package types

import "github.com/aws/aws-sdk-go-v2/service/acmpca/types"

Index

Types

type ASN1Subject 

type ASN1Subject struct {

	// Fully qualified domain name (FQDN) associated with the certificate subject.
	CommonName *string

	// Two-digit code that specifies the country in which the certificate subject
	// located.
	Country *string

	// Disambiguating information for the certificate subject.
	DistinguishedNameQualifier *string

	// Typically a qualifier appended to the name of an individual. Examples include
	// Jr. for junior, Sr. for senior, and III for third.
	GenerationQualifier *string

	// First name.
	GivenName *string

	// Concatenation that typically contains the first letter of the GivenName, the
	// first letter of the middle name if one exists, and the first letter of the
	// SurName.
	Initials *string

	// The locality (such as a city or town) in which the certificate subject is
	// located.
	Locality *string

	// Legal name of the organization with which the certificate subject is affiliated.
	Organization *string

	// A subdivision or unit of the organization (such as sales or finance) with which
	// the certificate subject is affiliated.
	OrganizationalUnit *string

	// Typically a shortened version of a longer GivenName. For example, Jonathan is
	// often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
	Pseudonym *string

	// The certificate serial number.
	SerialNumber *string

	// State in which the subject of the certificate is located.
	State *string

	// Family name. In the US and the UK, for example, the surname of an individual is
	// ordered last. In Asian cultures the surname is typically ordered first.
	Surname *string

	// A title such as Mr. or Ms., which is pre-pended to the name to refer formally to
	// the certificate subject.
	Title *string
}

Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.

type ActionType 

type ActionType string
const (
	ActionTypeIssuecertificate ActionType = "IssueCertificate"
	ActionTypeGetcertificate   ActionType = "GetCertificate"
	ActionTypeListpermissions  ActionType = "ListPermissions"
)

Enum values for ActionType

type AuditReportResponseFormat 

type AuditReportResponseFormat string
const (
	AuditReportResponseFormatJson AuditReportResponseFormat = "JSON"
	AuditReportResponseFormatCsv  AuditReportResponseFormat = "CSV"
)

Enum values for AuditReportResponseFormat

type AuditReportStatus 

type AuditReportStatus string
const (
	AuditReportStatusCreating AuditReportStatus = "CREATING"
	AuditReportStatusSuccess  AuditReportStatus = "SUCCESS"
	AuditReportStatusFailed   AuditReportStatus = "FAILED"
)

Enum values for AuditReportStatus

type CertificateAuthority 

type CertificateAuthority struct {

	// Amazon Resource Name (ARN) for your private certificate authority (CA). The
	// format is  12345678-1234-1234-1234-123456789012 .
	Arn *string

	// Your private CA configuration.
	CertificateAuthorityConfiguration *CertificateAuthorityConfiguration

	// Date and time at which your private CA was created.
	CreatedAt *time.Time

	// Reason the request to create your private CA failed.
	FailureReason FailureReason

	// Date and time at which your private CA was last updated.
	LastStateChangeAt *time.Time

	// Date and time after which your private CA certificate is not valid.
	NotAfter *time.Time

	// Date and time before which your private CA certificate is not valid.
	NotBefore *time.Time

	// The period during which a deleted CA can be restored. For more information, see
	// the PermanentDeletionTimeInDays parameter of the
	// DeleteCertificateAuthorityRequest action.
	RestorableUntil *time.Time

	// Information about the certificate revocation list (CRL) created and maintained
	// by your private CA.
	RevocationConfiguration *RevocationConfiguration

	// Serial number of your private CA.
	Serial *string

	// Status of your private CA.
	Status CertificateAuthorityStatus

	// Type of your private CA.
	Type CertificateAuthorityType
}

Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority action to create your private CA. You must then call the GetCertificateAuthorityCertificate action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your ACM Private CA-hosted or on-premises root or subordinate CA certificate. Call the ImportCertificateAuthorityCertificate action to import the signed certificate into AWS Certificate Manager (ACM).

type CertificateAuthorityConfiguration 

type CertificateAuthorityConfiguration struct {

	// Type of the public key algorithm and size, in bits, of the key pair that your CA
	// creates when it issues a certificate. When you create a subordinate CA, you must
	// use a key algorithm supported by the parent CA.
	//
	// This member is required.
	KeyAlgorithm KeyAlgorithm

	// Name of the algorithm your private CA uses to sign certificate requests.
	//
	// This member is required.
	SigningAlgorithm SigningAlgorithm

	// Structure that contains X.500 distinguished name information for your private
	// CA.
	//
	// This member is required.
	Subject *ASN1Subject
}

Contains configuration information for your private certificate authority (CA). This includes information about the class of public key algorithm and the key pair that your private CA creates when it issues a certificate. It also includes the signature algorithm that it uses when issuing certificates, and its X.500 distinguished name. You must specify this information when you call the CreateCertificateAuthority action.

type CertificateAuthorityStatus 

type CertificateAuthorityStatus string
const (
	CertificateAuthorityStatusCreating            CertificateAuthorityStatus = "CREATING"
	CertificateAuthorityStatusPending_certificate CertificateAuthorityStatus = "PENDING_CERTIFICATE"
	CertificateAuthorityStatusActive              CertificateAuthorityStatus = "ACTIVE"
	CertificateAuthorityStatusDeleted             CertificateAuthorityStatus = "DELETED"
	CertificateAuthorityStatusDisabled            CertificateAuthorityStatus = "DISABLED"
	CertificateAuthorityStatusExpired             CertificateAuthorityStatus = "EXPIRED"
	CertificateAuthorityStatusFailed              CertificateAuthorityStatus = "FAILED"
)

Enum values for CertificateAuthorityStatus

type CertificateAuthorityType 

type CertificateAuthorityType string
const (
	CertificateAuthorityTypeRoot        CertificateAuthorityType = "ROOT"
	CertificateAuthorityTypeSubordinate CertificateAuthorityType = "SUBORDINATE"
)

Enum values for CertificateAuthorityType

type CertificateMismatchException 

type CertificateMismatchException struct {
	Message *string
}

The certificate authority certificate you are importing does not comply with conditions specified in the certificate that signed it.

func (*CertificateMismatchException) Error 

func (e *CertificateMismatchException) Error() string

func (*CertificateMismatchException) ErrorCode 

func (e *CertificateMismatchException) ErrorCode() string

func (*CertificateMismatchException) ErrorFault 

func (e *CertificateMismatchException) ErrorFault() smithy.ErrorFault

func (*CertificateMismatchException) ErrorMessage 

func (e *CertificateMismatchException) ErrorMessage() string

type ConcurrentModificationException 

type ConcurrentModificationException struct {
	Message *string
}

A previous update to your private CA is still ongoing.

func (*ConcurrentModificationException) Error 

func (e *ConcurrentModificationException) Error() string

func (*ConcurrentModificationException) ErrorCode 

func (e *ConcurrentModificationException) ErrorCode() string

func (*ConcurrentModificationException) ErrorFault 

func (e *ConcurrentModificationException) ErrorFault() smithy.ErrorFault

func (*ConcurrentModificationException) ErrorMessage 

func (e *ConcurrentModificationException) ErrorMessage() string

type CrlConfiguration 

type CrlConfiguration struct {

	// Boolean value that specifies whether certificate revocation lists (CRLs) are
	// enabled. You can use this value to enable certificate revocation for a new CA
	// when you call the CreateCertificateAuthority action or for an existing CA when
	// you call the UpdateCertificateAuthority action.
	//
	// This member is required.
	Enabled *bool

	// Name inserted into the certificate CRL Distribution Points extension that
	// enables the use of an alias for the CRL distribution point. Use this value if
	// you don't want the name of your S3 bucket to be public.
	CustomCname *string

	// Number of days until a certificate expires.
	ExpirationInDays *int32

	// Name of the S3 bucket that contains the CRL. If you do not provide a value for
	// the CustomCname argument, the name of your S3 bucket is placed into the CRL
	// Distribution Points extension of the issued certificate. You can change the name
	// of your bucket by calling the UpdateCertificateAuthority action. You must
	// specify a bucket policy that allows ACM Private CA to write the CRL to your
	// bucket.
	S3BucketName *string
}

Contains configuration information for a certificate revocation list (CRL). Your private certificate authority (CA) creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by setting the Enabled parameter to true. Your private CA writes CRLs to an S3 bucket that you specify in the S3BucketName parameter. You can hide the name of your bucket by specifying a value for the CustomCname parameter. Your private CA copies the CNAME or the S3 bucket name to the CRL Distribution Points extension of each certificate it issues. Your S3 bucket policy must give write permission to ACM Private CA. Your private CA uses the value in the ExpirationInDays parameter to calculate the nextUpdate field in the CRL. The CRL is refreshed at 1/2 the age of next update or when a certificate is revoked. When a certificate is revoked, it is recorded in the next CRL that is generated and in the next audit report. Only time valid certificates are listed in the CRL. Expired certificates are not included. CRLs contain the following fields:

number defined in RFC 5280 is V2. The integer value is 0x1.

Algorithm: The name of the algorithm used to sign the CRL.

X.500 distinguished name of your private CA that issued the CRL.

Update: The issue date and time of this CRL.

time by which the next CRL will be issued.

revoked certificates. Each list item contains the following information.

* Serial Number: The serial number, in hexadecimal format, of the revoked certificate.

revoked.

entry.

revoked.

X509v3 Authority Key Identifier: Identifies the public key associated with the private key used to sign the certificate.

sequence number for the CRL.

private CA to sign the CRL.

CRL.

Certificate revocation lists created by ACM Private CA are DER-encoded. You can use the following OpenSSL command to list a CRL. openssl crl -inform DER -text -in crl_path -noout

type FailureReason 

type FailureReason string
const (
	FailureReasonRequest_timed_out     FailureReason = "REQUEST_TIMED_OUT"
	FailureReasonUnsupported_algorithm FailureReason = "UNSUPPORTED_ALGORITHM"
	FailureReasonOther                 FailureReason = "OTHER"
)

Enum values for FailureReason

type InvalidArgsException 

type InvalidArgsException struct {
	Message *string
}

One or more of the specified arguments was not valid.

func (*InvalidArgsException) Error 

func (e *InvalidArgsException) Error() string

func (*InvalidArgsException) ErrorCode 

func (e *InvalidArgsException) ErrorCode() string

func (*InvalidArgsException) ErrorFault 

func (e *InvalidArgsException) ErrorFault() smithy.ErrorFault

func (*InvalidArgsException) ErrorMessage 

func (e *InvalidArgsException) ErrorMessage() string

type InvalidArnException 

type InvalidArnException struct {
	Message *string
}

The requested Amazon Resource Name (ARN) does not refer to an existing resource.

func (*InvalidArnException) Error 

func (e *InvalidArnException) Error() string

func (*InvalidArnException) ErrorCode 

func (e *InvalidArnException) ErrorCode() string

func (*InvalidArnException) ErrorFault 

func (e *InvalidArnException) ErrorFault() smithy.ErrorFault

func (*InvalidArnException) ErrorMessage 

func (e *InvalidArnException) ErrorMessage() string

type InvalidNextTokenException 

type InvalidNextTokenException struct {
	Message *string
}

The token specified in the NextToken argument is not valid. Use the token returned from your previous call to ListCertificateAuthorities.

func (*InvalidNextTokenException) Error 

func (e *InvalidNextTokenException) Error() string

func (*InvalidNextTokenException) ErrorCode 

func (e *InvalidNextTokenException) ErrorCode() string

func (*InvalidNextTokenException) ErrorFault 

func (e *InvalidNextTokenException) ErrorFault() smithy.ErrorFault

func (*InvalidNextTokenException) ErrorMessage 

func (e *InvalidNextTokenException) ErrorMessage() string

type InvalidPolicyException 

type InvalidPolicyException struct {
	Message *string
}

The S3 bucket policy is not valid. The policy must give ACM Private CA rights to read from and write to the bucket and find the bucket location.

func (*InvalidPolicyException) Error 

func (e *InvalidPolicyException) Error() string

func (*InvalidPolicyException) ErrorCode 

func (e *InvalidPolicyException) ErrorCode() string

func (*InvalidPolicyException) ErrorFault 

func (e *InvalidPolicyException) ErrorFault() smithy.ErrorFault

func (*InvalidPolicyException) ErrorMessage 

func (e *InvalidPolicyException) ErrorMessage() string

type InvalidRequestException 

type InvalidRequestException struct {
	Message *string
}

The request action cannot be performed or is prohibited.

func (*InvalidRequestException) Error 

func (e *InvalidRequestException) Error() string

func (*InvalidRequestException) ErrorCode 

func (e *InvalidRequestException) ErrorCode() string

func (*InvalidRequestException) ErrorFault 

func (e *InvalidRequestException) ErrorFault() smithy.ErrorFault

func (*InvalidRequestException) ErrorMessage 

func (e *InvalidRequestException) ErrorMessage() string

type InvalidStateException 

type InvalidStateException struct {
	Message *string
}

The private CA is in a state during which a report or certificate cannot be generated.

func (*InvalidStateException) Error 

func (e *InvalidStateException) Error() string

func (*InvalidStateException) ErrorCode 

func (e *InvalidStateException) ErrorCode() string

func (*InvalidStateException) ErrorFault 

func (e *InvalidStateException) ErrorFault() smithy.ErrorFault

func (*InvalidStateException) ErrorMessage 

func (e *InvalidStateException) ErrorMessage() string

type InvalidTagException 

type InvalidTagException struct {
	Message *string
}

The tag associated with the CA is not valid. The invalid argument is contained in the message field.

func (*InvalidTagException) Error 

func (e *InvalidTagException) Error() string

func (*InvalidTagException) ErrorCode 

func (e *InvalidTagException) ErrorCode() string

func (*InvalidTagException) ErrorFault 

func (e *InvalidTagException) ErrorFault() smithy.ErrorFault

func (*InvalidTagException) ErrorMessage 

func (e *InvalidTagException) ErrorMessage() string

type KeyAlgorithm 

type KeyAlgorithm string
const (
	KeyAlgorithmRsa_2048      KeyAlgorithm = "RSA_2048"
	KeyAlgorithmRsa_4096      KeyAlgorithm = "RSA_4096"
	KeyAlgorithmEc_prime256v1 KeyAlgorithm = "EC_prime256v1"
	KeyAlgorithmEc_secp384r1  KeyAlgorithm = "EC_secp384r1"
)

Enum values for KeyAlgorithm

type LimitExceededException 

type LimitExceededException struct {
	Message *string
}

An ACM Private CA limit has been exceeded. See the exception message returned to determine the limit that was exceeded.

func (*LimitExceededException) Error 

func (e *LimitExceededException) Error() string

func (*LimitExceededException) ErrorCode 

func (e *LimitExceededException) ErrorCode() string

func (*LimitExceededException) ErrorFault 

func (e *LimitExceededException) ErrorFault() smithy.ErrorFault

func (*LimitExceededException) ErrorMessage 

func (e *LimitExceededException) ErrorMessage() string

type MalformedCSRException 

type MalformedCSRException struct {
	Message *string
}

The certificate signing request is invalid.

func (*MalformedCSRException) Error 

func (e *MalformedCSRException) Error() string

func (*MalformedCSRException) ErrorCode 

func (e *MalformedCSRException) ErrorCode() string

func (*MalformedCSRException) ErrorFault 

func (e *MalformedCSRException) ErrorFault() smithy.ErrorFault

func (*MalformedCSRException) ErrorMessage 

func (e *MalformedCSRException) ErrorMessage() string

type MalformedCertificateException 

type MalformedCertificateException struct {
	Message *string
}

One or more fields in the certificate are invalid.

func (*MalformedCertificateException) Error 

func (e *MalformedCertificateException) Error() string

func (*MalformedCertificateException) ErrorCode 

func (e *MalformedCertificateException) ErrorCode() string

func (*MalformedCertificateException) ErrorFault 

func (e *MalformedCertificateException) ErrorFault() smithy.ErrorFault

func (*MalformedCertificateException) ErrorMessage 

func (e *MalformedCertificateException) ErrorMessage() string

type Permission 

type Permission struct {

	// The private CA actions that can be performed by the designated AWS service.
	Actions []ActionType

	// The Amazon Resource Number (ARN) of the private CA from which the permission was
	// issued.
	CertificateAuthorityArn *string

	// The time at which the permission was created.
	CreatedAt *time.Time

	// The name of the policy that is associated with the permission.
	Policy *string

	// The AWS service or entity that holds the permission. At this time, the only
	// valid principal is acm.amazonaws.com.
	Principal *string

	// The ID of the account that assigned the permission.
	SourceAccount *string
}

Permissions designate which private CA actions can be performed by an AWS service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions (IssueCertificate, GetCertificate, and ListPermissions). Permissions can be assigned with the CreatePermission action, removed with the DeletePermission action, and listed with the ListPermissions action.

type PermissionAlreadyExistsException 

type PermissionAlreadyExistsException struct {
	Message *string
}

The designated permission has already been given to the user.

func (*PermissionAlreadyExistsException) Error 

func (e *PermissionAlreadyExistsException) Error() string

func (*PermissionAlreadyExistsException) ErrorCode 

func (e *PermissionAlreadyExistsException) ErrorCode() string

func (*PermissionAlreadyExistsException) ErrorFault 

func (e *PermissionAlreadyExistsException) ErrorFault() smithy.ErrorFault

func (*PermissionAlreadyExistsException) ErrorMessage 

func (e *PermissionAlreadyExistsException) ErrorMessage() string

type RequestAlreadyProcessedException 

type RequestAlreadyProcessedException struct {
	Message *string
}

Your request has already been completed.

func (*RequestAlreadyProcessedException) Error 

func (e *RequestAlreadyProcessedException) Error() string

func (*RequestAlreadyProcessedException) ErrorCode 

func (e *RequestAlreadyProcessedException) ErrorCode() string

func (*RequestAlreadyProcessedException) ErrorFault 

func (e *RequestAlreadyProcessedException) ErrorFault() smithy.ErrorFault

func (*RequestAlreadyProcessedException) ErrorMessage 

func (e *RequestAlreadyProcessedException) ErrorMessage() string

type RequestFailedException 

type RequestFailedException struct {
	Message *string
}

The request has failed for an unspecified reason.

func (*RequestFailedException) Error 

func (e *RequestFailedException) Error() string

func (*RequestFailedException) ErrorCode 

func (e *RequestFailedException) ErrorCode() string

func (*RequestFailedException) ErrorFault 

func (e *RequestFailedException) ErrorFault() smithy.ErrorFault

func (*RequestFailedException) ErrorMessage 

func (e *RequestFailedException) ErrorMessage() string

type RequestInProgressException 

type RequestInProgressException struct {
	Message *string
}

Your request is already in progress.

func (*RequestInProgressException) Error 

func (e *RequestInProgressException) Error() string

func (*RequestInProgressException) ErrorCode 

func (e *RequestInProgressException) ErrorCode() string

func (*RequestInProgressException) ErrorFault 

func (e *RequestInProgressException) ErrorFault() smithy.ErrorFault

func (*RequestInProgressException) ErrorMessage 

func (e *RequestInProgressException) ErrorMessage() string

type ResourceNotFoundException 

type ResourceNotFoundException struct {
	Message *string
}

A resource such as a private CA, S3 bucket, certificate, or audit report cannot be found.

func (*ResourceNotFoundException) Error 

func (e *ResourceNotFoundException) Error() string

func (*ResourceNotFoundException) ErrorCode 

func (e *ResourceNotFoundException) ErrorCode() string

func (*ResourceNotFoundException) ErrorFault 

func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault

func (*ResourceNotFoundException) ErrorMessage 

func (e *ResourceNotFoundException) ErrorMessage() string

type RevocationConfiguration 

type RevocationConfiguration struct {

	// Configuration of the certificate revocation list (CRL), if any, maintained by
	// your private CA.
	CrlConfiguration *CrlConfiguration
}

Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates revoked by your CA. For more information, see RevokeCertificate.

type RevocationReason 

type RevocationReason string
const (
	RevocationReasonUnspecified                      RevocationReason = "UNSPECIFIED"
	RevocationReasonKey_compromise                   RevocationReason = "KEY_COMPROMISE"
	RevocationReasonCertificate_authority_compromise RevocationReason = "CERTIFICATE_AUTHORITY_COMPROMISE"
	RevocationReasonAffiliation_changed              RevocationReason = "AFFILIATION_CHANGED"
	RevocationReasonSuperseded                       RevocationReason = "SUPERSEDED"
	RevocationReasonCessation_of_operation           RevocationReason = "CESSATION_OF_OPERATION"
	RevocationReasonPrivilege_withdrawn              RevocationReason = "PRIVILEGE_WITHDRAWN"
	RevocationReasonA_a_compromise                   RevocationReason = "A_A_COMPROMISE"
)

Enum values for RevocationReason

type SigningAlgorithm 

type SigningAlgorithm string
const (
	SigningAlgorithmSha256withecdsa SigningAlgorithm = "SHA256WITHECDSA"
	SigningAlgorithmSha384withecdsa SigningAlgorithm = "SHA384WITHECDSA"
	SigningAlgorithmSha512withecdsa SigningAlgorithm = "SHA512WITHECDSA"
	SigningAlgorithmSha256withrsa   SigningAlgorithm = "SHA256WITHRSA"
	SigningAlgorithmSha384withrsa   SigningAlgorithm = "SHA384WITHRSA"
	SigningAlgorithmSha512withrsa   SigningAlgorithm = "SHA512WITHRSA"
)

Enum values for SigningAlgorithm

type Tag 

type Tag struct {

	// Key (name) of the tag.
	//
	// This member is required.
	Key *string

	// Value of the tag.
	Value *string
}

Tags are labels that you can use to identify and organize your private CAs. Each tag consists of a key and an optional value. You can associate up to 50 tags with a private CA. To add one or more tags to a private CA, call the TagCertificateAuthority action. To remove a tag, call the UntagCertificateAuthority action.

type TooManyTagsException 

type TooManyTagsException struct {
	Message *string
}

You can associate up to 50 tags with a private CA. Exception information is contained in the exception message field.

func (*TooManyTagsException) Error 

func (e *TooManyTagsException) Error() string

func (*TooManyTagsException) ErrorCode 

func (e *TooManyTagsException) ErrorCode() string

func (*TooManyTagsException) ErrorFault 

func (e *TooManyTagsException) ErrorFault() smithy.ErrorFault

func (*TooManyTagsException) ErrorMessage 

func (e *TooManyTagsException) ErrorMessage() string

type Validity 

type Validity struct {

	// Specifies whether the Value parameter represents days, months, or years.
	//
	// This member is required.
	Type ValidityPeriodType

	// Time period.
	//
	// This member is required.
	Value *int64
}

Length of time for which the certificate issued by your private certificate authority (CA), or by the private CA itself, is valid in days, months, or years. You can issue a certificate by calling the IssueCertificate action.

type ValidityPeriodType 

type ValidityPeriodType string
const (
	ValidityPeriodTypeEnd_date ValidityPeriodType = "END_DATE"
	ValidityPeriodTypeAbsolute ValidityPeriodType = "ABSOLUTE"
	ValidityPeriodTypeDays     ValidityPeriodType = "DAYS"
	ValidityPeriodTypeMonths   ValidityPeriodType = "MONTHS"
	ValidityPeriodTypeYears    ValidityPeriodType = "YEARS"
)

Enum values for ValidityPeriodType

Source Files

enums.go errors.go types.go

Version
v0.27.0
Published
Oct 17, 2020
Platform
darwin/amd64
Imports
3 packages
Last checked
6 hours ago

Tools for package owners.