# frozen_string_literal: true
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
module Google
module Cloud
module ConfidentialComputing
module V1
# A Challenge from the server used to guarantee freshness of attestations
# @!attribute [r] name
# @return [::String]
# Output only. The resource name for this Challenge in the format
# `projects/*/locations/*/challenges/*`
# @!attribute [r] create_time
# @return [::Google::Protobuf::Timestamp]
# Output only. The time at which this Challenge was created
# @!attribute [r] expire_time
# @return [::Google::Protobuf::Timestamp]
# Output only. The time at which this Challenge will no longer be usable. It
# is also the expiration time for any tokens generated from this Challenge.
# @!attribute [r] used
# @return [::Boolean]
# Output only. Indicates if this challenge has been used to generate a token.
# @!attribute [r] tpm_nonce
# @return [::String]
# Output only. Identical to nonce, but as a string.
class Challenge
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
end
# Message for creating a Challenge
# @!attribute [rw] parent
# @return [::String]
# Required. The resource name of the location where the Challenge will be
# used, in the format `projects/*/locations/*`.
# @!attribute [rw] challenge
# @return [::Google::Cloud::ConfidentialComputing::V1::Challenge]
# Required. The Challenge to be created. Currently this field can be empty as
# all the Challenge fields are set by the server.
class CreateChallengeRequest
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
end
# A request for an OIDC token, providing all the necessary information needed
# for this service to verify the plaform state of the requestor.
# @!attribute [rw] challenge
# @return [::String]
# Required. The name of the Challenge whose nonce was used to generate the
# attestation, in the format `projects/*/locations/*/challenges/*`. The
# provided Challenge will be consumed, and cannot be used again.
# @!attribute [rw] gcp_credentials
# @return [::Google::Cloud::ConfidentialComputing::V1::GcpCredentials]
# Optional. Credentials used to populate the "emails" claim in the
# claims_token.
# @!attribute [rw] tpm_attestation
# @return [::Google::Cloud::ConfidentialComputing::V1::TpmAttestation]
# Required. The TPM-specific data provided by the attesting platform, used to
# populate any of the claims regarding platform state.
class VerifyAttestationRequest
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
end
# A response once an attestation has been successfully verified, containing a
# signed OIDC token.
# @!attribute [r] oidc_claims_token
# @return [::String]
# Output only. Same as claims_token, but as a string.
class VerifyAttestationResponse
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
end
# Credentials issued by GCP which are linked to the platform attestation. These
# will be verified server-side as part of attestaion verification.
# @!attribute [rw] service_account_id_tokens
# @return [::Array<::String>]
# Same as id_tokens, but as a string.
class GcpCredentials
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
end
# TPM2 data containing everything necessary to validate any platform state
# measured into the TPM.
# @!attribute [rw] quotes
# @return [::Array<::Google::Cloud::ConfidentialComputing::V1::TpmAttestation::Quote>]
# TPM2 PCR Quotes generated by calling TPM2_Quote on each PCR bank.
# @!attribute [rw] tcg_event_log
# @return [::String]
# The binary TCG Event Log containing events measured into the TPM by the
# platform firmware and operating system. Formatted as described in the
# "TCG PC Client Platform Firmware Profile Specification".
# @!attribute [rw] canonical_event_log
# @return [::String]
# An Event Log containing additional events measured into the TPM that are
# not already present in the tcg_event_log. Formatted as described in the
# "Canonical Event Log Format" TCG Specification.
# @!attribute [rw] ak_cert
# @return [::String]
# DER-encoded X.509 certificate of the Attestation Key (otherwise known as
# an AK or a TPM restricted signing key) used to generate the quotes.
# @!attribute [rw] cert_chain
# @return [::Array<::String>]
# List of DER-encoded X.509 certificates which, together with the ak_cert,
# chain back to a trusted Root Certificate.
class TpmAttestation
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
# Information about Platform Control Registers (PCRs) including a signature
# over their values, which can be used for remote validation.
# @!attribute [rw] hash_algo
# @return [::Integer]
# The hash algorithm of the PCR bank being quoted, encoded as a TPM_ALG_ID
# @!attribute [rw] pcr_values
# @return [::Google::Protobuf::Map{::Integer => ::String}]
# Raw binary values of each PCRs being quoted.
# @!attribute [rw] raw_quote
# @return [::String]
# TPM2 quote, encoded as a TPMS_ATTEST
# @!attribute [rw] raw_signature
# @return [::String]
# TPM2 signature, encoded as a TPMT_SIGNATURE
class Quote
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
# @!attribute [rw] key
# @return [::Integer]
# @!attribute [rw] value
# @return [::String]
class PcrValuesEntry
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
end
end
end
end
end
end
end