File: types.go

package info (click to toggle)
golang-github-aws-aws-sdk-go-v2 1.24.1-2~bpo12%2B1
links: PTS, VCS
area: main
in suites: bookworm-backports
size: 554,032 kB
sloc: java: 15,941; makefile: 419; sh: 175
file content (752 lines) | stat: -rw-r--r-- 32,131 bytes
// Code generated by smithy-go-codegen DO NOT EDIT.

package types

import (
	smithydocument "github.com/aws/smithy-go/document"
	"time"
)

// Provides access information used by the authorityInfoAccess and
// subjectInfoAccess extensions described in RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280)
// .
type AccessDescription struct {

	// The location of AccessDescription information.
	//
	// This member is required.
	AccessLocation *GeneralName

	// The type and format of AccessDescription information.
	//
	// This member is required.
	AccessMethod *AccessMethod

	noSmithyDocumentSerde
}

// Describes the type and format of extension access. Only one of
// CustomObjectIdentifier or AccessMethodType may be provided. Providing both
// results in InvalidArgsException .
type AccessMethod struct {

	// Specifies the AccessMethod .
	AccessMethodType AccessMethodType

	// An object identifier (OID) specifying the AccessMethod . The OID must satisfy
	// the regular expression shown below. For more information, see NIST's definition
	// of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier)
	// .
	CustomObjectIdentifier *string

	noSmithyDocumentSerde
}

// Contains X.509 certificate information to be placed in an issued certificate.
// An APIPassthrough or APICSRPassthrough template variant must be selected, or
// else this parameter is ignored. If conflicting or duplicate certificate
// information is supplied from other sources, Amazon Web Services Private CA
// applies order of operation rules (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations)
// to determine what information is used.
type ApiPassthrough struct {

	// Specifies X.509 extension information for a certificate.
	Extensions *Extensions

	// Contains information about the certificate subject. The Subject field in the
	// certificate identifies the entity that owns or controls the public key in the
	// certificate. The entity can be a user, computer, device, or service. The
	// Subject must contain an X.500 distinguished name (DN). A DN is a sequence of
	// relative distinguished names (RDNs). The RDNs are separated by commas in the
	// certificate.
	Subject *ASN1Subject

	noSmithyDocumentSerde
}

// Contains information about the certificate subject. The Subject field in the
// certificate identifies the entity that owns or controls the public key in the
// certificate. The entity can be a user, computer, device, or service. The
// Subject must contain an X.500 distinguished name (DN). A DN is a sequence of
// relative distinguished names (RDNs). The RDNs are separated by commas in the
// certificate.
type ASN1Subject struct {

	// For CA and end-entity certificates in a private PKI, the common name (CN) can
	// be any string within the length limit. Note: In publicly trusted certificates,
	// the common name must be a fully qualified domain name (FQDN) associated with the
	// certificate subject.
	CommonName *string

	// Two-digit code that specifies the country in which the certificate subject
	// located.
	Country *string

	// Contains a sequence of one or more X.500 relative distinguished names (RDNs),
	// each of which consists of an object identifier (OID) and a value. For more
	// information, see NIST’s definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier)
	// . Custom attributes cannot be used in combination with standard attributes.
	CustomAttributes []CustomAttribute

	// Disambiguating information for the certificate subject.
	DistinguishedNameQualifier *string

	// Typically a qualifier appended to the name of an individual. Examples include
	// Jr. for junior, Sr. for senior, and III for third.
	GenerationQualifier *string

	// First name.
	GivenName *string

	// Concatenation that typically contains the first letter of the GivenName, the
	// first letter of the middle name if one exists, and the first letter of the
	// Surname.
	Initials *string

	// The locality (such as a city or town) in which the certificate subject is
	// located.
	Locality *string

	// Legal name of the organization with which the certificate subject is affiliated.
	Organization *string

	// A subdivision or unit of the organization (such as sales or finance) with which
	// the certificate subject is affiliated.
	OrganizationalUnit *string

	// Typically a shortened version of a longer GivenName. For example, Jonathan is
	// often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
	Pseudonym *string

	// The certificate serial number.
	SerialNumber *string

	// State in which the subject of the certificate is located.
	State *string

	// Family name. In the US and the UK, for example, the surname of an individual is
	// ordered last. In Asian cultures the surname is typically ordered first.
	Surname *string

	// A title such as Mr. or Ms., which is pre-pended to the name to refer formally
	// to the certificate subject.
	Title *string

	noSmithyDocumentSerde
}

// Contains information about your private certificate authority (CA). Your
// private CA can issue and revoke X.509 digital certificates. Digital certificates
// verify that the entity named in the certificate Subject field owns or controls
// the public key contained in the Subject Public Key Info field. Call the
// CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html)
// action to create your private CA. You must then call the
// GetCertificateAuthorityCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCertificate.html)
// action to retrieve a private CA certificate signing request (CSR). Sign the CSR
// with your Amazon Web Services Private CA-hosted or on-premises root or
// subordinate CA certificate. Call the ImportCertificateAuthorityCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html)
// action to import the signed certificate into Certificate Manager (ACM).
type CertificateAuthority struct {

	// Amazon Resource Name (ARN) for your private certificate authority (CA). The
	// format is 12345678-1234-1234-1234-123456789012 .
	Arn *string

	// Your private CA configuration.
	CertificateAuthorityConfiguration *CertificateAuthorityConfiguration

	// Date and time at which your private CA was created.
	CreatedAt *time.Time

	// Reason the request to create your private CA failed.
	FailureReason FailureReason

	// Defines a cryptographic key management compliance standard used for handling CA
	// keys. Default: FIPS_140_2_LEVEL_3_OR_HIGHER Note: Amazon Web Services Region
	// ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly
	// specify this parameter and value when creating a CA in that Region. Specifying a
	// different value (or no value) results in an InvalidArgsException with the
	// message "A certificate authority cannot be created in this region with the
	// specified security standard."
	KeyStorageSecurityStandard KeyStorageSecurityStandard

	// Date and time at which your private CA was last updated.
	LastStateChangeAt *time.Time

	// Date and time after which your private CA certificate is not valid.
	NotAfter *time.Time

	// Date and time before which your private CA certificate is not valid.
	NotBefore *time.Time

	// The Amazon Web Services account ID that owns the certificate authority.
	OwnerAccount *string

	// The period during which a deleted CA can be restored. For more information, see
	// the PermanentDeletionTimeInDays parameter of the
	// DeleteCertificateAuthorityRequest (https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html)
	// action.
	RestorableUntil *time.Time

	// Information about the Online Certificate Status Protocol (OCSP) configuration
	// or certificate revocation list (CRL) created and maintained by your private CA.
	RevocationConfiguration *RevocationConfiguration

	// Serial number of your private CA.
	Serial *string

	// Status of your private CA.
	Status CertificateAuthorityStatus

	// Type of your private CA.
	Type CertificateAuthorityType

	// Specifies whether the CA issues general-purpose certificates that typically
	// require a revocation mechanism, or short-lived certificates that may optionally
	// omit revocation because they expire quickly. Short-lived certificate validity is
	// limited to seven days. The default value is GENERAL_PURPOSE.
	UsageMode CertificateAuthorityUsageMode

	noSmithyDocumentSerde
}

// Contains configuration information for your private certificate authority (CA).
// This includes information about the class of public key algorithm and the key
// pair that your private CA creates when it issues a certificate. It also includes
// the signature algorithm that it uses when issuing certificates, and its X.500
// distinguished name. You must specify this information when you call the
// CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html)
// action.
type CertificateAuthorityConfiguration struct {

	// Type of the public key algorithm and size, in bits, of the key pair that your
	// CA creates when it issues a certificate. When you create a subordinate CA, you
	// must use a key algorithm supported by the parent CA.
	//
	// This member is required.
	KeyAlgorithm KeyAlgorithm

	// Name of the algorithm your private CA uses to sign certificate requests. This
	// parameter should not be confused with the SigningAlgorithm parameter used to
	// sign certificates when they are issued.
	//
	// This member is required.
	SigningAlgorithm SigningAlgorithm

	// Structure that contains X.500 distinguished name information for your private
	// CA.
	//
	// This member is required.
	Subject *ASN1Subject

	// Specifies information to be added to the extension section of the certificate
	// signing request (CSR).
	CsrExtensions *CsrExtensions

	noSmithyDocumentSerde
}

// Contains configuration information for a certificate revocation list (CRL).
// Your private certificate authority (CA) creates base CRLs. Delta CRLs are not
// supported. You can enable CRLs for your new or an existing private CA by setting
// the Enabled parameter to true . Your private CA writes CRLs to an S3 bucket that
// you specify in the S3BucketName parameter. You can hide the name of your bucket
// by specifying a value for the CustomCname parameter. Your private CA copies the
// CNAME or the S3 bucket name to the CRL Distribution Points extension of each
// certificate it issues. Your S3 bucket policy must give write permission to
// Amazon Web Services Private CA. Amazon Web Services Private CA assets that are
// stored in Amazon S3 can be protected with encryption. For more information, see
// Encrypting Your CRLs (https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption)
// . Your private CA uses the value in the ExpirationInDays parameter to calculate
// the nextUpdate field in the CRL. The CRL is refreshed prior to a certificate's
// expiration date or when a certificate is revoked. When a certificate is revoked,
// it appears in the CRL until the certificate expires, and then in one additional
// CRL after expiration, and it always appears in the audit report. A CRL is
// typically updated approximately 30 minutes after a certificate is revoked. If
// for any reason a CRL update fails, Amazon Web Services Private CA makes further
// attempts every 15 minutes. CRLs contain the following fields:
//   - Version: The current version number defined in RFC 5280 is V2. The integer
//     value is 0x1.
//   - Signature Algorithm: The name of the algorithm used to sign the CRL.
//   - Issuer: The X.500 distinguished name of your private CA that issued the
//     CRL.
//   - Last Update: The issue date and time of this CRL.
//   - Next Update: The day and time by which the next CRL will be issued.
//   - Revoked Certificates: List of revoked certificates. Each list item contains
//     the following information.
//   - Serial Number: The serial number, in hexadecimal format, of the revoked
//     certificate.
//   - Revocation Date: Date and time the certificate was revoked.
//   - CRL Entry Extensions: Optional extensions for the CRL entry.
//   - X509v3 CRL Reason Code: Reason the certificate was revoked.
//   - CRL Extensions: Optional extensions for the CRL.
//   - X509v3 Authority Key Identifier: Identifies the public key associated with
//     the private key used to sign the certificate.
//   - X509v3 CRL Number:: Decimal sequence number for the CRL.
//   - Signature Algorithm: Algorithm used by your private CA to sign the CRL.
//   - Signature Value: Signature computed over the CRL.
//
// Certificate revocation lists created by Amazon Web Services Private CA are
// DER-encoded. You can use the following OpenSSL command to list a CRL. openssl
// crl -inform DER -text -in crl_path -noout For more information, see Planning a
// certificate revocation list (CRL) (https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html)
// in the Amazon Web Services Private Certificate Authority User Guide
type CrlConfiguration struct {

	// Boolean value that specifies whether certificate revocation lists (CRLs) are
	// enabled. You can use this value to enable certificate revocation for a new CA
	// when you call the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html)
	// action or for an existing CA when you call the UpdateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html)
	// action.
	//
	// This member is required.
	Enabled *bool

	// Name inserted into the certificate CRL Distribution Points extension that
	// enables the use of an alias for the CRL distribution point. Use this value if
	// you don't want the name of your S3 bucket to be public. The content of a
	// Canonical Name (CNAME) record must conform to RFC2396 (https://www.ietf.org/rfc/rfc2396.txt)
	// restrictions on the use of special characters in URIs. Additionally, the value
	// of the CNAME must not include a protocol prefix such as "http://" or "https://".
	CustomCname *string

	// Validity period of the CRL in days.
	ExpirationInDays *int32

	// Name of the S3 bucket that contains the CRL. If you do not provide a value for
	// the CustomCname argument, the name of your S3 bucket is placed into the CRL
	// Distribution Points extension of the issued certificate. You can change the name
	// of your bucket by calling the UpdateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html)
	// operation. You must specify a bucket policy (https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies)
	// that allows Amazon Web Services Private CA to write the CRL to your bucket. The
	// S3BucketName parameter must conform to the S3 bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html)
	// .
	S3BucketName *string

	// Determines whether the CRL will be publicly readable or privately held in the
	// CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over
	// the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of
	// the CRL S3 bucket can access the CRL, and your PKI clients may need an
	// alternative method of access. If no value is specified, the default is
	// PUBLIC_READ . Note: This default can cause CA creation to fail in some
	// circumstances. If you have have enabled the Block Public Access (BPA) feature in
	// your S3 account, then you must specify the value of this parameter as
	// BUCKET_OWNER_FULL_CONTROL , and not doing so results in an error. If you have
	// disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or
	// PUBLIC_READ as the value. For more information, see Blocking public access to
	// the S3 bucket (https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa)
	// .
	S3ObjectAcl S3ObjectAcl

	noSmithyDocumentSerde
}

// Describes the certificate extensions to be added to the certificate signing
// request (CSR).
type CsrExtensions struct {

	// Indicates the purpose of the certificate and of the key contained in the
	// certificate.
	KeyUsage *KeyUsage

	// For CA certificates, provides a path to additional information pertaining to
	// the CA, such as revocation and policy. For more information, see Subject
	// Information Access (https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.2)
	// in RFC 5280.
	SubjectInformationAccess []AccessDescription

	noSmithyDocumentSerde
}

// Defines the X.500 relative distinguished name (RDN).
type CustomAttribute struct {

	// Specifies the object identifier (OID) of the attribute type of the relative
	// distinguished name (RDN).
	//
	// This member is required.
	ObjectIdentifier *string

	// Specifies the attribute value of relative distinguished name (RDN).
	//
	// This member is required.
	Value *string

	noSmithyDocumentSerde
}

// Specifies the X.509 extension information for a certificate. Extensions present
// in CustomExtensions follow the ApiPassthrough template rules (https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations)
// .
type CustomExtension struct {

	// Specifies the object identifier (OID) of the X.509 extension. For more
	// information, see the Global OID reference database. (https://oidref.com/2.5.29)
	//
	// This member is required.
	ObjectIdentifier *string

	// Specifies the base64-encoded value of the X.509 extension.
	//
	// This member is required.
	Value *string

	// Specifies the critical flag of the X.509 extension.
	Critical *bool

	noSmithyDocumentSerde
}

// Describes an Electronic Data Interchange (EDI) entity as described in as
// defined in Subject Alternative Name (https://datatracker.ietf.org/doc/html/rfc5280)
// in RFC 5280.
type EdiPartyName struct {

	// Specifies the party name.
	//
	// This member is required.
	PartyName *string

	// Specifies the name assigner.
	NameAssigner *string

	noSmithyDocumentSerde
}

// Specifies additional purposes for which the certified public key may be used
// other than basic purposes indicated in the KeyUsage extension.
type ExtendedKeyUsage struct {

	// Specifies a custom ExtendedKeyUsage with an object identifier (OID).
	ExtendedKeyUsageObjectIdentifier *string

	// Specifies a standard ExtendedKeyUsage as defined as in RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12)
	// .
	ExtendedKeyUsageType ExtendedKeyUsageType

	noSmithyDocumentSerde
}

// Contains X.509 extension information for a certificate.
type Extensions struct {

	// Contains a sequence of one or more policy information terms, each of which
	// consists of an object identifier (OID) and optional qualifiers. For more
	// information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier)
	// . In an end-entity certificate, these terms indicate the policy under which the
	// certificate was issued and the purposes for which it may be used. In a CA
	// certificate, these terms limit the set of policies for certification paths that
	// include this certificate.
	CertificatePolicies []PolicyInformation

	// Contains a sequence of one or more X.509 extensions, each of which consists of
	// an object identifier (OID), a base64-encoded value, and the critical flag. For
	// more information, see the Global OID reference database. (https://oidref.com/2.5.29)
	CustomExtensions []CustomExtension

	// Specifies additional purposes for which the certified public key may be used
	// other than basic purposes indicated in the KeyUsage extension.
	ExtendedKeyUsage []ExtendedKeyUsage

	// Defines one or more purposes for which the key contained in the certificate can
	// be used. Default value for each option is false.
	KeyUsage *KeyUsage

	// The subject alternative name extension allows identities to be bound to the
	// subject of the certificate. These identities may be included in addition to or
	// in place of the identity in the subject field of the certificate.
	SubjectAlternativeNames []GeneralName

	noSmithyDocumentSerde
}

// Describes an ASN.1 X.400 GeneralName as defined in RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280)
// . Only one of the following naming options should be provided. Providing more
// than one option results in an InvalidArgsException error.
type GeneralName struct {

	// Contains information about the certificate subject. The Subject field in the
	// certificate identifies the entity that owns or controls the public key in the
	// certificate. The entity can be a user, computer, device, or service. The
	// Subject must contain an X.500 distinguished name (DN). A DN is a sequence of
	// relative distinguished names (RDNs). The RDNs are separated by commas in the
	// certificate.
	DirectoryName *ASN1Subject

	// Represents GeneralName as a DNS name.
	DnsName *string

	// Represents GeneralName as an EdiPartyName object.
	EdiPartyName *EdiPartyName

	// Represents GeneralName as an IPv4 or IPv6 address.
	IpAddress *string

	// Represents GeneralName using an OtherName object.
	OtherName *OtherName

	// Represents GeneralName as an object identifier (OID).
	RegisteredId *string

	// Represents GeneralName as an RFC 822 (https://datatracker.ietf.org/doc/html/rfc822)
	// email address.
	Rfc822Name *string

	// Represents GeneralName as a URI.
	UniformResourceIdentifier *string

	noSmithyDocumentSerde
}

// Defines one or more purposes for which the key contained in the certificate can
// be used. Default value for each option is false.
type KeyUsage struct {

	// Key can be used to sign CRLs.
	CRLSign bool

	// Key can be used to decipher data.
	DataEncipherment bool

	// Key can be used only to decipher data.
	DecipherOnly bool

	// Key can be used for digital signing.
	DigitalSignature bool

	// Key can be used only to encipher data.
	EncipherOnly bool

	// Key can be used in a key-agreement protocol.
	KeyAgreement bool

	// Key can be used to sign certificates.
	KeyCertSign bool

	// Key can be used to encipher data.
	KeyEncipherment bool

	// Key can be used for non-repudiation.
	NonRepudiation bool

	noSmithyDocumentSerde
}

// Contains information to enable and configure Online Certificate Status Protocol
// (OCSP) for validating certificate revocation status. When you revoke a
// certificate, OCSP responses may take up to 60 minutes to reflect the new status.
type OcspConfiguration struct {

	// Flag enabling use of the Online Certificate Status Protocol (OCSP) for
	// validating certificate revocation status.
	//
	// This member is required.
	Enabled *bool

	// By default, Amazon Web Services Private CA injects an Amazon Web Services
	// domain into certificates being validated by the Online Certificate Status
	// Protocol (OCSP). A customer can alternatively use this object to define a CNAME
	// specifying a customized OCSP domain. The content of a Canonical Name (CNAME)
	// record must conform to RFC2396 (https://www.ietf.org/rfc/rfc2396.txt)
	// restrictions on the use of special characters in URIs. Additionally, the value
	// of the CNAME must not include a protocol prefix such as "http://" or "https://".
	// For more information, see Customizing Online Certificate Status Protocol (OCSP)  (https://docs.aws.amazon.com/privateca/latest/userguide/ocsp-customize.html)
	// in the Amazon Web Services Private Certificate Authority User Guide.
	OcspCustomCname *string

	noSmithyDocumentSerde
}

// Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID) and
// value. The OID must satisfy the regular expression shown below. For more
// information, see NIST's definition of Object Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier)
// .
type OtherName struct {

	// Specifies an OID.
	//
	// This member is required.
	TypeId *string

	// Specifies an OID value.
	//
	// This member is required.
	Value *string

	noSmithyDocumentSerde
}

// Permissions designate which private CA actions can be performed by an Amazon
// Web Services service or entity. In order for ACM to automatically renew private
// certificates, you must give the ACM service principal all available permissions
// ( IssueCertificate , GetCertificate , and ListPermissions ). Permissions can be
// assigned with the CreatePermission (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html)
// action, removed with the DeletePermission (https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html)
// action, and listed with the ListPermissions (https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html)
// action.
type Permission struct {

	// The private CA actions that can be performed by the designated Amazon Web
	// Services service.
	Actions []ActionType

	// The Amazon Resource Number (ARN) of the private CA from which the permission
	// was issued.
	CertificateAuthorityArn *string

	// The time at which the permission was created.
	CreatedAt *time.Time

	// The name of the policy that is associated with the permission.
	Policy *string

	// The Amazon Web Services service or entity that holds the permission. At this
	// time, the only valid principal is acm.amazonaws.com .
	Principal *string

	// The ID of the account that assigned the permission.
	SourceAccount *string

	noSmithyDocumentSerde
}

// Defines the X.509 CertificatePolicies extension.
type PolicyInformation struct {

	// Specifies the object identifier (OID) of the certificate policy under which the
	// certificate was issued. For more information, see NIST's definition of Object
	// Identifier (OID) (https://csrc.nist.gov/glossary/term/Object_Identifier) .
	//
	// This member is required.
	CertPolicyId *string

	// Modifies the given CertPolicyId with a qualifier. Amazon Web Services Private
	// CA supports the certification practice statement (CPS) qualifier.
	PolicyQualifiers []PolicyQualifierInfo

	noSmithyDocumentSerde
}

// Modifies the CertPolicyId of a PolicyInformation object with a qualifier.
// Amazon Web Services Private CA supports the certification practice statement
// (CPS) qualifier.
type PolicyQualifierInfo struct {

	// Identifies the qualifier modifying a CertPolicyId .
	//
	// This member is required.
	PolicyQualifierId PolicyQualifierId

	// Defines the qualifier type. Amazon Web Services Private CA supports the use of
	// a URI for a CPS qualifier in this field.
	//
	// This member is required.
	Qualifier *Qualifier

	noSmithyDocumentSerde
}

// Defines a PolicyInformation qualifier. Amazon Web Services Private CA supports
// the certification practice statement (CPS) qualifier (https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4)
// defined in RFC 5280.
type Qualifier struct {

	// Contains a pointer to a certification practice statement (CPS) published by the
	// CA.
	//
	// This member is required.
	CpsUri *string

	noSmithyDocumentSerde
}

// Certificate revocation information used by the CreateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html)
// and UpdateCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html)
// actions. Your private certificate authority (CA) can configure Online
// Certificate Status Protocol (OCSP) support and/or maintain a certificate
// revocation list (CRL). OCSP returns validation information about certificates as
// requested by clients, and a CRL contains an updated list of certificates revoked
// by your CA. For more information, see RevokeCertificate (https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html)
// and Setting up a certificate revocation method (https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html)
// in the Amazon Web Services Private Certificate Authority User Guide.
type RevocationConfiguration struct {

	// Configuration of the certificate revocation list (CRL), if any, maintained by
	// your private CA. A CRL is typically updated approximately 30 minutes after a
	// certificate is revoked. If for any reason a CRL update fails, Amazon Web
	// Services Private CA makes further attempts every 15 minutes.
	CrlConfiguration *CrlConfiguration

	// Configuration of Online Certificate Status Protocol (OCSP) support, if any,
	// maintained by your private CA. When you revoke a certificate, OCSP responses may
	// take up to 60 minutes to reflect the new status.
	OcspConfiguration *OcspConfiguration

	noSmithyDocumentSerde
}

// Tags are labels that you can use to identify and organize your private CAs.
// Each tag consists of a key and an optional value. You can associate up to 50
// tags with a private CA. To add one or more tags to a private CA, call the
// TagCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_TagCertificateAuthority.html)
// action. To remove a tag, call the UntagCertificateAuthority (https://docs.aws.amazon.com/privateca/latest/APIReference/API_UntagCertificateAuthority.html)
// action.
type Tag struct {

	// Key (name) of the tag.
	//
	// This member is required.
	Key *string

	// Value of the tag.
	Value *string

	noSmithyDocumentSerde
}

// Validity specifies the period of time during which a certificate is valid.
// Validity can be expressed as an explicit date and time when the validity of a
// certificate starts or expires, or as a span of time after issuance, stated in
// days, months, or years. For more information, see Validity (https://tools.ietf.org/html/rfc5280#section-4.1.2.5)
// in RFC 5280. Amazon Web Services Private CA API consumes the Validity data type
// differently in two distinct parameters of the IssueCertificate action. The
// required parameter IssueCertificate : Validity specifies the end of a
// certificate's validity period. The optional parameter IssueCertificate :
// ValidityNotBefore specifies a customized starting time for the validity period.
type Validity struct {

	// Determines how Amazon Web Services Private CA interprets the Value parameter,
	// an integer. Supported validity types include those listed below. Type
	// definitions with values include a sample input value and the resulting output.
	// END_DATE : The specific date and time when the certificate will expire,
	// expressed using UTCTime (YYMMDDHHMMSS) or GeneralizedTime (YYYYMMDDHHMMSS)
	// format. When UTCTime is used, if the year field (YY) is greater than or equal to
	// 50, the year is interpreted as 19YY. If the year field is less than 50, the year
	// is interpreted as 20YY.
	//   - Sample input value: 491231235959 (UTCTime format)
	//   - Output expiration date/time: 12/31/2049 23:59:59
	// ABSOLUTE : The specific date and time when the validity of a certificate will
	// start or expire, expressed in seconds since the Unix Epoch.
	//   - Sample input value: 2524608000
	//   - Output expiration date/time: 01/01/2050 00:00:00
	// DAYS , MONTHS , YEARS : The relative time from the moment of issuance until the
	// certificate will expire, expressed in days, months, or years. Example if DAYS ,
	// issued on 10/12/2020 at 12:34:54 UTC:
	//   - Sample input value: 90
	//   - Output expiration date: 01/10/2020 12:34:54 UTC
	// The minimum validity duration for a certificate using relative time ( DAYS ) is
	// one day. The minimum validity for a certificate using absolute time ( ABSOLUTE
	// or END_DATE ) is one second.
	//
	// This member is required.
	Type ValidityPeriodType

	// A long integer interpreted according to the value of Type , below.
	//
	// This member is required.
	Value *int64

	noSmithyDocumentSerde
}

type noSmithyDocumentSerde = smithydocument.NoSerde