types

package
v1.29.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2024 License: Apache-2.0 Imports: 4 Imported by: 11

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ASN1Subject 

type ASN1Subject struct {

	// For CA and end-entity certificates in a private PKI, the common name (CN) can
	// be any string within the length limit.
	//
	// Note: In publicly trusted certificates, the common name must be a fully
	// qualified domain name (FQDN) associated with the certificate subject.
	CommonName *string

	// Two-digit code that specifies the country in which the certificate subject
	// located.
	Country *string

	// Contains a sequence of one or more X.500 relative distinguished names (RDNs),
	// each of which consists of an object identifier (OID) and a value. For more
	// information, see NIST’s definition of [Object Identifier (OID)].
	//
	// Custom attributes cannot be used in combination with standard attributes.
	//
	// [Object Identifier (OID)]: https://csrc.nist.gov/glossary/term/Object_Identifier
	CustomAttributes []CustomAttribute

	// Disambiguating information for the certificate subject.
	DistinguishedNameQualifier *string

	// Typically a qualifier appended to the name of an individual. Examples include
	// Jr. for junior, Sr. for senior, and III for third.
	GenerationQualifier *string

	// First name.
	GivenName *string

	// Concatenation that typically contains the first letter of the GivenName, the
	// first letter of the middle name if one exists, and the first letter of the
	// Surname.
	Initials *string

	// The locality (such as a city or town) in which the certificate subject is
	// located.
	Locality *string

	// Legal name of the organization with which the certificate subject is
	// affiliated.
	Organization *string

	// A subdivision or unit of the organization (such as sales or finance) with which
	// the certificate subject is affiliated.
	OrganizationalUnit *string

	// Typically a shortened version of a longer GivenName. For example, Jonathan is
	// often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
	Pseudonym *string

	// The certificate serial number.
	SerialNumber *string

	// State in which the subject of the certificate is located.
	State *string

	// Family name. In the US and the UK, for example, the surname of an individual is
	// ordered last. In Asian cultures the surname is typically ordered first.
	Surname *string

	// A title such as Mr. or Ms., which is pre-pended to the name to refer formally
	// to the certificate subject.
	Title *string
	// contains filtered or unexported fields
}

Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.

type AccessDescription added in v1.2.0 

type AccessDescription struct {

	// The location of AccessDescription information.
	//
	// This member is required.
	AccessLocation *GeneralName

	// The type and format of AccessDescription information.
	//
	// This member is required.
	AccessMethod *AccessMethod
	// contains filtered or unexported fields
}

Provides access information used by the authorityInfoAccess and subjectInfoAccess extensions described in RFC 5280.

type AccessMethod added in v1.2.0 

type AccessMethod struct {

	// Specifies the AccessMethod .
	AccessMethodType AccessMethodType

	// An object identifier (OID) specifying the AccessMethod . The OID must satisfy
	// the regular expression shown below. For more information, see NIST's definition
	// of [Object Identifier (OID)].
	//
	// [Object Identifier (OID)]: https://csrc.nist.gov/glossary/term/Object_Identifier
	CustomObjectIdentifier *string
	// contains filtered or unexported fields
}

Describes the type and format of extension access. Only one of CustomObjectIdentifier or AccessMethodType may be provided. Providing both results in InvalidArgsException .

type AccessMethodType added in v1.2.0 

type AccessMethodType string
const (
	AccessMethodTypeCaRepository        AccessMethodType = "CA_REPOSITORY"
	AccessMethodTypeResourcePkiManifest AccessMethodType = "RESOURCE_PKI_MANIFEST"
	AccessMethodTypeResourcePkiNotify   AccessMethodType = "RESOURCE_PKI_NOTIFY"
)

Enum values for AccessMethodType

func (AccessMethodType) Values added in v1.2.0 

func (AccessMethodType) Values() []AccessMethodType

Values returns all known values for AccessMethodType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ActionType 

type ActionType string
const (
	ActionTypeIssueCertificate ActionType = "IssueCertificate"
	ActionTypeGetCertificate   ActionType = "GetCertificate"
	ActionTypeListPermissions  ActionType = "ListPermissions"
)

Enum values for ActionType

func (ActionType) Values added in v0.29.0 

func (ActionType) Values() []ActionType

Values returns all known values for ActionType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ApiPassthrough added in v1.2.0 

type ApiPassthrough struct {

	// Specifies X.509 extension information for a certificate.
	Extensions *Extensions

	// Contains information about the certificate subject. The Subject field in the
	// certificate identifies the entity that owns or controls the public key in the
	// certificate. The entity can be a user, computer, device, or service. The
	// Subject must contain an X.500 distinguished name (DN). A DN is a sequence of
	// relative distinguished names (RDNs). The RDNs are separated by commas in the
	// certificate.
	Subject *ASN1Subject
	// contains filtered or unexported fields
}

Contains X.509 certificate information to be placed in an issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.

If conflicting or duplicate certificate information is supplied from other sources, Amazon Web Services Private CA applies order of operation rulesto determine what information is used.

type AuditReportResponseFormat 

type AuditReportResponseFormat string
const (
	AuditReportResponseFormatJson AuditReportResponseFormat = "JSON"
	AuditReportResponseFormatCsv  AuditReportResponseFormat = "CSV"
)

Enum values for AuditReportResponseFormat

func (AuditReportResponseFormat) Values added in v0.29.0 

func (AuditReportResponseFormat) Values() []AuditReportResponseFormat

Values returns all known values for AuditReportResponseFormat. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AuditReportStatus 

type AuditReportStatus string
const (
	AuditReportStatusCreating AuditReportStatus = "CREATING"
	AuditReportStatusSuccess  AuditReportStatus = "SUCCESS"
	AuditReportStatusFailed   AuditReportStatus = "FAILED"
)

Enum values for AuditReportStatus

func (AuditReportStatus) Values added in v0.29.0 

func (AuditReportStatus) Values() []AuditReportStatus

Values returns all known values for AuditReportStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CertificateAuthority 

type CertificateAuthority struct {

	// Amazon Resource Name (ARN) for your private certificate authority (CA). The
	// format is 12345678-1234-1234-1234-123456789012 .
	Arn *string

	// Your private CA configuration.
	CertificateAuthorityConfiguration *CertificateAuthorityConfiguration

	// Date and time at which your private CA was created.
	CreatedAt *time.Time

	// Reason the request to create your private CA failed.
	FailureReason FailureReason

	// Defines a cryptographic key management compliance standard used for handling CA
	// keys.
	//
	// Default: FIPS_140_2_LEVEL_3_OR_HIGHER
	//
	// Note: Amazon Web Services Region ap-northeast-3 supports only
	// FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and
	// value when creating a CA in that Region. Specifying a different value (or no
	// value) results in an InvalidArgsException with the message "A certificate
	// authority cannot be created in this region with the specified security
	// standard."
	KeyStorageSecurityStandard KeyStorageSecurityStandard

	// Date and time at which your private CA was last updated.
	LastStateChangeAt *time.Time

	// Date and time after which your private CA certificate is not valid.
	NotAfter *time.Time

	// Date and time before which your private CA certificate is not valid.
	NotBefore *time.Time

	// The Amazon Web Services account ID that owns the certificate authority.
	OwnerAccount *string

	// The period during which a deleted CA can be restored. For more information, see
	// the PermanentDeletionTimeInDays parameter of the [DeleteCertificateAuthorityRequest] action.
	//
	// [DeleteCertificateAuthorityRequest]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html
	RestorableUntil *time.Time

	// Information about the Online Certificate Status Protocol (OCSP) configuration
	// or certificate revocation list (CRL) created and maintained by your private CA.
	RevocationConfiguration *RevocationConfiguration

	// Serial number of your private CA.
	Serial *string

	// Status of your private CA.
	Status CertificateAuthorityStatus

	// Type of your private CA.
	Type CertificateAuthorityType

	// Specifies whether the CA issues general-purpose certificates that typically
	// require a revocation mechanism, or short-lived certificates that may optionally
	// omit revocation because they expire quickly. Short-lived certificate validity is
	// limited to seven days.
	//
	// The default value is GENERAL_PURPOSE.
	UsageMode CertificateAuthorityUsageMode
	// contains filtered or unexported fields
}

Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthorityaction to create your private CA. You must then call the GetCertificateAuthorityCertificateaction to retrieve a private CA certificate signing request (CSR). Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises root or subordinate CA certificate. Call the ImportCertificateAuthorityCertificate action to import the signed certificate into Certificate Manager (ACM).

type CertificateAuthorityConfiguration 

type CertificateAuthorityConfiguration struct {

	// Type of the public key algorithm and size, in bits, of the key pair that your
	// CA creates when it issues a certificate. When you create a subordinate CA, you
	// must use a key algorithm supported by the parent CA.
	//
	// This member is required.
	KeyAlgorithm KeyAlgorithm

	// Name of the algorithm your private CA uses to sign certificate requests.
	//
	// This parameter should not be confused with the SigningAlgorithm parameter used
	// to sign certificates when they are issued.
	//
	// This member is required.
	SigningAlgorithm SigningAlgorithm

	// Structure that contains X.500 distinguished name information for your private
	// CA.
	//
	// This member is required.
	Subject *ASN1Subject

	// Specifies information to be added to the extension section of the certificate
	// signing request (CSR).
	CsrExtensions *CsrExtensions
	// contains filtered or unexported fields
}

Contains configuration information for your private certificate authority (CA). This includes information about the class of public key algorithm and the key pair that your private CA creates when it issues a certificate. It also includes the signature algorithm that it uses when issuing certificates, and its X.500 distinguished name. You must specify this information when you call the CreateCertificateAuthorityaction.

type CertificateAuthorityStatus 

type CertificateAuthorityStatus string
const (
	CertificateAuthorityStatusCreating           CertificateAuthorityStatus = "CREATING"
	CertificateAuthorityStatusPendingCertificate CertificateAuthorityStatus = "PENDING_CERTIFICATE"
	CertificateAuthorityStatusActive             CertificateAuthorityStatus = "ACTIVE"
	CertificateAuthorityStatusDeleted            CertificateAuthorityStatus = "DELETED"
	CertificateAuthorityStatusDisabled           CertificateAuthorityStatus = "DISABLED"
	CertificateAuthorityStatusExpired            CertificateAuthorityStatus = "EXPIRED"
	CertificateAuthorityStatusFailed             CertificateAuthorityStatus = "FAILED"
)

Enum values for CertificateAuthorityStatus

func (CertificateAuthorityStatus) Values added in v0.29.0 

func (CertificateAuthorityStatus) Values() []CertificateAuthorityStatus

Values returns all known values for CertificateAuthorityStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CertificateAuthorityType 

type CertificateAuthorityType string
const (
	CertificateAuthorityTypeRoot        CertificateAuthorityType = "ROOT"
	CertificateAuthorityTypeSubordinate CertificateAuthorityType = "SUBORDINATE"
)

Enum values for CertificateAuthorityType

func (CertificateAuthorityType) Values added in v0.29.0 

func (CertificateAuthorityType) Values() []CertificateAuthorityType

Values returns all known values for CertificateAuthorityType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CertificateAuthorityUsageMode added in v1.19.0 

type CertificateAuthorityUsageMode string
const (
	CertificateAuthorityUsageModeGeneralPurpose        CertificateAuthorityUsageMode = "GENERAL_PURPOSE"
	CertificateAuthorityUsageModeShortLivedCertificate CertificateAuthorityUsageMode = "SHORT_LIVED_CERTIFICATE"
)

Enum values for CertificateAuthorityUsageMode

func (CertificateAuthorityUsageMode) Values added in v1.19.0 

func (CertificateAuthorityUsageMode) Values() []CertificateAuthorityUsageMode

Values returns all known values for CertificateAuthorityUsageMode. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CertificateMismatchException 

type CertificateMismatchException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The certificate authority certificate you are importing does not comply with conditions specified in the certificate that signed it.

func (*CertificateMismatchException) Error 

func (e *CertificateMismatchException) Error() string

func (*CertificateMismatchException) ErrorCode 

func (e *CertificateMismatchException) ErrorCode() string

func (*CertificateMismatchException) ErrorFault 

func (e *CertificateMismatchException) ErrorFault() smithy.ErrorFault

func (*CertificateMismatchException) ErrorMessage 

func (e *CertificateMismatchException) ErrorMessage() string

type ConcurrentModificationException 

type ConcurrentModificationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

A previous update to your private CA is still ongoing.

func (*ConcurrentModificationException) Error 

func (e *ConcurrentModificationException) Error() string

func (*ConcurrentModificationException) ErrorCode 

func (e *ConcurrentModificationException) ErrorCode() string

func (*ConcurrentModificationException) ErrorFault 

func (e *ConcurrentModificationException) ErrorFault() smithy.ErrorFault

func (*ConcurrentModificationException) ErrorMessage 

func (e *ConcurrentModificationException) ErrorMessage() string

type CrlConfiguration 

type CrlConfiguration struct {

	// Boolean value that specifies whether certificate revocation lists (CRLs) are
	// enabled. You can use this value to enable certificate revocation for a new CA
	// when you call the [CreateCertificateAuthority]action or for an existing CA when you call the [UpdateCertificateAuthority] action.
	//
	// [CreateCertificateAuthority]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
	// [UpdateCertificateAuthority]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
	//
	// This member is required.
	Enabled *bool

	// Configures the behavior of the CRL Distribution Point extension for
	// certificates issued by your certificate authority. If this field is not
	// provided, then the CRl Distribution Point Extension will be present and contain
	// the default CRL URL.
	CrlDistributionPointExtensionConfiguration *CrlDistributionPointExtensionConfiguration

	// Name inserted into the certificate CRL Distribution Points extension that
	// enables the use of an alias for the CRL distribution point. Use this value if
	// you don't want the name of your S3 bucket to be public.
	//
	// The content of a Canonical Name (CNAME) record must conform to [RFC2396] restrictions on
	// the use of special characters in URIs. Additionally, the value of the CNAME must
	// not include a protocol prefix such as "http://" or "https://".
	//
	// [RFC2396]: https://www.ietf.org/rfc/rfc2396.txt
	CustomCname *string

	// Validity period of the CRL in days.
	ExpirationInDays *int32

	// Name of the S3 bucket that contains the CRL. If you do not provide a value for
	// the CustomCname argument, the name of your S3 bucket is placed into the CRL
	// Distribution Points extension of the issued certificate. You can change the name
	// of your bucket by calling the [UpdateCertificateAuthority]operation. You must specify a [bucket policy] that allows Amazon
	// Web Services Private CA to write the CRL to your bucket.
	//
	// The S3BucketName parameter must conform to the [S3 bucket naming rules].
	//
	// [bucket policy]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies
	// [S3 bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
	// [UpdateCertificateAuthority]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
	S3BucketName *string

	// Determines whether the CRL will be publicly readable or privately held in the
	// CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over
	// the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of
	// the CRL S3 bucket can access the CRL, and your PKI clients may need an
	// alternative method of access.
	//
	// If no value is specified, the default is PUBLIC_READ .
	//
	// Note: This default can cause CA creation to fail in some circumstances. If you
	// have have enabled the Block Public Access (BPA) feature in your S3 account, then
	// you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL , and
	// not doing so results in an error. If you have disabled BPA in S3, then you can
	// specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.
	//
	// For more information, see [Blocking public access to the S3 bucket].
	//
	// [Blocking public access to the S3 bucket]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa
	S3ObjectAcl S3ObjectAcl
	// contains filtered or unexported fields
}

Contains configuration information for a certificate revocation list (CRL). Your private certificate authority (CA) creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by setting the Enabled parameter to true . Your private CA writes CRLs to an S3 bucket that you specify in the S3BucketName parameter. You can hide the name of your bucket by specifying a value for the CustomCname parameter. Your private CA by default copies the CNAME or the S3 bucket name to the CRL Distribution Points extension of each certificate it issues. If you want to configure this default behavior to be something different, you can set the CrlDistributionPointExtensionConfiguration parameter. Your S3 bucket policy must give write permission to Amazon Web Services Private CA.

Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see Encrypting Your CRLs.

Your private CA uses the value in the ExpirationInDays parameter to calculate the nextUpdate field in the CRL. The CRL is refreshed prior to a certificate's expiration date or when a certificate is revoked. When a certificate is revoked, it appears in the CRL until the certificate expires, and then in one additional CRL after expiration, and it always appears in the audit report.

A CRL is typically updated approximately 30 minutes after a certificate is revoked. If for any reason a CRL update fails, Amazon Web Services Private CA makes further attempts every 15 minutes.

CRLs contain the following fields:

  • Version: The current version number defined in RFC 5280 is V2. The integer value is 0x1.

  • Signature Algorithm: The name of the algorithm used to sign the CRL.

  • Issuer: The X.500 distinguished name of your private CA that issued the CRL.

  • Last Update: The issue date and time of this CRL.

  • Next Update: The day and time by which the next CRL will be issued.

  • Revoked Certificates: List of revoked certificates. Each list item contains the following information.

  • Serial Number: The serial number, in hexadecimal format, of the revoked certificate.

  • Revocation Date: Date and time the certificate was revoked.

  • CRL Entry Extensions: Optional extensions for the CRL entry.

  • X509v3 CRL Reason Code: Reason the certificate was revoked.

  • CRL Extensions: Optional extensions for the CRL.

  • X509v3 Authority Key Identifier: Identifies the public key associated with the private key used to sign the certificate.

  • X509v3 CRL Number:: Decimal sequence number for the CRL.

  • Signature Algorithm: Algorithm used by your private CA to sign the CRL.

  • Signature Value: Signature computed over the CRL.

Certificate revocation lists created by Amazon Web Services Private CA are DER-encoded. You can use the following OpenSSL command to list a CRL. 

openssl crl -inform DER -text -in crl_path -noout

For more information, see Planning a certificate revocation list (CRL) in the Amazon Web Services Private Certificate Authority User Guide

type CrlDistributionPointExtensionConfiguration added in v1.26.0 

type CrlDistributionPointExtensionConfiguration struct {

	// Configures whether the CRL Distribution Point extension should be populated
	// with the default URL to the CRL. If set to true , then the CDP extension will
	// not be present in any certificates issued by that CA unless otherwise specified
	// through CSR or API passthrough.
	//
	// Only set this if you have another way to distribute the CRL Distribution Points
	// ffor certificates issued by your CA, such as the Matter Distributed Compliance
	// Ledger
	//
	// This configuration cannot be enabled with a custom CNAME set.
	//
	// This member is required.
	OmitExtension *bool
	// contains filtered or unexported fields
}

Contains configuration information for the default behavior of the CRL Distribution Point (CDP) extension in certificates issued by your CA. This extension contains a link to download the CRL, so you can check whether a certificate has been revoked. To choose whether you want this extension omitted or not in certificates issued by your CA, you can set the OmitExtension parameter.

type CsrExtensions added in v1.2.0 

type CsrExtensions struct {

	// Indicates the purpose of the certificate and of the key contained in the
	// certificate.
	KeyUsage *KeyUsage

	// For CA certificates, provides a path to additional information pertaining to
	// the CA, such as revocation and policy. For more information, see [Subject Information Access]in RFC 5280.
	//
	// [Subject Information Access]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.2
	SubjectInformationAccess []AccessDescription
	// contains filtered or unexported fields
}

Describes the certificate extensions to be added to the certificate signing request (CSR).

type CustomAttribute added in v1.17.0 

type CustomAttribute struct {

	// Specifies the object identifier (OID) of the attribute type of the relative
	// distinguished name (RDN).
	//
	// This member is required.
	ObjectIdentifier *string

	// Specifies the attribute value of relative distinguished name (RDN).
	//
	// This member is required.
	Value *string
	// contains filtered or unexported fields
}

Defines the X.500 relative distinguished name (RDN).

type CustomExtension added in v1.17.0 

type CustomExtension struct {

	// Specifies the object identifier (OID) of the X.509 extension. For more
	// information, see the [Global OID reference database.]
	//
	// [Global OID reference database.]: https://oidref.com/2.5.29
	//
	// This member is required.
	ObjectIdentifier *string

	// Specifies the base64-encoded value of the X.509 extension.
	//
	// This member is required.
	Value *string

	// Specifies the critical flag of the X.509 extension.
	Critical *bool
	// contains filtered or unexported fields
}

Specifies the X.509 extension information for a certificate.

Extensions present in CustomExtensions follow the ApiPassthroughtemplate rules .

type EdiPartyName added in v1.2.0 

type EdiPartyName struct {

	// Specifies the party name.
	//
	// This member is required.
	PartyName *string

	// Specifies the name assigner.
	NameAssigner *string
	// contains filtered or unexported fields
}

Describes an Electronic Data Interchange (EDI) entity as described in as defined in Subject Alternative Namein RFC 5280.

type ExtendedKeyUsage added in v1.2.0 

type ExtendedKeyUsage struct {

	// Specifies a custom ExtendedKeyUsage with an object identifier (OID).
	ExtendedKeyUsageObjectIdentifier *string

	// Specifies a standard ExtendedKeyUsage as defined as in [RFC 5280].
	//
	// [RFC 5280]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12
	ExtendedKeyUsageType ExtendedKeyUsageType
	// contains filtered or unexported fields
}

Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.

type ExtendedKeyUsageType added in v1.2.0 

type ExtendedKeyUsageType string
const (
	ExtendedKeyUsageTypeServerAuth              ExtendedKeyUsageType = "SERVER_AUTH"
	ExtendedKeyUsageTypeClientAuth              ExtendedKeyUsageType = "CLIENT_AUTH"
	ExtendedKeyUsageTypeCodeSigning             ExtendedKeyUsageType = "CODE_SIGNING"
	ExtendedKeyUsageTypeEmailProtection         ExtendedKeyUsageType = "EMAIL_PROTECTION"
	ExtendedKeyUsageTypeTimeStamping            ExtendedKeyUsageType = "TIME_STAMPING"
	ExtendedKeyUsageTypeOcspSigning             ExtendedKeyUsageType = "OCSP_SIGNING"
	ExtendedKeyUsageTypeSmartCardLogin          ExtendedKeyUsageType = "SMART_CARD_LOGIN"
	ExtendedKeyUsageTypeDocumentSigning         ExtendedKeyUsageType = "DOCUMENT_SIGNING"
	ExtendedKeyUsageTypeCertificateTransparency ExtendedKeyUsageType = "CERTIFICATE_TRANSPARENCY"
)

Enum values for ExtendedKeyUsageType

func (ExtendedKeyUsageType) Values added in v1.2.0 

func (ExtendedKeyUsageType) Values() []ExtendedKeyUsageType

Values returns all known values for ExtendedKeyUsageType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type Extensions added in v1.2.0 

type Extensions struct {

	// Contains a sequence of one or more policy information terms, each of which
	// consists of an object identifier (OID) and optional qualifiers. For more
	// information, see NIST's definition of [Object Identifier (OID)].
	//
	// In an end-entity certificate, these terms indicate the policy under which the
	// certificate was issued and the purposes for which it may be used. In a CA
	// certificate, these terms limit the set of policies for certification paths that
	// include this certificate.
	//
	// [Object Identifier (OID)]: https://csrc.nist.gov/glossary/term/Object_Identifier
	CertificatePolicies []PolicyInformation

	// Contains a sequence of one or more X.509 extensions, each of which consists of
	// an object identifier (OID), a base64-encoded value, and the critical flag. For
	// more information, see the [Global OID reference database.]
	//
	// [Global OID reference database.]: https://oidref.com/2.5.29
	CustomExtensions []CustomExtension

	// Specifies additional purposes for which the certified public key may be used
	// other than basic purposes indicated in the KeyUsage extension.
	ExtendedKeyUsage []ExtendedKeyUsage

	// Defines one or more purposes for which the key contained in the certificate can
	// be used. Default value for each option is false.
	KeyUsage *KeyUsage

	// The subject alternative name extension allows identities to be bound to the
	// subject of the certificate. These identities may be included in addition to or
	// in place of the identity in the subject field of the certificate.
	SubjectAlternativeNames []GeneralName
	// contains filtered or unexported fields
}

Contains X.509 extension information for a certificate.

type FailureReason 

type FailureReason string
const (
	FailureReasonRequestTimedOut      FailureReason = "REQUEST_TIMED_OUT"
	FailureReasonUnsupportedAlgorithm FailureReason = "UNSUPPORTED_ALGORITHM"
	FailureReasonOther                FailureReason = "OTHER"
)

Enum values for FailureReason

func (FailureReason) Values added in v0.29.0 

func (FailureReason) Values() []FailureReason

Values returns all known values for FailureReason. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type GeneralName added in v1.2.0 

type GeneralName struct {

	// Contains information about the certificate subject. The Subject field in the
	// certificate identifies the entity that owns or controls the public key in the
	// certificate. The entity can be a user, computer, device, or service. The
	// Subject must contain an X.500 distinguished name (DN). A DN is a sequence of
	// relative distinguished names (RDNs). The RDNs are separated by commas in the
	// certificate.
	DirectoryName *ASN1Subject

	// Represents GeneralName as a DNS name.
	DnsName *string

	// Represents GeneralName as an EdiPartyName object.
	EdiPartyName *EdiPartyName

	// Represents GeneralName as an IPv4 or IPv6 address.
	IpAddress *string

	// Represents GeneralName using an OtherName object.
	OtherName *OtherName

	//  Represents GeneralName as an object identifier (OID).
	RegisteredId *string

	// Represents GeneralName as an [RFC 822] email address.
	//
	// [RFC 822]: https://datatracker.ietf.org/doc/html/rfc822
	Rfc822Name *string

	// Represents GeneralName as a URI.
	UniformResourceIdentifier *string
	// contains filtered or unexported fields
}

Describes an ASN.1 X.400 GeneralName as defined in RFC 5280. Only one of the following naming options should be provided. Providing more than one option results in an InvalidArgsException error.

type InvalidArgsException 

type InvalidArgsException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

One or more of the specified arguments was not valid.

func (*InvalidArgsException) Error 

func (e *InvalidArgsException) Error() string

func (*InvalidArgsException) ErrorCode 

func (e *InvalidArgsException) ErrorCode() string

func (*InvalidArgsException) ErrorFault 

func (e *InvalidArgsException) ErrorFault() smithy.ErrorFault

func (*InvalidArgsException) ErrorMessage 

func (e *InvalidArgsException) ErrorMessage() string

type InvalidArnException 

type InvalidArnException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The requested Amazon Resource Name (ARN) does not refer to an existing resource.

func (*InvalidArnException) Error 

func (e *InvalidArnException) Error() string

func (*InvalidArnException) ErrorCode 

func (e *InvalidArnException) ErrorCode() string

func (*InvalidArnException) ErrorFault 

func (e *InvalidArnException) ErrorFault() smithy.ErrorFault

func (*InvalidArnException) ErrorMessage 

func (e *InvalidArnException) ErrorMessage() string

type InvalidNextTokenException 

type InvalidNextTokenException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The token specified in the NextToken argument is not valid. Use the token returned from your previous call to ListCertificateAuthorities.

func (*InvalidNextTokenException) Error 

func (e *InvalidNextTokenException) Error() string

func (*InvalidNextTokenException) ErrorCode 

func (e *InvalidNextTokenException) ErrorCode() string

func (*InvalidNextTokenException) ErrorFault 

func (e *InvalidNextTokenException) ErrorFault() smithy.ErrorFault

func (*InvalidNextTokenException) ErrorMessage 

func (e *InvalidNextTokenException) ErrorMessage() string

type InvalidPolicyException 

type InvalidPolicyException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The resource policy is invalid or is missing a required statement. For general information about IAM policy and statement structure, see Overview of JSON Policies.

func (*InvalidPolicyException) Error 

func (e *InvalidPolicyException) Error() string

func (*InvalidPolicyException) ErrorCode 

func (e *InvalidPolicyException) ErrorCode() string

func (*InvalidPolicyException) ErrorFault 

func (e *InvalidPolicyException) ErrorFault() smithy.ErrorFault

func (*InvalidPolicyException) ErrorMessage 

func (e *InvalidPolicyException) ErrorMessage() string

type InvalidRequestException 

type InvalidRequestException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request action cannot be performed or is prohibited.

func (*InvalidRequestException) Error 

func (e *InvalidRequestException) Error() string

func (*InvalidRequestException) ErrorCode 

func (e *InvalidRequestException) ErrorCode() string

func (*InvalidRequestException) ErrorFault 

func (e *InvalidRequestException) ErrorFault() smithy.ErrorFault

func (*InvalidRequestException) ErrorMessage 

func (e *InvalidRequestException) ErrorMessage() string

type InvalidStateException 

type InvalidStateException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The state of the private CA does not allow this action to occur.

func (*InvalidStateException) Error 

func (e *InvalidStateException) Error() string

func (*InvalidStateException) ErrorCode 

func (e *InvalidStateException) ErrorCode() string

func (*InvalidStateException) ErrorFault 

func (e *InvalidStateException) ErrorFault() smithy.ErrorFault

func (*InvalidStateException) ErrorMessage 

func (e *InvalidStateException) ErrorMessage() string

type InvalidTagException 

type InvalidTagException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The tag associated with the CA is not valid. The invalid argument is contained in the message field.

func (*InvalidTagException) Error 

func (e *InvalidTagException) Error() string

func (*InvalidTagException) ErrorCode 

func (e *InvalidTagException) ErrorCode() string

func (*InvalidTagException) ErrorFault 

func (e *InvalidTagException) ErrorFault() smithy.ErrorFault

func (*InvalidTagException) ErrorMessage 

func (e *InvalidTagException) ErrorMessage() string

type KeyAlgorithm 

type KeyAlgorithm string
const (
	KeyAlgorithmRsa2048      KeyAlgorithm = "RSA_2048"
	KeyAlgorithmRsa4096      KeyAlgorithm = "RSA_4096"
	KeyAlgorithmEcPrime256v1 KeyAlgorithm = "EC_prime256v1"
	KeyAlgorithmEcSecp384r1  KeyAlgorithm = "EC_secp384r1"
)

Enum values for KeyAlgorithm

func (KeyAlgorithm) Values added in v0.29.0 

func (KeyAlgorithm) Values() []KeyAlgorithm

Values returns all known values for KeyAlgorithm. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type KeyStorageSecurityStandard added in v1.3.0 

type KeyStorageSecurityStandard string
const (
	KeyStorageSecurityStandardFips1402Level2OrHigher KeyStorageSecurityStandard = "FIPS_140_2_LEVEL_2_OR_HIGHER"
	KeyStorageSecurityStandardFips1402Level3OrHigher KeyStorageSecurityStandard = "FIPS_140_2_LEVEL_3_OR_HIGHER"
)

Enum values for KeyStorageSecurityStandard

func (KeyStorageSecurityStandard) Values added in v1.3.0 

func (KeyStorageSecurityStandard) Values() []KeyStorageSecurityStandard

Values returns all known values for KeyStorageSecurityStandard. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type KeyUsage added in v1.2.0 

type KeyUsage struct {

	// Key can be used to sign CRLs.
	CRLSign bool

	// Key can be used to decipher data.
	DataEncipherment bool

	// Key can be used only to decipher data.
	DecipherOnly bool

	//  Key can be used for digital signing.
	DigitalSignature bool

	// Key can be used only to encipher data.
	EncipherOnly bool

	// Key can be used in a key-agreement protocol.
	KeyAgreement bool

	// Key can be used to sign certificates.
	KeyCertSign bool

	// Key can be used to encipher data.
	KeyEncipherment bool

	// Key can be used for non-repudiation.
	NonRepudiation bool
	// contains filtered or unexported fields
}

Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.

type LimitExceededException 

type LimitExceededException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

An Amazon Web Services Private CA quota has been exceeded. See the exception message returned to determine the quota that was exceeded.

func (*LimitExceededException) Error 

func (e *LimitExceededException) Error() string

func (*LimitExceededException) ErrorCode 

func (e *LimitExceededException) ErrorCode() string

func (*LimitExceededException) ErrorFault 

func (e *LimitExceededException) ErrorFault() smithy.ErrorFault

func (*LimitExceededException) ErrorMessage 

func (e *LimitExceededException) ErrorMessage() string

type LockoutPreventedException added in v0.29.0 

type LockoutPreventedException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The current action was prevented because it would lock the caller out from performing subsequent actions. Verify that the specified parameters would not result in the caller being denied access to the resource.

func (*LockoutPreventedException) Error added in v0.29.0 

func (e *LockoutPreventedException) Error() string

func (*LockoutPreventedException) ErrorCode added in v0.29.0 

func (e *LockoutPreventedException) ErrorCode() string

func (*LockoutPreventedException) ErrorFault added in v0.29.0 

func (e *LockoutPreventedException) ErrorFault() smithy.ErrorFault

func (*LockoutPreventedException) ErrorMessage added in v0.29.0 

func (e *LockoutPreventedException) ErrorMessage() string

type MalformedCSRException 

type MalformedCSRException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The certificate signing request is invalid.

func (*MalformedCSRException) Error 

func (e *MalformedCSRException) Error() string

func (*MalformedCSRException) ErrorCode 

func (e *MalformedCSRException) ErrorCode() string

func (*MalformedCSRException) ErrorFault 

func (e *MalformedCSRException) ErrorFault() smithy.ErrorFault

func (*MalformedCSRException) ErrorMessage 

func (e *MalformedCSRException) ErrorMessage() string

type MalformedCertificateException 

type MalformedCertificateException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

One or more fields in the certificate are invalid.

func (*MalformedCertificateException) Error 

func (e *MalformedCertificateException) Error() string

func (*MalformedCertificateException) ErrorCode 

func (e *MalformedCertificateException) ErrorCode() string

func (*MalformedCertificateException) ErrorFault 

func (e *MalformedCertificateException) ErrorFault() smithy.ErrorFault

func (*MalformedCertificateException) ErrorMessage 

func (e *MalformedCertificateException) ErrorMessage() string

type OcspConfiguration added in v1.8.0 

type OcspConfiguration struct {

	// Flag enabling use of the Online Certificate Status Protocol (OCSP) for
	// validating certificate revocation status.
	//
	// This member is required.
	Enabled *bool

	// By default, Amazon Web Services Private CA injects an Amazon Web Services
	// domain into certificates being validated by the Online Certificate Status
	// Protocol (OCSP). A customer can alternatively use this object to define a CNAME
	// specifying a customized OCSP domain.
	//
	// The content of a Canonical Name (CNAME) record must conform to [RFC2396] restrictions on
	// the use of special characters in URIs. Additionally, the value of the CNAME must
	// not include a protocol prefix such as "http://" or "https://".
	//
	// For more information, see [Customizing Online Certificate Status Protocol (OCSP)] in the Amazon Web Services Private Certificate
	// Authority User Guide.
	//
	// [RFC2396]: https://www.ietf.org/rfc/rfc2396.txt
	// [Customizing Online Certificate Status Protocol (OCSP)]: https://docs.aws.amazon.com/privateca/latest/userguide/ocsp-customize.html
	OcspCustomCname *string
	// contains filtered or unexported fields
}

Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.

When you revoke a certificate, OCSP responses may take up to 60 minutes to reflect the new status.

type OtherName added in v1.2.0 

type OtherName struct {

	// Specifies an OID.
	//
	// This member is required.
	TypeId *string

	// Specifies an OID value.
	//
	// This member is required.
	Value *string
	// contains filtered or unexported fields
}

Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID) and value. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of Object Identifier (OID).

type Permission 

type Permission struct {

	// The private CA actions that can be performed by the designated Amazon Web
	// Services service.
	Actions []ActionType

	// The Amazon Resource Number (ARN) of the private CA from which the permission
	// was issued.
	CertificateAuthorityArn *string

	// The time at which the permission was created.
	CreatedAt *time.Time

	// The name of the policy that is associated with the permission.
	Policy *string

	// The Amazon Web Services service or entity that holds the permission. At this
	// time, the only valid principal is acm.amazonaws.com .
	Principal *string

	// The ID of the account that assigned the permission.
	SourceAccount *string
	// contains filtered or unexported fields
}

Permissions designate which private CA actions can be performed by an Amazon Web Services service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions ( IssueCertificate , GetCertificate , and ListPermissions ). Permissions can be assigned with the CreatePermissionaction, removed with the DeletePermission action, and listed with the ListPermissions action.

type PermissionAlreadyExistsException 

type PermissionAlreadyExistsException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The designated permission has already been given to the user.

func (*PermissionAlreadyExistsException) Error 

func (e *PermissionAlreadyExistsException) Error() string

func (*PermissionAlreadyExistsException) ErrorCode 

func (e *PermissionAlreadyExistsException) ErrorCode() string

func (*PermissionAlreadyExistsException) ErrorFault 

func (e *PermissionAlreadyExistsException) ErrorFault() smithy.ErrorFault

func (*PermissionAlreadyExistsException) ErrorMessage 

func (e *PermissionAlreadyExistsException) ErrorMessage() string

type PolicyInformation added in v1.2.0 

type PolicyInformation struct {

	// Specifies the object identifier (OID) of the certificate policy under which the
	// certificate was issued. For more information, see NIST's definition of [Object Identifier (OID)].
	//
	// [Object Identifier (OID)]: https://csrc.nist.gov/glossary/term/Object_Identifier
	//
	// This member is required.
	CertPolicyId *string

	// Modifies the given CertPolicyId with a qualifier. Amazon Web Services Private
	// CA supports the certification practice statement (CPS) qualifier.
	PolicyQualifiers []PolicyQualifierInfo
	// contains filtered or unexported fields
}

Defines the X.509 CertificatePolicies extension.

type PolicyQualifierId added in v1.2.0 

type PolicyQualifierId string
const (
	PolicyQualifierIdCps PolicyQualifierId = "CPS"
)

Enum values for PolicyQualifierId

func (PolicyQualifierId) Values added in v1.2.0 

func (PolicyQualifierId) Values() []PolicyQualifierId

Values returns all known values for PolicyQualifierId. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PolicyQualifierInfo added in v1.2.0 

type PolicyQualifierInfo struct {

	// Identifies the qualifier modifying a CertPolicyId .
	//
	// This member is required.
	PolicyQualifierId PolicyQualifierId

	// Defines the qualifier type. Amazon Web Services Private CA supports the use of
	// a URI for a CPS qualifier in this field.
	//
	// This member is required.
	Qualifier *Qualifier
	// contains filtered or unexported fields
}

Modifies the CertPolicyId of a PolicyInformation object with a qualifier. Amazon Web Services Private CA supports the certification practice statement (CPS) qualifier.

type Qualifier added in v1.2.0 

type Qualifier struct {

	// Contains a pointer to a certification practice statement (CPS) published by the
	// CA.
	//
	// This member is required.
	CpsUri *string
	// contains filtered or unexported fields
}

Defines a PolicyInformation qualifier. Amazon Web Services Private CA supports the certification practice statement (CPS) qualifierdefined in RFC 5280.

type RequestAlreadyProcessedException 

type RequestAlreadyProcessedException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

Your request has already been completed.

func (*RequestAlreadyProcessedException) Error 

func (e *RequestAlreadyProcessedException) Error() string

func (*RequestAlreadyProcessedException) ErrorCode 

func (e *RequestAlreadyProcessedException) ErrorCode() string

func (*RequestAlreadyProcessedException) ErrorFault 

func (e *RequestAlreadyProcessedException) ErrorFault() smithy.ErrorFault

func (*RequestAlreadyProcessedException) ErrorMessage 

func (e *RequestAlreadyProcessedException) ErrorMessage() string

type RequestFailedException 

type RequestFailedException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The request has failed for an unspecified reason.

func (*RequestFailedException) Error 

func (e *RequestFailedException) Error() string

func (*RequestFailedException) ErrorCode 

func (e *RequestFailedException) ErrorCode() string

func (*RequestFailedException) ErrorFault 

func (e *RequestFailedException) ErrorFault() smithy.ErrorFault

func (*RequestFailedException) ErrorMessage 

func (e *RequestFailedException) ErrorMessage() string

type RequestInProgressException 

type RequestInProgressException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

Your request is already in progress.

func (*RequestInProgressException) Error 

func (e *RequestInProgressException) Error() string

func (*RequestInProgressException) ErrorCode 

func (e *RequestInProgressException) ErrorCode() string

func (*RequestInProgressException) ErrorFault 

func (e *RequestInProgressException) ErrorFault() smithy.ErrorFault

func (*RequestInProgressException) ErrorMessage 

func (e *RequestInProgressException) ErrorMessage() string

type ResourceNotFoundException 

type ResourceNotFoundException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot be found.

func (*ResourceNotFoundException) Error 

func (e *ResourceNotFoundException) Error() string

func (*ResourceNotFoundException) ErrorCode 

func (e *ResourceNotFoundException) ErrorCode() string

func (*ResourceNotFoundException) ErrorFault 

func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault

func (*ResourceNotFoundException) ErrorMessage 

func (e *ResourceNotFoundException) ErrorMessage() string

type ResourceOwner added in v0.29.0 

type ResourceOwner string
const (
	ResourceOwnerSelf          ResourceOwner = "SELF"
	ResourceOwnerOtherAccounts ResourceOwner = "OTHER_ACCOUNTS"
)

Enum values for ResourceOwner

func (ResourceOwner) Values added in v0.29.0 

func (ResourceOwner) Values() []ResourceOwner

Values returns all known values for ResourceOwner. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type RevocationConfiguration 

type RevocationConfiguration struct {

	// Configuration of the certificate revocation list (CRL), if any, maintained by
	// your private CA. A CRL is typically updated approximately 30 minutes after a
	// certificate is revoked. If for any reason a CRL update fails, Amazon Web
	// Services Private CA makes further attempts every 15 minutes.
	CrlConfiguration *CrlConfiguration

	// Configuration of Online Certificate Status Protocol (OCSP) support, if any,
	// maintained by your private CA. When you revoke a certificate, OCSP responses may
	// take up to 60 minutes to reflect the new status.
	OcspConfiguration *OcspConfiguration
	// contains filtered or unexported fields
}

Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificateand Setting up a certificate revocation method in the Amazon Web Services Private Certificate Authority User Guide.

type RevocationReason 

type RevocationReason string
const (
	RevocationReasonUnspecified                    RevocationReason = "UNSPECIFIED"
	RevocationReasonKeyCompromise                  RevocationReason = "KEY_COMPROMISE"
	RevocationReasonCertificateAuthorityCompromise RevocationReason = "CERTIFICATE_AUTHORITY_COMPROMISE"
	RevocationReasonAffiliationChanged             RevocationReason = "AFFILIATION_CHANGED"
	RevocationReasonSuperseded                     RevocationReason = "SUPERSEDED"
	RevocationReasonCessationOfOperation           RevocationReason = "CESSATION_OF_OPERATION"
	RevocationReasonPrivilegeWithdrawn             RevocationReason = "PRIVILEGE_WITHDRAWN"
	RevocationReasonAACompromise                   RevocationReason = "A_A_COMPROMISE"
)

Enum values for RevocationReason

func (RevocationReason) Values added in v0.29.0 

func (RevocationReason) Values() []RevocationReason

Values returns all known values for RevocationReason. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type S3ObjectAcl added in v1.5.0 

type S3ObjectAcl string
const (
	S3ObjectAclPublicRead             S3ObjectAcl = "PUBLIC_READ"
	S3ObjectAclBucketOwnerFullControl S3ObjectAcl = "BUCKET_OWNER_FULL_CONTROL"
)

Enum values for S3ObjectAcl

func (S3ObjectAcl) Values added in v1.5.0 

func (S3ObjectAcl) Values() []S3ObjectAcl

Values returns all known values for S3ObjectAcl. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type SigningAlgorithm 

type SigningAlgorithm string
const (
	SigningAlgorithmSha256withecdsa SigningAlgorithm = "SHA256WITHECDSA"
	SigningAlgorithmSha384withecdsa SigningAlgorithm = "SHA384WITHECDSA"
	SigningAlgorithmSha512withecdsa SigningAlgorithm = "SHA512WITHECDSA"
	SigningAlgorithmSha256withrsa   SigningAlgorithm = "SHA256WITHRSA"
	SigningAlgorithmSha384withrsa   SigningAlgorithm = "SHA384WITHRSA"
	SigningAlgorithmSha512withrsa   SigningAlgorithm = "SHA512WITHRSA"
)

Enum values for SigningAlgorithm

func (SigningAlgorithm) Values added in v0.29.0 

func (SigningAlgorithm) Values() []SigningAlgorithm

Values returns all known values for SigningAlgorithm. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type Tag 

type Tag struct {

	// Key (name) of the tag.
	//
	// This member is required.
	Key *string

	// Value of the tag.
	Value *string
	// contains filtered or unexported fields
}

Tags are labels that you can use to identify and organize your private CAs. Each tag consists of a key and an optional value. You can associate up to 50 tags with a private CA. To add one or more tags to a private CA, call the TagCertificateAuthority action. To remove a tag, call the UntagCertificateAuthorityaction.

type TooManyTagsException 

type TooManyTagsException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

You can associate up to 50 tags with a private CA. Exception information is contained in the exception message field.

func (*TooManyTagsException) Error 

func (e *TooManyTagsException) Error() string

func (*TooManyTagsException) ErrorCode 

func (e *TooManyTagsException) ErrorCode() string

func (*TooManyTagsException) ErrorFault 

func (e *TooManyTagsException) ErrorFault() smithy.ErrorFault

func (*TooManyTagsException) ErrorMessage 

func (e *TooManyTagsException) ErrorMessage() string

type Validity 

type Validity struct {

	// Determines how Amazon Web Services Private CA interprets the Value parameter,
	// an integer. Supported validity types include those listed below. Type
	// definitions with values include a sample input value and the resulting output.
	//
	// END_DATE : The specific date and time when the certificate will expire,
	// expressed using UTCTime (YYMMDDHHMMSS) or GeneralizedTime (YYYYMMDDHHMMSS)
	// format. When UTCTime is used, if the year field (YY) is greater than or equal to
	// 50, the year is interpreted as 19YY. If the year field is less than 50, the year
	// is interpreted as 20YY.
	//
	//   - Sample input value: 491231235959 (UTCTime format)
	//
	//   - Output expiration date/time: 12/31/2049 23:59:59
	//
	// ABSOLUTE : The specific date and time when the validity of a certificate will
	// start or expire, expressed in seconds since the Unix Epoch.
	//
	//   - Sample input value: 2524608000
	//
	//   - Output expiration date/time: 01/01/2050 00:00:00
	//
	// DAYS , MONTHS , YEARS : The relative time from the moment of issuance until the
	// certificate will expire, expressed in days, months, or years.
	//
	// Example if DAYS , issued on 10/12/2020 at 12:34:54 UTC:
	//
	//   - Sample input value: 90
	//
	//   - Output expiration date: 01/10/2020 12:34:54 UTC
	//
	// The minimum validity duration for a certificate using relative time ( DAYS ) is
	// one day. The minimum validity for a certificate using absolute time ( ABSOLUTE
	// or END_DATE ) is one second.
	//
	// This member is required.
	Type ValidityPeriodType

	// A long integer interpreted according to the value of Type , below.
	//
	// This member is required.
	Value *int64
	// contains filtered or unexported fields
}

Validity specifies the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the validity of a certificate starts or expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validityin RFC 5280.

Amazon Web Services Private CA API consumes the Validity data type differently in two distinct parameters of the IssueCertificate action. The required parameter IssueCertificate : Validity specifies the end of a certificate's validity period. The optional parameter IssueCertificate : ValidityNotBefore specifies a customized starting time for the validity period.

type ValidityPeriodType 

type ValidityPeriodType string
const (
	ValidityPeriodTypeEndDate  ValidityPeriodType = "END_DATE"
	ValidityPeriodTypeAbsolute ValidityPeriodType = "ABSOLUTE"
	ValidityPeriodTypeDays     ValidityPeriodType = "DAYS"
	ValidityPeriodTypeMonths   ValidityPeriodType = "MONTHS"
	ValidityPeriodTypeYears    ValidityPeriodType = "YEARS"
)

Enum values for ValidityPeriodType

func (ValidityPeriodType) Values added in v0.29.0 

func (ValidityPeriodType) Values() []ValidityPeriodType

Values returns all known values for ValidityPeriodType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.