1 // Copyright 2024 Google LLC. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Code generated file. DO NOT EDIT. 6 7 // Package verifiedaccess provides access to the Chrome Verified Access API. 8 // 9 // For product documentation, see: https://developers.google.com/chrome/verified-access 10 // 11 // # Library status 12 // 13 // These client libraries are officially supported by Google. However, this 14 // library is considered complete and is in maintenance mode. This means 15 // that we will address critical bugs and security issues but will not add 16 // any new features. 17 // 18 // When possible, we recommend using our newer 19 // [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go) 20 // that are still actively being worked and iterated on. 21 // 22 // # Creating a client 23 // 24 // Usage example: 25 // 26 // import "google.golang.org/api/verifiedaccess/v2" 27 // ... 28 // ctx := context.Background() 29 // verifiedaccessService, err := verifiedaccess.NewService(ctx) 30 // 31 // In this example, Google Application Default Credentials are used for 32 // authentication. For information on how to create and obtain Application 33 // Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 34 // 35 // # Other authentication options 36 // 37 // To use an API key for authentication (note: some APIs do not support API 38 // keys), use [google.golang.org/api/option.WithAPIKey]: 39 // 40 // verifiedaccessService, err := verifiedaccess.NewService(ctx, option.WithAPIKey("AIza...")) 41 // 42 // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth 43 // flow, use [google.golang.org/api/option.WithTokenSource]: 44 // 45 // config := &oauth2.Config{...} 46 // // ... 47 // token, err := config.Exchange(ctx, ...) 48 // verifiedaccessService, err := verifiedaccess.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 49 // 50 // See [google.golang.org/api/option.ClientOption] for details on options. 51 package verifiedaccess // import "google.golang.org/api/verifiedaccess/v2" 52 53 import ( 54 "bytes" 55 "context" 56 "encoding/json" 57 "errors" 58 "fmt" 59 "io" 60 "net/http" 61 "net/url" 62 "strconv" 63 "strings" 64 65 googleapi "google.golang.org/api/googleapi" 66 internal "google.golang.org/api/internal" 67 gensupport "google.golang.org/api/internal/gensupport" 68 option "google.golang.org/api/option" 69 internaloption "google.golang.org/api/option/internaloption" 70 htransport "google.golang.org/api/transport/http" 71 ) 72 73 // Always reference these packages, just in case the auto-generated code 74 // below doesn't. 75 var _ = bytes.NewBuffer 76 var _ = strconv.Itoa 77 var _ = fmt.Sprintf 78 var _ = json.NewDecoder 79 var _ = io.Copy 80 var _ = url.Parse 81 var _ = gensupport.MarshalJSON 82 var _ = googleapi.Version 83 var _ = errors.New 84 var _ = strings.Replace 85 var _ = context.Canceled 86 var _ = internaloption.WithDefaultEndpoint 87 var _ = internal.Version 88 89 const apiId = "verifiedaccess:v2" 90 const apiName = "verifiedaccess" 91 const apiVersion = "v2" 92 const basePath = "https://verifiedaccess.googleapis.com/" 93 const basePathTemplate = "https://verifiedaccess.UNIVERSE_DOMAIN/" 94 const mtlsBasePath = "https://verifiedaccess.mtls.googleapis.com/" 95 96 // OAuth2 scopes used by this API. 97 const ( 98 // Verify your enterprise credentials 99 VerifiedaccessScope = "https://www.googleapis.com/auth/verifiedaccess" 100 ) 101 102 // NewService creates a new Service. 103 func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 104 scopesOption := internaloption.WithDefaultScopes( 105 "https://www.googleapis.com/auth/verifiedaccess", 106 ) 107 // NOTE: prepend, so we don't override user-specified scopes. 108 opts = append([]option.ClientOption{scopesOption}, opts...) 109 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 110 opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate)) 111 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 112 opts = append(opts, internaloption.EnableNewAuthLibrary()) 113 client, endpoint, err := htransport.NewClient(ctx, opts...) 114 if err != nil { 115 return nil, err 116 } 117 s, err := New(client) 118 if err != nil { 119 return nil, err 120 } 121 if endpoint != "" { 122 s.BasePath = endpoint 123 } 124 return s, nil 125 } 126 127 // New creates a new Service. It uses the provided http.Client for requests. 128 // 129 // Deprecated: please use NewService instead. 130 // To provide a custom HTTP client, use option.WithHTTPClient. 131 // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 132 func New(client *http.Client) (*Service, error) { 133 if client == nil { 134 return nil, errors.New("client is nil") 135 } 136 s := &Service{client: client, BasePath: basePath} 137 s.Challenge = NewChallengeService(s) 138 return s, nil 139 } 140 141 type Service struct { 142 client *http.Client 143 BasePath string // API endpoint base URL 144 UserAgent string // optional additional User-Agent fragment 145 146 Challenge *ChallengeService 147 } 148 149 func (s *Service) userAgent() string { 150 if s.UserAgent == "" { 151 return googleapi.UserAgent 152 } 153 return googleapi.UserAgent + " " + s.UserAgent 154 } 155 156 func NewChallengeService(s *Service) *ChallengeService { 157 rs := &ChallengeService{s: s} 158 return rs 159 } 160 161 type ChallengeService struct { 162 s *Service 163 } 164 165 // Challenge: Result message for VerifiedAccess.GenerateChallenge. 166 type Challenge struct { 167 // Challenge: Generated challenge, the bytes representation of SignedData. 168 Challenge string `json:"challenge,omitempty"` 169 170 // ServerResponse contains the HTTP response code and headers from the server. 171 googleapi.ServerResponse `json:"-"` 172 // ForceSendFields is a list of field names (e.g. "Challenge") to 173 // unconditionally include in API requests. By default, fields with empty or 174 // default values are omitted from API requests. See 175 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 176 // details. 177 ForceSendFields []string `json:"-"` 178 // NullFields is a list of field names (e.g. "Challenge") to include in API 179 // requests with the JSON null value. By default, fields with empty values are 180 // omitted from API requests. See 181 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 182 NullFields []string `json:"-"` 183 } 184 185 func (s *Challenge) MarshalJSON() ([]byte, error) { 186 type NoMethod Challenge 187 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 188 } 189 190 // CrowdStrikeAgent: Properties of the CrowdStrike agent installed on a device. 191 type CrowdStrikeAgent struct { 192 // AgentId: The Agent ID of the Crowdstrike agent. 193 AgentId string `json:"agentId,omitempty"` 194 // CustomerId: The Customer ID to which the agent belongs to. 195 CustomerId string `json:"customerId,omitempty"` 196 // ForceSendFields is a list of field names (e.g. "AgentId") to unconditionally 197 // include in API requests. By default, fields with empty or default values are 198 // omitted from API requests. See 199 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 200 // details. 201 ForceSendFields []string `json:"-"` 202 // NullFields is a list of field names (e.g. "AgentId") to include in API 203 // requests with the JSON null value. By default, fields with empty values are 204 // omitted from API requests. See 205 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 206 NullFields []string `json:"-"` 207 } 208 209 func (s *CrowdStrikeAgent) MarshalJSON() ([]byte, error) { 210 type NoMethod CrowdStrikeAgent 211 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 212 } 213 214 // DeviceSignals: The device signals as reported by Chrome. Unless otherwise 215 // specified, signals are available on all platforms. 216 type DeviceSignals struct { 217 // AllowScreenLock: Value of the AllowScreenLock policy on the device. See 218 // https://chromeenterprise.google/policies/?policy=AllowScreenLock for more 219 // details. Available on ChromeOS only. 220 AllowScreenLock bool `json:"allowScreenLock,omitempty"` 221 // BrowserVersion: Current version of the Chrome browser which generated this 222 // set of signals. Example value: "107.0.5286.0". 223 BrowserVersion string `json:"browserVersion,omitempty"` 224 // BuiltInDnsClientEnabled: Whether Chrome's built-in DNS client is used. The 225 // OS DNS client is otherwise used. This value may be controlled by an 226 // enterprise policy: 227 // https://chromeenterprise.google/policies/#BuiltInDnsClientEnabled. 228 BuiltInDnsClientEnabled bool `json:"builtInDnsClientEnabled,omitempty"` 229 // ChromeRemoteDesktopAppBlocked: Whether access to the Chrome Remote Desktop 230 // application is blocked via a policy. 231 ChromeRemoteDesktopAppBlocked bool `json:"chromeRemoteDesktopAppBlocked,omitempty"` 232 // CrowdStrikeAgent: Crowdstrike agent properties installed on the device, if 233 // any. Available on Windows and MacOS only. 234 CrowdStrikeAgent *CrowdStrikeAgent `json:"crowdStrikeAgent,omitempty"` 235 // DeviceAffiliationIds: Affiliation IDs of the organizations that are 236 // affiliated with the organization that is currently managing the device. When 237 // the sets of device and profile affiliation IDs overlap, it means that the 238 // organizations managing the device and user are affiliated. To learn more 239 // about user affiliation, visit 240 // https://support.google.com/chrome/a/answer/12801245?ref_topic=9027936. 241 DeviceAffiliationIds []string `json:"deviceAffiliationIds,omitempty"` 242 // DeviceEnrollmentDomain: Enrollment domain of the customer which is currently 243 // managing the device. 244 DeviceEnrollmentDomain string `json:"deviceEnrollmentDomain,omitempty"` 245 // DeviceManufacturer: The name of the device's manufacturer. 246 DeviceManufacturer string `json:"deviceManufacturer,omitempty"` 247 // DeviceModel: The name of the device's model. 248 DeviceModel string `json:"deviceModel,omitempty"` 249 // DiskEncryption: The encryption state of the disk. On ChromeOS, the main disk 250 // is always ENCRYPTED. 251 // 252 // Possible values: 253 // "DISK_ENCRYPTION_UNSPECIFIED" - Unspecified. 254 // "DISK_ENCRYPTION_UNKNOWN" - Chrome could not evaluate the encryption 255 // state. 256 // "DISK_ENCRYPTION_DISABLED" - The main disk is not encrypted. 257 // "DISK_ENCRYPTION_ENCRYPTED" - The main disk is encrypted. 258 DiskEncryption string `json:"diskEncryption,omitempty"` 259 // DisplayName: The display name of the device, as defined by the user. 260 DisplayName string `json:"displayName,omitempty"` 261 // Hostname: Hostname of the device. 262 Hostname string `json:"hostname,omitempty"` 263 // Imei: International Mobile Equipment Identity (IMEI) of the device. 264 // Available on ChromeOS only. 265 Imei []string `json:"imei,omitempty"` 266 // MacAddresses: MAC addresses of the device. 267 MacAddresses []string `json:"macAddresses,omitempty"` 268 // Meid: Mobile Equipment Identifier (MEID) of the device. Available on 269 // ChromeOS only. 270 Meid []string `json:"meid,omitempty"` 271 // OperatingSystem: The type of the Operating System currently running on the 272 // device. 273 // 274 // Possible values: 275 // "OPERATING_SYSTEM_UNSPECIFIED" - UNSPECIFIED. 276 // "CHROME_OS" - ChromeOS. 277 // "CHROMIUM_OS" - ChromiumOS. 278 // "WINDOWS" - Windows. 279 // "MAC_OS_X" - Mac Os X. 280 // "LINUX" - Linux 281 OperatingSystem string `json:"operatingSystem,omitempty"` 282 // OsFirewall: The state of the OS level firewall. On ChromeOS, the value will 283 // always be ENABLED on regular devices and UNKNOWN on devices in developer 284 // mode. 285 // 286 // Possible values: 287 // "OS_FIREWALL_UNSPECIFIED" - Unspecified. 288 // "OS_FIREWALL_UNKNOWN" - Chrome could not evaluate the OS firewall state. 289 // "OS_FIREWALL_DISABLED" - The OS firewall is disabled. 290 // "OS_FIREWALL_ENABLED" - The OS firewall is enabled. 291 OsFirewall string `json:"osFirewall,omitempty"` 292 // OsVersion: The current version of the Operating System. On Windows and 293 // linux, the value will also include the security patch information. 294 OsVersion string `json:"osVersion,omitempty"` 295 // PasswordProtectionWarningTrigger: Whether the Password Protection Warning 296 // feature is enabled or not. Password protection alerts users when they reuse 297 // their protected password on potentially suspicious sites. This setting is 298 // controlled by an enterprise policy: 299 // https://chromeenterprise.google/policies/#PasswordProtectionWarningTrigger. 300 // Note that the policy unset does not have the same effects as having the 301 // policy explicitly set to `PASSWORD_PROTECTION_OFF`. 302 // 303 // Possible values: 304 // "PASSWORD_PROTECTION_WARNING_TRIGGER_UNSPECIFIED" - Unspecified. 305 // "POLICY_UNSET" - The policy is not set. 306 // "PASSWORD_PROTECTION_OFF" - No password protection warning will be shown. 307 // "PASSWORD_REUSE" - Password protection warning is shown if a protected 308 // password is re-used. 309 // "PHISHING_REUSE" - Password protection warning is shown if a protected 310 // password is re-used on a known phishing website. 311 PasswordProtectionWarningTrigger string `json:"passwordProtectionWarningTrigger,omitempty"` 312 // ProfileAffiliationIds: Affiliation IDs of the organizations that are 313 // affiliated with the organization that is currently managing the Chrome 314 // Profile’s user or ChromeOS user. 315 ProfileAffiliationIds []string `json:"profileAffiliationIds,omitempty"` 316 // ProfileEnrollmentDomain: Enrollment domain of the customer which is 317 // currently managing the profile. 318 ProfileEnrollmentDomain string `json:"profileEnrollmentDomain,omitempty"` 319 // RealtimeUrlCheckMode: Whether Enterprise-grade (i.e. custom) unsafe URL 320 // scanning is enabled or not. This setting may be controlled by an enterprise 321 // policy: 322 // https://chromeenterprise.google/policies/#EnterpriseRealTimeUrlCheckMode 323 // 324 // Possible values: 325 // "REALTIME_URL_CHECK_MODE_UNSPECIFIED" - Unspecified. 326 // "REALTIME_URL_CHECK_MODE_DISABLED" - Disabled. Consumer Safe Browsing 327 // checks are applied. 328 // "REALTIME_URL_CHECK_MODE_ENABLED_MAIN_FRAME" - Realtime check for main 329 // frame URLs is enabled. 330 RealtimeUrlCheckMode string `json:"realtimeUrlCheckMode,omitempty"` 331 // SafeBrowsingProtectionLevel: Safe Browsing Protection Level. That setting 332 // may be controlled by an enterprise policy: 333 // https://chromeenterprise.google/policies/#SafeBrowsingProtectionLevel. 334 // 335 // Possible values: 336 // "SAFE_BROWSING_PROTECTION_LEVEL_UNSPECIFIED" - Unspecified. 337 // "INACTIVE" - Safe Browsing is disabled. 338 // "STANDARD" - Safe Browsing is active in the standard mode. 339 // "ENHANCED" - Safe Browsing is active in the enhanced mode. 340 SafeBrowsingProtectionLevel string `json:"safeBrowsingProtectionLevel,omitempty"` 341 // ScreenLockSecured: The state of the Screen Lock password protection. On 342 // ChromeOS, this value will always be ENABLED as there is not way to disable 343 // requiring a password or pin when unlocking the device. 344 // 345 // Possible values: 346 // "SCREEN_LOCK_SECURED_UNSPECIFIED" - Unspecified. 347 // "SCREEN_LOCK_SECURED_UNKNOWN" - Chrome could not evaluate the state of the 348 // Screen Lock mechanism. 349 // "SCREEN_LOCK_SECURED_DISABLED" - The Screen Lock is not 350 // password-protected. 351 // "SCREEN_LOCK_SECURED_ENABLED" - The Screen Lock is password-protected. 352 ScreenLockSecured string `json:"screenLockSecured,omitempty"` 353 // SecureBootMode: Whether the device's startup software has its Secure Boot 354 // feature enabled. Available on Windows only. 355 // 356 // Possible values: 357 // "SECURE_BOOT_MODE_UNSPECIFIED" - Unspecified. 358 // "SECURE_BOOT_MODE_UNKNOWN" - Chrome was unable to determine the Secure 359 // Boot mode. 360 // "SECURE_BOOT_MODE_DISABLED" - Secure Boot was disabled on the startup 361 // software. 362 // "SECURE_BOOT_MODE_ENABLED" - Secure Boot was enabled on the startup 363 // software. 364 SecureBootMode string `json:"secureBootMode,omitempty"` 365 // SerialNumber: The serial number of the device. On Windows, this represents 366 // the BIOS's serial number. Not available on most Linux distributions. 367 SerialNumber string `json:"serialNumber,omitempty"` 368 // SiteIsolationEnabled: Whether the Site Isolation (a.k.a Site Per Process) 369 // setting is enabled. That setting may be controlled by an enterprise policy: 370 // https://chromeenterprise.google/policies/#SitePerProcess 371 SiteIsolationEnabled bool `json:"siteIsolationEnabled,omitempty"` 372 // SystemDnsServers: List of the addesses of all OS level DNS servers 373 // configured in the device's network settings. 374 SystemDnsServers []string `json:"systemDnsServers,omitempty"` 375 // ThirdPartyBlockingEnabled: Whether Chrome is blocking third-party software 376 // injection or not. This setting may be controlled by an enterprise policy: 377 // https://chromeenterprise.google/policies/?policy=ThirdPartyBlockingEnabled. 378 // Available on Windows only. 379 ThirdPartyBlockingEnabled bool `json:"thirdPartyBlockingEnabled,omitempty"` 380 // Trigger: The trigger which generated this set of signals. 381 // 382 // Possible values: 383 // "TRIGGER_UNSPECIFIED" - Unspecified. 384 // "TRIGGER_BROWSER_NAVIGATION" - When navigating to an URL inside a browser. 385 // "TRIGGER_LOGIN_SCREEN" - When signing into an account on the ChromeOS 386 // login screen. 387 Trigger string `json:"trigger,omitempty"` 388 // WindowsMachineDomain: Windows domain that the current machine has joined. 389 // Available on Windows only. 390 WindowsMachineDomain string `json:"windowsMachineDomain,omitempty"` 391 // WindowsUserDomain: Windows domain for the current OS user. Available on 392 // Windows only. 393 WindowsUserDomain string `json:"windowsUserDomain,omitempty"` 394 // ForceSendFields is a list of field names (e.g. "AllowScreenLock") to 395 // unconditionally include in API requests. By default, fields with empty or 396 // default values are omitted from API requests. See 397 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 398 // details. 399 ForceSendFields []string `json:"-"` 400 // NullFields is a list of field names (e.g. "AllowScreenLock") to include in 401 // API requests with the JSON null value. By default, fields with empty values 402 // are omitted from API requests. See 403 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 404 NullFields []string `json:"-"` 405 } 406 407 func (s *DeviceSignals) MarshalJSON() ([]byte, error) { 408 type NoMethod DeviceSignals 409 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 410 } 411 412 // Empty: A generic empty message that you can re-use to avoid defining 413 // duplicated empty messages in your APIs. A typical example is to use it as 414 // the request or the response type of an API method. For instance: service Foo 415 // { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } 416 type Empty struct { 417 } 418 419 // VerifyChallengeResponseRequest: Signed ChallengeResponse. 420 type VerifyChallengeResponseRequest struct { 421 // ChallengeResponse: Required. The generated response to the challenge, the 422 // bytes representation of SignedData. 423 ChallengeResponse string `json:"challengeResponse,omitempty"` 424 // ExpectedIdentity: Optional. Service can optionally provide identity 425 // information about the device or user associated with the key. For an EMK, 426 // this value is the enrolled domain. For an EUK, this value is the user's 427 // email address. If present, this value will be checked against contents of 428 // the response, and verification will fail if there is no match. 429 ExpectedIdentity string `json:"expectedIdentity,omitempty"` 430 // ForceSendFields is a list of field names (e.g. "ChallengeResponse") to 431 // unconditionally include in API requests. By default, fields with empty or 432 // default values are omitted from API requests. See 433 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 434 // details. 435 ForceSendFields []string `json:"-"` 436 // NullFields is a list of field names (e.g. "ChallengeResponse") to include in 437 // API requests with the JSON null value. By default, fields with empty values 438 // are omitted from API requests. See 439 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 440 NullFields []string `json:"-"` 441 } 442 443 func (s *VerifyChallengeResponseRequest) MarshalJSON() ([]byte, error) { 444 type NoMethod VerifyChallengeResponseRequest 445 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 446 } 447 448 // VerifyChallengeResponseResult: Result message for 449 // VerifiedAccess.VerifyChallengeResponse. 450 type VerifyChallengeResponseResult struct { 451 // AttestedDeviceId: Attested device ID (ADID). 452 AttestedDeviceId string `json:"attestedDeviceId,omitempty"` 453 // CustomerId: Unique customer id that this device belongs to, as defined by 454 // the Google Admin SDK at 455 // https://developers.google.com/admin-sdk/directory/v1/guides/manage-customers 456 CustomerId string `json:"customerId,omitempty"` 457 // DeviceEnrollmentId: Device enrollment id for ChromeOS devices. 458 DeviceEnrollmentId string `json:"deviceEnrollmentId,omitempty"` 459 // DevicePermanentId: Device permanent id is returned in this field (for the 460 // machine response only). 461 DevicePermanentId string `json:"devicePermanentId,omitempty"` 462 // DeviceSignal: Deprecated. Device signal in json string representation. 463 // Prefer using `device_signals` instead. 464 DeviceSignal string `json:"deviceSignal,omitempty"` 465 // DeviceSignals: Device signals. 466 DeviceSignals *DeviceSignals `json:"deviceSignals,omitempty"` 467 // KeyTrustLevel: Device attested key trust level. 468 // 469 // Possible values: 470 // "KEY_TRUST_LEVEL_UNSPECIFIED" - UNSPECIFIED. 471 // "CHROME_OS_VERIFIED_MODE" - ChromeOS device in verified mode. 472 // "CHROME_OS_DEVELOPER_MODE" - ChromeOS device in developer mode. 473 // "CHROME_BROWSER_HW_KEY" - Chrome Browser with the key stored in the device 474 // hardware. 475 // "CHROME_BROWSER_OS_KEY" - Chrome Browser with the key stored at OS level. 476 // "CHROME_BROWSER_NO_KEY" - Chrome Browser without an attestation key. 477 KeyTrustLevel string `json:"keyTrustLevel,omitempty"` 478 // ProfileCustomerId: Unique customer id that this profile belongs to, as 479 // defined by the Google Admin SDK at 480 // https://developers.google.com/admin-sdk/directory/v1/guides/manage-customers 481 ProfileCustomerId string `json:"profileCustomerId,omitempty"` 482 // ProfileKeyTrustLevel: Profile attested key trust level. 483 // 484 // Possible values: 485 // "KEY_TRUST_LEVEL_UNSPECIFIED" - UNSPECIFIED. 486 // "CHROME_OS_VERIFIED_MODE" - ChromeOS device in verified mode. 487 // "CHROME_OS_DEVELOPER_MODE" - ChromeOS device in developer mode. 488 // "CHROME_BROWSER_HW_KEY" - Chrome Browser with the key stored in the device 489 // hardware. 490 // "CHROME_BROWSER_OS_KEY" - Chrome Browser with the key stored at OS level. 491 // "CHROME_BROWSER_NO_KEY" - Chrome Browser without an attestation key. 492 ProfileKeyTrustLevel string `json:"profileKeyTrustLevel,omitempty"` 493 // SignedPublicKeyAndChallenge: Certificate Signing Request (in the SPKAC 494 // format, base64 encoded) is returned in this field. This field will be set 495 // only if device has included CSR in its challenge response. (the option to 496 // include CSR is now available for both user and machine responses) 497 SignedPublicKeyAndChallenge string `json:"signedPublicKeyAndChallenge,omitempty"` 498 // VirtualDeviceId: Virtual device id of the device. The definition of virtual 499 // device id is platform-specific. 500 VirtualDeviceId string `json:"virtualDeviceId,omitempty"` 501 // VirtualProfileId: The ID of a profile on the device. 502 VirtualProfileId string `json:"virtualProfileId,omitempty"` 503 504 // ServerResponse contains the HTTP response code and headers from the server. 505 googleapi.ServerResponse `json:"-"` 506 // ForceSendFields is a list of field names (e.g. "AttestedDeviceId") to 507 // unconditionally include in API requests. By default, fields with empty or 508 // default values are omitted from API requests. See 509 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 510 // details. 511 ForceSendFields []string `json:"-"` 512 // NullFields is a list of field names (e.g. "AttestedDeviceId") to include in 513 // API requests with the JSON null value. By default, fields with empty values 514 // are omitted from API requests. See 515 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 516 NullFields []string `json:"-"` 517 } 518 519 func (s *VerifyChallengeResponseResult) MarshalJSON() ([]byte, error) { 520 type NoMethod VerifyChallengeResponseResult 521 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 522 } 523 524 type ChallengeGenerateCall struct { 525 s *Service 526 empty *Empty 527 urlParams_ gensupport.URLParams 528 ctx_ context.Context 529 header_ http.Header 530 } 531 532 // Generate: Generates a new challenge. 533 func (r *ChallengeService) Generate(empty *Empty) *ChallengeGenerateCall { 534 c := &ChallengeGenerateCall{s: r.s, urlParams_: make(gensupport.URLParams)} 535 c.empty = empty 536 return c 537 } 538 539 // Fields allows partial responses to be retrieved. See 540 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 541 // details. 542 func (c *ChallengeGenerateCall) Fields(s ...googleapi.Field) *ChallengeGenerateCall { 543 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 544 return c 545 } 546 547 // Context sets the context to be used in this call's Do method. 548 func (c *ChallengeGenerateCall) Context(ctx context.Context) *ChallengeGenerateCall { 549 c.ctx_ = ctx 550 return c 551 } 552 553 // Header returns a http.Header that can be modified by the caller to add 554 // headers to the request. 555 func (c *ChallengeGenerateCall) Header() http.Header { 556 if c.header_ == nil { 557 c.header_ = make(http.Header) 558 } 559 return c.header_ 560 } 561 562 func (c *ChallengeGenerateCall) doRequest(alt string) (*http.Response, error) { 563 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 564 var body io.Reader = nil 565 body, err := googleapi.WithoutDataWrapper.JSONReader(c.empty) 566 if err != nil { 567 return nil, err 568 } 569 c.urlParams_.Set("alt", alt) 570 c.urlParams_.Set("prettyPrint", "false") 571 urls := googleapi.ResolveRelative(c.s.BasePath, "v2/challenge:generate") 572 urls += "?" + c.urlParams_.Encode() 573 req, err := http.NewRequest("POST", urls, body) 574 if err != nil { 575 return nil, err 576 } 577 req.Header = reqHeaders 578 return gensupport.SendRequest(c.ctx_, c.s.client, req) 579 } 580 581 // Do executes the "verifiedaccess.challenge.generate" call. 582 // Any non-2xx status code is an error. Response headers are in either 583 // *Challenge.ServerResponse.Header or (if a response was returned at all) in 584 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 585 // whether the returned error was because http.StatusNotModified was returned. 586 func (c *ChallengeGenerateCall) Do(opts ...googleapi.CallOption) (*Challenge, error) { 587 gensupport.SetOptions(c.urlParams_, opts...) 588 res, err := c.doRequest("json") 589 if res != nil && res.StatusCode == http.StatusNotModified { 590 if res.Body != nil { 591 res.Body.Close() 592 } 593 return nil, gensupport.WrapError(&googleapi.Error{ 594 Code: res.StatusCode, 595 Header: res.Header, 596 }) 597 } 598 if err != nil { 599 return nil, err 600 } 601 defer googleapi.CloseBody(res) 602 if err := googleapi.CheckResponse(res); err != nil { 603 return nil, gensupport.WrapError(err) 604 } 605 ret := &Challenge{ 606 ServerResponse: googleapi.ServerResponse{ 607 Header: res.Header, 608 HTTPStatusCode: res.StatusCode, 609 }, 610 } 611 target := &ret 612 if err := gensupport.DecodeResponse(target, res); err != nil { 613 return nil, err 614 } 615 return ret, nil 616 } 617 618 type ChallengeVerifyCall struct { 619 s *Service 620 verifychallengeresponserequest *VerifyChallengeResponseRequest 621 urlParams_ gensupport.URLParams 622 ctx_ context.Context 623 header_ http.Header 624 } 625 626 // Verify: Verifies the challenge response. 627 func (r *ChallengeService) Verify(verifychallengeresponserequest *VerifyChallengeResponseRequest) *ChallengeVerifyCall { 628 c := &ChallengeVerifyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 629 c.verifychallengeresponserequest = verifychallengeresponserequest 630 return c 631 } 632 633 // Fields allows partial responses to be retrieved. See 634 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 635 // details. 636 func (c *ChallengeVerifyCall) Fields(s ...googleapi.Field) *ChallengeVerifyCall { 637 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 638 return c 639 } 640 641 // Context sets the context to be used in this call's Do method. 642 func (c *ChallengeVerifyCall) Context(ctx context.Context) *ChallengeVerifyCall { 643 c.ctx_ = ctx 644 return c 645 } 646 647 // Header returns a http.Header that can be modified by the caller to add 648 // headers to the request. 649 func (c *ChallengeVerifyCall) Header() http.Header { 650 if c.header_ == nil { 651 c.header_ = make(http.Header) 652 } 653 return c.header_ 654 } 655 656 func (c *ChallengeVerifyCall) doRequest(alt string) (*http.Response, error) { 657 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 658 var body io.Reader = nil 659 body, err := googleapi.WithoutDataWrapper.JSONReader(c.verifychallengeresponserequest) 660 if err != nil { 661 return nil, err 662 } 663 c.urlParams_.Set("alt", alt) 664 c.urlParams_.Set("prettyPrint", "false") 665 urls := googleapi.ResolveRelative(c.s.BasePath, "v2/challenge:verify") 666 urls += "?" + c.urlParams_.Encode() 667 req, err := http.NewRequest("POST", urls, body) 668 if err != nil { 669 return nil, err 670 } 671 req.Header = reqHeaders 672 return gensupport.SendRequest(c.ctx_, c.s.client, req) 673 } 674 675 // Do executes the "verifiedaccess.challenge.verify" call. 676 // Any non-2xx status code is an error. Response headers are in either 677 // *VerifyChallengeResponseResult.ServerResponse.Header or (if a response was 678 // returned at all) in error.(*googleapi.Error).Header. Use 679 // googleapi.IsNotModified to check whether the returned error was because 680 // http.StatusNotModified was returned. 681 func (c *ChallengeVerifyCall) Do(opts ...googleapi.CallOption) (*VerifyChallengeResponseResult, error) { 682 gensupport.SetOptions(c.urlParams_, opts...) 683 res, err := c.doRequest("json") 684 if res != nil && res.StatusCode == http.StatusNotModified { 685 if res.Body != nil { 686 res.Body.Close() 687 } 688 return nil, gensupport.WrapError(&googleapi.Error{ 689 Code: res.StatusCode, 690 Header: res.Header, 691 }) 692 } 693 if err != nil { 694 return nil, err 695 } 696 defer googleapi.CloseBody(res) 697 if err := googleapi.CheckResponse(res); err != nil { 698 return nil, gensupport.WrapError(err) 699 } 700 ret := &VerifyChallengeResponseResult{ 701 ServerResponse: googleapi.ServerResponse{ 702 Header: res.Header, 703 HTTPStatusCode: res.StatusCode, 704 }, 705 } 706 target := &ret 707 if err := gensupport.DecodeResponse(target, res); err != nil { 708 return nil, err 709 } 710 return ret, nil 711 } 712