Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix missing fields on Certificate #5941

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
194 changes: 191 additions & 3 deletions mmv1/products/privateca/api.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -562,6 +562,11 @@ objects:
required: true
input: true
url_param_only: true
- !ruby/object:Api::Type::String
name: 'issuerCertificateAuthority'
description: |
The resource name of the issuing CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
output: true
- !ruby/object:Api::Type::String
name: 'lifetime'
description: |
Expand Down Expand Up @@ -739,8 +744,187 @@ objects:
output: true
description: |
The time at which the certificate expires.
- !ruby/object:Api::Type::NestedObject
name: 'x509Description'
output: true
description: |
A structured description of the issued X.509 certificate.
properties:
- !ruby/object:Api::Type::Array
name: 'additionalExtensions'
description: |
Describes custom X.509 extensions.
output: true
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::Boolean
name: 'critical'
description: |
Indicates whether or not this extension is critical (i.e., if the client does not know how to
handle this extension, the client should consider this to be an error).
output: true
- !ruby/object:Api::Type::String
name: 'value'
description: |
The value of this X.509 extension. A base64-encoded string.
- !ruby/object:Api::Type::NestedObject
name: 'objectId'
description: |
Describes values that are relevant in a CA certificate.
output: true
properties:
- !ruby/object:Api::Type::Array
name: 'objectIdPath'
item_type: Api::Type::Integer
description: |
An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
output: true
- !ruby/object:Api::Type::Array
name: 'policyIds'
description: |
Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
output: true
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::Array
name: 'objectIdPath'
item_type: Api::Type::Integer
description: |
An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
output: true
- !ruby/object:Api::Type::Array
name: 'aiaOcspServers'
item_type: Api::Type::String
description: |
Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the
"Authority Information Access" extension in the certificate.
output: true
- !ruby/object:Api::Type::NestedObject
name: 'caOptions'
description: |
Describes values that are relevant in a CA certificate.
output: true
properties:
- !ruby/object:Api::Type::Boolean
name: 'isCa'
description: |
When true, the "CA" in Basic Constraints extension will be set to true.
output: true
- !ruby/object:Api::Type::Integer
name: 'maxIssuerPathLength'
description: |
Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of
subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
output: true
- !ruby/object:Api::Type::NestedObject
name: 'keyUsage'
description: |
Indicates the intended use for keys that correspond to a certificate.
output: true
properties:
- !ruby/object:Api::Type::NestedObject
name: 'baseKeyUsage'
description: |
Describes high-level ways in which a key may be used.
output: true
properties:
- !ruby/object:Api::Type::Boolean
name: 'digitalSignature'
description: |
The key may be used for digital signatures.
output: true
- !ruby/object:Api::Type::Boolean
name: 'contentCommitment'
description: |
The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
output: true
- !ruby/object:Api::Type::Boolean
name: 'keyEncipherment'
description: |
The key may be used to encipher other keys.
output: true
- !ruby/object:Api::Type::Boolean
name: 'dataEncipherment'
description: |
The key may be used to encipher data.
output: true
- !ruby/object:Api::Type::Boolean
name: 'keyAgreement'
description: |
The key may be used in a key agreement protocol.
output: true
- !ruby/object:Api::Type::Boolean
name: 'certSign'
description: |
The key may be used to sign certificates.
output: true
- !ruby/object:Api::Type::Boolean
name: 'crlSign'
description: |
The key may be used sign certificate revocation lists.
output: true
- !ruby/object:Api::Type::Boolean
name: 'encipherOnly'
description: |
The key may be used to encipher only.
output: true
- !ruby/object:Api::Type::Boolean
name: 'decipherOnly'
description: |
The key may be used to decipher only.
output: true
- !ruby/object:Api::Type::NestedObject
name: 'extendedKeyUsage'
description: |
Describes high-level ways in which a key may be used.
output: true
properties:
- !ruby/object:Api::Type::Boolean
name: 'serverAuth'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
output: true
- !ruby/object:Api::Type::Boolean
name: 'clientAuth'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
output: true
- !ruby/object:Api::Type::Boolean
name: 'codeSigning'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
output: true
- !ruby/object:Api::Type::Boolean
name: 'emailProtection'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
output: true
- !ruby/object:Api::Type::Boolean
name: 'timeStamping'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
output: true
- !ruby/object:Api::Type::Boolean
name: 'ocspSigning'
description: |
Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
output: true
- !ruby/object:Api::Type::Array
name: 'unknownExtendedKeyUsages'
description: |
An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
output: true
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::Array
name: 'objectIdPath'
item_type: Api::Type::Integer
description: |
An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
output: true
- !ruby/object:Api::Type::NestedObject
name: 'configValues'
deprecation_message: Deprecated in favor of `x509_description`.
output: true
description: |
Describes some of the technical fields in a certificate.
Expand Down Expand Up @@ -927,8 +1111,15 @@ objects:
output: true
description: |
The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
- !ruby/object:Api::Type::Array
name: 'pemCertificateChain'
output: true
description: |
The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
item_type: Api::Type::String
- !ruby/object:Api::Type::Array
name: 'pemCertificates'
deprecation_message: Deprecated in favor of `pem_certificate_chain`.
output: true
description: |
Required. Expected to be in leaf-to-root order according to RFC 5246.
Expand Down Expand Up @@ -1669,6 +1860,3 @@ objects:
name: 'name'
description: Dummy property.
required: true