extension. A base64-encoded string.
- !ruby/object:Api::Type::NestedObject
name: 'objectId'
description: |
Describes values that are relevant in a CA certificate.
output: true
properties:
- !ruby/object:Api::Type::Array
name: 'objectIdPath'
item_type: Api::Type::Integer
description: |
An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
output: true
- !ruby/object:Api::Type::Array
name: 'policyIds'
description: |
Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
output: true
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::Array
name: 'objectIdPath'
item_type: Api::Type::Integer
description: |
An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
output: true
- !ruby/object:Api::Type::Array
name: 'aiaOcspServers'
item_type: Api::Type::String
description: |
Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the
"Authority Information Access" extension in the certificate.
output: true
- !ruby/object:Api::Type::NestedObject
name: 'caOptions'
description: |
Describes values that are relevant in a CA certificate.
output: true
properties:
- !ruby/object:Api::Type::Boolean
name: 'isCa'
description: |
When true, the "CA" in Basic Constraints extension will be set to true.
output: true
- !ruby/object:Api::Type::Integer
name: 'maxIssuerPathLength'
description: |
Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of
subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
output: true
- !ruby/object:Api::Type::NestedObject
name: 'keyUsage'
description: |
Indicates the intended use for keys that correspond to a certificate.
output: true
properties:
- !ruby/object:Api::Type::NestedObject
name: 'baseKeyUsage'
description: |
Describes high-level ways in which a key may be used.
output: true
properties:
- !ruby/object:Api::Type::Boolean
name: 'digitalSignature'
description: |
The key may be used for digital signatures.
output: true
- !ruby/object:Api::Type::Boolean
name: 'contentCommitment'
description: |
The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
output: true
- !ruby/object:Api::Type::Boolean
name: 'keyEncipherment'
description: |
The key may be used to encipher other keys.
output: true
- !ruby/object:Api::Type::Boolean
name: 'dataEncipherment'
description: |
The key may be used to encipher data.
output: true
- !ruby/object:Api::Type::Boolean
name: 'keyAgreement'
description: |
The key may be used in a key agreement protocol.
output: true
- !ruby/object:Api::Type::Boolean
name: 'certSign'
description: |
The key may be used to sign certificates.
output: true
- !ruby/object:Api::Type::Boolean
name: 'crlSign'
description: |
The key may be used sign certificate revocation lists.
output: true
- !ruby/object:Api::Type::Boolean
name: 'encipherOnly'
description: |
The key may be used to encipher only.
output: true
- !ruby/object:Api::Type::Boolean
name: 'decipherOnly'
description: |
The key may be used to decipher only.
output: true
- !ruby/object:Api::Type::NestedObject
name: 'extendedKeyUsage'
description: |
Describes high-level ways in which a key may be used.
output: true
properties:
- !ruby/object:Api::Type::Boolean
name: 'serverAuth'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
output: true
- !ruby/object:Api::Type::Boolean
name: 'clientAuth'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
output: true
- !ruby/object:Api::Type::Boolean
name: 'codeSigning'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
output: true
- !ruby/object:Api::Type::Boolean
name: 'emailProtection'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
output: true
- !ruby/object:Api::Type::Boolean
name: 'timeStamping'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
output: true
- !ruby/object:Api::Type::Boolean
name: 'ocspSigning'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
output: true
- !ruby/object:Api::Type::Array
name: 'unknownExtendedKeyUsages'
description: |
An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
output: true
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::Array
name: 'objectIdPath'
item_type: Api::Type::Integer
description: |
An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
output: true
- !ruby/object:Api::Type::NestedObject
name: 'configValues'
deprecation_message: Deprecated in favor of `x509_description`.
output: true
description: |
Describes some of the technical fields in a certificate.
Expand Down Expand Up @@ -927,8 +1111,15 @@ objects:
output: true
description: |
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- !ruby/object:Api::Type::Array
name: 'pemCertificateChain'
output: true
description: |
The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
item_type: Api::Type::String
- !ruby/object:Api::Type::Array
name: 'pemCertificates'
deprecation_message: Deprecated in favor of `pem_certificate_chain`.
output: true
description: |
Required. Expected to be in leaf-to-root order according to RFC 5246.
Expand Down Expand Up @@ -1669,6 +1860,3 @@ objects:
name: 'name'
description: Dummy property.
required: true



0 comments on commit 89ac90f

Please sign in to comment.